The tap_sequence_analysis was adapted to store the protocol of each
frame. Therefore a new variable was introduced. In case of an ICMP or
ICMPv6 packet, the ICMP message type and code is retrieved. The adapted
ICMP and ICMPv6 dissector stores both values in packet info (see [1]).
In case of ICMP and ICMPv6 packets, the source and destination port is
not set or 0, respectively. Compared to that, the NetFlow service export
protocol [2] codes the ICMP message type and code into the port numbers.
The source port is zero while the destination is defined as: destination
port = ICMP type * 256 + ICMP code. This definition was implemented for
the ICMP and ICMPv6 packets.
References
[1] https://code.wireshark.org/review/10097
[2] http://www.ietf.org/rfc/rfc3954.txt
Change-Id: I07518e360975682a3f45e80cb24f82f58cfb15f0
Reviewed-on: https://code.wireshark.org/review/10098
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Found also by Coverity (CID 1316607)
Change-Id: Ib6a4437fd24b51a8aa87d4bcdb5ee2a1dc43dae3
Reviewed-on: https://code.wireshark.org/review/10124
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
When fields have changed the compiled display filter may be invalid
or need a recompile to be valid.
Filters which are not valid after a recompile is set to a filter
matching no packets (frame.number == 0) to indicate that this does
no longer match anything. We should probably have a better filter
matching no packet for this purpose.
Change-Id: Id27efa9f46e77e20df50d7366f26d5cada186f93
Reviewed-on: https://code.wireshark.org/review/10123
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Add a test suite for mergecap (and indirectly capinfos I guess).
This is not exhaustive, but it's a start.
Change-Id: I9442b4c32e31a74b1673961ad6ab50821441de3e
Reviewed-on: https://code.wireshark.org/review/10082
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add more information about the capture file, and about the interface
descriptions in it. Also remove long-unused g_options code.
Change-Id: I93cbd70fc7b09ec1b8b2fd6c85bb885c7f749543
Reviewed-on: https://code.wireshark.org/review/10073
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Also use TEST-NET-1 for IPv4 examples.
Replaced note using comma with parentheses
Change-Id: I9855207aec7a335b80986aa63bd235edc4278d3a
Reviewed-on: https://code.wireshark.org/review/10061
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Add the UDP multicast stream dialog. Abuse TapParameterDialog a bit more
so that we can edit parameters.
Remove some unused struct members and an unused function.
Change-Id: I962c70344e792f0959527e4bcba8a20bd7e8acf9
Reviewed-on: https://code.wireshark.org/review/10084
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Move an include guard to match our conventions (and make it easier
to spot).
Change-Id: I4bad61a0194219f69217713d051e0ff53ff5a76a
Reviewed-on: https://code.wireshark.org/review/10110
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use common code for all time stamps, so it's handled the same for the
Packet Block, Enhanced Packet Block, and Interface Statistics Block.
Show the high and low parts of the time stamp as fields; file dissectors
should show the raw file details. Mark the calculated time stamp as
generated, as it's not the raw file data.
Get the 64-bit time stamp by shifting the high part left 32 bits and
ORing in the low part; no need to play games with unions and byte order
Change-Id: I19b2c3227a3ca1e93ec653f279136aa18687581f
Reviewed-on: https://code.wireshark.org/review/10116
Reviewed-by: Guy Harris <guy@alum.mit.edu>
"secs" in an nstime_t is a time_t; cast the calculated seconds portion
to time_t.
Change-Id: Ieaad4c18bb21384a5781f50eadd3a537b414a369
Reviewed-on: https://code.wireshark.org/review/10113
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Widgets using prefs must be closed because the prefs may have
been free'd when reloading Lua plugins.
Change-Id: I4b79b7aff18d7923c77a9eb05acadc29b156edbf
Reviewed-on: https://code.wireshark.org/review/10108
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Refactor the file merging code by removing the duplicate logic from mergecap.c
and file.c's cf_merge_files(), into a new merge_files() function in merge.c.
Also the following user-visible changes:
* Removed the '-T' encap type option from mergecap, as it's illogical for
mergecap and would complicate common merge code.
* Input files with IDBs of different name, speed, tsprecision, etc., will produce
an output PCAPNG file with separate IDBs, even if their encap types are the same.
