Add dissection of Metro Ethernet Forum specification of Implementation
Agreement for the Emulation of PDH Circuits over Metro Ethernet
Networks [MEF 8]. This includes the introduction of a RTP shim header
dissection function, as is not uncommon in PW and CES services.
Signed-off-by: Jaap Keuter <jaap.keuter@aimvalley.nl>
Change-Id: I6de81007ce11793cd5352fadadd80d3f6f45ae0d
Reviewed-on: https://code.wireshark.org/review/31239
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Update the images and descriptions for the packet list, column header
popup, packet list popup, and packet detail popups.
Add images and descriptions for the byte view popup.
Use title case in more places.
Change-Id: Icf3af426c97c6e7cf97dee377c20039b7b8791ce
Reviewed-on: https://code.wireshark.org/review/31271
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Lua internally uses ANSI C APIs (such as fopen). On many systems (macOS
and Linux for example) these work fine with UTF-8. Windows however
requires special Unicode APIs (such as _wfopen), so patch the Lua
library to interpret paths are UTF-8 and call appropriate Unicode APIs.
Changes compared to the previous LuaBinaries zip archive:
- Patched with UTF-8 support for loadfile, os.execute, etc.
- Built with VS 2015 (VCRUNTIME140.dll) instead of MinGW (MSVCRT.dll).
- Includes PDB file for lua52.dll
- Includes lua52.exe and luac52.exe with UTF-8 argv support (wmain).
- Includes build scripts, source files and README.md.
- Extra subdirectory named after the zip file.
These zip files are taken from https://github.com/Lekensteyn/lua-unicode
(the "prepared" source zips can be found here as well.)
Bug: 15118
Change-Id: I219f046d6e0fd5093287b5d6503a48ba7d1fc6a4
Reviewed-on: https://code.wireshark.org/review/31165
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
NISO Z39.50 is a protocol used by libraries and library vendors for information retrieval and catalog manipulation. It is defined using ASN.1 using BER encoding. It has an assigned TCP port of 210. This is an initial implementation.
Features:
- The Z39.50 standard OIDs are defined.
- The bib-1 attribute set is decoded.
- The bib-1 diagnostics are decoded.
- Some OCTET STRINGs which are nearly always printable ASCII are special-cased.
- The MARC (MAchine Readable Cataloging) format is decoded. Only the MARC21 variant is
currently handled, but this is one of the most common variants. The most common tags
are decoded. The MARC dissector is included in the Z39.50 dissector, but the code is
structured in such away that it could be pulled out.
Todo:
- Add information to the Wiki about Z39.50.
As part of this work, the definition of isdigit_string() was fixed to avoid const complaints.
Change-Id: I29a7db53375ef8be83738a1ab98707761d878717
Reviewed-on: https://code.wireshark.org/review/31209
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
No yet available at 100% (35,8%) but work in progress...
Change-Id: I3d0d861037abe5e5f2611f95ac27ad42c8d20c47
Reviewed-on: https://code.wireshark.org/review/31158
Reviewed-by: Anders Broman <a.broman58@gmail.com>
No yet available at 100% (57,05%) but work in progress...
Change-Id: I3fa95c49003aa6fd5183d24fe76b721520a44ba0
Reviewed-on: https://code.wireshark.org/review/31157
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Along with checking for exit code 3010 (reboot required), check for
other errors and show a warning as needed.
Add a note about the Universal CRT to the User's Guide.
Bug: 15358
Change-Id: Ia49dbdc66edc8ea68f957ec353f1115536002d13
Reviewed-on: https://code.wireshark.org/review/31100
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Dissector for Intelligent Transport System facility messages:
- Cooperative Awareness Message (CAM)
- Decentralized Environmental Notification Message (DENM)
- Infrastructure to Vehicle Information Message (IVIM)
- MAP (topology) Extended Message (MAPEM)
- Signal Phase And Timing Extended Message (SPATEM)
- Signal Request Extended Message (SREM)
- Signal request Status Extended Message (SSEM)
- Electric Vehicle Charging Spot Notification (EVCSN)
- Electric Vehicle - Recharging Spot Reservation (EVRSR)
- Tyre Information System (TIS) and Tyre Pressure Gauge (TPG) interoperability
Subdissectors:
- ITS version if ever the ITS PDU header is changed
- Version << 16 | MessageID to register new message dissectors
- RegionId << 16 | type to register regional extensions
AddGrpC regional additions already provided
TAP:
- its TAP with ItsPduHeader fields provided
Bug: 15148
Change-Id: I4c71d4dfa1d5d63cb57f61a4e1436a60a3482205
Reviewed-on: https://code.wireshark.org/review/31049
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Implements V2X protocol dissectors:
* Geonetworking (network layer):
Dissector is registered on top of Ethernet (ethertype=0x8947). Secured
Packets are dissected up to the basic header, the rest is shown as data.
GN_ADDR address type is registerd and provides resolution of station
type and country code in the address. MID is shown as an ethernet address.
All the fields are dissected for non Secured Packets.
A subdissector table named "geonw.ch.nh" is provided on the next header
field. IPv6 is automatically registered. Heuristic dissectors is not
supported. If no dissector is foundd, payload is shown as data.
A preference boolean allows to enable/disable sequence number checking.
Tap "geonw" gets headers of all packets (with most fields).
Expert info tests if and provide feedback on:
- version is zero (no other version possible),
- reserved fields are zeros,
- payload_len matching with reported length of buffer,
- Remaining Hop Limit is 1 for Beacon and SHB,
- low RHL or RHL > Max Hop Limit,
- country code is less than 999 (3 digits ITU-T E.164),
- latitude, longitude, heading and angle limits,
- (suspected) duplicate packets,
- LS_REQUEST/LS_REPLY matching.
* Basic Transport Portocol:
BTP-X (X=A or B) dissectors are registered on top of Geonetworking.
Subdissector tables "btpx.port" allow to register for a given port,
while heuristic dissector can register to "btpx.payload". Decode as
capability is supported.
"btpx" taps get headers of all packets with ports/@ infos.
"btpx_follow" taps get the payload.
Bug: 15148
Change-Id: Iab5f4486d4c38068d9ad4361e77296b747f9b1bb
Reviewed-on: https://code.wireshark.org/review/30992
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
New built-in dissector for PCOM protocol (ASCII and binary modes included)
Bug: 15315
Change-Id: Ie13da6bfd7fefefbc5bb5df3461c7fc18261df81
Reviewed-on: https://code.wireshark.org/review/30823
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add an "appimage" target that will create an AppImage package. Current
AppImage tools assume that you only have one executable, so add
a custom AppRun wrapper that will let you run our associated CLI
utilities via symlinks, e.g.
ln -s ./Wireshark-3.2.1-x86.appimage capinfos
./capinfos --help
Packaging requires both linuxdeployqt and appimagetool, although we
might be able to reduce this to just linuxdeployqt:
https://github.com/probonopd/linuxdeployqthttps://github.com/AppImage/AppImageKit
I haven't done much testing beyond running Wireshark and
capinfos. There are undoubtedly issues that need to be fixed.
