That's another failure that can occur if you're trying to load a
libwireshark plugin in a program that doesn't use libwireshark if, for
example, references to an undefined symbol don't prevent the module from
being loaded in the first place.
Change-Id: I21629c0094fdca7dfbd88f39b7e6c10fb600b401
Reviewed-on: https://code.wireshark.org/review/17537
Reviewed-by: Guy Harris <guy@alum.mit.edu>
A handshake starts a new session, be sure to clear the previous state to
avoid creating a decoder with wrong secrets.
Renegotiations are also kind of transparant to the application layer, so
be sure to re-use an existing SslFlow. This fixes the Follow SSL stream
functionality which would previously ignore everything except for the
first session.
The capture file contains a crafted HTTP request/response over TLS 1.2,
interleaved with renegotiations. The HTTP response contains the Python
script used to generate the traffic. Surprise!
Change-Id: I0110ce76893d4a79330845e53e47e10f1c79e47e
Reviewed-on: https://code.wireshark.org/review/17480
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
atoi must lie in soft-deprecated list until close to complete removal.
Change-Id: Ia26ada56114559637fdc598913ee93523ed9434d
Reviewed-on: https://code.wireshark.org/review/17529
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
In a two-pass dissection with renegotiated sessions, the
is_session_resumed flag is not updated according to the current protocol
flow. Fix this by performing detection of abbreviated handshakes in
all cases, do not limit it to the decryption stage (where ssl != NULL).
Reset the resumption assumption after the first ChangeCipherSpec
(normally from the server side, but explicitly add this in case client
packets somehow arrive earlier in the capture). This should not have a
functional effect on normal TLS captures with Session Tickets.
Bug: 12793
Change-Id: I1eb2a8262b4e359b8c1d3d0a1e004a9e856bec8c
Reviewed-on: https://code.wireshark.org/review/17483
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Change-Id: I68b4fa08a7f65b92e56a6e72a6bb113e72ee33da
Reviewed-on: https://code.wireshark.org/review/17524
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Replace the error-prone next/prev handling with GList and GHashTable
Cleanup extcap_parser to only expose necessary functions
Remove token know-how from extcap
Change-Id: I7cc5ea06f58ad6c7a85ac292f5d2cb3d33e59833
Reviewed-on: https://code.wireshark.org/review/17496
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Flexible array members are supported by gcc, clang and even MSVC2013.
Note, so far it was only used in the Windows-specific airpcap.h.
Trailing commas in enum declaration are already in use since for
these dissectors (commit ID is the first occurrence):
epan/dissectors/packet-gluster.h v2.1.0rc0-1070-g3b706ba
epan/dissectors/packet-ipv6.c v2.1.2rc0-81-ge07b4aa
epan/dissectors/packet-netlink.h v2.3.0rc0-389-gc0ab12b
epan/dissectors/packet-netlink-netfilter.c v2.3.0rc0-239-g1767e08
epan/dissectors/packet-netlink-route.c v2.3.0rc0-233-g2a80b40
epan/dissectors/packet-quic.c v2.3.0rc0-457-gfa320f8
Inline functions using the "inline" keyword are supported via all glib
versions we support (if it is missing, glib will define a suitable
inline macro).
Other c99 functions listed in the README.developer document were found
to be compatible with GCC 4.4.7, Clang 3.4.2 and MSVC 2013.
Change-Id: If5bab03bfd8577b15a24bedf08c03bdfbf34317a
Reviewed-on: https://code.wireshark.org/review/17421
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That way, for signed values, the caller knows whether ERANGE means "too
large" or "too small"; this is analogous to what the C routines return.
Change-Id: Ifc1fc4723733be606487093f8aa77ae2d89d2c40
Reviewed-on: https://code.wireshark.org/review/17512
Reviewed-by: Guy Harris <guy@alum.mit.edu>
-1 is not an unsigned number. For that matter, neither is +1;
"unsigned" means "without a sign", and they both have signs.
ANSI C's strto{whatever} routines - even the ones that supposedly are
for "unsigned" values - and the GLib routines modeled after them allow a
leading sign, so we have to check ourselves.
Change-Id: Ia0584bbf83394185cde88eec48efcdfa316f1c92
Reviewed-on: https://code.wireshark.org/review/17511
Reviewed-by: Guy Harris <guy@alum.mit.edu>
cmdarg_err() prints a message, but it doesn't exit.
