Change-Id: If7994b2bc5d341f381e0f15a0d6179ad73bf9367
Reviewed-on: https://code.wireshark.org/review/19763
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This will also avoid invoking ssl_finalize_decryption which will not be
used for TLS 1.3.
Change-Id: I958508276488764ad1a82e6412504bcd72f3b995
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/19823
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Do length checks in case not all fields are present to prevent
malformed packets.
Bug: 13237
Change-Id: Ie7cc3006fa33f1dedeffb09a4f35adb8dee8e9f6
Ping-Bug: 13238
Reviewed-on: https://code.wireshark.org/review/19390
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Reviewed-by: Michael Mann <mmann78@netscape.net>
In change 9bcac48403, "t30.hdlc" was
inadvertently changed to "t30.hdlc""rtp"; this meant that we didn't
actually find the T.30 dissector, as we were looking for it under the
name "t30.hdlcrtp".
Change-Id: Ic1c1daf558926afdb43ac9220940f3ac0159d247
Reviewed-on: https://code.wireshark.org/review/19835
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This got lost as part of change 9132706b2d
- that removed the explicit registering, with a port number, in the
tcp.port and udp.port dissector tables, *without* replacing it with a
dissector_add_for_decode_as() registering it *without* a port number.
Change-Id: I9ae22418553c143d51f9a78f5c0901f2f6490351
Reviewed-on: https://code.wireshark.org/review/19832
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This reverts commit aaac50cfde.
Not clear that this is the problem.
Change-Id: I5a0547eb4fda1a1ac7a6548c75ba6bc5e4b82d61
Reviewed-on: https://code.wireshark.org/review/19830
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Apparently, fmod may be in -lm even if cos isn't.
Change-Id: Ifef1246ccd1ae1e17e4bbbab120c6181092c7786
Reviewed-on: https://code.wireshark.org/review/19827
Reviewed-by: Guy Harris <guy@alum.mit.edu>
A few dissectors can benefit from the conversion.
Change-Id: I3b7d54926b79314009e271960aff61870a115390
Reviewed-on: https://code.wireshark.org/review/19826
Reviewed-by: Michael Mann <mmann78@netscape.net>
wmem_map_new_autoreset(wmem_epan_scope(), wmem_file_scope(), ...)
doesn't have "file" scope ready at startup to create hash table
and will assert.
Change-Id: I3437f45ef42bf8635e4d504cf073fc3fb0c9a8cd
Reviewed-on: https://code.wireshark.org/review/19825
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Evan Huus <eapache@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Renegotiated sessions may interleave application data with handshake
records. These handshake records should however not be included in the
flow associated with the application data. This fixes a regression in
the previous patch, now the "1.12 Step: SSL Decryption (renegotiation)"
test passes again.
Also remove duplicate DTLS data sources for decrypted records.
Change-Id: I46d416ffba11a7c25c5a682b3b53f06d10d4ab79
Fixes: v2.3.0rc0-2152-g77404250d5 ("(D)TLS: consolidate and simplify decrypted records handling")
Reviewed-on: https://code.wireshark.org/review/19822
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The information from qsig_opcode2oid_hashtable could be derived directly from
qsig_op_tab, and get_op() can serve as a lookup instead of qsig_oid2op_hashtable.
Change-Id: Ibc5b20ff9ff46b1644c6a6c2c90ee1c4ac131e45
Reviewed-on: https://code.wireshark.org/review/19743
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This can be used similarly to wmem_tree_new_autoreset for hash tables that need
reset after capture file change.
Change-Id: I3a2f0b0a0cad3eca46266523c594d3d7aac17489
Reviewed-on: https://code.wireshark.org/review/19794
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
Initialize decode_as_list = NULL after free to avoid random crashes
in g_list functions after changing profile.
This bug was introduced in g5c7b0b96
Change-Id: Ibc752f245115c5a426989e20e0ab9d0f0faac43d
Reviewed-on: https://code.wireshark.org/review/19821
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
relax pw_eth_heuristic and, at the same time, improve
the 1st nibble logic in dissect_mpls in order to disambiguate
between Ethernet pseudo-wire without a control word, with the MAC
address's first nibble being 4/6 and IPv4/6 packet.
Bug: 13301
Change-Id: If4697c2e40271d84e2db11a9f64ee60a8657e164
Signed-off-by: Francesco Fondelli <francesco.fondelli@gmail.com>
Reviewed-on: https://code.wireshark.org/review/19599
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Zero-length octet sequences don't need to show <MISSING> for their contents.
Change-Id: I89662ff8cd29563981ba9e1b34dc82023b6a070e
Reviewed-on: https://code.wireshark.org/review/19755
Reviewed-by: Juan Jose Martin Carrascosa <juanjo@rti.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Previously there was a distinction between decrypted handshake
Application Data records ("Decrypted SSL data") and some others (like
Alerts, Handshake and Heartbeat, "Decrypted SSL record"). Remove this
distinction and always decrypt the payload before passing it on and
always display a data sources for decrypted contents ("Decrypted SSL").
This is prepatory work for TLS 1.3 support where the content type is
located in the encrypted record, having the record decryption in one
place makes it easier to adapt.
Change-Id: I92c51c7f9e87e5c93231d28c39a8e896f5afd1ef
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/19789
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Update the recent files list when exporting specified packets to file.
