In the fast-path "no options" case for writing an Enhanced Packet Block,
just copy the block total length to the buffer, don't put it into the
buffer in little-endian byte order. If we're running on a big-endian
machine, and thus *should* be writing out multi-byte integral block
fields in big-endian byte order, that'll write out a corrupt pcapng
file.
Bug: 13802
Change-Id: I33958e3fc1d205ca6df3ef4057d92b461831c50e
Reviewed-on: https://code.wireshark.org/review/22753
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
That way, if you have an older version, we fail at configure time, with
what should be a message indicating that your c-ares is too old, rather
than at compile time, with what might provoke users to ask "what am I
doing wrong?" or "what do I need to fix?" or "why is my compile
failing?" or....
Change-Id: I911574c4d90174b6bd074c5ef537557d47b199dc
Reviewed-on: https://code.wireshark.org/review/22752
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Version 1.5 was released on 21-nov-2007. RHEL, Suse, etc supported versions
are all above c-ares v1.5.
We don't bother testing for it at build time for now, because it's non-trivial
(times two build systems).
Change-Id: I9253256d8d905da0c75d80b2b0fa4527df2b1420
Reviewed-on: https://code.wireshark.org/review/22741
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add tfs_open_closed to general tfs collection (tfs.[ch])
Change-Id: I79b22b591128c33084489880842e19e9a0d80560
Reviewed-on: https://code.wireshark.org/review/22730
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
"Missing newline after '}'" suggests either that the "}" is the line
character in the file or that it's followed by a character other than a
newline. What it actually appears to mean is "you didn't put a blank
line between one author entry and the next author entry".
Change-Id: Ic0e4dd02f04680ab84fbfcf1183c911d049ee2d2
Reviewed-on: https://code.wireshark.org/review/22746
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Get rid of the error:
Missing newline after '}', found: Ben Stewart <bst[AT]google.com> {
Change-Id: Ic8c83c23e5215032a9e06d4ad089be85f7b98b0d
Reviewed-on: https://code.wireshark.org/review/22744
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Removed get_ipxnet_addr(), get_ether_addr(). If this feature is desired at
a minimum it should use an efficent data structure (and no disk-based
lookups mid-dissection).
Change-Id: Ie72449c631f21f4a3d82ec435bb5e1d7892f122c
Reviewed-on: https://code.wireshark.org/review/22729
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
See ftp://dicom.nema.org/MEDICAL/dicom/2016a/output/chtml/part07/sect_D.3.3.7.html
Bug: 13875
Change-Id: If5b55ef45b1dd7115a2eaf4a3d1a02bc2b1a5b93
Reviewed-on: https://code.wireshark.org/review/22714
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Escape shell command quotes so that what appears to be "unquoted_legacy"
behavior doesn't kick in.
Ping-Bug: 12305
Change-Id: I4763df2fbc58b80d6e4e3ec15f78c16fa1cf3853
Reviewed-on: https://code.wireshark.org/review/22732
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
proto_tree_add_bitmask_with_flags().
Change-Id: If8e9f9956543f253f4f59d8204c9536f444dbcd5
Reviewed-on: https://code.wireshark.org/review/22728
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
To make translation updates less noisy.
Change-Id: I3efee819ea10bb326862e0f818bfd3cd7eff48e3
Reviewed-on: https://code.wireshark.org/review/22654
Reviewed-by: João Valverde <j@v6e.pt>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Note that this is only done if sufficient bytes are captured from the
handshake packet to include the initial sequence number field.
Change-Id: Ie92ec2ccaa5021c07c8666d6fdc46613d24d0da1
Reviewed-on: https://code.wireshark.org/review/22573
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Using just client or server as a direction is a source of confusion so made a more
discriptive item
Change-Id: I8675aba555b04f6ae8848cf9e1c720eb4b44b553
Reviewed-on: https://code.wireshark.org/review/22628
Reviewed-by: Anders Broman <a.broman58@gmail.com>
RFC 7710 (https://tools.ietf.org/html/rfc7710#section-2.3) defines
option 37 Captive Portal URI for Router Advertisments.
Change-Id: I257412ef1cf22d47018974cd0ef9000b748d01ac
Reviewed-on: https://code.wireshark.org/review/22703
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
From the AVRCP 1.6.1 spec, page 76, the "Player ID" is two octets.
Also, the Play Status field comes before the Feature Bit Mask.
Change-Id: Ifd0ad82650d395395b16f9441f02b8835befa360
Reviewed-on: https://code.wireshark.org/review/22709
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I8972a9a9efef31ab77571f333fb040569fb7de9a
Reviewed-on: https://code.wireshark.org/review/22622
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The length value includes the Type and Length fields. Therefore the
length of the Data field is two bytes smaller.
