(A further fix should be "don't put the "Capture" section into the
welcome screen if we have neither libpcap nor extcap".)
Change-Id: I83e65e6dc31040292af7fe88ccd73e485613c76f
Reviewed-on: https://code.wireshark.org/review/22634
Reviewed-by: Guy Harris <guy@alum.mit.edu>
global_capture_opts is only defined when libpcap or extcap are enabled.
Change-Id: If692a7ac365b77d9efc52f589fef1aa906d5d14e
Fixes: v2.5.0rc0-425-ge036f4a282 ("Qt: Main Welcome behavior tweaks.")
Reviewed-on: https://code.wireshark.org/review/22629
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Update the recent item list and interface tree style sheets so that
hovered items have a different background color. This should make it
more obvious that they can be clicked.
Select the default interface (or failing that, the first interface) at
application startup and focus on the interface tree. This should make it
less likely that the user will start typing in a capture filter with the
wrong (or no) interface selected. Note that we should probably track
selected interfaces in the recent file instead of forcing the user to
select one via the preferences.
This should hopefully address some of the issues in bug 12636 and do so
without changing the layout (which we can do in another commit).
Change-Id: I96a417973f4270a70f41d04c40c4947a09613bdc
Ping-Bug: 12636
Reviewed-on: https://code.wireshark.org/review/22627
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Rename "enterprises" to "enterprises.tsv" so that its format is a bit more
obvious and so that double-clicking the file might do something useful.
Add it to the Windows packages.
Change-Id: I5ef54a04ce1b4926aa4535e756e04b3e2a56d463
Reviewed-on: https://code.wireshark.org/review/22616
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The default QTreeView/QTreeWidget behavior for (Shift-)Tab navigation is
to select the previous/next row. For data entries with multiple columns
(such as the UAT dialog or the coloring rules dialog), column
navigation is closer to what a user would expect, so implement that.
Bug: 13856
Change-Id: Ib585030380f894e0be214a95107cb264afac7eee
Reviewed-on: https://code.wireshark.org/review/22561
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The vsockmon packet header is defined in <linux/vsockmon.h> as follows:
struct af_vsockmon_hdr {
__le64 src_cid;
__le64 dst_cid;
__le32 src_port;
__le32 dst_port;
__le16 op; /* enum af_vsockmon_op */
__le16 transport; /* enum af_vsockmon_transport */
__le16 len; /* Transport header length */
__u8 reserved[2];
};
The vsock dissector forgot to include the 2-byte reserved field. This
caused the transport header and payload that follow the vsockmon header
to contain junk data.
Change-Id: I0e7e6f1d9ad96ab339bd070c1becf43bc7e6a6b1
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-on: https://code.wireshark.org/review/22612
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
A linktype was recently assigned to Linux vsock in libpcap commit
cfdded36ddcf5d01e1ed9f5d4db596b744a6cda5 ("added DLT_VSOCK for
http://qemu-project.org/Features/VirtioVsock").
The Wireshark vsock dissector can now be automatically applied when
wtap_encap matches the new WTAP_ENCAP_VSOCK constant.
This patch makes Wireshark dissect vsock packet captures without
manually specifying the dissector.
Change-Id: If252071499a61554f624c9ce0ce45a0ccfa88d7a
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-on: https://code.wireshark.org/review/22611
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Add table in SMB2 protocol options to store Session ID => Session Key
mappings. If we find a matching session id while dissecting, use session
key from the table to derive crypto keys used for decryption.
Sample from https://wiki.wireshark.org/SampleCaptures#SMB3_encryption
can be loaded as follows:
tshark -ouat:smb2_seskey_list:3d00009400480000,28f2847263c83dc00621f742dd3f2e7b -r smb3-aes-128-ccm.pcap
To obtain the session id and key you can compile your kernel with
CIFS_DEBUG_KEYS enabled and all the info should be printed on the
console when cifs.ko generates keys. The patch that adds this
config option was merged recently and should appear in the
not-yet-released 4.13 kernel.
Alternatively you can read the keys from live memory on a x86_64
system by running a gdb script as root (see email [1] for usage and
source [2]).
[1]: https://lists.samba.org/archive/samba-technical/2017-May/120755.html
[2]: http://lists.samba.org/pipermail/samba-technical/attachments/20170524/2950140e/cifs_dump_keys.py
Change-Id: I2709bb5fb316a4a3614901efe967196c2925609a
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-on: https://code.wireshark.org/review/21711
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
RFC 8197 defines the new status code 607 Unwanted
Change-Id: I61299788b25f5ada460c88949bed3cabddc3908f
Reviewed-on: https://code.wireshark.org/review/22618
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Still open: Reassembly and support for KMP payload dissection besides EAPOL
Bug: 13883
Change-Id: I48a1e6af5c6fb5594fb4e6a5258db0d8ebaf4a70
Reviewed-on: https://code.wireshark.org/review/22597
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Move all utility widgets to the widgets subdirectory and
add separate source_group for their files
Correct some alphabetization in ui/qt/CMakeLists.txt noticed
during compare.
