This commit reassembles data frames to build up the full entity body. It does
this for both client/server request and responses. Additionally, it also
decompresses bodies if they have the correct content-encoding header provided
and are not partial bodies.
Bug: 13543
Change-Id: I1661c9ddd09c1f6cf5a08b2b1921f95103aebb52
Reviewed-on: https://code.wireshark.org/review/20737
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Put custom column field settings in quotes in the recent file to
support multi custom columns which contains space. Otherwise the
space will be removed in prefs_get_string_list() and the field will
not match when reading the recent file.
Change-Id: Ic6e2b1e02d68970a4e11fbecbe55a7b10f8b10dd
Reviewed-on: https://code.wireshark.org/review/22349
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The broadcast message page content is always converted to UTF-8 in the
dissect_cbs_data function using tvb_get_string_enc(...)
Change-Id: I5fe3d421917b38ccb07438f01f3c4d4ea8cbd787
Reviewed-on: https://code.wireshark.org/review/22315
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
With RFC7770 the Opaque ID for Router Information is not longer be zero
Change-Id: I22f9917ac5b5b0261e36b1097765dab6ce216a46
Ping-Bug: 13823
Reviewed-on: https://code.wireshark.org/review/22329
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
During the esPcape challenge at SharkFest 2017 US, we had a SSL
decryption challenge. Normally you have to use Decode As to recognize
the custom port number, but the latest development branch has a feature
that automatically recognizes TLS (heuristics dissector).
SSL 2.0 Client Hello messages were however not recognized by this
heuristics which totally broke TLS decryption. Add some very strong
heuristics to detect these. "Mosterd na de maaltijd" :p
Change-Id: I0ac6aa666393335bb191e395faa1d32d3588ded7
Reviewed-on: https://code.wireshark.org/review/22337
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Added displaying of raw data for unknown ASDU type
Change-Id: I17e2ae048dbec61718610dd86d6878cdc0563ef0
Reviewed-on: https://code.wireshark.org/review/22341
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Filter expressions needs support for a checkbox (bool) and
string field that verifies display filters.
Change-Id: Idfbffd6cdb5abaee8914126a05d890e834c17306
Reviewed-on: https://code.wireshark.org/review/22340
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
While you can add both the sequence number and next sequence number as
columns, the latter would remain empty if it was the same. This disrupts
the user reading flow who would have to look left and right, so just
display the field unconditionally.
Change-Id: I80efb972eaa9a16813a87ac0fdf6a045a3eb9d2f
Suggested-by: Laura Chappell
Reviewed-on: https://code.wireshark.org/review/22307
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
We were downloading gmp-*.lz, but checking for gmp-*.gz instead.
Change-Id: I3c9a29400d389555db7b5f003919ce22aaacf3a1
Reviewed-on: https://code.wireshark.org/review/22338
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Format tcp.hdr_len in the tree similar to ip.hdr_len. Add comments
noting that they should be consistent.
Change-Id: Ic64282d8386c8ed339811bc9c22b5962c707d292
Reviewed-on: https://code.wireshark.org/review/22314
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It needed to be done:
https://github.com/shirriff/pup-wireshark
(And, yes, there really *is* a DLT_/LINKTYPE_ for it! The original DLT_
values were ARP hardware types, and 3MB Ethernet was assigned an ARP
hardware type of 2.)
Change-Id: I60d96c28e67854adcb28c7e3579ae5dd1f07df4b
Reviewed-on: https://code.wireshark.org/review/22336
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Absolute and Relative time fields could not be converted to seconds
without converting to string and parsing to number.
Fixed conversion in generated code that was subject to precision loss
Usage:
f=Field.new("frame.delta_time")
delta=f().value:tonumber()
Change-Id: I6ef91c6238a6c2ed9adf6cae03f8913f0a09332e
Reviewed-on: https://code.wireshark.org/review/22316
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Fields like "dns.time || http.time || smb.time" were sorted by column
number before. Recognize when all fields are numeric values and then try
to sort by number and otherwise fallback to a value comparison.
In theory sorting should now also be a bit faster for custom columns
because the columnn type is looked up once.
Change-Id: Id40d7cce8080d05823d74459fc493ec6ebf80956
Reported-by: Laura Chappell
Reviewed-on: https://code.wireshark.org/review/22317
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Due to the use of HTML, whitespace (including newline) are shown as
single horizontal space. Add a special case for newlines.
Bug: 13819
Change-Id: Iefa2af7d2948ed18a3b7f8f4ee8cb90100bf3460
Reviewed-on: https://code.wireshark.org/review/22306
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This file will contain all personal config files which will be
fetched from a profile.
Change-Id: I430ca84ccefc17f0e21c8efb93a92602ab8d5661
Reviewed-on: https://code.wireshark.org/review/22303
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reused TCP connections with multiple HTTP requests/responses (in
particular: HTTP request/response and HTTP proxy request/response)
exhibit the following problem: the first response sets "startframe" such
that the proxy response accidentally assumes that the proxy response
starts in that first response.
Fix this by only setting startframe if there is actually a transport
upgrade. Tested with original capture and the Websocket dissection still
works while Christian's capture has no longer the reported problem.
Change-Id: I8a7878b9a2a98878a9e5be4f680d4f109fd8ab55
Fixes: 94ae27661e ("WebSocket dissector improvements")
Reported-by: Christian Landström
Reviewed-on: https://code.wireshark.org/review/22294
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Issue reported by Bo-Han Liao
Bug: 13821
Change-Id: I74641bef723e747bfe5fa87e946b7f4f74b94bf6
Reviewed-on: https://code.wireshark.org/review/22299
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Define a dissector that can handle both requests and responses.