Change-Id: I887d96bce483f873a4375cb6b5254915d014f1b1
Reviewed-on: https://code.wireshark.org/review/17509
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Clean up indentation while we're at it.
Change-Id: Ie7223f96c758bd71d2435203635db9c2b28e2249
Reviewed-on: https://code.wireshark.org/review/17508
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That's a less gross hack to suppress load failures due to not having
libwiretap than providing a no-op failure-message routine, as it at
least allows other code using a failure-message routine, such as
cmdarg_err() and routines that call it, to be used.
We really should put libwiretap and libwireshark plugins into separate
subdirectories of the plugin directories, and avoid even looking at
libwireshark plugins in programs that don't use libwireshark.
Change-Id: I0a6ec01ecb4e718ed36233cfaf638a317f839a73
Reviewed-on: https://code.wireshark.org/review/17506
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Check IKEv1 Certificate Request Payloads for an empty
Certificate Authority field, which is allowed by RFC 2408.
Suppress dissection of this field if it is indeed empty.
Change-Id: Ifb997e460a4c12003215fde86c374cfc769c5d72
Reviewed-on: https://code.wireshark.org/review/17501
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Instead use ws_strtoi/u functions. atoi() doesn't make any kind
of check so it should be avoided. ws_strtoi/u should be used
instead of strtol & co., but they're still acceptable for some
cases that deviate from the basic usage.
Change-Id: I145ff4d8f893852e024c4ea8fc6a836b15bd2b0d
Reviewed-on: https://code.wireshark.org/review/17502
Reviewed-by: Michael Mann <mmann78@netscape.net>
In the current code many functions have been used for convertion
(strtol, atoi, g_ascii_strtoll, etc). Those utilities want to be
the only, shared, way to convert integers.
Change-Id: I22ba1bf54e144e73a4728612a4437de5a2d339e2
Reviewed-on: https://code.wireshark.org/review/17414
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
It contains the same password field that appears in the Registration
message. Make this field generic and reuse it here.
Change-Id: I7be9a99b5da1713937ffca5624be66150ff453d1
Reviewed-on: https://code.wireshark.org/review/17489
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
add the value for euro
Change-Id: Id8624e356ad4fcddcf77483a721428782c6bb0b2
Reviewed-on: https://code.wireshark.org/review/17487
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Implement the same changes in the ELEM_TLV() and ELEM_TV() macros as in
packet-gsm_a_common.h, to remove superfluous code and squelch about 50
Coverity issues.
Change-Id: I262dc60fdfa3482876d8525b34f6b1dbbe371257
Reviewed-on: https://code.wireshark.org/review/17478
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This name is displayed in the SSL prototcol tree (Application Data
Protocol: http-over-tls), rename to avoid possible user confusion.
Modify the SSL dissector such that both "http" and "http-over-tls"
invoke the same dissector function.
Change-Id: I2d52890a8ec8fa88b6390b133a11df607a5ec3dc
Reviewed-on: https://code.wireshark.org/review/17481
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Dario reported that the cmake build fails after installing libnl3-devel
(libnl-devel was already present). This results from a name collision
for NL_LIBRARY and NL_INCLUDE_DIR variables.
Initially these variables contained the values for libnl-1. When libnl3
is installed, these variables were not updated (because it was cached),
but HAVE_LIBNL3 would still be set, resulting in a header and feature
mismatch. Use separate variables for libnl1 and libnl3 to fix this.
Other fixes: also set HAVE_LIBNL for libnl1; fallback to libnl1 if
libnl3 is unusable (e.g. because libnl-route-3.0 is missing).
Change-Id: Icf0a03843ea870347ddf365f69bacf4883d07f6d
Reviewed-on: https://code.wireshark.org/review/17449
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Dissect SMB2 getinfo request fix-sized parameters according
to [MS-SMB2] section 2.2.37.
This does not include extended attributes at the moment.
Change-Id: I5281edf0c21517cdf43ef00e89b5680b8174c383
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-on: https://code.wireshark.org/review/17444
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a function that dissects FILE_GET_QUOTA_INFORMATION
structure ([MS-FSCC] 2.4.33.1)
This structure is used to define a set of SIDs whose quota
is to be fetched.