Change-Id: I4e7dd7f943aa99ab9d5f3fd88444d730434970e9
Reviewed-on: https://code.wireshark.org/review/19818
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
The "Go to Packet" frame cannot be used without a capture file so
ensure we hide this when closing a capture file.
Change-Id: I339bc90b87181a8361e9f0bf27dfdf26d2f05333
Reviewed-on: https://code.wireshark.org/review/19783
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When saving preferences the strings in string lists must not be
escaped with g_strescape() because this will destroy UTF-8 characters.
Because this strings only should use printable characters we manually
escape quote and backslash, and skip non-printable.
Bug: 13342
Change-Id: I57e492dff746a5ecc0aee809f946a615ad110b4d
Reviewed-on: https://code.wireshark.org/review/19738
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use correct disconnect() signature to ensure everything is disconnected
before connecting new signals. Without this all previous connects() are
still active. This leads to gradually more and more syntax checks being
called for each change, and possibility of a wrong syntax check
(especially for strings which has no syntax check).
Use the textEdited() signal to trigger a syntax check at startup.
This gives consistency.
Do not clear preferenceLineEdit when done because it looks weird when
the preference text disappears while the widget is hiding. The entry
is cleared before next show anyway.
Change-Id: I21c6fd8ec6bb0ecff1b2c0b66fe97dc3eaecf9b3
Reviewed-on: https://code.wireshark.org/review/19788
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The interval parameter is user-supplied and is used as divisor.
Change-Id: I9cbbecb71da3991c1712cb87e93de072cc950224
Reviewed-on: https://code.wireshark.org/review/19787
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Change-Id: I2855c83c6b5e9add3f34d72a2f2ed3394bf79b78
Reviewed-on: https://code.wireshark.org/review/19761
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
That field parsed as Big Endian, while all data in ZigBee is Little Endian.
Not change to LE.
Change-Id: I782ba5d17ca9f2208dc4e2f08ca2c731f4d683e4
Reviewed-on: https://code.wireshark.org/review/19800
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Adds a signal, which emits the number of active captures
Change-Id: I637106294e331e7fc7607f6fd7704492e22fa7ac
Reviewed-on: https://code.wireshark.org/review/19799
Reviewed-by: Roland Knall <rknall@gmail.com>
Add the 'in' operator to the list of available operators, where 'eq'
operator would be present also. Setup the curly bracket expression in
the filter and allow for multiple enums to be selected.
Ping-Bug: 12808
Change-Id: Ibeef52ba9d41549d0684b0069270ff09f5a93e81
Reviewed-on: https://code.wireshark.org/review/19767
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
That should squelch some warnings on Windows.
Change-Id: I55b394be12203e14af023fdcc5d46564d0fcfa34
Reviewed-on: https://code.wireshark.org/review/19797
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have a wsutil/socket.h file, for inclusion by everything that uses
sockets, that contains the UN*X-vs-Windows #includes and #defines to
hide some UN*X-sockets vs. Winsock API differences. That stuff mostly
comes from from extcap/extcap-base.h; have that file just include
wsutil/socket.h rather than defining that stuff itself.
Include it in sharkd_daemon.c. Use socklen_t for the size of things to
pass to bind() as the last argument; wsutil/socket.h defines it as int
on Windows.
Ignore sharkd in Git.
Change-Id: I3f2171b7aa613717f52305f62bfd7d43e0172dc6
Reviewed-on: https://code.wireshark.org/review/19796
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Assume that the relative milliseconds could be 64-bit, and make the
indices calculated from it 64-bit as well.
Change-Id: Ie1248c9440172b85ffbb05461ef1ee07c371fc3c
Reviewed-on: https://code.wireshark.org/review/19795
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I8c614189159f1263d9452d495cee34d1a2c1bfcb
Reviewed-on: https://code.wireshark.org/review/19790
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 13346
Change-Id: I83175fefeef5035039e378dd68ffdcd0787970b8
Reviewed-on: https://code.wireshark.org/review/19775
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
After converting port preferences to use Decode As entries the preference
editor was no longer used when changing port number pereferences from the
Packet Details popup menu.
Change-Id: Ifeff3b88bfd96a122b6a58d8917304eb69cf0c38
Reviewed-on: https://code.wireshark.org/review/19781
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
sharkd does not perform any capturing, so do not include related
libraries and files. This fixes the CMake build too.
Change-Id: Ie002b09dbf60070e34dacc8ae7dadee6690d4db8
Reviewed-on: https://code.wireshark.org/review/19786
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
sharkd listens on UNIX socket and allows external clients
to run commands like: loading file, analysing frames or running TAP(s).
Change-Id: I443b2865e4adfd1c11f4f57d09ff7fce6b1e8766
Reviewed-on: https://code.wireshark.org/review/18208
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Do the NLRI length checks in the switch cases for each route type, and
do them for *all* route types, rather than throwing a random check in
for one particular route type.
There is no need to fail up front for unknown route types; at least
dissect the type and length, and fail in the switch statement.
Dissect the route descriptor in each of the switch cases, after the
length check, rather than doing it up front.
Add a comment noting where the prefix route type comes from.
Change-Id: Iae26ecd467d4b36dbcf52e7998bd2881405281aa
Reviewed-on: https://code.wireshark.org/review/19774
Reviewed-by: Guy Harris <guy@alum.mit.edu>