HTML docs are installed to both $docdir and $pkgdatadir. Fix that
to install to $docdir only.
Change-Id: I115158585b6df9170d9a01249adbc8548df91f14
Reviewed-on: https://code.wireshark.org/review/34640
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
using uplink parameter as input for calc. the nonce for decryption
Bug: 16110
Change-Id: I3da1afbe80629a378a9ecc63157b5854729c6159
Reviewed-on: https://code.wireshark.org/review/34751
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The MQTT specification says "The Will Message defines the Application
Message that is to be published to the Will Topic", Application
Messages are defined as being application specific.
Change-Id: I3fad1cb5f676b0232ba9e29af0d213b536ce4ef6
Reviewed-on: https://code.wireshark.org/review/34749
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
The recent macOS installer changes were backported to master-3.0, so
they're no longer new in master.
Change-Id: I357e0f8facbc2266c3780bcf8d696b5c2b00602d
Reviewed-on: https://code.wireshark.org/review/34745
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Add support for the WFA Neighbor Awareness Networking (NAN) protocol.
Bug: 16087
Change-Id: Ideeeea2551c8db722b5578340bef4e504ea73dcf
Reviewed-on: https://code.wireshark.org/review/34635
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Simplify class handling and clear up some names
Change-Id: I8a3dd80c0b4dd97aee6164d94ca9cf60068f427b
Reviewed-on: https://code.wireshark.org/review/34730
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Used egrep "\b([a-zA-Z]+) \1\b" docbook/wsug_src/*.adoc to find instances
where words were erroneously duplicated.
Change-Id: Ie390fa4f1c61a288ff0ed77aa84c4fb01f4de27e
Reviewed-on: https://code.wireshark.org/review/34725
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In preparation of having just a single instance of CaptureFile
dialogs are redesigned to not use CaptureFile
Change-Id: I2bff036d6f9e946954873c90b935b6653fbeb474
Reviewed-on: https://code.wireshark.org/review/34723
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
1. A C-style Protocol Buffers Language (PBL) parser for *.proto file is added.
It contains protobuf_lang_scanner.l (lex scanner), epan/protobuf_lang.y (grammar
parser), and protobuf_lang_tree.h/c (grammar tree implementation).
2. The protobuf-helper.h/cpp is an interface wrapper layer. If one day C++ is allowed,
we can create a protobuf-helper.cpp file, which using offical protobuf C++
library, to replace protobuf-helper.c. That keeps packet-protobuf.c unchanged.
3. User can specify protobuf search paths, and the UDP ports to protobuf message type
maps at the Protobuf protocol preferences.
4. Other dissectors can pass the message type to Protobuf dissector by data parameter
or pinfo->private_table["pb_msg_type"] (pinfo.private["pb_msg_type"] in lua).
Some Sample of GRPC with Protobuf captures can be found in Bug: 13932.
Bug: 13932
Change-Id: Ife16c2f7b381296f8db4740dabe5f8362a456f48
Reviewed-on: https://code.wireshark.org/review/22892
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The dissector assumed 46 instead of 43 as Directory Information field length
Bug: 15817
Change-Id: I25f1c95a202c0f0156062eda93a3690911ef50aa
Reviewed-on: https://code.wireshark.org/review/33464
Reviewed-by: Roland Knall <rknall@gmail.com>
Tested-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Ensure to call load_wpcap() berfore building the version info string.
Bug: 16108
Change-Id: Ida7ecf6ad5186f816e1bf33902a0ae70f7f36b40
Reviewed-on: https://code.wireshark.org/review/34719
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In case of OpenVizsla the FTDI FT dissector is useful for toubleshooting
host software issues.
Change-Id: Iac5d2960ca04e6c4fa4619f204bce0c1c4de3b3e
Reviewed-on: https://code.wireshark.org/review/34718
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
According to 3GPP TS 44.060, section 12.10 "Global TFI", the first
bit of that IE defines whether it's an Uplink (0) or Downlink (1)
TFI (Temporary Flow Identity).
Before this patch:
Global_TFI
.1.. .... = UL TFI: (Union)
..01 110. = DL TFI: 14
After:
Global_TFI
.1.. .... = Uplink (0) or Downlink (1) TFI: (Union)
..01 110. = DL TFI: 14
Change-Id: Idcf25b007bce8ee065fd10753dbd3292ab0ce95e
Reviewed-on: https://code.wireshark.org/review/34713
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In debug builds different glib .dll files are being used than in release
builds. List all .dll files in (generated) nsis all-manifest.nsh and WiX
DependentComponents.wxs guarding the debug files under BUNDLE_DEBUG_DLLS
ifdef. CMake generator expression is used to include /DBUNDLE_DEBUG_DLLS
parameter to MakeNSIS in debug builds. Similarly, -dBUNDLE_DEBUG_DLLS is
added to WiX candle in debug builds.
