We add the message length to the tree as big endian but we interpret it
as little endian for our further calculations. This causes parsing
errors. Use big endian for both cases.
Bug: 13766
Change-Id: I4e6cdb7d4267be96ea78eb664e88c532a9a90b52
Reviewed-on: https://code.wireshark.org/review/22024
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Id7f6d5d2b108d98a7c40fd01e3f35ad20076f54b
Reviewed-on: https://code.wireshark.org/review/22025
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The Windows builders now use Visual Studio 2015.
Change-Id: I0fe4defd090930a0b8531e544d03ad4f3b36dac1
Reviewed-on: https://code.wireshark.org/review/22018
Reviewed-by: Gerald Combs <gerald@wireshark.org>
(cherry picked from commit 316d09a5aee68904ba0348c2017647b4dea3aab1)
Reviewed-on: https://code.wireshark.org/review/22019
Change-Id: Id5dde66c6473cd7ba3c7cc981d7b86f564f7ca9f
Reviewed-on: https://code.wireshark.org/review/22004
Reviewed-by: Ahmad Fatoum <ahmad@a3f.at>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Minor comments changes
Change-Id: I71fb37ee20cf10b03beb5c805c5e63aed016d8ab
Reviewed-on: https://code.wireshark.org/review/22010
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Id8e5c3622f5186fcab530b9d329a0ff1d42bd6f3
Reviewed-on: https://code.wireshark.org/review/22002
Reviewed-by: Ahmad Fatoum <ahmad@a3f.at>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I0ab6056a5241c53dba8b569905e29a9ab9d9f265
Reviewed-on: https://code.wireshark.org/review/22001
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Piotr Tulpan <piotr.tulpan@netscan.pl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
- Change keyboard shortcuts to Ctrl+Shift+[IOU]
- Use UTF8_MICRO_SIGN in tooltip text
- Change 0xffffffffffffffff with G_MAXUINT64
- Check for valid wlan_radio *ri before use
- Small whitespace cleanups
Change-Id: I9fa85c0d675ef3837510afaf5f1b723d89ac134c
Ping-Bug: 13769
Reviewed-on: https://code.wireshark.org/review/21993
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Simon Barber <simon.barber@meraki.net>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Change-Id: Ia657e7ad5c8d507aeec74ce815568e6e44137d70
Reviewed-on: https://code.wireshark.org/review/21975
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Profinet defined functions to add 32bit integers to the tree and get their
value. This is equivalent to proto_tree_add_item_ret_(u)int. Call those
functions directly and remove the now obsolete Profinet functions.
In some cases, the returned 32bit value is discarded. Use
proto_tree_add_item then.
Change-Id: I7744fab2f27b8ae8e681a36e4e96eb2f8be87bd6
Reviewed-on: https://code.wireshark.org/review/21989
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
profinet has a number of internal functions that add an item to the tree
and read its value. For 32bit integers, this is exactly what
proto_tree_add_item_ret_(u)int do. Just call those functions.
(We could do the same for 8 and 16bit values. We'd need a temporary
value then and the code wouldn't be much easier than it is now.)
Change-Id: I98fc70ced2dc5a552235a476d40a4275f3b3bd38
Reviewed-on: https://code.wireshark.org/review/21965
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
false positive when declare variable after a switch(){
Change-Id: Ief4770b2200a356b061cf84c7828c8ebe76a1fbb
Reviewed-on: https://code.wireshark.org/review/21983
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I5c3119436984cc7de3dcf4dffd1961481cacc553
Reviewed-on: https://code.wireshark.org/review/21982
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
'cflow.pie.ntop.retransmitted_out_bytes' exists multiple times with NOT compatible types: FT_IPv6 and FT_UINT32
Change-Id: I9caed4c28a5e8322008b4cae4f625a681343a136
Reviewed-on: https://code.wireshark.org/review/21984
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Use U-RNTI resolving logic applied to DCH for HS-DSCH and
E-DCH as well.
Change-Id: I1b2b6f6d4c7e2a46fb8208b7134aa62e86512938
Reviewed-on: https://code.wireshark.org/review/21977
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Parsing of the TFI field was not ignoring the 3 leftmost bits.
Also updated the comment explaining his mask.
Change-Id: I98d6ab9bdec3ce4a8640ece560a467ddbd5b8d42
Reviewed-on: https://code.wireshark.org/review/21978
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Added an expert field warning the user if a PI bitmap was not found for a PCH frame.
Change-Id: Id9d0461f6528b767da0058eba844617e5bbb1d6e
Reviewed-on: https://code.wireshark.org/review/21972
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
1. Call "main" dissector from heuristic dissector so tcp_dissect_pdus
can be used.
2. Let tcp_dissect_pdus do its job and be the "loop logic"
3. Column API simplification
4. Use proto_tree_add_item_ret_uint
Change-Id: Ic53fd6b20daa8153cdf22f8aadf53dbdd24334bf
Reviewed-on: https://code.wireshark.org/review/21958
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Loading PEM and PKCS#11 keys was being done in static functions
in packet-ssl-utils.c. These were moved to wsutil, with prototypes
in a new <wsutil/rsa.h> header. This adds gnutls as optional
dependency to wsutil.
The RSA decryption helper was also moved and is now provided in
<wsutil/wsgcrypt.h>.
