It's only use is in dissectors, so have it use
format_text_wmem with wmem_packet_scope().
Change-Id: I22121324fd47aee32174b65104458ad2ef329bd7
Reviewed-on: https://code.wireshark.org/review/19856
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This allows for a wmem_allocator for users of format_text who want
it (dissectors for wmem_packet_scope()). This lessens the role of
current format_text functionality in hopes that it will eventually
be replaced.
Change-Id: I970557a65e32aa79634a3fcc654ab641b871178e
Reviewed-on: https://code.wireshark.org/review/19855
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Idf40de8bfa76cbe4437a157fc90bd994d4b2233e
Reviewed-on: https://code.wireshark.org/review/19872
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
coaps port is defined in RFC 7252, section 12.7.
CoAP (RFC 7252) is defined only for UDP, not TCP. For TCP, the frame
format is slightly different (draft-ietf-core-coap-tcp-tls-05) and
needs more dissector changes, so remove registration for now.
Change-Id: I1fc7163086f8fe66986565aa24b579ef24f72550
Ping-Bug: 13370
Reviewed-on: https://code.wireshark.org/review/19870
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Also unconditionally show the encrypted appdata record, matching the SSL
dissector. Now the bytes are always linked to a field.
Change-Id: Ie65cd5fc6620d53da46a94cdb1972863702b452c
Reviewed-on: https://code.wireshark.org/review/19868
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Dumpcap doesn't yet support capturing pcapng from stdin. On Windows,
make sure we invalidate our file handle so that instead of printing
"Error reading from pipe: The operation completed successfully. (error 0)"
we show the more useful
"Capturing from a pipe doesn't support pcapng format."
Change-Id: I472c1bf5c8520c9ee3fe4b6299a6e0250262ea51
Reviewed-on: https://code.wireshark.org/review/19876
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
In extcap argument ExtArgTimestamp set DisplayFormat to system DateTimeFormat.
Change-Id: I281d6cc1aa59e785a75d6f1c8ff9780ba5ad9eba
Reviewed-on: https://code.wireshark.org/review/19863
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
The Great Britain Companion Specification specifies how energy meters
will communicate in the UK. This patch adds names for attributes and
commands from the Smart Energy Metering cluster that are used within
that specification.
Futhermore take care of Change 19481 for ZigBee Smart Energy.
Bug: 13360
Change-Id: Ia229265f9dc2168c8977303f3540c2ffc1bb5a0a
Reviewed-on: https://code.wireshark.org/review/19768
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
format_text_wsp is fed into by tvb_format_text_wsp and tvb_format_stringzpad_wsp
so those functions need to add a wmem allocated parameter as well.
Most of the changes came from tvb_format_text_wsp and tvb_format_stringzpad_wsp
being changed more so than format_text_wsp.
Change-Id: I52214ca107016f0e96371a9a8430aa89336f91d7
Reviewed-on: https://code.wireshark.org/review/19851
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Id749c41947c6300f2c82ed947352c336f9e45b72
Reviewed-on: https://code.wireshark.org/review/19838
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Idcea59f6fc84238f04d9ffc11a0088ef97beec0c
Reviewed-on: https://code.wireshark.org/review/19844
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The record sequence number is 64-bit, not 32-bit. This applies to all
SSLv3/TLS/DTLS versions. Without this fix, after about four million
records, the wrong MAC is calculated (for TLS 1.2) or decryption will
fail (for TLS 1.3).
Change-Id: I05e5e8bc4229ac443a1b06c5fe984fb885eab1ca
Reviewed-on: https://code.wireshark.org/review/19824
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Change-Id: Ic13f60a3e700f3d8325063079f032eda47eaf22f
Reviewed-on: https://code.wireshark.org/review/19848
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Register all reassembly tables with a central unit, allowing the
central unit to have the callback that initializes and destroys
the reassembly tables, rather than have dissectors do it individually.
Change-Id: Ic92619c06fb5ba6f1c3012f613cae14982e101d4
Reviewed-on: https://code.wireshark.org/review/19834
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: If7994b2bc5d341f381e0f15a0d6179ad73bf9367
Reviewed-on: https://code.wireshark.org/review/19763
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This will also avoid invoking ssl_finalize_decryption which will not be
used for TLS 1.3.
Change-Id: I958508276488764ad1a82e6412504bcd72f3b995
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/19823
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Do length checks in case not all fields are present to prevent
malformed packets.
Bug: 13237
Change-Id: Ie7cc3006fa33f1dedeffb09a4f35adb8dee8e9f6
Ping-Bug: 13238
Reviewed-on: https://code.wireshark.org/review/19390
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Reviewed-by: Michael Mann <mmann78@netscape.net>
In change 9bcac48403, "t30.hdlc" was
inadvertently changed to "t30.hdlc""rtp"; this meant that we didn't
actually find the T.30 dissector, as we were looking for it under the
name "t30.hdlcrtp".
Change-Id: Ic1c1daf558926afdb43ac9220940f3ac0159d247
Reviewed-on: https://code.wireshark.org/review/19835
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This got lost as part of change 9132706b2d
- that removed the explicit registering, with a port number, in the
tcp.port and udp.port dissector tables, *without* replacing it with a
dissector_add_for_decode_as() registering it *without* a port number.
Change-Id: I9ae22418553c143d51f9a78f5c0901f2f6490351
Reviewed-on: https://code.wireshark.org/review/19832
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This reverts commit aaac50cfde.
Not clear that this is the problem.
Change-Id: I5a0547eb4fda1a1ac7a6548c75ba6bc5e4b82d61
Reviewed-on: https://code.wireshark.org/review/19830
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Apparently, fmod may be in -lm even if cos isn't.
