Decode the v1/v2.0 formats which are relevant for the upcoming
6.5.0 release.
Change-Id: Ie726f1ebd2457f6a36b096a0cd0bed9c94f713df
Reviewed-on: https://code.wireshark.org/review/35251
Reviewed-by: Ben Huddleston <ben.huddleston@couchbase.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Old representation was confusing because for instance it printed:
10.. .... = CHANNEL_CODING_COMMAND: 2
But 2 actually is CS-3.
Change-Id: Ie875a94297c0d154d7222f12115068876520c47a
Reviewed-on: https://code.wireshark.org/review/35259
Reviewed-by: Harald Welte <laforge@gnumonks.org>
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The WSDG is a mix of references to 32 and 64 architectures. Use 64
in more places.
Change-Id: Ifb4b3189912268808cfe8fdb5119f2177c815163
Reviewed-on: https://code.wireshark.org/review/35248
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
ByteViewText and ProtoTree only use mono_font_ in setMonospaceFont, so
there's not much use in declaring it private in each case.
Change-Id: I3ad986052f6e013988ce851420f7f6e7b47b7ea8
Reviewed-on: https://code.wireshark.org/review/35255
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The can specific data structure `struct can_identifier` is used as
supplementary data for higher level dissectors. This patch adds more
data to this struct and renames it accordingly to `struct can_info`.
More supplementary data is needed in order to dissect iso15765
correctly, since the header format depends on details on the underlying
CAN protocol (CAN 2.0B vs CAN-FD).
Change-Id: Id068cf38453f98b67a5ec470a22e7013548c5a14
Reviewed-on: https://code.wireshark.org/review/35246
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This is no longer needed, as it is handled by setMonospaceFont
Change-Id: I9834bcd1a188cd6f1cb8ad1abe568a9a50d831bc
Reviewed-on: https://code.wireshark.org/review/35253
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
ProtoTree::setRootNode() is designed to update the model with the new
packet tree, and additionally expand tree items in its view. When the
current selected packet is changed, it must use this method to ensure
that collapsed trees are properly expanded. Fix this regression.
It was not entirely clear that framesSelected can no longer use previous
state, so document it explicitly. Remove the call to QTreeView::reset(),
it ends up calling QAbstractItemView::reset() which touches the
selection model that refers invalidated proto_node memory. The reset
function of the view is automatically called the model is reset, so the
call was not needed anyway.
Test: open test/captures/tls13-rfc8446.pcap, expand TLS, TLS Record, and
select "Content Type". Change from frame 1 to 2, and then 3. Observe
that the expanded state remains constant with no flickering. In frame 3,
observe that the tree remains expanded even if no item is selected.
Change-Id: I0c820711f1a62aa51ac100f8ac5c89265c51eb18
Fixes: v3.3.0rc0-6-gcfee0f8082 ("Qt: Remove frameSelect signal")
Reviewed-on: https://code.wireshark.org/review/35230
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Add D-PATH Attribute as described in
draft-rabadan-sajassi-bess-evpn-ipvpn-interworking
Bug: 16238
Change-Id: If40699304fca1409a195b83075dd40c6769c2df4
Reviewed-on: https://code.wireshark.org/review/35223
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Verified with fizz-tls13-draft-23-26-rfc8446-dsb.pcapng from the bug.
Decryption of early data, handshake and application data for almost all
versions (draft 23, draft 26, RFC 8446) is working. Only early data
decryption for draft 23 fails because the draft version is not yet set
during trial decryption before the Server Hello is received. That is
such a rare case however, do not bother fixing that.
Bug: 16175
Change-Id: Ie9046bf3f04c40b9c8fa2128f06844d2e7bd3e6d
Reviewed-on: https://code.wireshark.org/review/35245
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Peer identification failed because the MAC1 value did not check out.
Fix the computation in case the reserved bytes are overwritten after the
original protocol has run.
Change-Id: I4be65806bed96d7236103ebb369c1affcadebd5f
Reviewed-on: https://code.wireshark.org/review/35219
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Instead of just visually marking a field after switching packets, make
sure that it is also focused such that arrow up/down keys select the
expected fields instead of the root node (the Frame layer).
Change-Id: Ic16462198fb2189496f0cceeb5a5e885673636d2
Reviewed-on: https://code.wireshark.org/review/35236
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Change-Id: I537fbb26681555d0cd303d4b614bc016e935eb70
Reviewed-on: https://code.wireshark.org/review/35225
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Put short descriptions after the amendment name, in parentheses.