Bug: 14464
Change-Id: Ic004ba1962e6a8630ebb017349d9b2c0462fd5fe
Reviewed-on: https://code.wireshark.org/review/30953
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Clean up the release notes in preparation for 2.9.0 and 3.0.
Change-Id: I7feb37846ce0b1c3caf248f616943b0f80cf60f3
Reviewed-on: https://code.wireshark.org/review/31012
Reviewed-by: Gerald Combs <gerald@wireshark.org>
1) The default build configuration is to select PCAPNG as
output format, but it can be selected as PCAP. Some of the
command line tools have the option to select the output
format and default towards the build configuration.
This has to be reflected in their help output also.
2) Various documentation files are still stating that PCAP is
the default format of various tools. With the default build
configuration being PCAPNG these have to be adjusted as well.
(with lack of dynamic content the documentation can only refer
to the default build configuration format).
Change-Id: I51d19642a7ed8c99817971c1f25d20972095021e
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30951
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
With the introduction of the ip command (from iproute2) on modern
Linux systems it becomes common to see this tool available,
gradually replacing tools like netstat and ifconfig.
Change-Id: I1fb309e741c07c93271b61a35c4833d36bcc5cb8
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30924
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The Supported Protocols list has move from Help to View.
Also everything is presented in one dialog now.
Change-Id: Ie6105741b1307a0de062a33e4f5e3f933cd14caa
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30845
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
More information on Apple's proprietary AWDL protocol can be found in
Milan Stute, David Kreitschmann, and Matthias Hollick. "One Billion Apples'
Secret Sauce: Recipe for the Apple Wireless Direct Link Ad hoc Protocol"
in ACM MobiCom '18. https://doi.org/10.1145/3241539.3241566
Bug: 15245
Change-Id: I5ce18125b3c957f338909e46f18e30405a3d3941
Reviewed-on: https://code.wireshark.org/review/30413
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Upcoming changes need GnuTLS >= 3.0.2. Require GnuTLS 3.2 (or newer) for
licensing reasons. The Debian control file still mentions 3.2.14 because
older packages linked with a GMP library that was not GPLv2+ compatible.
RHEL6 only has 2.12.23, but is already unsupported anyway.
Change-Id: I024b2a734ebb16b73a624bb2435c254e963d8b7d
Reviewed-on: https://code.wireshark.org/review/30832
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a script that disables all of our desegmentation and reassembly
preferences and use it to create a "No Reassembly" profile.
Change-Id: Icd0b72e9e271a511e637acde9018f3aae018e589
Reviewed-on: https://code.wireshark.org/review/30799
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Various parts of the text2pcap documentation need some fixing up.
This change brings them back in line and up to date with current
features.
Change-Id: I038cf5c4943d2a4bbcc3d0fbd8f5e111dcf0d0a9
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30754
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Try to describe the motivation of pytest fixtures and update the
examples. Add a missing build dependency in CMake while at it.
Change-Id: I5384a86f2191835b834285b81343a7ee56f88e79
Reviewed-on: https://code.wireshark.org/review/30632
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
A race condition exists with msbuild where building some targets
(generate_{developer,user}-guide.xml, {developer,user}_guide_pdf) will
result in parallel, repeated execution of the commands to copy 'ws.css'.
Synchronize those executions using a single target to avoid this.
Change-Id: Ie93d07e504bc18fa4e4e8aac5b611fba329ff188
Reviewed-on: https://code.wireshark.org/review/30553
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add the ability to rotate files after a specified number of packets (`-b
packets:NUM`). Move some condition checks to capture_loop_write_packet_cb.
Add `-a packets:NUM` in order to be consistent. It is functionally
equivalent to the `-c` flag.
Add a corresponding "packets" option to the Capture Interfaces dialog
Output tab.
Add initial tests for autostop and ringbuffer conditions.
Change-Id: I66eb968927ed287deb8edb96db96d7c73526c257
Reviewed-on: https://code.wireshark.org/review/30534
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Python 3 is widely available. All major Linux distributions support it.
RHEL is covered via EPEL (which is already required for cmake3). Drop
support for Python 2 in order to reduce maintenance costs. The main
motivation is being able to simplify the tests.
CMake is updated to search for Python >= 3.4 and will fail if
unavailable (generating dissectors.c requires Python, so it is quite an
important piece to have).
The documentation is updated to reflect the Python 3.7 paths used by
Chocolatey. Tested the git-review installation instructions in Windows 7
x64 without a previous Chocolatey installation.
macOS brew now installs Python 3 (its dependencies are already installed
by python@2 for libxml2). The macOS (non-brew variant) is updated to use
the official 64-bit installer to install Python 3.
Change-Id: I80b1e36957f338e0dad1bfcc173b6418682cddba
Reviewed-on: https://code.wireshark.org/review/30192
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
sshdump and ciscodump have been updated to use it.
Change-Id: I4e1e0d35f086d76c13264939bc4f14308cc88cfb
Reviewed-on: https://code.wireshark.org/review/30496
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When importing a file from hex dump, this change adds a way to
add a custom dummy header. It's an export_pdu header which uses
one single tag: the protocol name. This allows to call directly
a dissector without more dummy headers.
Example: it can be used to call the DNS dissector without fake
eth/ip/udp headers.
Change-Id: I12fd6d09a131acd9bd1f0d7c4c8aefcd0d718b26
Reviewed-on: https://code.wireshark.org/review/30403
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I5e9025545f9127d1c5c6200844f9b917af975998
Reviewed-on: https://code.wireshark.org/review/28844
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I1f828df1735bd10ef8849d208e10ea1339ba37e2
Reviewed-on: https://code.wireshark.org/review/26403
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
At least on my W10 machine, they shols up as "xxx Native Tools
Commmand Prompt for VS 2017", not "VS2017 xxx Native Tools Command
Prompt".
Change-Id: I55d7ad24df717cfce21f6abdaf97ed1972128e3c
Reviewed-on: https://code.wireshark.org/review/30215
Reviewed-by: Guy Harris <guy@alum.mit.edu>
More use of "UNIX-like" as the term for "macOS and Linux and *BSD and
Solaris and AIX and..." or, alternatively, for "not Windows".
Add Fedora as a Linux distribution for which packages are available.