Look at pino->p2p_dir to detect if we have a request or repsonse.
(At the moment, there's a dissector for request+response in one packet
and two other dissectors for request and response messages.)
Use the new mechanism for USB CCID.
Change-Id: I7eb9861802b4244f92770602179f39642eb28641
Reviewed-on: https://code.wireshark.org/review/22289
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
More than one packet could be meant by that
Change-Id: Ie751a282c927608414673c2cd48b11dc5e6d5ea6
Reviewed-on: https://code.wireshark.org/review/22283
Reviewed-by: Roland Knall <rknall@gmail.com>
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Make two minor adjustments to allow building on Windows when the source
directory is specified in UNC notation (\\server\volume\directory)
instead of mapping such a directory to a drive letter.
Cmake's add_custom_command() calls "cd <work_dir>" if a working
directory is define as part of the rule. However,
cd \\server\volume\directory
is not allowed.
Modify the two occassions where the working directory is derived from
CMAKE_SOURCE_DIR.
For copying some install files, we can get away with using the absolute
path for each source file to be copied.
The perl script that creates the tap listing for lua does not depend on
a working directory at all. We can simply remove the WORKING_DIRECTORY
parameter.
Change-Id: Iac8e0addc44650692c1263fdca11f68315f50c63
Reviewed-on: https://code.wireshark.org/review/22236
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Prepare the USB CCID code for replacing the "next protocol" preference
with Decode As.
USB CCID has a length field for the payload data. Use this field to
create the next_tvb. There's no need for different payload lengths
depending on the next protocol.
Use call_data_dissector() instead of referencing data_handle.
Set pinfo->p2p_dir regardless of the next protocol.
Change-Id: I042ecc9bd75245ee1d4d8a94532c9fd1de83e859
Reviewed-on: https://code.wireshark.org/review/22288
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The "Previous/Next Packet in Conversation" actions accidentally
overwrites more specific filters (like TCP port matching) by less
specific ones (like IP addresses). This resulted in strange behavior
where packets from different TCP streams were selected.
Change-Id: Ifa93064e1db3777fa3c12e2220bbb0b36b9478fe
Reported-by: Christian Landström
Reviewed-on: https://code.wireshark.org/review/22274
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Solves a UBSan runtime error null pointer passed as argument 1, which is
declared to never be null.
It can be reproduced with the pcap from bug 13603
Change-Id: I0d6fdddcccc892b3141855d59be372887afcaca5
Reviewed-on: https://code.wireshark.org/review/22272
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Removing the toggle indicator. Search behaves now the same as it
does for e.g. in SublimeText
Change-Id: I4523001b536caa116bcb989f0850aa769c6220f8
Reviewed-on: https://code.wireshark.org/review/22280
Reviewed-by: Roland Knall <rknall@gmail.com>
Ensure the user profiles directory is created at startup so that
users can put downloaded profiles without creating the directory.
Change-Id: Ib06bb3055daef8fd9e78d7887ce56f8fe50e48bf
Reviewed-on: https://code.wireshark.org/review/22275
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Correct a couple of entries related to Konica Minolta.
Change-Id: I3acea1cf7ab1ad9be5d1b367a1015f5205b9e80b
Reviewed-on: https://code.wireshark.org/review/22268
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Removed 'len' from IPv4, not needed
Added more test coverage for IPv6 in dftestlib
Change-Id: I1ca80e2525f32f6095ad73352baba733f4694ced
Reviewed-on: https://code.wireshark.org/review/22260
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Do not put the wireless timeline in the main view with splitters, it has
a fixed size anyway and is not taken into account for layout and size
calculations for the panes.
Bug: 13776
Change-Id: I71da962950c3f1b215908674f4852afa76744343
Reviewed-on: https://code.wireshark.org/review/22242
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Simon Barber <simon.barber@meraki.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Allows duration to be calculated to 0
Handles generators where PHY type is not reported, but it can be
determined from the rate.
Change-Id: Ic0b9e1b0e3e51f4d5b670d25fea064daf250a55f
Reviewed-on: https://code.wireshark.org/review/22261
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 13813
Change-Id: Ic1582406896b2d4d3505ae1d3bb79cdbafa481da
Reviewed-on: https://code.wireshark.org/review/22247
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
There are lots of if (tree) checks. Start removing some which
are obviously unnecessary.
Change-Id: I3f8e4b82cd84d8e92ae79492d705438e2df739bb
Reviewed-on: https://code.wireshark.org/review/22238
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When going to a packet (first, last, next, prev and specific) during
capture we must turn off auto scroll to let the packet be shown
in the packet list.
Change-Id: If1c615eb4d422c3b4c0418114064f7a4a0b75b35
Reviewed-on: https://code.wireshark.org/review/22244
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
With live or large capture files and asynchronous name resolution this can
cause serious scrolling issues as the name resolutions come in.
Bug: 12074
Change-Id: I1a5cca410c0608927b32e9e7107885370caf14d7
Reviewed-on: https://code.wireshark.org/review/22245
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Previously proto_tree_add_none_format() could be called with any type
of field type, not FT_NONE only.
Change-Id: I78976a168fc1bf606b72ad38d284bb0bd1794b03
Ping-Bug: 13780
Reviewed-on: https://code.wireshark.org/review/22243
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
We can simply stop the dissection and exit.
Change-Id: Ida8895513a1949fe5826ab89ffec2168642a9e89
Reviewed-on: https://code.wireshark.org/review/22237
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Ryan Doyle