* Added a '-I' IDB merge mode option for mergecap, to control how IDBs are merged.
* Changed Wireshark's drag-and-drop merging to use PCAPNG instead of PCAP.
Bug: 8795
Bug: 7381
Change-Id: Icc30d217e093d6f40114422204afd2e332834f71
Reviewed-on: https://code.wireshark.org/review/10058
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Found compiling with gcc version 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04).
Change-Id: I21bd3a5ab3365f0065c919aba7d6bd00b878d041
Reviewed-on: https://code.wireshark.org/review/10105
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Show next layers of each packet.
Change-Id: I8c56eab969fef9a0a712b479dc2cdef6cc1578ae
Reviewed-on: https://code.wireshark.org/review/221
Reviewed-by: Anders Broman <a.broman58@gmail.com>
They have educational values and can be used to debugging some issues.
Now Wireshark can open three files (BTSNOOP, PCAP, PCAPNG)
in two modes: Capture (Traditional) and File-Format.
Change-Id: I833b2464d11864f170923dc989a1925d3d217943
Reviewed-on: https://code.wireshark.org/review/10089
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It works similar to tcp_dissect_pdus, but only works on a single packet. Intended for protocols that go over TCP and UDP so that they can have a common dissection function.
Will of course, also work on UDP-only protocols with a fixed length header and size.
Used DNP3 as a guinea pig since "multiple PDU support" over UDP was just added.
Change-Id: Ib7af8eaf7102c96b4f8b5c1b891ae2d8f0886f9d
Reviewed-on: https://code.wireshark.org/review/10083
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
+18 ATT attributes to be implemented (IPS 1.0 - 19 May 2015, etc.)
Change-Id: Ib30ea20fe9b32a4be842f01ad5b8e8ee081a14ff
Reviewed-on: https://code.wireshark.org/review/10095
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add 14 attributes (not as easy as the previous),
there are still 19 + 3 (no idea for now [Valid Range, Report, IEEE 11073-20601
Regulatory Certification Data List]) attributes to be implemented (soon).
Change-Id: Iee5cde4673b62f93084923a592b11824c0683605
Reviewed-on: https://code.wireshark.org/review/10094
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
QString.toUtf8() returns a QByteArray object and .constData() returns
a pointer inside that object. It is not safe to store this pointer as
it will become invalid after the statement.
Change-Id: I8f54ede75577719008835038934e935cd5feba3f
Reviewed-on: https://code.wireshark.org/review/10067
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix build error:
ui/qt/packet_list_model.cpp:270:5: error: 'sort' is not a member of 'std'
std::sort(visible_rows_.begin(), visible_rows_.end(), recordLessThan);
Change-Id: I3a577a268f6c12e8fd97b7b6fd2429989c28e2f5
Reviewed-on: https://code.wireshark.org/review/10092
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
I hope it is quite right solution.
Change-Id: Ia9c883a832ddd03985eda37a9b344c4d7c8135e2
Reviewed-on: https://code.wireshark.org/review/10091
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
* use the offset variable to keep track of where we are,
remove the position variable
(previously, offset remained 0 all the time...)
* use proto_tree_add_item()
* highlight the correct bytes for each field
* define a block type and block length instead of
naming these fields differently for each block
* indent by 4 spaces
Change-Id: Ie0995e5fe6364605fd30020f171e51458844fa59
Reviewed-on: https://code.wireshark.org/review/10080
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Change-Id: I32fdf085ef484d147d9f0b27c56efba41bb827bf
Reviewed-on: https://code.wireshark.org/review/10086
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It was in the list of packages but not in the final command line.
Change-Id: I361e660cc4ac91121314a3f8a7388b48fb2c61b7
Reviewed-on: https://code.wireshark.org/review/10081
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Make sure we run make-tap-reg.py on files that register tap
listeners. Make sure Qt-specific registration routines start with
register_tap_listener_qt_.
Change-Id: Idca382180f475db71e4d1965a70ae4cc2fa4f9d5
Reviewed-on: https://code.wireshark.org/review/10074
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
leaving the parsing loop should be enough in this case...
Change-Id: Ic250961aeb4d3cfcd74ee8caacb59657c32444de
Reviewed-on: https://code.wireshark.org/review/10078
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>