Use "Windows" rather than "Win32" in more cases; "Win32" dates back to
the days when the big difference was between Boring Old 16-bit Windows
and modern shiny new 32-bit Windows, but the former is now dead and the
latter now supports both 32-bit and 64-bit machines and software. More
people have probably never heard "Win32" but are familiar with
"Windows".
*ALL* UNIX-like platforms support symlinks; Linux wasn't even the first
one, it just picked them up from the UN*Xes with which it was trying to
be compatible.
Change-Id: I254e74f0ed3c86b55d00f9e8d7b78d009b61fb5e
Reviewed-on: https://code.wireshark.org/review/30178
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We use VS 2017, not VS 2015, for 2.6.x and development builds.
Microsoft's documentation is moving from msdn.microsoft.com to
docs.microsoft.com.
The way you download pre-2017 versions of VS has changed.
Update links to the Android, GNOME, KDE and macOS human interface
guidelines while we're at it.
Change-Id: I1a3973f76aa5b476cb906b8a8604b82d6131e9c5
Reviewed-on: https://code.wireshark.org/review/30168
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add a new button to UAT frames to copy entries from another profile.
Change-Id: I9decb5ed5d67e97388ee7b22a15cacae4d5a3621
Reviewed-on: https://code.wireshark.org/review/30084
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Add an entry for the copy from profile feature for coloring rules,
IO graphs and protocol preference tables.
Change-Id: I79a191c1ec13e96fcb1b5fb04dd28c95dd034aca
Reviewed-on: https://code.wireshark.org/review/30070
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add 'v' option for VLAN ID resolving and get rid of
deprecated 'C' option.
Bug: 14826
Change-Id: I63104f4a465d251048693ad02882ea7eb2c4d926
Reviewed-on: https://code.wireshark.org/review/30029
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Switch the Capture Interfaces section to paragraphs and add one for
sdjournal.
Change-Id: I677a403bf2ea377214c6179f9f22facc9a4ff091
Reviewed-on: https://code.wireshark.org/review/29963
Reviewed-by: Gerald Combs <gerald@wireshark.org>
This reverts commit 5dd0c8daa5.
Reason for revert: As Guy pointed out, Oracle ships a recent version.
Change-Id: I9689dfd0656d95f7ae57ae86c2bea7d09afddc70
Reviewed-on: https://code.wireshark.org/review/29815
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Stop listing Solaris as a supported platform. I'm not sure if you can
compile Wireshark out of the box on it any more and the available binary
packages I can find are ancient.
Change-Id: I89afef01abe05986ce660327731c5504c6622ff7
Reviewed-on: https://code.wireshark.org/review/29764
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Rename the "ssl" protocol to "tls" and add an "ssl" alias. Prefer "TLS"
over "SSL" in user interface text and in the documentation.
Fix the test_tls_master_secret test while we're here.
Bug: 14922
Change-Id: Iab6ba2c7c4c0f8f6dd0f6d5d90fac5e9486612f8
Reviewed-on: https://code.wireshark.org/review/29649
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The "known bugs" list is rarely updated. Remove it and add more helpful
and up-to-date references.
Change-Id: I5aea57c66c6645b5c903ebcebcb1676af5204ce2
Reviewed-on: https://code.wireshark.org/review/29048
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The references read like
This table is handled by an Section 11.7, "User Table" with the
following fields.
which looked a little weird.
Change-Id: I4ae9af48e7edf75aa0c7708614f4a11696db9ee1
Reviewed-on: https://code.wireshark.org/review/29530
Reviewed-by: Guy Harris <guy@alum.mit.edu>
- It cannot support IPv6.
- Non-standard use (specifically recommended against in the RFCs)
of the IPv4 fragment ID field.
- Has a narrow and non-obvious use case, IMO.
- It is not supported in the Qt GUI.
- Significant maintenance burden for an obscure feature.
Change-Id: Icaf429269dc42f78c38b8d20001508132499faf8
Reviewed-on: https://code.wireshark.org/review/29239
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
The "debug" logging function overwrites the "debug" package which breaks
luacov: https://github.com/keplerproject/luacov/issues/55
Change-Id: I9b6025c060733198bfff8ea959444c09d6e08709
Reviewed-on: https://code.wireshark.org/review/29449
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Update docbook/wsug_src/*.txt using tools/update-tools-help.py. This
removes a lot of unwanted behavior that came with updating via a CMake
target.
Change-Id: I0a24f425e9673ef7bd074210d7047654c6755e79
Reviewed-on: https://code.wireshark.org/review/29416
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Remove 'Payload Length' from extcap toolbar control protocol because
this does not exist in the protocol.
Change-Id: I9eea7366d2992a7b7ac769f290c5d7e8e1090ce8
Reviewed-on: https://code.wireshark.org/review/29378
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Add support for aliasing one protocol name to another and for filtering
using aliased fields. Mark aliased fields as deprecated.
Rename the BOOTP dissector to DHCP and alias "bootp" to "dhcp". This
lets you use both "dhcp.type" and "bootp.type" as display filter fields
without having to duplicate all 500+ DHCP/BOOTP fields.
To do:
- Add checks to proto.c:check_valid_filter_name_or_fail?
- Transition SSL to TLS.
- Rename packet-bootp.c to packet-dhcp.c?
Change-Id: I29977859995e8347d80b8e83f1618db441b10279
Ping-Bug: 14922
Reviewed-on: https://code.wireshark.org/review/29327
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a file parser and dissector that can handle the output of
`journalctl -o export`. From here we can add a systemd journal extcap
and possibly support for the JSON and binary formats.
Change-Id: I01576959b2c347ce7ac9aa57cdb5c119c81d61e9
Reviewed-on: https://code.wireshark.org/review/29311
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change occurrences of GIT to Git. Fix a couple of URLs. Other changes.
Change-Id: I9eb69ee16f692c2bf71b62e7a2db4b762d9ab4bf
Reviewed-on: https://code.wireshark.org/review/29237
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Update the images and text to match the current main and display filter
toolbars.
Change-Id: I4d23a3ece35c3b9186b4fff170f6c391f4d157c9
Reviewed-on: https://code.wireshark.org/review/29234
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The Internals menu items were moved under the View menu a while back.
Fix an internals dialog title.
Change-Id: I78d61bf4f52bf9eb86cf7ff59fc036b9f7e846f5
Reviewed-on: https://code.wireshark.org/review/29228
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The version argument to --extcap-version is optional, and some versions
of getopt_long() require, for a flag whose argument is optional, that
the argument be supplied as --flag=value, not --flag value.
Change-Id: I5e34132d8bb729b845ac75ff94d6d548c1c35a3d
Reviewed-on: https://code.wireshark.org/review/28864
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Use our target name instead of $<TARGET_FILE:...> in a few places. As
Peter pointed out, CMake will do the desired substitution for us. Update
a comment.