Change-Id: Ibfe7a640d25ba25f14bb910708ab83d0634d48db
Reviewed-on: https://code.wireshark.org/review/34703
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
There's no need to perform redissection as we are sorting data already
present in PacketListRecord.
This change is not only improving performance, but prevents a crash
related to "event interruptions". As wsApp->processEvents() is called
with QEventLoop::AllEvents, it is possible for user to trigger any
action. If the user decided to close the file while packets are being
redissected inside PacketListModel::sort(), Wireshark would crash.
Ping-Bug: 16097
Change-Id: I82eee0efc789a1102e5fbe3670ed79039a18b8be
Reviewed-on: https://code.wireshark.org/review/34679
Reviewed-by: Roland Knall <rknall@gmail.com>
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
According to RCF 2865 and RFC 3162.
Reason: Frame route is an UTF-8 octet string and it should be decoded in wireshark in that manner.
Change-Id: I0af66d769c27cd41d48f6ca37006f44d2958db22
Reviewed-on: https://code.wireshark.org/review/34697
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This patch updates the TCP Convergence Layer (TCPCL) parser, updates the
Compressed Bundle Header Encoding (CBHE) BP Endpoints that identify
CCSDS File Delivery Protocol (CFDP) and Asynchronous Management Protocol
(AMP) payloads, and adds an AMP dissector that parses the new Compressed
Bundle Header Encoding (CBOR) wire format.
1. Correctly parses the TCP Convergence Layer Length field
2. Adds support for the TCP Convergence Layer Refuse-Bundle Reason-Code
Flags per RFC-7242: Section-5.4
3. Parses BP traffic between Compressed Bundle Header Encoding (CBHE)
endpoints 64 and 65 as CCSDS File Delivery Protocol (CFDP)
payloads.
4. Parses BP traffic beetween Compressed Bundle Header Encoding (CBHE)
endpoints 5 and 6 as Asynchronous Network Management (AMP)
payloads
5. Updates the AMP parser to use the new Compressed Binary Object
Representation (CBOR)
The AMP dissector was originally written by Krishnamurthy Mayya
(krishnamurthymayya@gmail.com) against an older version of the AMP
specification and updated to parse the new Compressed Binary Object
Representation (CBOR) format by Keith Scott (keithlscott@gmail.com)
Change-Id: I8d1eff9fb09f1a9dbdb9f4cf077448316f6a9e05
Reviewed-on: https://code.wireshark.org/review/34216
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
According to specification, Normal (non-DFP) RTC3 frames
are not decoded as subframes. However, undecoded data was
not shown at the tree. The undecoded data text is added
Change-Id: Ib6ffd750c81d05318d9b81debd73a1f8022bbbb7
Reviewed-on: https://code.wireshark.org/review/34698
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
According to 3GPP TS 45.002, section 3.3.4.2, PTCCH (Packet Timing
advance control channel) is a packet dedicated channel, that is
used for continuous Timing Advance control in (E)GPRS.
There are two sub-types of that logical channel:
- PTCCH/U (Uplink): used to transmit random Access Bursts
to allow estimation of the Timing Advance for one MS in
packet transfer mode.
- PTCCH/D (Downlink): used by the network to transmit
Timing Advance updates for several MS.
As per 3GPP TS 45.003, section 5.2, the coding scheme used for
PTCCH/U is the same as for PRACH as specified in subclause 5.3,
while the coding scheme used for PTCCH/D is the same as for
CS-1 as specified in subclause 5.1.1.
The format of PTCCH/D messages can be described as follows:
+--------------+--------------+-----+---------------+------------------+
| Octet 1 | Octet 2 | | Octet 16 | Octet 17 .. 23 |
+---+----------+---+----------+-----+---+-----------+------------------+
| 0 | TA TAI=0 | 0 | TA TAI=1 | ... | 0 | TA TAI=15 | Padding 00101011 |
+---+----------+---+----------+-----+---+-----------+------------------+
what gives us 16 Timing Advance values (7 bit each) for 16 different
mobile stations identified by TAI (0..15). The remaining space is
padding and shall be filled with constant value 0x2B.