Fix a typo in the 802.11d entry while we're at it.
Change-Id: I87d84678f30abe40c4b130cf0a9355bb5da99df4
Reviewed-on: https://code.wireshark.org/review/35229
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Set it as the PHY type if we see the HE field in a radiotap header, and
report that PHY type as "802.11ax" in the generic radio metadata
dissector.
Change-Id: I181d2717d82bdca73e04b6111b2483ca099d48bb
Ping-Bug: 13207
Reviewed-on: https://code.wireshark.org/review/35227
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The default shell in macOS 10.15 is zsh[1]. Bash appears to be included
for now, but it might be a good idea to start migrating away from it
just in case it's removed at some point in the future.
[1]https://support.apple.com/en-ca/HT208050
Change-Id: Ibe4338105d8fa1a590f84543489255ade71920d6
Reviewed-on: https://code.wireshark.org/review/35216
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Change-Id: Idbc67da75ad75803a01f17ae3ff6f8f677670db8
Reviewed-on: https://code.wireshark.org/review/35191
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Adding two more versions which are seen when UTC timestamping is used
Bug: 16226
Change-Id: I27f10f6df4595598d82257fe870de8ce95ecae64
Reviewed-on: https://code.wireshark.org/review/35185
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
/Volumes is hidden on macOS, which means that it doesn't show up in Qt's
non-native file dialog. Add a constructor to WiresharkFileDialog that
adds /Volumes to the file dialog sidebar. Make CaptureFileDialog and
ExportDissectionDialog subclasses of WiresharkFileDialog.
Bug: 13840
Change-Id: I4d7da3948b203eb11fb64fa056eb42a448edf914
Reviewed-on: https://code.wireshark.org/review/35201
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Recognize Cloudflare Warp traffic which may use non-zero bytes for load
balancing purposes. This is an extension of the WireGuard protocol, it
is not understood by official implementations which require the reserved
bytes field to be zero.
Change-Id: Iff789b538ab8477d8b5014302569264823d92358
Reviewed-on: https://code.wireshark.org/review/35215
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The "Preferred AC" field in the "Trigger Dependent User Info"
subfield of the Basic Trigger frame uses the "ACI-to-AC encoding"
described in Table 9-136 of the 2016 IEEE 802.11 specification. The
802.11ax specification refers the reader to this table when describing
the "Preferred AC" field.
Change-Id: I81ca3280c2865bc87fc4a8ddb63b5e8f7255d414
Reviewed-on: https://code.wireshark.org/review/35190
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The update_tools_help CMake target is periodically run, but the output
of `wireshark -h` was previously not included.
Bug: 16166
Change-Id: Ib7aac89ff31d7b7c7033496b512d97bfbd727aaa
Reviewed-on: https://code.wireshark.org/review/35205
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
When the Conversation Shortcut (Ctrl-1) was pressed, the current packet
suddenly became deselected. Similarly for Go to First Packet (Ctrl-Home)
and Go To Next Packet (Ctrl-.).
Changing the selection mode to ExtendedSelection has as side-effect that
setCurrentIndex is affected by modifiers such as Ctrl and Shift. Since
Ctrl acts as a toggle, the current selection becomes empty and no
packets are selected. Fix this by explicitly requesting the selection to
be replaced.
Tested as follows:
1. wireshark -r test/captures/dhcp.pcap
2. Select packet 3.
3. Press Ctrl-1, Ctrl-2. (Colors change, the packet remains selected.)
4. Press Ctrl-Home, Ctrl-Down, Ctrl-.
5. Observe that the packet details list is populated.
Change-Id: I17f00e7fbc6e63ad52b6a0543fd850b473e506a2
Fixes: v3.1.1rc0-762-gb3f240dbf8 ("Qt: Multiselection in PacketList")
Reviewed-on: https://code.wireshark.org/review/35203
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Roland Knall <rknall@gmail.com>
Show all column types in the column context menu to improve usability
even more when show/hide columns. This is a follow-up to the improvement
to show custom column field names.
Change-Id: I0838c7ae6eec59960a0a70b485c372855e242dc0
Reviewed-on: https://code.wireshark.org/review/35206
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Commit v3.1.0rc0-1170-ga854811c4a replaced the deprecated
`setAutoCompletion(false)` call by `setCompleter(0)`. However, the
former has as side-effect that it prevents setLineEdit from creating a
custom completer. setCompleter on the other hand had no effect since
there was no existing completer.
To fix the issue, remove the completer after it is set by setLineEdit.