Change-Id: I03bf98cc1bf4807213eb89e5e5b1f4e3c08c17be
Reviewed-on: https://code.wireshark.org/review/28836
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Change the dependencies of various wsug targets to update_tools_help
instead of the files it generates. Have the nsis_package_prep
and wix_package_prep targets depend on user_guide_chm instead of
update_tools_help. This should make parallel builds of all_guides,
wix_package_prep and possibly other targets more reliable.
Change-Id: I473f0e608aade1ac0053c03bef0942c69c650f65
Reviewed-on: https://code.wireshark.org/review/28838
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
oss-fuzz disables all targets except for fuzzshark, be sure to check for
tool availability or the cmake step will fail.
Change-Id: Ia873fdc1b548033ac61622f61299b5af7dfb41d9
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9533
Fixes: v2.9.0rc0-1251-gffbd3151b5 ("CMake: Fixup our tools help dependencies.")
Reviewed-on: https://code.wireshark.org/review/28832
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Generate help for dumpcap and rawshark only if PCAP_FOUND is true. Note
that we should generate all of the tools help conditionally.
Change-Id: I2145717dee8d8a1ac3d4fd328240f58dbdd07e6c
Reviewed-on: https://code.wireshark.org/review/28785
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Make sure each tools help target is generated by and depends on its
generating executable.
Change-Id: I716c0db23b297e2d2692b72a47259c40aa0c52fa
Reviewed-on: https://code.wireshark.org/review/28780
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Separate includes by blank lines as recommended in
https://asciidoctor.org/docs/user-manual/#include-directive.
Separate block attributes as well.
Change-Id: I933917a14eae6d1fe1879372917ab2208755f470
Reviewed-on: https://code.wireshark.org/review/28769
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Deprecate "disable_lua" in favor of "enable_lua". Configuration options
typically use "true" or a similar value to enable features. Using
"disable_lua = false" to enable Lua seems odd.
Change-Id: I224acad0559d409ea0a28b5555d1eb898564328c
Reviewed-on: https://code.wireshark.org/review/28773
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Hide the Compare option, reorder the chapters to match the current Qt
order and move the Wireless menu to a new chapter.
Change-Id: I7f0eeb45f4894f66a9c91d62d7d43db775f469e5
Reviewed-on: https://code.wireshark.org/review/28761
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Some issues in the developer doc have been corrected
Change-Id: I0d60e9080ef582dafa12607fb5ea43a8ae5d2d0f
Reviewed-on: https://code.wireshark.org/review/28727
Reviewed-by: Roland Knall <rknall@gmail.com>
Move the information from README.extcap into docbook.
Change-Id: Ic6504787750d04fe6c66479896cba8d6148d804d
Reviewed-on: https://code.wireshark.org/review/28690
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
1. Use proto_tree_add_bitmask for the flags example
2. GLib download link was dead
3. Remove old frontend information. I can't find any download for
hethereal, and Packetyzer is so old that it's not useful for any current
developers.
Change-Id: Ifa0a7363fccb95fb2ef315d84fbbcf7414ae6a6d
Reviewed-on: https://code.wireshark.org/review/28632
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
On Ubuntu trusty, Asciidoctor 1.4 is installed. This does not satisfy
the minimum version requirement (1.5) and should not be used even if the
binary is available.
Change-Id: Iaffd55a5bcb26510b4b59f209768a61c3116d32f
Fixes: v2.5.1rc0-76-g94a0f7c641 ("Switch from AsciiDoc to Asciidoctor.")
Reviewed-on: https://code.wireshark.org/review/28576
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Currently out-of-order segments will result in cutting a stream into
two pieces while the out-of-order segment itself is ignored. For
example, a stream of segments "ABDCE" is interpreted as "AB", "DE" with
"C" ignored. This behavior breaks TLS decryption or prevent application
layer PDUs (such as HTTP requests/responses) from being reconstructed.
To fix this, buffer segments when a gap is detected.
The proposed approach extends the "multi-segment PDU" (MSP) mechanism
which is normally used for linking multiple, sequential TCP segments
into a single PDU. When a gap is detected between segments, it is
assumed that the segments within this gap are out-of-order and will be
received (or retransmitted) later.
The current implementation has a limitation though, if multiple gaps
exist, then the subdissector will only be called when all gaps are
filled (the subdissector will receive segments later than necessary).
For example with "ACEBD", "ABC" can already be processed after "B" is
received (with "E" still buffered), but due to how MSP are extended, it
must receive "D" too before it reassembles "ABCDE". In practice this
could mean that the request/response times between HTTP requests and
responses are slightly off, but at least the stream is correct now.
(These limitations are documented in the User's Guide.)
As the feature fails at least the 802.11 decryption test where packets
are missing (instead of OoO), hide this feature behind a preference.
Tested with captures containing out-of-order TCP segments from the
linked bug reports, comparing the effect of toggling the preference on
the summary output of tshark, the verbose output (-V) and the two-pass
output (-2 or -2V). Captures marked with "ok" just needed "simple"
out-of-order handling. Captures marked with "ok2" additionally required
the reassembly API change to set the correct reassembled length.
This change does "regress" on bug 10289 though when the preference is
enabled as retransmitted single-segment PDUs are now passed to
subdissectors. I added a TODO comment for this unrelated cosmetic issue.
Bug: 3389 # capture 2907 (HTTP) ok
Bug: 4727 # capture 4590 (HTTP) ok
Bug: 9461 # capture 12130 (TLS/HTTP/RPC-over-HTTP +key 12131) ok
Bug: 12006 # capture 14236 (HTTP) ok2; capture 15261 (HTTP) ok
Bug: 13517 # capture 15370 (HTTP) ok; capture 16059 (MQ) ok
Bug: 13754 # capture 15593 (MySQL) ok2
Bug: 14649 # capture 16305 (WebSocket) ok
Change-Id: If3938c5c1c96db8f7f50e39ea779f623ce657d56
Reviewed-on: https://code.wireshark.org/review/27943
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We still need the "length == 2" behavior.
This reverts commit 622b17a475.
Change-Id: Id3b7ed9231f3fefeeac5fb910b792139c4844ec8
Reviewed-on: https://code.wireshark.org/review/28484
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The output for this case is achieved by the following one.
Change-Id: I585aba39ebb67d65a8f5159217ea8a85ad13e49c
Reviewed-on: https://code.wireshark.org/review/28421
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This fixes the guides compilation error:
ninja: error: '../docbook/developer-guide.pdf', needed by 'docbook/CMakeFiles/developer_guide_pdf', missing and no known rule to make it
Change-Id: I58c45da34e60b950f5560716372377962a84e42e
Reviewed-on: https://code.wireshark.org/review/28393
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Previously, before the AsciiDoc conversion, the Users' and
Developers' Guide used to carry version information on the
title page. This seems to have been dropped, for reasons
unknown to me.