Change-Id: I93878a016ace083f4e766bee6e16e301d6903967
Reviewed-on: https://code.wireshark.org/review/22702
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
We can do so easily because the format is so simple. This makes it
more convenient for a user to hand-edit a dictionary in the personal
config folder. We still use tabs in the system file for a small space
gain.
Also add a brief description of the format as a comment.
Change-Id: If3f741bff16f1f42c8ef07d643dc6463caaad1a5
Reviewed-on: https://code.wireshark.org/review/22678
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Alarm Code now correctly displayed as a byte
Missing ZCL status codes from ZCL 6 and ZCL 7 have been added
Input and Output Cluster Lists now displayed in hex as they are everywhere else
The term Device is no longer used, instead Nwk Addr and Address are used as applicable
Change-Id: I552f4b64974bf44088a1c8f90d44e5459a0f81a6
Reviewed-on: https://code.wireshark.org/review/22683
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Undo most of the changes, but turn the return at the end of the default
case into a break.
Change-Id: I022b62a85254ff188f19fd3d7c3fe40b0789b3d2
Reviewed-on: https://code.wireshark.org/review/22695
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This reverts commit 74a2ae4aba.
No, that's just Coverity not understanding macros *again*, and thinking a particular expanded instance of a macro is the result of some human being silly rather than of the arguments being such that some computations can be elided at compile time.
Change-Id: I40f2ad8bf018b0df02d90ed0e272505be68dae7e
Reviewed-on: https://code.wireshark.org/review/22693
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I518335dc317ac5fb3c1339686579ff44b73c2546
Reviewed-on: https://code.wireshark.org/review/22675
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
When Expert preference UAT was promoted to main preference tree
the entry for Filter Buttons was moved and the code for handling
prefs_pane_to_item_ was wrong.
This should be rewritten to a bulletproof solution.
Change-Id: I1d98aa75da7107ac2e50b29ff19c52dc516053a6
Fixes: v2.5.0rc0-386-gd4d30faeb8
Reviewed-on: https://code.wireshark.org/review/22676
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The default case ends with return, so the pointer won't be null by the
time out exit the case statement - either a non-default case is
processed and tag_ptr hasn't been set to null, or the default case is
processed and you return before getting there.
That also means we don't need to set tag_ptr to null in that case.
Fixes CIDs 1415436.
Change-Id: I21ada7a308d888b4cbb8557197a2e30bda118f44
Reviewed-on: https://code.wireshark.org/review/22691
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Convert it to a 4-byte value and byte-swap *that*.
Fixes CID 1415438.
Change-Id: I5cf0b5905f5dd2086c5d8ed6b13b1921bdb69a84
Reviewed-on: https://code.wireshark.org/review/22689
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The default case ends with return, so the pointer won't be null by the
time out exit the case statement - either a non-default case is
processed and tag_ptr hasn't been set to null, or the default case is
processed and you return before getting there.
That also means we don't need to set tag_ptr to null in that case.
Fixes CID 1415439.
Change-Id: Id2609c0828561c560820f9cb5e6b5a0ae614aead
Reviewed-on: https://code.wireshark.org/review/22686
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The array of headers has MAX_ERF_EHDR entries, and the additional
entries are appended after the first entry, so that leaves room for at
most MAX_ERF_EHDR - 1.
Fixes CID 1415440.
Change-Id: Iaa2c3577bbff429bcc1301e4cfdf1961f067be93
Reviewed-on: https://code.wireshark.org/review/22684
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We require Qt5 at configure time on macOS, so we no longer need to
exclude Qt4 + macOS in the code.
Change-Id: I9e233f963526b0051bd846d171105c1d33d1c4cc
Reviewed-on: https://code.wireshark.org/review/22677
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
A packet time stamp is an nstime_t, and the seconds part of an nstime_t
is a time_t.
Change-Id: Id2452ceb2f33f43e4a040436d7b3ea1a5c4a0be3
Reviewed-on: https://code.wireshark.org/review/22673
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I61feeae7d20ad67ecb86fc53708f04e051fd88c7
Reviewed-on: https://code.wireshark.org/review/22655
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fixes the following warning in Perl 5.26:
Unescaped left brace in regex is deprecated here (and will be fatal in Perl 5.30), passed through in regex; marked by <-- HERE in m/(.*){ <-- HERE / at doc/make-authors-short.pl line 36.
While at it, fix formatting of the AUTHORS-SHORT file, a newline must be
present after "}" or the file will be mis-parsed.
Change-Id: I76bc1a30714dafd703342d2d430dc1c90cf2bf82
Reviewed-on: https://code.wireshark.org/review/22637
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Guy Harris