Bug: 16096
Change-Id: I0ce81d922a8a8c3981da2486baa3e1efcff46539
Reviewed-on: https://code.wireshark.org/review/34660
Reviewed-by: Pau Espin Pedrol <pespin@sysmocom.de>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The MAC header is also a part of the sub-three that's getting
created for Downlink RLC/MAC control blocks. Otherwise the
length of that three is at least one octet less.
Change-Id: I19dfb44887b98cb25cfe242f5362506a5b93772b
Reviewed-on: https://code.wireshark.org/review/34705
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Changed dissection of AdditionalInformation field for QUERY_INFO/SET_INFO with SEC_INFO class
to use all security information bits defined by [MS-SMB2]. See
[MS-SMB2] 2.2.37 SMB2 QUERY_INFO Request and 2.2.39 SMB2 SET_INFO Request
Changed dissection of SET_INFO to report Reserved/AdditionalInformation instead of unknown field.
Bug: 16095
Change-Id: I28373cba67385cfd9db173cbc0469e893704cd69
Reviewed-on: https://code.wireshark.org/review/34659
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The QUIC transport protocol provides a stream, similar to HTTP/2. Make
it possible to look at the stream contents. This can be helpful while
HTTP/3 support is not yet complete.
Known issues that will be addressed in the future:
- If a single packet contains multiple streams, then Follow QUIC Stream
will wrongly include data from streams other than the selected one.
This is tracked by bug 16093 and affects HTTP/2 as well.
- The Substream index menu does not properly filter for available
stream numbers. If a non-existing stream is selected, then changing
to another (potentially valid) index results in the "Capture file
invalid." error. As workaround, clear the display filter first.
- Follow Stream always selects Stream ID 0 instead of the first or
currently selected stream field in a packet. Users should manually
update the stream index as needed.
Change-Id: I5866be380d58c96f0a71a29abdbd1be20ae3534a
Ping-Bug: 13881
Reviewed-on: https://code.wireshark.org/review/34694
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Wake-up frames in 802.15.4e have a specific structure that is not
consistent with the fields present in a single-byte FCF.
As a special case when 802154e_compatibility is enabled, detect
multi-purpose frames that are exactly 12 bytes long and contain
a Rendezvous Time IE and parse them as an 802.15.4e wake-up frame.
Bug: 16102
Change-Id: I87c6317fffb0670dae0d5bdd499271fe02a40b22
Reviewed-on: https://code.wireshark.org/review/34684
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Default startup project to wireshark instead of ALL_BUILD.
Change-Id: I4694660eba95cd05012f09aa062d923e6c7500d8
Reviewed-on: https://code.wireshark.org/review/34513
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add support for IEEE802.15.4-2015 multipurpose frames, which are
similar to data frames with the following exceptions:
- The Frame Control Field can be either 1 or 2 octets, with different
bit offsets for all fields except for Frame Type.
- The Frame Version field, when present, must always be set to 00.
- The source PAN ID is always absent
- Instead of a PAN ID Compression field, there is a PAN ID Present
field for the destination PAN ID only.
See Section 7.3.5 of IEEE802.15.4-2015 (esp Figure 7-19) for details.
Bug: 16101
Change-Id: I1e64d90694b567573ca10395b823adb9015f8917
Reviewed-on: https://code.wireshark.org/review/34682
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a new 802154e_compatibility preference.
When enabled, it will attempt to handle certain PAN ID compression schemes
that are permitted in 802.15.4e-2012 but not in 802.15.4-2015.
Specifically, when either the source or destination address are present
in short form and the PAN ID Compression bit is cleared, 802.15.4-2015 expects
the source PAN ID to be present, whereas 802.15.4e-2012 does not.
Bug: 16102
Change-Id: I7fea7bd6d0a78c859360a1130b242e90eac8feec
Reviewed-on: https://code.wireshark.org/review/34683
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The TLS stream of IBM WebSphere doesn't get detected since the TLS
record is sent in two packets: First the five bytes of the TLS record
header, then the TLS record data.
Bug: 16085
Change-Id: Ide8758dc7f6a14e4a5aeb01abc7fcaa42374f675
Reviewed-on: https://code.wireshark.org/review/34634
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Interactive shell for sharkd with some auto-completion, history, and
JSON beautification support. Quick and dirty, tested with Python 3.7.4
on Arch Linux.
Change-Id: I5dec1ac07230bfcbc3165a36b5c7f088ee65a8f7
Reviewed-on: https://code.wireshark.org/review/34583
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
João Valverde