At least AsciiDoctor allows to add a subtitle, so the
wireshark-version attribute can be expanded into it.
Change-Id: Ib0a90393aff1a323b7026c49e2aa11f5115b3ec7
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/28330
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The Qt UI's main module started out as ui/qt/main.cpp but was moved to
the top-level directory in order to appease Autotools. We don't need to
do that any more, so move it back.
Change-Id: Ic5bc0ed5b754e36cc2b9e682f2ca097781233dfd
Reviewed-on: https://code.wireshark.org/review/28090
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
With MATE being an integral part of Wireshark for a long time now and its
documentation being part of the Wiki for a while it is time to move it
into the Wireshark Users Guide.
All credits go to Luis Ontanon for creating MATE and the Wiki pages,
the various contributors to those pages and especially Pavel Sindelka for
the creation of the graphics.
This change merely incorporates the contents of the Wiki pages into an
asciidoc file for processing into documentation output. It is in no way a
claim to knowledge of or deep insight in the workings of MATE on my part.
Change-Id: Id9c60fd3ba4a52aafb988370ea7d658907970ccd
Reviewed-on: https://code.wireshark.org/review/27894
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
AsciiDoc allows dashes in macro names but not underscores. Current
versions of AsciiDoctor allow the inverse. Remove underscores to allow
for easier copying and pasting.
Remove asciidoc.conf while we're here. It's no longer used.
Change-Id: I32d8a4ec695b9e17a80ac720ee9faf62dbb362d3
Reviewed-on: https://code.wireshark.org/review/27787
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
DoIP is a vehicle bus protocol. It is carried by TCP or UDP and may include an UDS payload.
Change-Id: I1459c51fd710da8e2aaff0056bbf3f6e42c1b25e
Reviewed-on: https://code.wireshark.org/review/27448
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add back the capture info dialog. Draw sparklines for each protocol.
Update the User's Guide.
Bug: 12004
Change-Id: I45be8a0df4752255831a8b139ee84bb34d675ba9
Reviewed-on: https://code.wireshark.org/review/27565
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
And put hyphens in "out-of-tree" and "in-tree".
Change-Id: I55c54a1334f490f948310139741fecf27203a359
Reviewed-on: https://code.wireshark.org/review/27550
Reviewed-by: Guy Harris <guy@alum.mit.edu>
macOS is a UNIX(R) and FreeBSD isn't a UNIX(R), but we mentioned macOS
along with UNIX but didn't mention FreeBSD along with UNIX.
Instead, just speak of "UN*Xes" and give Linux, macOS, and *BSD as
examples. Feel free to add Solaris, AIX, or HP-UX if you want, assuming
you can build Wireshark on them.
Change-Id: I85be3861fa0bc603b93d077a2d9d587d43cb6e7e
Reviewed-on: https://code.wireshark.org/review/27549
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Several graphics files are not listed in the symbol that defines
the dependancy for document building. Adding these files to the
WSUG_GRPAHICS symbol makes the list consistent.
Bug: 14676
Change-Id: I3016a1994473f90df460d726773c8470dbedd3bc
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/27471
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This speeds up the copy/paste step-by-step sequence.
Change-Id: Ib2e3ee54c8c86b7357260ecaab5d129ef296a9e9
Reviewed-on: https://code.wireshark.org/review/27309
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Note in the quick setup and tools documentation that we no longer
require or recommend Cygwin.
Change-Id: Ie0eb92c5817ae1d786136035adf8fa3988c8b98d
Reviewed-on: https://code.wireshark.org/review/27244
Reviewed-by: Guy Harris <guy@alum.mit.edu>
ENABLE_CHM_GUIDES is no longer in CMakeOptions.txt
Change-Id: I217ac89f12c95e66591465e3230c19968dcc0bde
Reviewed-on: https://code.wireshark.org/review/27209
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Dissector for GSM-R protocol. Specification ETSI TS 102 610.
Trace example in https://wiki.wireshark.org/SampleCaptures [[attachment:gsm-r.uus1.pcap]]
Change-Id: I7496bfa141d75b3460f7c3bdbb791e24d4810231
Reviewed-on: https://code.wireshark.org/review/26929
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add the fileformats and I/O suites. Move some more common code to
subprocesstest.py and add a diffOutput method.
Change-Id: I2ec34e46539022bdce78520645fdca6dfc1a8c1a
Reviewed-on: https://code.wireshark.org/review/27183
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Create Python versions of our various test shell scripts. Add CMake
tests for each suite. Tests can now be run directly via test.py, via the
"test" target, or via ctest, e.g.
ctest --verbose --jobs 3
Add a testing chapter to the Developer's Guide.
Add a way to disable ctest in dpkg-buildpackage.
Suites completed:
- capture
- clopts
- decryption
- dissection
Remaining suites:
- fileformats
- io
- mergecap
- nameres
- text2pcap
- unittests
- wslua
Change-Id: I8936e05edefc76a86b6a7a5da302e7461bbdda0f
Reviewed-on: https://code.wireshark.org/review/27134
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
This adds support for the TPM 2.0 "protocol" as defined
by the Trusted Computing Group (TCG) specification.
The specification can be found here:
https://trustedcomputinggroup.org/tpm-library-specification/
The specification defines the format of the all TPM requests
and responses that this dissector supports.
A sample capture file that can be used for testing this
can be found in the https://wiki.wireshark.org/SampleCaptures
It is called policy-authorizeNV.pcap.
Change-Id: I557cb779f3adc5313e6d3498bbfeb56fdd308fbf
Reviewed-on: https://code.wireshark.org/review/26866
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add missing section on display filter functions to WSUG and make it
consistent with the wireshark-filter(4) manual. "count" was added in
Wireshark 1.12 (bug 9480). "len" was added in Wireshark 1.6.x.
"size" (added in 1.8.x) is not documented since it works like "len",
except that it is not limited to strings and byte arrays. I think that
"len" should be extended to other types while removing "size".
Change-Id: I2c8e2b4a11f007de7852a797bed971af86840b47
Reviewed-on: https://code.wireshark.org/review/27146
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The Osmocom GSUP protocol is a light-weight alternative to the
classic GSM MAP protocol. It operates between (MSC|SGSN) and HLR.
Change-Id: I954c7e332dce3a8855f7f4ace0b878f66da6f02e
Reviewed-on: https://code.wireshark.org/review/25477
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
For numeric values such as port numbers, "4430..4434" looks more
natural than "4430 .. 4434", so support that.