This allows more dissectors to access this functionality.
Change-Id: I6cfbbf5203f2881c82bad721747834ccd76e2033
Reviewed-on: https://code.wireshark.org/review/21941
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
XTEA is a 64-bit block Feistel cipher with a 128-bit key and a suggested
64 rounds. It's used by the MMORPG Tibia for encrypting game server traffic.
Usual XTEA treats the blocks as big-endian. Tibia treats them as little
endian, therefore both versions are provided.
Change-Id: I9ad0c8e066f848b20772ce4e1d3df19deff307b8
Reviewed-on: https://code.wireshark.org/review/21942
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
taken from the timing analysis done in the wlan_radio dissector. QT only.
The timeline background is light gray, white for packets displayed in the packetlist,
and blue for the currently selected packet. Packets are coloured according to the
colouring rules foreground colour. The timeline can be zoomed with controls on the
toolbar.
At higher zoom levels the duration (NAV) field is plotted as a horizontal line to the
right of a packet.
The height of a packet in the timeline is proportional to the RSSI.
The bottom half of the packet is only shown if it matches the display filter.
Todo:
Auto detect TSF timing reference point (start/end of packet)
Add a scrollbar
Add a ruler showing time
Improve handling of focus.
Do not display NAV for packets with bad FCS.
Show related packets graphically
Different Y axis modes
- bandwidth/channel use display
- different transmitters per line
- background color from coloring rules
Live capture support
Change-Id: Ic31fffb0d6854966361ade7abb5c0be50db9a247
Reviewed-on: https://code.wireshark.org/review/20043
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Use WTAP_MAX_PACKET_SIZE_STANDARD, set to 256KB, for everything except
for D-Bus captures. Use WTAP_MAX_PACKET_SIZE_DBUS, set to 128MB, for
them, because that's the largest possible D-Bus message size. See
https://bugs.freedesktop.org/show_bug.cgi?id=100220
for an example of the problems caused by limiting the snapshot length to
256KB for D-Bus.
Have a snapshot length of 0 in a capture_file structure mean "there is
no snapshot length for the file"; we don't need the has_snap field in
that case, a value of 0 mean "no, we don't have a snapshot length".
In dumpcap, start out with a pipe buffer size of 2KB, and grow it as
necessary. When checking for a too-big packet from a pipe, check
against the appropriate maximum - 128MB for DLT_DBUS, 256KB for
everything else.
Change-Id: Ib2ce7a0cf37b971fbc0318024fd011e18add8b20
Reviewed-on: https://code.wireshark.org/review/21952
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Bring some modernity to this dissector and use tcp_dissect_pdus. Also an excuse to
remove the conversation_set_dissector in the heuristic dissector which was generating
some false positives because the heuristic isn't that strong.
Bug: 12882
Change-Id: Ibb04fd4fbc819acd1dc96d6259b047c897ec2de6
Reviewed-on: https://code.wireshark.org/review/19125
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
If a TCP segment is small enough, dissectors that have a only a length
check determining if it's their packet or not before calling tcp_dissect_pdus
will throw out packets that are probably destined for them.
Change-Id: I78034307b56aa537943191a6887166577936a6a3
Reviewed-on: https://code.wireshark.org/review/21950
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add a simple dissection function for DCE/RPC that just calls tcp_dissect_pdus
and doesn't do any heuristics checks. This can be used to handle cases
where TCP PDU is too small for DCE/RPC heuristics checks and user
knows the data is DCE/RPC and can set it through Decode As.
Bug: 6392
Change-Id: I9e4960282ea64d20499f7d5a330f48f30a092b30
Reviewed-on: https://code.wireshark.org/review/21951
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
We were allocating it every time we called cap_pipe_dispatch() (or,
prior to I0256daae8478f1100fdde96a16a404465ec200b3, in
capture_loop_dispatch()) and freeing it before the routine in question
returned.
However, we were treating that buffer as if it persisted from call to
call, which worked *only* if freeing and re-allocating the buffer meant
that we'd get back the same buffer with its previous contents intact.
That is *not* guaranteed to work.
Instead, allocate the buffer when we open the capture pipe, and free it
when we close the capture pipe.
Change-Id: Ic785b1f47b71b55aba426db3b1e868186c265263
Reviewed-on: https://code.wireshark.org/review/21948
Reviewed-by: Guy Harris <guy@alum.mit.edu>
There's not much point in having a switch-case block with only a default
statement ;-)
Change-Id: Iaacd87bb2995783b98e5395b3654a1c8f32c473a
Reviewed-on: https://code.wireshark.org/review/21938
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Reviewed-by: Michael Mann <mmann78@netscape.net>
In this case, we can simply replace the exception with an expert info
and exit the loop.
Change-Id: I232e554af299140d7123b5e21d78372a35a7923b
Reviewed-on: https://code.wireshark.org/review/21936
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I0c4346386846c03a67b83bebfce6da6323379180
Reviewed-on: https://code.wireshark.org/review/21937
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The buffer is only used when reading from a pipe; no need to allocate it
when capturing from a pcap_t.
Doing it in cap_pipe_dispatch() makes it clearer when the buffer exists
and when it doesn't.
Change-Id: I0256daae8478f1100fdde96a16a404465ec200b3
Reviewed-on: https://code.wireshark.org/review/21930
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Martin Mathieson