Need to check if there is data before get a value...
Change-Id: I45592e9a2c55a5bce57a40f7e3153e8f540ca316
Reviewed-on: https://code.wireshark.org/review/10636
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Add also heuristic to check if it is handstake
Ping-Bug: 11494
Change-Id: I833d294a3a6fdc89cc6d6a5d72d388a3328bf802
Reviewed-on: https://code.wireshark.org/review/10566
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
In tests here using GTK+ 2.24 and 3.10, GtkTreeView handles multi-line
items by adjusting the height for all rows, but only after the number of
multi-line items exceeds some sort of threshold. For a packet capture
which contains a few DNS packets and a lot of TCP packets, if I change
"Standard query" to "Standard\nquery" in packet-dns.c I get
single-height packet list items. If I change "[TCP segment of a
reassembled PDU]" to "[TCP segment of a\nreassembled PDU]" in
packet-tcp.c (which results in more multi-line column strings) I get
double-height packet list items.
The current Qt code initially sets the uniformRowHeights property then
falls back to variable row heights if we run across a multi-line column
string. This adds a lot of logic which can impact other functionality
(e.g. column widths) and recalculating row heights is painfully slow for
large numbers of packets.
Instead of trying to manage variable row heights, always enable
uniformRowHeights. Track the maximum newline count and trigger a row
height adjustment when it changes. This mimics the GTK+ UI behavior,
although it should be more reliable.
Note that we need to adjust some numbers in RelatedPacketDelegate.
Change-Id: I289e963b6f00338c4374e602fa3fc83d04554519
Ping-Bug: 11515
Ping-Bug: 10924
Reviewed-on: https://code.wireshark.org/review/10628
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Use Qt's standard pixmaps to build our media playback, stop, and pause
icons. Note that we probably don't want to do this for all of the
available standard pixmaps.
Change-Id: I78541a46a65583d7365cd601c578ebe8f197c060
Reviewed-on: https://code.wireshark.org/review/10609
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Otherwise a 8-bit SMS-PP Data Download could be interpreted as requiring SMS packing
Change-Id: I50b5e59194acc3d69d0e247fc909d3f96207094a
Reviewed-on: https://code.wireshark.org/review/10610
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
are registered.
Change-Id: I06f10d96916640cb9a782cae87898a5dd6c9c6e3
Reviewed-on: https://code.wireshark.org/review/10601
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
169756 header fields are currently registered. Including the 5k expert info
field pre-allocation this gives us about 5k unused entries (until we should
increase this number again).
Change-Id: Id8ea979cbe9e80756c12b5b73e816bbe3e9856ad
Reviewed-on: https://code.wireshark.org/review/10599
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
SPDOs code the 0x04 bit differently, as it is not part
of the message type, but rather a flag for connection validation
I do not want to introduce a second message type, as this would break
compatibility with existing stored filters, also adding the bitmask
to the hf field, would alter the byte value, as it would shift
the value to the right.
Change-Id: I6b70bec29a55dfb556652d9dc940a896b864943b
Reviewed-on: https://code.wireshark.org/review/10595
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a check to PercentBarDelegate to see if the caller set text for this
item or did not set a valid double value. If either case is true, just
draw the item normally and return.
Change-Id: I028ee15d54f06f2cb16c6e5f1ef73c47b2886ccd
Reviewed-on: https://code.wireshark.org/review/10600
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Features such as sorting and scroll bar colorization require
fully-dissected packets. We currently do dissection at the wrong time --
*after* the user clicks on a packet list column header or moves the
scrollbar.
Add a timer + slot that dissects packets when the UI is idle so that our
packets are at least partially dissected when we need them.
Change-Id: I024c590af2250d67404a520f118e46ec0c49cd71
Reviewed-on: https://code.wireshark.org/review/10593
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
This reverts commit d1fcb7dd34.
Warning the user multiple times about an invalid ssl.keylog_file every
time a SSL stream is encountered is an annoyance (in tshark), but
crashing in GTK+/Qt during live captures is even worse.
Disable the warning for now. Maybe detect it once at startup? That would
not cover removed files though.
Bug: 11488
Change-Id: I56b2eba1df0cff2309584a745b55ada238999fc4
Reviewed-on: https://code.wireshark.org/review/9687
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
TLS can be tunnelled over other protocols (e.g. TLS over EAP
over 802.1x), which are neither TCP nor UDP. In this case,
we would assume DTLS, which is typically wrong. Assume TLS
instead.
Change-Id: I45d70789f7fa793861297fc2e7a5f2be311bbbb1
Reviewed-on: https://code.wireshark.org/review/10416
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Its time has finally come.
Technically I just renamed it to proto_tree_add_text_internal and removed the WS_DLL_PUBLIC (so it shouldn't link outside of epan). It's still (legitimately) used by expert.c otherwise I would have made it static within proto.c (and the rename wouldn't have been necessary).
Change-Id: I9bdf888d5e92bc7b70a3f5461b9297a66d994b80
Reviewed-on: https://code.wireshark.org/review/10594
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
The existing code parsed the callback program number from
a packet and then registered the callback program number.
But since the RPC dissector checks for valid and known
program numbers, it never parses it out.
Anyway, NFS4_CALLBACK is a well known number - use it!
Change-Id: Ia812359102bf6620e3b83109eb918032155cd8d3
Signed-off-by: Tom Haynes <loghyr@primarydata.com>
Reviewed-on: https://code.wireshark.org/review/10558
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Passing a null pointer probably means there's really something else
wrong at a higher level. If we could arrange that the DISSECTOR_ASSERT
macros do something useful when *not* executed during a dissection, that
would work.