To make this possible, the display filter syntax needs to be restricted.
Assume that neither field names nor values can contain "..". The display
filter `data contains ..` will now be considered a syntax error and must
be written as `data contains ".."` instead. More generally, all values
that contain ".." must be quoted.
Other than the ".." restriction, the scanner deliberately accepts more
characters that can potentially form invalid input. This is to prevent
accidentally splitting input in multiple tokens. For example, "9.2." in
"frame.time_delta in {9.2.}" is currently parsed as one token and then
rejected because it cannot be parsed as time. If the scanner was made
stricter, it could treat it as two tokens (floats), "9." and "2." which
has different meaning for the set membership operator.
An unhandled edge case is "1....2" which is parsed as "1 .. .. 2" but
could have been parsed as "1. .. .2" instead. A float with trailing dots
followed by ".." seems sufficiently weird, so rejection is fine.
Ping-Bug: 14180
Change-Id: Ibad8e851b49346c9d470f09d5d6a54defa21bcb9
Reviewed-on: https://code.wireshark.org/review/26960
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Allow "tcp.srcport in {1662 1663 1664}" to be abbreviated to
"tcp.srcport in {1662 .. 1664}". The range operator is supported for any
field value which supports the "<=" and "=>" operators and thus works
for integers, IP addresses, etc.
The naive mapping "tcp.srcport >= 1662 and tcp.srcport <= 1664" is not
used because it does not have the intended effect with fields that have
multiple occurrences (e.g. tcp.port). Each condition could be satisfied
by an other value. Therefore a new DVFM instruction (ANY_IN_RANGE) is
added to test the range condition against each individual field value.
Bug: 14180
Change-Id: I53c2d0f9bc9d4f0ffaabde9a83442122965c95f7
Reviewed-on: https://code.wireshark.org/review/26945
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It has been replaced by cmake.
Change-Id: I83a5eddb8645dbbf6bca9f026066d2e995d8e87a
Reviewed-on: https://code.wireshark.org/review/26969
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Switch to a single Doyxgen configuration which was generated using a
recent version of Doxygen and customized to suit our needs. Add
wsar_html and wsar_html_zip targets to CMake. Update some Doxygen markup
and documentation as needed.
Change-Id: Ic8a424b292c35a26f74ae0b53322265683e56e69
Reviewed-on: https://code.wireshark.org/review/26976
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Tested with some hand-generated PDUs.
Change-Id: Ic603d0ca4578d23121e438ac2458be34e63492d2
Reviewed-on: https://code.wireshark.org/review/26755
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
The Lua documentation has class names at its third level which is quite useful
to discover its documentation.
This reverts commit f5cd52c0fb.
Change-Id: I2a2e82041ac46a1a9974727bbb1d5cbf6855a878
Reviewed-on: https://code.wireshark.org/review/26814
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This patch adds support for sequencing HTTP Redirects. This enables
tracking of HTTP-based redirects, which may not have a Referer header.
As such, this patch also renames 'HTTP Referer statistics' to
'HTTP Request Sequences' to better reflect the more generic
functionality.
Note that this does not fully support RFC 3986. An external library like
uriparser.github.io may be a better option for efficient, full relative
HTTP URL resolution.
A Sample PCAP to test functionality is available here:
https://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=http_redirects.pcapng
A sample PCAP to demonstrate usefulness is available here:
https://www.malware-traffic-analysis.net/2015/08/31/page2.html
(examine request to hxxp://lk2gaflsgh.jgy658snfyfnvh.com/service.php)
Change-Id: I9edd1a1de86228b0dcb1df9f6f30e24379684321
Reviewed-on: https://code.wireshark.org/review/26679
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Update some cross references which were renamed in 1cd92c4961. Fixup
some capitalization while we're here.
Change-Id: Iae3227839cd34a52662a4b973c0f87e7e5a765cc
Reviewed-on: https://code.wireshark.org/review/26655
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Copy the current wireshark.spec.in and update it for use with CMake.
Remove the Qt4, GTK+2, and GTK+3 options. Add Ninja and mmdbresolve
options.
The rpm-package target builds a tarball using git-export-release.sh and
therefore must be run from a git checkout. The RPM _prefix macro is set
to CMAKE_INSTALL_PREFIX, so you'll probably want to run
cmake -DCMAKE_INSTALL_PREFIX=/usr ...
Change-Id: Ib014494d8858a0059126404cd91528ded5d8a9f6
Reviewed-on: https://code.wireshark.org/review/26579
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add duplicate ACK ticks to Statistics → TCP Stream Graphs → Time
Sequence (tcptrace), which I missed when porting from GTK+. Add zero
window crosses while we're here.
Switch TCPStreamDialog to a subclass of GeometryStateDialog.
Add a slot and URL for the Help button and a stub entry in the User's
Guide.
Bug: 12009
Change-Id: Idf2ddb9eb33d924d65998285b5cffc234156497c
Reviewed-on: https://code.wireshark.org/review/26592
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Ensure the dialog is populated when the dialog is opened after a capture
file has already been loaded.
Change-Id: I9ba1b4a1eb7a8b21ce7dac4a820eadf10daa9845
Reviewed-on: https://code.wireshark.org/review/26601
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Mention Npcap on the WinPcap installer page and add a link to it.
Update some other text and tell developers to use NSIS 3.0 while we're
here.
Change-Id: I64728f014f518439ba4a38eda7a283274d40fcdc
Reviewed-on: https://code.wireshark.org/review/26515
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Switch a build example to CMake + Ninja. Add syntax highlighting
annotations.
Change-Id: I5ee0af548f44ed5be6f6e8367f5167dc499df017
Reviewed-on: https://code.wireshark.org/review/26514
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This change introduces the OSCORE dissector, following
draft-ietf-core-object-security-07. It performs decryption and
authenticity
check on requests.
Bug: 14417
Change-Id: I92e45d66d5df51f6d4dbea4ef44e707955b65bee
Reviewed-on: https://code.wireshark.org/review/25480
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Fix up some markup while we're here.
Change-Id: I2299b8bec44ff08952e2f1bda3a40448e2fb55c6
Reviewed-on: https://code.wireshark.org/review/26487
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Change-Id: I34f610a19a972db1c08d7896453e5ed671ec4dc6
Reviewed-on: https://code.wireshark.org/review/26394
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
MaxMind is discontinuing its legacy databases in April in favor of
GeoIP2, which use a newer database format (MaxMind DB). The reference C
library (libmaxminddb) is available under the Apache 2.0 license which
isn't quite compatible with ours.