Change-Id: Ifef1246ccd1ae1e17e4bbbab120c6181092c7786
Reviewed-on: https://code.wireshark.org/review/19827
Reviewed-by: Guy Harris <guy@alum.mit.edu>
A few dissectors can benefit from the conversion.
Change-Id: I3b7d54926b79314009e271960aff61870a115390
Reviewed-on: https://code.wireshark.org/review/19826
Reviewed-by: Michael Mann <mmann78@netscape.net>
wmem_map_new_autoreset(wmem_epan_scope(), wmem_file_scope(), ...)
doesn't have "file" scope ready at startup to create hash table
and will assert.
Change-Id: I3437f45ef42bf8635e4d504cf073fc3fb0c9a8cd
Reviewed-on: https://code.wireshark.org/review/19825
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Evan Huus <eapache@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Renegotiated sessions may interleave application data with handshake
records. These handshake records should however not be included in the
flow associated with the application data. This fixes a regression in
the previous patch, now the "1.12 Step: SSL Decryption (renegotiation)"
test passes again.
Also remove duplicate DTLS data sources for decrypted records.
Change-Id: I46d416ffba11a7c25c5a682b3b53f06d10d4ab79
Fixes: v2.3.0rc0-2152-g77404250d5 ("(D)TLS: consolidate and simplify decrypted records handling")
Reviewed-on: https://code.wireshark.org/review/19822
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The information from qsig_opcode2oid_hashtable could be derived directly from
qsig_op_tab, and get_op() can serve as a lookup instead of qsig_oid2op_hashtable.
Change-Id: Ibc5b20ff9ff46b1644c6a6c2c90ee1c4ac131e45
Reviewed-on: https://code.wireshark.org/review/19743
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This can be used similarly to wmem_tree_new_autoreset for hash tables that need
reset after capture file change.
Change-Id: I3a2f0b0a0cad3eca46266523c594d3d7aac17489
Reviewed-on: https://code.wireshark.org/review/19794
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
Initialize decode_as_list = NULL after free to avoid random crashes
in g_list functions after changing profile.
This bug was introduced in g5c7b0b96
Change-Id: Ibc752f245115c5a426989e20e0ab9d0f0faac43d
Reviewed-on: https://code.wireshark.org/review/19821
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
relax pw_eth_heuristic and, at the same time, improve
the 1st nibble logic in dissect_mpls in order to disambiguate
between Ethernet pseudo-wire without a control word, with the MAC
address's first nibble being 4/6 and IPv4/6 packet.
Bug: 13301
Change-Id: If4697c2e40271d84e2db11a9f64ee60a8657e164
Signed-off-by: Francesco Fondelli <francesco.fondelli@gmail.com>
Reviewed-on: https://code.wireshark.org/review/19599
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Zero-length octet sequences don't need to show <MISSING> for their contents.
Change-Id: I89662ff8cd29563981ba9e1b34dc82023b6a070e
Reviewed-on: https://code.wireshark.org/review/19755
Reviewed-by: Juan Jose Martin Carrascosa <juanjo@rti.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Previously there was a distinction between decrypted handshake
Application Data records ("Decrypted SSL data") and some others (like
Alerts, Handshake and Heartbeat, "Decrypted SSL record"). Remove this
distinction and always decrypt the payload before passing it on and
always display a data sources for decrypted contents ("Decrypted SSL").
This is prepatory work for TLS 1.3 support where the content type is
located in the encrypted record, having the record decryption in one
place makes it easier to adapt.
Change-Id: I92c51c7f9e87e5c93231d28c39a8e896f5afd1ef
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/19789
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Update the recent files list when exporting specified packets to file.
Change-Id: I4e7dd7f943aa99ab9d5f3fd88444d730434970e9
Reviewed-on: https://code.wireshark.org/review/19818
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
The "Go to Packet" frame cannot be used without a capture file so
ensure we hide this when closing a capture file.
Change-Id: I339bc90b87181a8361e9f0bf27dfdf26d2f05333
Reviewed-on: https://code.wireshark.org/review/19783
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When saving preferences the strings in string lists must not be
escaped with g_strescape() because this will destroy UTF-8 characters.
Because this strings only should use printable characters we manually
escape quote and backslash, and skip non-printable.
Bug: 13342
Change-Id: I57e492dff746a5ecc0aee809f946a615ad110b4d
Reviewed-on: https://code.wireshark.org/review/19738
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use correct disconnect() signature to ensure everything is disconnected
before connecting new signals. Without this all previous connects() are
still active. This leads to gradually more and more syntax checks being
called for each change, and possibility of a wrong syntax check
(especially for strings which has no syntax check).
Use the textEdited() signal to trigger a syntax check at startup.
This gives consistency.
Do not clear preferenceLineEdit when done because it looks weird when
the preference text disappears while the widget is hiding. The entry
is cleared before next show anyway.
Change-Id: I21c6fd8ec6bb0ecff1b2c0b66fe97dc3eaecf9b3
Reviewed-on: https://code.wireshark.org/review/19788
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The interval parameter is user-supplied and is used as divisor.
Change-Id: I9cbbecb71da3991c1712cb87e93de072cc950224
Reviewed-on: https://code.wireshark.org/review/19787
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Change-Id: I2855c83c6b5e9add3f34d72a2f2ed3394bf79b78
Reviewed-on: https://code.wireshark.org/review/19761
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
That field parsed as Big Endian, while all data in ZigBee is Little Endian.
Not change to LE.
Change-Id: I782ba5d17ca9f2208dc4e2f08ca2c731f4d683e4
Reviewed-on: https://code.wireshark.org/review/19800
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>