Change-Id: I61feeae7d20ad67ecb86fc53708f04e051fd88c7
Reviewed-on: https://code.wireshark.org/review/22655
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fixes the following warning in Perl 5.26:
Unescaped left brace in regex is deprecated here (and will be fatal in Perl 5.30), passed through in regex; marked by <-- HERE in m/(.*){ <-- HERE / at doc/make-authors-short.pl line 36.
While at it, fix formatting of the AUTHORS-SHORT file, a newline must be
present after "}" or the file will be mis-parsed.
Change-Id: I76bc1a30714dafd703342d2d430dc1c90cf2bf82
Reviewed-on: https://code.wireshark.org/review/22637
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When editing a custom column the text edit field should fill the column.
Change-Id: I5505238d13c4dbe26e9dbc4ae60fd602120f9596
Reviewed-on: https://code.wireshark.org/review/22657
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Rename cf_read_shb_comment() to cf_read_section_comment(); an SHB is a
record type in a particular capture file format (pcapng), and not all
files that have per-file or per-file-section comments have something
called a Section Header Block.
Rename cf_update_capture_comment() to cf_update_section_comment();
pcapng, at least, supports multiple sections, although we don't curently
support that.
This also gives them matching names.
Change-Id: Idd8cb0f0fd9125b9626411274aebfb1ec0097665
Reviewed-on: https://code.wireshark.org/review/22659
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Support per-packet comments in ERF_TYPE_META through a new Anchor ID
extension header with per-Host unique 48-bit Anchor ID which links an
ERF_TYPE_META record with a packet record. There may be more than one
Anchor ID associated with a packet, where they are grouped by Host ID
extension header in the extension header list. Like other ERF_TYPE_META
existing comments should not be overwritten and instead a new record
generated. See erf_write_anchor_meta_update_phdr() for detailed comments
on the extension header stack required.
As Wireshark only supports one comment currently, use the one one with
the latest metadata generation time (gen_time). Do this for capture
comment too.
Write various wtap metadata in periodic per-second ERF_TYPE_META records
if non-WTAP_ENCAP_ERF or we have an updated capture comment.
Refactor erf_dump to create fake ERF header first then follow common
pseudoheadr and payload write code rather than two separate code paths.
Support an ERF_HOST_ID environment variable to define Wireshark's Host
ID when writing. Defaults to 0 for now.
ERF dissector updates to support Anchor ID extension header with basic
frame linking.
Update ERF_TYPE_META naming and descriptions to official name
(Provenance)
Core changes:
Add has_comment_changed to wtap_pkthdr, TRUE when a packet
opt_comment has unsaved changes by the user.
Add needs_reload to wtap_dumper which forces a full reload of the file
on save, otherwise wireshark gets confused by additional packets being
written.
Change-Id: I0bb04411548c7bcd2d6ed82af689fbeed104546c
Ping-Bug: 12303
Reviewed-on: https://code.wireshark.org/review/21873
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stephen Donnelly <stephen.donnelly@endace.com>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: Ia912925f689d2912c62d01fcc8230065204b6f15
Reviewed-on: https://code.wireshark.org/review/22633
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Use the default text color for hovered items. This makes the
selected item look the same as non-selected items when hovering.
Change-Id: Ic9e18323326f088202207ac15f844e7849f7ebc9
Ping-Bug: 12636
Reviewed-on: https://code.wireshark.org/review/22632
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
When editing a IO Graph the text edit field should fill the column.
Change-Id: Idb5c9a7004d9be1b82e645ae2c1a3430c9c9e5f7
Reviewed-on: https://code.wireshark.org/review/22626
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Calling setFilter() between setValueUnits() and setValueUnitField()
will fail when having "Y Field" because check_field_unit() fails
with inconsistent values. The display filter will then be ignored.
Call setFilter() first to ensure filter_ is set before setting
value units. setFilter() does not depend on the value unit when
used to set the display filter.
Change-Id: Ibf2d37fddcce9fcf6febebfefa0b2518ae093737
Fixes: v2.3.0rc0-2930-g0ea51ad822 ("Qt: Fix uninitialized memory access in val_units_")
Reviewed-on: https://code.wireshark.org/review/22619
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
UatTreeView had two functions:
1. Saner navigation functionality when pressing tab.
2. Start editing when the currently selected item changes.
Since this tab navigation functionality is desired in more places,
extract this functionality. Add more documentation while at it and use
an alternative, declarative style to connect signals.
Move the second functionality to the caller since not all views need it.
Change-Id: Ibe886f2c2763dbe024614203a44b72173fbbce06
Reviewed-on: https://code.wireshark.org/review/22639
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The IP address has been unused since 2.0. The port/protocol fields have
become unnecessary since 2.4 with the introduction of Decode As. Do not
require the user to specify these fields if they just want to set the
RSA key file.
In a future version, these three fields will be completely removed.
Change-Id: Iefc5a8778aa1122b76b707018c00b6ec429dc107
Reviewed-on: https://code.wireshark.org/review/22640
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I1332c63d59edf5b2a2ac8fe605d6f15cf6afa4ae
Reviewed-on: https://code.wireshark.org/review/22638
Reviewed-by: Yasuyuki Tanaka <yatch1.tanaka@toshiba.co.jp>
Reviewed-by: Jonathan M Munoz S <jonathan.munoz@inria.fr>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Be sure to display the extended description for UAT fields in the
tooltip for the column header like GTK+ did.