Change-Id: I2605d1e1f97d35370736852aaf29eeaf2c560279
Reviewed-on: https://code.wireshark.org/review/10592
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It returns a null pointer if you do.
Change-Id: I3bc934a576dba261d1e71767978e3789a892e728
Reviewed-on: https://code.wireshark.org/review/10590
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The intent here is to remove proto_tree_add_text from packet-csn1.c, but the macros setup means A LOT more hf fields needs to be created.
Many of those new hf fields were created with a perl script
Bug: 11504
Change-Id: If12c7677185f18a7f684fd3746397be92b56b36d
Reviewed-on: https://code.wireshark.org/review/10391
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
We call cf_cb_file_rescan_{started,finished} in rescan_file. Do the same
in rescan_packets. In the Qt UI this ensures that flushVisibleRows gets
called so that packet_list_select_row_from_data works as expected.
Change-Id: I425b7beb0f97a7d5b84c979fca65b877673b4722
Reviewed-on: https://code.wireshark.org/review/10569
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
TCPROS is a transport layer for ROS Messages and Services.
It uses standard TCP/IP sockets for transporting message data.
Inbound connections are received via a TCP Server Socket with a header containing message data type and routing information.
For more information, see: http://wiki.ros.org/ROS/TCPROS
Bug: 11404
Change-Id: If8810dbb2cb6d6522eb035fd0fa1cf49933bad3d
Reviewed-on: https://code.wireshark.org/review/9807
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
- Added support for Delegated Mobile Network Prefix as
defined in RFC 7148.
- Corrected the issue where GRE Key option with no key
was not displayed properly.
- Also added append-text for the HNP option to also
display the HNP value.
Change-Id: I42a4bc1627e9e764f10d96aa3988c1f430f00ceb
Reviewed-on: https://code.wireshark.org/review/10565
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add the ability to identify an instance of the dissector table to be modified by 'Decode As' thanks to pinfo->curr_layer_num
For now only IPv6 makes use of it but it could be extended to any other protocol
Also get rid of ipv6.nxt protocol: it is not required for 'Decode As' functionality and was colliding with ipv6.nxt field
Change-Id: I3c7403c77328ad7170e13af028d178f962a2b508
Reviewed-on: https://code.wireshark.org/review/10552
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
A little usability improvement: Warn user on connection and channel
errors and when a message is undeliverable.
Change-Id: I6106a63472b1fb5cbbabcf82a90af0f489030458
Reviewed-on: https://code.wireshark.org/review/10573
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The "old" method of populating the INFO column was to dissect all fields of a function/subfunction, then do a search in the tree to find the hf_ values of interest to then format into something for the INFO column. This is very expensive and requires "low level" APIs (for tree manipulation) which really shouldn't be used in a dissector.
The "new" method populates the INFO column at the same time a field is parsed, so nothing has to be revisited.
There are still expert infos (and possibly column APIs) under if (tree)s, but with the FAKE_TREE_IS_VISIBLE "hacks" removed, there should be less fear in removing the tree checks.
Change-Id: I847827395fc28704f468df8bc8b47b297dde8479
Reviewed-on: https://code.wireshark.org/review/10572
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Including:
1. Using ENC_BIG_ENDIAN and ENC_LITTLE_ENDIAN instead of self made macros
2. Creating an "expert info hook" so that fields can be parsed "in real time" and added as expert info instead of searching by field name and manually getting values. Most of the expert info is still under if (tree)s, but this is another step closer to removing all of the "manual labor" done that requires "special handling" of all tree functionality. Once the "manual labor" is removed, this dissector can behave like every other dissector and the if (tree)s can be removed with more abandon.
Change-Id: If2c6a4c723e12e070e68d6df2d492d4b5ac35123
Reviewed-on: https://code.wireshark.org/review/10555
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It makes more sense (not trying to decode UDP/TCP ports as HTTP) and is consistent across dissectors tables (while currently we have an empty field for tables other than UDP/TCP)
Change-Id: I794529f0f46b4197437a1d258f808991ae2338ad
Reviewed-on: https://code.wireshark.org/review/10571
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Connect itemSelectionChanged to header label updates instead of
currentItemChanged, which seems to be more reliable.
Change-Id: I29f8f2144ad6584e0612d43ec3aac5b258f08ebd
Reviewed-on: https://code.wireshark.org/review/10570
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The GTK+ update_progress_dlg() initially forces a UI update. Do so in
the Qt version as well.
Change-Id: I05d9e61a0d0e4e05af448039bbb81785ac00908c
Reviewed-on: https://code.wireshark.org/review/10568
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Otherwise you end up with a 'End of capture exceeded' popup when calling rescan_packets() with only a few packets in the capture
Change-Id: Idb387ce95f1d22b934e735c350ea0c117763d89a
Reviewed-on: https://code.wireshark.org/review/10567
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Setting a zero port still allows it for selection in the UAT dialog
while not breaking HTTPS dissection.
(In theory the UAT setting would work. In practice it would still call
ssl_dissector_add and take over the SSL registration for all tcp/443
traffic. On removal with ssl_dissector_remove, the HTTPS port is not
added back again until a restart (or until the HTTPS ports list is
changed from the default) because the spdy registration overwrites the
HTTP one...)
Also note that NPN detection for SPDY is not implemented, only ALPN
detection is supported.
Bug: 10984
Change-Id: I6e84aa6408abf40bb860abee4845731ce55ce254
Reviewed-on: https://code.wireshark.org/review/10517
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
If an RTP payload spans more than two packets, the dissector needs to
save the previous fragment info.
Bug: 11413
Change-Id: I62558f40136881d70bf2a9597eabd3697966ac4a
Reviewed-on: https://code.wireshark.org/review/9875
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Alexis La Goutte