Failing postinst has been reported several times under LP#1447893
Change-Id: I196f246b34aa3be9d53f02b4e0092c802effc42a
Reviewed-on: https://code.wireshark.org/review/11693
Reviewed-by: Balint Reczey <balint@balintreczey.hu>
Change-Id: I7f5724e263ab81d42421d0cfcb1fc4b63a55d79e
Reviewed-on: https://code.wireshark.org/review/11590
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
accept the node key as a first parameter.
wmem_tree accepts all sort of keys (strings, integers, soon ranges),
thus it is of interest for various purposes (testing, greedy search) to
know the key of the node.
Change-Id: Ie748b917bef91f0b1ba8cce15bd1b471922641dc
Reviewed-on: https://code.wireshark.org/review/11683
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I24185128e664a0f7cc2b59d5d653582cddd04df1
Reviewed-on: https://code.wireshark.org/review/11686
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add a dissector for reading Sysdig event blocks. It only handles plain
events but it's usable for reading trace files on hand here.
Use a script to generate various parts of the dissector. As an experiment,
update parts in-place instead of using a template.
Ultimately there should probably be a top-level "Syscall" or "Event"
dissector alongside the "Frame" dissector, which could then call this.
You could then directly compare an executable's system calls alongside
its network traffic.
For now leverage the pcapng_block dissector and keep everything under
"Frame".
Next steps:
- Items listed at the top of packet-sysdig-event.c.
Change-Id: I17077e8d7f40d10a946d61189ebc077d81c4da37
Reviewed-on: https://code.wireshark.org/review/11103
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The callers of wtap_dump_init_dumper() always call
wtap_dump_open_check() first, with the same arguments in all cases; pull
the latter call into wtap_dump_init_dumper() itself.
Change-Id: I2b44dc3a018745e175b5c74ff1a346749fec2b71
Reviewed-on: https://code.wireshark.org/review/11681
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have a "this is stdout" flag for a wtap_dumper, and have "open the
standard output for dumping" routines that set that flag. When closing
a wtap_dumper, do most of the work regardless of whether we're writing
to the standard output or not (so that everything gets written out) and
only skip the closing of the underlying file descriptor.
Change-Id: I9f7e4d142b3bd598055d806b7ded1cb4c378de8e
Reviewed-on: https://code.wireshark.org/review/11673
Reviewed-by: Guy Harris <guy@alum.mit.edu>
being run in.
Do this by forcing the time zone to be UTC (by modifying the environment).
Change-Id: I13c47deada82b55a464006f9c3cc60115b2e4f20
Reviewed-on: https://code.wireshark.org/review/11378
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Added IP address and port number to the comp_req_list_entry so
get_mfn_from_fn_and_reqid can check for matching IP and port number
when searching for the reply to a request.
Change-Id: Iad00bca5c1104cf8c335001f84264fe55d2e45fc
Reviewed-on: https://code.wireshark.org/review/11599
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Checking WIRESHARK_ABORT_ON_DISSECTOR_BUG here looks somewhat redundant but it's not:
it's needed to prevent REPORT_DISSECTOR_BUG() from throwing an exception when
we're not dissecting (when nobody's going to catch the exception).
Change-Id: I4dfc484bdf13bca236bfff1388d4399e26880ad7
Reviewed-on: https://code.wireshark.org/review/11272
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ib9719ac893288b9f26acabb81158ed42b2351fb5
Reviewed-on: https://code.wireshark.org/review/11572
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
That's a UI convention, and the GUI shouldn't honor that convention - a
user might get confused if they try to save to "-" and end up with
nothing (and with a ton of crap in a log file if programs launched from
the GUI end up with their standard output and error logged).
While we're at it, make randcap report write and close errors.
Change-Id: I9c450f0ca0320ce4c36d13d209b56d72edb43012
Reviewed-on: https://code.wireshark.org/review/11666
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: Ie6f28fd749219ddadc53820f94866e91cca297cb
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/11596
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I16280d3fd4023c5a16026e8e10f1d12dfca45641
Reviewed-on: https://code.wireshark.org/review/11657
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
It doesn't actually *close* any handle, so it's best called a "finish"
routine rather than a "close" routine.
In libwiretap modules, don't bother setting the finish routine pointer
to null - it's already initialized to null (it's probably best not to
require modules to set it).
Change-Id: I19554f3fb826db495f17b36600ae36222cbc21b0
Reviewed-on: https://code.wireshark.org/review/11659
Reviewed-by: Guy Harris <guy@alum.mit.edu>
randpkt.c:556:1: warning: no previous prototype for ‘randpkt_seed’
randpkt.c:610:6: warning: no previous prototype for ‘randpkt_example_init’
randpkt.c:632:6: warning: no previous prototype for ‘randpkt_example_close’
randpkt.c:638:6: warning: no previous prototype for ‘randpkt_loop’
Change-Id: Ieab604a22fa7ebf5c049ab497abd56af0a788d36
Reviewed-on: https://code.wireshark.org/review/11654
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I28ce51f3c06f78b85792bce4a13ef39eb75d7890
Reviewed-on: https://code.wireshark.org/review/11648
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
- start decoding when we have eapol1+2 packets
Do not insist on a complete captured handshake, decode what we can.
- more robust way to detect eapol #2 packets
At least Win 10 is violating the spec on rekey by setting the secure
bit in #2. Unpatched version shows and handles #2 as #4, breaking
decoding after rekey.
- fixed eapol rekey key handling
Inital patch (see https://code.wireshark.org/review/8268)
is adding redundant keys, since it scans all the time
and not only once.
- ignore tailing garbage after eapol sections in frame
See https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9065#c8
Included testcase to test decode for incomplete handshakes and eapol2
packets with secure bit set on rekey.
Ping-Bug: 9065
Change-Id: Id775088db9b5aaa80da9efdeed6902d024b5c0cd
Reviewed-on: https://code.wireshark.org/review/11484
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This change should fix some complains from coverity.
Change-Id: Ic46212e12892779b2aa0276e028fea2d9fbb6985
Reviewed-on: https://code.wireshark.org/review/10545
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
In the main toolbar get our initial icon size using the PM_SmallIconSize
pixel metric. On Windows this varies directly with the system text
magnification setting.
Pinging bug 11675 since we still need to adjust the icon sizes in the
filter edits, progress frame, status bar, and likely other places.
Ping-Bug: 11675
Change-Id: I53a78627ce850bd6dbd4628da481badee63a1208
Reviewed-on: https://code.wireshark.org/review/11605
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Be more consistent about using the ws_ routines, as we suggest in
README.developer.
In C++ on UN*X, define ws_close as ::close rather than close, so that it
works even in classes with methods or members named "close".
Change-Id: Ide2652229e6b6b4624cbddae0e909a4ea1efa591
Reviewed-on: https://code.wireshark.org/review/11637
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The only file system operations it does are printing of debugging output
to the standard output, so it doesn't need <wsutil/file_util.h>.
Change-Id: Ia5caf62a3aab418f039669aa0b54e163e54d0d21
Reviewed-on: https://code.wireshark.org/review/11635
Reviewed-by: Guy Harris <guy@alum.mit.edu>
libwiretap no longer uses standard I/O routines to read files; those
includes are left over from when it did.
Change-Id: Ia46c5e24ed25c6bd254cd271746ace539a37e590
Reviewed-on: https://code.wireshark.org/review/11634
Reviewed-by: Guy Harris <guy@alum.mit.edu>