Change-Id: I294d2d3fb7f6d55df239129bea5d780b15deacc6
Reviewed-on: https://code.wireshark.org/review/22641
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
(A further fix should be "don't put the "Capture" section into the
welcome screen if we have neither libpcap nor extcap".)
Change-Id: I83e65e6dc31040292af7fe88ccd73e485613c76f
Reviewed-on: https://code.wireshark.org/review/22634
Reviewed-by: Guy Harris <guy@alum.mit.edu>
global_capture_opts is only defined when libpcap or extcap are enabled.
Change-Id: If692a7ac365b77d9efc52f589fef1aa906d5d14e
Fixes: v2.5.0rc0-425-ge036f4a282 ("Qt: Main Welcome behavior tweaks.")
Reviewed-on: https://code.wireshark.org/review/22629
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Update the recent item list and interface tree style sheets so that
hovered items have a different background color. This should make it
more obvious that they can be clicked.
Select the default interface (or failing that, the first interface) at
application startup and focus on the interface tree. This should make it
less likely that the user will start typing in a capture filter with the
wrong (or no) interface selected. Note that we should probably track
selected interfaces in the recent file instead of forcing the user to
select one via the preferences.
This should hopefully address some of the issues in bug 12636 and do so
without changing the layout (which we can do in another commit).
Change-Id: I96a417973f4270a70f41d04c40c4947a09613bdc
Ping-Bug: 12636
Reviewed-on: https://code.wireshark.org/review/22627
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Rename "enterprises" to "enterprises.tsv" so that its format is a bit more
obvious and so that double-clicking the file might do something useful.
Add it to the Windows packages.
Change-Id: I5ef54a04ce1b4926aa4535e756e04b3e2a56d463
Reviewed-on: https://code.wireshark.org/review/22616
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The default QTreeView/QTreeWidget behavior for (Shift-)Tab navigation is
to select the previous/next row. For data entries with multiple columns
(such as the UAT dialog or the coloring rules dialog), column
navigation is closer to what a user would expect, so implement that.
Bug: 13856
Change-Id: Ib585030380f894e0be214a95107cb264afac7eee
Reviewed-on: https://code.wireshark.org/review/22561
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The vsockmon packet header is defined in <linux/vsockmon.h> as follows:
struct af_vsockmon_hdr {
__le64 src_cid;
__le64 dst_cid;
__le32 src_port;
__le32 dst_port;
__le16 op; /* enum af_vsockmon_op */
__le16 transport; /* enum af_vsockmon_transport */
__le16 len; /* Transport header length */
__u8 reserved[2];
};
The vsock dissector forgot to include the 2-byte reserved field. This
caused the transport header and payload that follow the vsockmon header
to contain junk data.
Change-Id: I0e7e6f1d9ad96ab339bd070c1becf43bc7e6a6b1
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-on: https://code.wireshark.org/review/22612
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
A linktype was recently assigned to Linux vsock in libpcap commit
cfdded36ddcf5d01e1ed9f5d4db596b744a6cda5 ("added DLT_VSOCK for
http://qemu-project.org/Features/VirtioVsock").
The Wireshark vsock dissector can now be automatically applied when
wtap_encap matches the new WTAP_ENCAP_VSOCK constant.
This patch makes Wireshark dissect vsock packet captures without
manually specifying the dissector.
Change-Id: If252071499a61554f624c9ce0ce45a0ccfa88d7a
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-on: https://code.wireshark.org/review/22611
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Add table in SMB2 protocol options to store Session ID => Session Key
mappings. If we find a matching session id while dissecting, use session
key from the table to derive crypto keys used for decryption.
Sample from https://wiki.wireshark.org/SampleCaptures#SMB3_encryption
can be loaded as follows:
tshark -ouat:smb2_seskey_list:3d00009400480000,28f2847263c83dc00621f742dd3f2e7b -r smb3-aes-128-ccm.pcap
To obtain the session id and key you can compile your kernel with
CIFS_DEBUG_KEYS enabled and all the info should be printed on the
console when cifs.ko generates keys. The patch that adds this
config option was merged recently and should appear in the
not-yet-released 4.13 kernel.
Alternatively you can read the keys from live memory on a x86_64
system by running a gdb script as root (see email [1] for usage and
source [2]).
[1]: https://lists.samba.org/archive/samba-technical/2017-May/120755.html
[2]: http://lists.samba.org/pipermail/samba-technical/attachments/20170524/2950140e/cifs_dump_keys.py
Change-Id: I2709bb5fb316a4a3614901efe967196c2925609a
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-on: https://code.wireshark.org/review/21711
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
RFC 8197 defines the new status code 607 Unwanted
Change-Id: I61299788b25f5ada460c88949bed3cabddc3908f
Reviewed-on: https://code.wireshark.org/review/22618
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Still open: Reassembly and support for KMP payload dissection besides EAPOL
Bug: 13883
Change-Id: I48a1e6af5c6fb5594fb4e6a5258db0d8ebaf4a70
Reviewed-on: https://code.wireshark.org/review/22597
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Move all utility widgets to the widgets subdirectory and
add separate source_group for their files
Correct some alphabetization in ui/qt/CMakeLists.txt noticed
during compare.
Change-Id: I2d664edc2b32f126438fb673ea53a5ae94cd43d1
Reviewed-on: https://code.wireshark.org/review/22531
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fix to dissect packets from certain implementations of this protocol which have
null padding at the end of otherwise valid packets.
Change-Id: Ic7790d9bbcf9467a9de0aa738e65a597802ce494
Reviewed-on: https://code.wireshark.org/review/22593
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>