Add mmdbresolve, a utility that reads IPv4 and IPv6 addresses on stdin
and prints resolved information on stdout. Place it under a liberal
license (MIT) so that we can keep libmaxminddb at arm's length. Add
epan/maxmind_db.[ch], which spawns mmdbresolve and communicates with it
via stdio.
Migrate the preferences and documentation to MaxMindDB.
Change the IPv4 and IPv6 asnum fields to FT_UINT32s. Change the
geographic coordinate fields to FT_DOUBLEs.
Bug: 10658
Change-Id: I24aeed637bea1b41d173270bda413af230f4425f
Reviewed-on: https://code.wireshark.org/review/26214
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Remove the endpoint map and its button from the Qt and GTK+ UIs. It
depends on GeoIP Legacy for coordinate information and those databases
are being deprecated in favor of MaxMind DB. We *could* upgrade the code
to use mmdbresolve, but according to
https://dev.maxmind.com/geoip/geoip2/geolite2/ they're also going to
remove coordinate information from GeoLite2:
"In addition, in 2019, latitude and longitude coordinates in the
GeoLite2 databases will be removed.* Latitude and longitude coordinates
will continue to be provided in GeoIP2 databases. Please check back for
updates."
Change-Id: I43e1593d282a0f1aae897b1f4724117d1496b21e
Reviewed-on: https://code.wireshark.org/review/26229
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reduce the TOC depth so that it's not quite so huge.
Change-Id: I5748edf0e715961da57eff7e0ade6fad175ab24b
Reviewed-on: https://code.wireshark.org/review/26110
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Switch from AsciiDoc's smart quotes markup to the quotes themselves,
along with apostrophes.
Change-Id: I78930d6902e2691b6a2cb35ed5bae6fef4bb7257
Reviewed-on: https://code.wireshark.org/review/26108
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Add "QA engineers use it to verify network applications",
as suggested by Alexander Sashnov.
Change-Id: Ia9c83fd2f2610db747043f861931470e3f4e4c53
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/26057
Reviewed-by: Michael Mann <mmann78@netscape.net>
Use the standard Wireshark style sheet for the release notes. Add a note
about updating them via themes.asciidoctor.org.
Change-Id: Ic6b66308cf1e1bea7b34a09963f92881d01eda8c
Reviewed-on: https://code.wireshark.org/review/25911
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The docbook info is now in README.adoc
Change-Id: Ifbc6a1803d23835d9b2b91a9fd6df34002cc3e8f
Reviewed-on: https://code.wireshark.org/review/25900
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
This adds a dissector for the Steam In-Home Streaming
Discovery Protocol by Valve Software.
Useful documentation can be found at:
https://codingrange.com/blog/steam-in-home-streaming-discovery-protocol
Change-Id: I26a79e201cfb0aad0ca702ac962e1e7b1b541517
Reviewed-on: https://code.wireshark.org/review/23615
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix a few errors in the Asciidoctor macros. Use the new macro names in
the release notes and gen-bugnote.
Change-Id: I2ca672949c59ca3da8a6b963cb5bd9abd66c348d
Reviewed-on: https://code.wireshark.org/review/25774
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Add a "FileInstall.cmake" module that installs files and directories.
Use it to install the chunked HTML guides.
Install the guides into CMAKE_INSTALL_FULL_DOCDIR. By default this is
/usr/local/share/doc/Wireshark. Define DOC_DIR to match.
Add explicit file and directory permissions to the default install
targets.
Remove the PDF install target.
Bug: 14258
Change-Id: I4712a4047a54627b7520b5bf5f191e0761d19606
Reviewed-on: https://code.wireshark.org/review/25737
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use tools/html2text.py to convert HTML to text.
Remove some now-obsolete documentation.
Change-Id: Ib21a1ab10c789182da5fcc68e98917a00f2fa650
Reviewed-on: https://code.wireshark.org/review/25733
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Switch the markup text processor for files in the docbook directory from
AsciiDoc to Asciidoctor. Asciidoctor has several useful features (such
as direct PDF output) and is actively developed. It's written in Ruby
but that dependency can be sidestepped with AsciidoctorJ, a
self-contained bundle that only depends on the JRE.
The current toolchain targets require Python, AsciiDoc, DocBook XML,
DocBook XSL, Java, FOP, xsltproc, lynx, and the HTMLHelp compiler:
HTML: AsciiDoc → DocBook XML → xsltproc + DocBook XSL
Chunked HTML: AsciiDoc → DocBook XML → xsltproc + DocBook XSL
PDF: AsciiDoc → DocBook XML → xsltproc + DocBook XSL → FOP
HTMLHelp: AsciiDoc → DocBook XML → xsltproc + DocBook XSL → HHC
This change removes the AsciiDoc and FOP requirements and adds either
AsciidoctorJ or Asciidoctor + Ruby:
HTML: Asciidoctor → DocBook XML → xsltproc + DocBook XSL
Chunked HTML: Asciidoctor → DocBook XML → xsltproc + DocBook XSL
PDF: Asciidoctor
HTMLHelp: Asciidoctor → DocBook XML → xsltproc + DocBook XSL → HHC
Ideally we could generate all of these using AsciidoctorJ, Java, and
lynx. Unfortunately we're not there yet.
The release notes depend on several macros (ws-buglink, ws-salink,
cve-idlink, sort-and-group). Add Asciidoctor (Ruby) equivalents.
Remove the BUILD_xxx_GUIDES CMake options and add various output targets
automatically. This means that you have to build the various documentation
targets explicitly.
Change-Id: I31930677a656b99b1c6839bb6c33a13db951eb9a
Reviewed-on: https://code.wireshark.org/review/25668
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The first is deprecated, as per https://spdx.org/licenses/.
Change-Id: I8e21e1d32d09b8b94b93a2dc9fbdde5ffeba6bed
Reviewed-on: https://code.wireshark.org/review/25661
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use "or" instead of a comma for alternate keyboard shortcuts.
Change-Id: I3f2abf63b4c437ca0fe439d91dfac44e24d9d8e5
Reviewed-on: https://code.wireshark.org/review/25624
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Convert some passthrough XML comments left over from the DocBook →
AsciiDoc conversion to AsciiDoc / Asciidoctor comments.
Change-Id: Iaf44bcf0b8a3a383e735b2b4394722cbbb2bdff3
Reviewed-on: https://code.wireshark.org/review/25615
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Switch from AsciiDoc's smart quotes markup to the quotes themselves. Use
double curly quotes in place of singles.
Switch from XML entities to their direct equivalents where we can.
Switch from hex entities to decimal entities where we can't or it's not
convenient. (Asciidoctor PDF doesn't yet handle hex entities).
Change-Id: Iaf5ec33249e1c91b3d50b5d96251763243b72836
Reviewed-on: https://code.wireshark.org/review/25606
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Start using markup that is preferred by Asciidoctor but compatible with
both generators.