Change-Id: I81f6bca98fb239935ca593bd8725cebbb2037fbe
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-on: https://code.wireshark.org/review/17445
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a checkbox which lets you toggle between absolute and relative start
times. Use the local time for now. Fixes bug 11618.
Adjust our time precision based on the capture file's time precision.
Fixes bug 12803.
Update the User's Guide accordingly.
Bug: 11618
Bug: 12803
Change-Id: I0049d6db6e4d0b6967bf35e6d056a61bfb4de10f
Reviewed-on: https://code.wireshark.org/review/17448
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Expand a comment to suggest what we should probably do on macOS.
Change-Id: Ic18afe5d1b165dbb27b5f0f5ff3ff9a33835a0f4
Reviewed-on: https://code.wireshark.org/review/17470
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Avoid that the last entry from recent.capture_filter is added to the
capture filter combo when editing preferences or changing profile.
This bug was introduced in gb7897dde.
Change-Id: I38a32386765c9e7ffaa93d006ff0ef7b78ac8252
Reviewed-on: https://code.wireshark.org/review/17453
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a timeline indicator to the Start and Duration columns in the
Conversations dialog. Add tooltips to the columns that explain what's
going on.
Round the timeline rect corners and do the same for Prototocol Hierarchy
Statistics. This should hopefully differentiate the graph bars from a
text selection and IMHO it looks better.
Update the PHS and Conversations images in the User's Guide.
Change-Id: I61d6c25843be522cc444e01ba77cb5b1e991fa36
Reviewed-on: https://code.wireshark.org/review/17396
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The CID is about the lack of check of wmem_tree_lookup32_le()
return value, but the old code worths a bit of rework.
Change-Id: I3adb868d2baa1c8aea3f914f7fb9fdf75f222960
Reviewed-on: https://code.wireshark.org/review/17322
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This patch contains a partial rewrite of the BGP dissector for Extended
Communities. The changes were primarily motivated by my dissatisfaction
with the generally unreadable way in which the types, names and values of
BGP Extended Communities were displayed in Wireshark GUI. The rewrite
provides a hopefully more readable and eye-pleasing way of displaying the
extended communities. I have also corrected numerous other flaws with the
Extended Community dissector I stumbled across.
In particular, the changes encompass the following:
1.) The Type octet of an Extended Community is now analyzed including its
Authority and Transitivity bits. These were not dissected before.
2.) Dissection for EVPN Extended Community was improved. The original
implementation blindly assumed that there is just a single subtype and
decoded the community ignoring the actual subtype.
3.) I have removed the hf_bgp_ext_com_value_unknown16 and ..._unknown32.
The current code uses a different approach to display values of unrecognized
communities, and for recognized communities, there are no "unknown"
subfields.
4.) Removed a couple of variables declared at the
dissect_bgp_update_ext_com() level. These stored the result of a
tvb_get_...() call but the value was used only once. I have replaced them
with the direct use of tvb_get_...()
5.) Moved duplicate code to add the Type value into the community_tree from
each branch in the switch(com_type_high_byte) out of it and placed it before
the switch().
6.) Reworked the style in which individual communities are displayed. Each
community item (collapsed) is now displayed using the following label
format:
Community name: Values [Generic community type]
Examples:
Route Target: 1:1 [Transitive 2-Octet AS-Specific]
Unknown subtype 0x01: 0x8081 0x0000 0x2800 [Non-Transitive Opaque]
Unknown type 0x88 subtype 0x00: 0x0000 0x0000 0x0000 [Unknown community]
6.) To keep the filter names more consistent, changed names of selected filters:
bgp.ext_com.type_high -> bgp.ext_com.type
bgp.ext_com.type_low -> bgp.ext_com.stype_unknown
In particular, I do not want to call the subtype as bgp.ext_com.type_low
because that filter applied only to unrecognized subtypes even though its
name would suggest to users that they can filter any community based on it.
7.) Numerous corrections in text labels, names and labels that have been
incorrect or incomplete.
Bug: 12794
Change-Id: I9653dbbc8a8f85d0cd2753dd12fd537f0a604cf3
Reviewed-on: https://code.wireshark.org/review/17377
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Remove all recent files from the main welcome page when clearing
recent files from the menu.
Change-Id: Ic410a729e63d82ee58b6bbb31f7e4a658b17d794
Reviewed-on: https://code.wireshark.org/review/17456
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>