This has no effect on the completer from CaptureFilterEdit and
DisplayFilterEdit instances since they override the completer from
QLineEdit. To avoid any confusion, SyntaxLineEdit::setCompleter (and
completer) should probably be renamed, these are not used by QComboBox
since it is not marked as virtual method.
Bug: 16132
Change-Id: Iad619122eddb43eb4963347982bf65dacd29629b
Fixes: v3.1.0rc0-1170-ga854811c4a ("Qt: fix more more Qt 5.13 deprecation warnings")
Reviewed-on: https://code.wireshark.org/review/35198
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Roland Knall <rknall@gmail.com>
Protect against a NULL edt pointer. That can occur when the packet
details view is empty, e.g. when no packet is selected.
Bug: 16228
Change-Id: Ie9621db4b84b504e4d9cee2add5004df2e383970
Reviewed-on: https://code.wireshark.org/review/35204
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Use the correct path to the Wireshark executable when finding
dependencies and adding debugging symbols.
Change-Id: Iefafa9d453ce60e77853f2d125769826b4d702c0
Reviewed-on: https://code.wireshark.org/review/35202
Reviewed-by: Gerald Combs <gerald@wireshark.org>
If 1) the recent filters menu has less than 10 entries and 2) the cursor
position is not at the end of the filter, then completion would fail.
Additionally, pressing Enter on filters with syntax errors would also
end up being saved, unintentionally.
Fix these by disabling automatic addition of entries by Qt.
Change-Id: I612c6cb8f317beb5459919b5c65b837db6150d07
Reviewed-on: https://code.wireshark.org/review/35150
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Although c-ares support was techically optional, it was either on by
default or required in all of our packaging. Go ahead and require it
globally. C-ares is widely available and synchronous name resolution can
easily result in a horrific user experience.
Change-Id: Id67c797316ed6b8a0ab5052e55a43a1b9e2a2464
Reviewed-on: https://code.wireshark.org/review/35188
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The xml deployment file for VS2015 is obsolete as we haven't
used that version for some time and the newer choco packages
for VS2017 & 2019 are simpler and supported.
Change-Id: I5bd29144d7a2f01a6f56147a51fbc51ce891e83c
Reviewed-on: https://code.wireshark.org/review/35189
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Add the following features:
- search now operates live (enter text changes the list live)
- filter by content-types
- Preview certain content types directly from the dialog
Change-Id: If47b64d475dd3e77485a28e8443a3e139e9bd1a4
Reviewed-on: https://code.wireshark.org/review/35182
Reviewed-by: Roland Knall <rknall@gmail.com>
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The allocated buffer is unnecessarily large due to the array storing
pointers instead of bytes. This wastes memory but has no other bad
side-effects. It was not caught by the compiler because the users accept
void pointers. I only noticed it in the debugger.
Change-Id: I9690b5481289d17fed34512b6a32915c3a30d36b
Reviewed-on: https://code.wireshark.org/review/35184
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Updated the toolchain references to VS 2019,
removing mentions of 2015 & 2017.
Bug: 16211
Change-Id: Ic1607ac2c2713a5d324d40319c4e1be5365eb6f7
Reviewed-on: https://code.wireshark.org/review/35180
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change improves Wireshark ability to save rtp streams. It allows a user
to save any supported codec with 8 kHz rate. In real, it means G.711 and
G.729 for now.
There is no hardcoded codec limitation during save anymore. If code detects
unsupported codec or rate during save, it replaces samples with silence and
reports it. Therefore any added codec in future will be supported.
Note to RTP saving:
RTP streams (there can be up to two of them for save) can contain multiple
codecs in each direction - some of it can be supported and some
unsupported. What should be exported then?
Till my patch save do not run and a user received nothing even part of stream
was OK/encoded with supported codec.
Therefore I managed the code to start with export and do its best.
Unknown codec/part is replaced with silence and user is warned after
export. Therefore a user will get:
a) audio - when all codecs are supported (no warning)
b) mix audio/silence - when some codecs are supported (warning)
c) only silence - when no codec is supported (warning)
BTW same output user sees/gets in RTP player for years.
Change-Id: Id938d419f5841af46d2d2d3ddfaf1ec9a0235bcc
Reviewed-on: https://code.wireshark.org/review/35105
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Due to changes with the frameSelect, this null pointer check
now fails or more on the point is more obvious. It was masked
previous
Change-Id: I11c3f3440e39742bce963d1ef8bdd27076baa700
Reviewed-on: https://code.wireshark.org/review/35177
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Dario Lombardo
Pau Espin
Harald Welte