Add a missing "cpp" attribute and set a couple of Asciidoctor-specific
compatibility attributes.
Change-Id: Iff4c31362e4493b97a85f46db2c39b18c336536f
Reviewed-on: https://code.wireshark.org/review/25600
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Adding Session Multiplex Protocol SMP
SMP is used by TDS when MARS in enabled.
Bug: 14110
Change-Id: Ia4113c627d107da6c3d51e4004265efb228a297b
Reviewed-on: https://code.wireshark.org/review/25509
Reviewed-by: Craig Jackson <cejackson51@gmail.com>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I306341c7cddf8facb4a9ca62254a465a1da22174
Reviewed-on: https://code.wireshark.org/review/25423
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I049c8b9b9a0a1da2243217532186ba5a19cf5671
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/25424
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Generate a single PA4-sized PDF. PA4 is the approximate intersection of
A4 and Letter[1]. This gives us one less file to build and distribute.
If you're printing out hard copies of the guides this wastes a few pages
compared to an A4-sized PDF, but if you're printing out hard copies of
the guides you've already made a strong commitment to waste paper.
Page counts:
Guide Size Pages
WSDG A4 203
WSDG Letter 217
WSDG PA4 217
WSUG A4 192
WSUG Letter 204
WSUG PA4 205
[1] https://en.wikipedia.org/wiki/Paper_size#PA4_or_L4
Change-Id: If43d4b19947c77a51b3943a2b329dbab45025d79
Reviewed-on: https://code.wireshark.org/review/25438
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Codecs in general come in many flavours, G.729 non in the least.
Be accurate about what codec implementation is actually provided.
Change-Id: I372062906bef973c8e19b63e5296574780d8a89e
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/25388
Reviewed-by: Michael Mann <mmann78@netscape.net>
ASN.1 prose imported from the specification and heavily modified
manually to workaround its poor quality.
Some of them are marked with -- WS modification comment, some are not.
Probably useless as-is, but it is an initial start until an updated
version is available.
Change-Id: I19ab6cedb6aa23c8ed57bae525ee4a3391494e32
Reviewed-on: https://code.wireshark.org/review/25235
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This interperates the main body of Lustre traffic.
This dissects all current Lustre OPCODES (as of Lustre 2.10.2)
This dissects MDS REINT sub-opcodes
This dissects LDLM Intent opcodes
This dissects LLOG EADATA
Conversation matching is just IP based and not IP/port based.
Only one lustre "instance" can be running on a given host at a given time,
and request / reply pairs aren't don't always match by port numbers.
Add exception for lustre_* structure names in PROTOABBREV.
We have several lustre.lustre_* because the internal lustre structre is
named lustre_ (i.e. lustre_handle or lustre_msg_v2)
This is still a work in progress, as there are missing FLAG values
and some LLOG EADATA structures that aren't fully decoded.
Change-Id: If57085e2692565336e49f40fb475ca1035da7a35
Signed-off-by: Nathaniel Clark <nathaniel.l.clark@intel.com>
Reviewed-on: https://code.wireshark.org/review/24800
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
At one point, I remember a discussion resulting in the official name of
the next-generation replacement for pcap format being changed to
"pcapng", with no hyphen.
Make Wireshark reflect that.
Change-Id: Ie66fb13a0fe3a8682143106dab601952e9154e2a
Reviewed-on: https://code.wireshark.org/review/25214
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Use SetConsoleTextAttribute to reset our colors on Windows. Update the
release notes and man page.
Change-Id: I2bc309787f9c2331324503092bd1c9ae6360eb55
Reviewed-on: https://code.wireshark.org/review/25170
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I360bc4f802e28e9fc64cbd5cc06e514cbaf3b25f
Reviewed-on: https://code.wireshark.org/review/25091
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Two Edit->Copy methods are using the same keyboard shortcut as other
functionality:
1. Ctrl+Shift+D is used for "Copy this item's description" and
"Ignore All Displayed packets"
2. Ctrl+Shift+F is used for "Copy this item's field name" and
"Reload as File Format/Capture"
Resolve this by changing the Copy methods to use Ctrl+Alt+Shift as modifier.
Add a keyboard shortcut for "Copy all visible items" while here.
Change-Id: I0d963501055e63963d93e211f592aa9e82801d3c
Reviewed-on: https://code.wireshark.org/review/24884
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Micro version bump for mate to homogenize it between CMake and autotools.
The cmake macro doesn't handle the "a" suffix and it doesn't seem worth
implementing.
Change-Id: Ib022c6aa170623b83a9700e4fa098c60a9cddfab
Reviewed-on: https://code.wireshark.org/review/24847
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
plugin.rc is Windows specific, also add condition to reflect that.
Change-Id: Ibbb7dab77dd1f277e2302c8f931218ca433f8c72
Reviewed-on: https://code.wireshark.org/review/24833
Reviewed-by: João Valverde <j@v6e.pt>
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Qt 5.4 introduced qUtf8Printable, a convenience macro for converting
QString to a UTF-8 const char *. Add a compatibility definition and
start using it.
Change-Id: I3cf88611b1ed1a34082cb2ba82394954e2e6c461
Reviewed-on: https://code.wireshark.org/review/24828
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Put different types of plugins (libwiretap, libwireshark) in different
subdirectories, give libwiretap and libwireshark init routines that
load the plugins, and have them scan the appropriate subdirectories
so that we don't even *try* to, for example, load libwireshark plugins
in programs that only use libwiretap.
Compiled plugins are stored in subfolders of the plugin folders, with
the subfolder name being the Wireshark minor version number (X.Y). There is
another hierarchical level for each Wireshark library (libwireshark, libwscodecs
and libwiretap).
The folder names are respectively plugins/X.Y/{epan,codecs,wiretap}.
Currently we only distribute "epan" (libwireshark) plugins.
Change-Id: I3438787a6f45820d64ba4ca91cbe3c8864708acb
Reviewed-on: https://code.wireshark.org/review/23983
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
So far decode just packet headers
Change-Id: I7a01f3c83b97882f4c669122ad94b2bdab0ab251
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
Reviewed-on: https://code.wireshark.org/review/24583
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Instead of blurring the main welcome screen during startup, draw a dark
band under the progress bar. This reduces the startup time a bit here.
Port over a date check from the GTK+ UI.
Change-Id: I997d0fd2e4320702fe85ee2aea02ce835a423df9
Reviewed-on: https://code.wireshark.org/review/24711
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 9553
Change-Id: I19505c3c05585a05877e9f0db06400ebb8b33985
Reviewed-on: https://code.wireshark.org/review/24585
Reviewed-by: Michael Mann <mmann78@netscape.net>