Fix the sync info field length in extended advertising header set to the
wrong length.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
At least on my Mac, if I start up Wireshark, start a capture
(non-monitor-mode) on the Wi-Fi adapter, add a comment to the SHB and
the first packet while it's capturing, stop the capture, and try to save
it, it warns that the wireless timeline hash table pointer is null.
Allocate it in the constructor.
(cherry picked from commit 693a02e760)
Explain, in detail, exactly what it's trying to do and, for each of the
three commands in the example, what each step does, as well as
explaining what the calculation using the end time of one capture and
start time of another capture is doing.
(Where did this example come from? What is the real-world goal of this
exercise? And why is it an example in which all the fancy stuff is done
in commands *other* than mergecap?)
(cherry picked from commit 628fe2549a)
LINKTYPE_ERF pcap files are really ERF files inside a thin pcap wrapper
(don't even ask what a pcapng file with some or all interfaces being
LINKTYPE_ERF is...), so the time stamp comes from the ERF record, not
from the pcap packet header or pcapng block header.
The time stamp reslution for the record should reflect that, so set it
to WTAP_TSPREC_NSEC (ERF time stamps are fractional-power-of-2, not
fractional-power-of-10, so that's the best we can do).
(cherry picked from commit 39315979c6)
Have them take error code and error information string arguments and,
for various failures, fill them in as "internal error" indications.
Check their return codes to see if they got an error.
(cherry picked from commit 02cffb51a9)
The ERF code will generate interfaces based on the ERF records in the
file, so don't bother adding an additional dummy interface.
(cherry picked from commit d69d1271f0)
Don't assume the default is correct, because there's no guarantee of
that - in fact, there's currently a guarantee that it's not, as it's
initialized to 0, which is WTAP_TSPREC_SECS.
(cherry picked from commit 49ec11f5aa)
In the past, tvb_reported_length_remaining(), and thus
Tvb:reported_length_remaining(), may have returned -1 if the offset was
invalid. That's no longer the case; the former returns 0, and, as the
latter just returns the former's return value, that's true of the latter
as well.
(cherry picked from commit 6c043d5c73)
It has a "reported length", which is the closes thing to an "actual
length", as it represents the length the packet, or subset thereof, had
on the network, and a "captured length", which is the amount of the
packet that the capture process saved.
In 99.999999999999999999999999999999% of all cases, a dissector should
look at the "reported length", not at the "captured length".
Rename the "len" method to "captured_len", leaving "len" around for
backwards compatibility.
Fix the documentation to reflect reality, to avoid issues such as #15655.
(cherry picked from commit bd9ceaebef)
DSACK blocks (the first SACK block in a TCP SACK option, with right edge
being lower or equal to the ACK filed) are now identified correctly.
Closes#17315
(cherry picked from commit 7179e1d1fb)
The entry was copied and pasted, and the variable name and descriptive
text were changed, but the field name wasn't.
(cherry picked from commit deb6786ed4)
For 802.11n if the bitrate is not supplied then the calculated bitrate is used. This change does the same for 11ac and 11ax.
Sniffer traces taken on recent versions of Macos no longer supply the bitrate for 11ac frames in the RADIOTAP header, this change allows the wireless timeline to work with these traces.
Fixes#17419.
(cherry picked from commit 5202119239)
It runs up to either the end of the option data or the terminating
end-of-options option (readers MUST handle lists of options that
contains an end-of-options option and lists of options that don't).
(cherry picked from commit 2f5c0ffdb2)
REC_TYPE_PACKET is 0, so if it's been initialized to 0, and never gets
overwritten, this fixes code withotu fixing a visible bug, but it should
be done anyway.
(backported from commit 162251176a)
We can't unescape characters when expanding a display filter macro.
The escaping must be preserved until the expression is evaluated in
the display filter engine, otherwise it will likely generate a syntax
error in the parser.
In the macro body we allow '$' (or any other char) to be escaped
with backslash (preserving the backslash).
Fixes#17160.
(cherry picked from commit 1dba58789d)
Commit 4bf4ee88f0 removed an else
statement that broke out of the BBFrame processing loop. Without
it, infinite loops might be possible if the GSE frames have bit errors
in the length field.
(cherry picked from commit 0137c24d60)
The ftype-protocol has two components to its value - a tvb, which is
allowed to be be NULL (most notably in _ws.expert), and a string
description. They can also be created from string literals, such as
in display filters. It's possible to compare protocols with a NULL
tvb with protocol terms created from literals, e.g. entering the
display filter "_ws_expert < 1".
Partially revert 69e2603c48 so that
this doesn't crash, by assigning proto_string to the empty string
instead of null when creating from a literal. Fixes#17316
(cherry picked from commit 31297dbb82)
Set the AUTOMOC, AUTOUIC, and AUTORCC properties for the qtui and
wireshark targets to match what we currently do in master. This should
keep us from running moc and uic on unwanted targets.
Move the RANAP heuristic dissector registration under the initialization
guard that they're only registered once. Prevents console warnings about
the dissectors already being registered to the sccp and sua tables if
a RANAP preference is changed. (Backported manually to regenerate the
dissector via asn2wrs.py)
If the two putative number-of-records values don't match (meaning one of
them is presumably the number of records and the other one isn't - we
don't know which is the case), free up the private data structure we
allocated before returning an error.
(cherry picked from commit 7f6c5d0137)
Just say "(Unknown application) <version>".
This also means that we don't leak the app_version string if there's no
app_name string.
(cherry picked from commit 297b6c5407)
If we're throwing away the data, *throw away the data* - free it, as
we're not using it as the backing data for a tvbuff.
(cherry picked from commit 618661b22e)
There's a "break" in some code that appears to be copied and pasted from
a switch statement; the break would exit the loop (and leak memory
allocated within the loop), which does not appear to be the intent, so
it may have been copied over incorrectly. Remove it.
While we're at it, redo the "constant-time append to the end of a loop"
code to be a bit clearer, both to humans reading the code and code
analyzers reading the code.
(cherry picked from commit c73ab16bef)
g_key_file_get_groups() returns a pointer to g_mallocated data; we need
to pass its return value to g_strfreev() when we're done with that data,
to free it up.
(cherry picked from commit 64f3f08702)
If cf_export_specified_packets() succeeds, and it wrote to a temporary
file, it leaks the name of the file to which it was writing. Free that
after we've renamed that file on top of the target file (safe save).
(cherry picked from commit 8ca86b29bf)