Change-Id: I2d664edc2b32f126438fb673ea53a5ae94cd43d1
Reviewed-on: https://code.wireshark.org/review/22531
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fix to dissect packets from certain implementations of this protocol which have
null padding at the end of otherwise valid packets.
Change-Id: Ic7790d9bbcf9467a9de0aa738e65a597802ce494
Reviewed-on: https://code.wireshark.org/review/22593
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
'zbee_zcl_se.met.publish_snapshot.payload_type' exists multiple times with NOT compatible types: FT_BYTES and FT_UINT8
Change-Id: I97bc7cb467508192a3597836b721778341bc756c
Reviewed-on: https://code.wireshark.org/review/22590
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
byte 64 bit BER encoded unsigned number.
Change-Id: I43e4a7f3103fac458a528022e0fdf6f0947804dc
Reviewed-on: https://code.wireshark.org/review/22585
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Added as option with the default value set to TRUE. Dissection is based on
file generated from Tektronix Monitoring Solution for Mobile Networks.
Change-Id: Iedb2e742d1d406bc68e41334cac4a15da443cf3f
Reviewed-on: https://code.wireshark.org/review/22507
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This code is borrowed from a patch proposed by altaf329@gmail.com in june 2015
(Ice136a9cb950bb97a11bee4486071b6883a0cad7) and adapted to fit current wireshark code (and minus the LTE MAC frame dissector).
Change-Id: Iaa1ea8b2d7a3e618f8aa14203449f2c77b4727f5
Reviewed-on: https://code.wireshark.org/review/22515
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
found by Robert Sauter
Change-Id: I8099797ae52bdee512c7dff0423717a5acb2d36f
Reviewed-on: https://code.wireshark.org/review/22582
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: I6a29e89eb18c737c257953f3dbe98727ad9815e9
Reviewed-on: https://code.wireshark.org/review/22556
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Isolate dissection of individual IEs to capture out-of-bound errors
and to continue with next IE on error.
More consistent display. Use dedicated HFs and ETTs.
More consistent code with fewer casts.
Add warning if IE dissection consumes less content than the
indicated length.
Change-Id: I1481145b9248eaa9f3d3ddf6c0e32d39b4a63861
Reviewed-on: https://code.wireshark.org/review/22577
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Many dissectors don't have an identifier to pass to a dissector table.
When using Decode As they all have a "value" function that returns 0
just so something is returned.
A first step to a cleaner refactor of the functionality is to allow
dissectors to provide a "prompt" function when registering Decode As
with register_decode_as_next_proto() so that the text exposed in
the GUI can vary, but the function that returns 0 (nothing) can be
consolidated under decode as registration functionality. This casts
a wider net for register_decode_as_next_proto() use.
Change-Id: I2995b3c251dae70f5f529b672473d25c6288ed5c
Reviewed-on: https://code.wireshark.org/review/22562
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
"Expert" has been treated as a protocol "internally", but I
doubt users would consider it one. Since the only preference
is a UAT, just make it its own leaf off of the main preference
tree (similar to Filter Expressions UAT) and not have it buried
with all of the protocols.
Change-Id: I385314d8791440e6ced3dbd71305ee75bc373e52
Reviewed-on: https://code.wireshark.org/review/22580
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The dissector was accessing NULL if the first frame in the PCH stream was a control FP.
Change-Id: Icdf2fae57436fe59e16ebe0a5233675e7599f5f4
Reviewed-on: https://code.wireshark.org/review/22578
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Hopefully if they are in one place replacing them with a non-static alternative will be easier
Change-Id: I91dd47ea51a1435cea4e68d88d6afe240153fe69
Reviewed-on: https://code.wireshark.org/review/22539
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I02b6ff7f57f81f0ac6b54806a9325ebb16b40476
Reviewed-on: https://code.wireshark.org/review/22553
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
There isn't anything "filter expression" specific about it and
there are a few other things that could take advantage of a
UatFrame.
Change-Id: I0d04d176caebf0c2d8043c3bf89a81668580eae8
Reviewed-on: https://code.wireshark.org/review/22570
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
"Enabling" a filter expression means putting it in the toolbar, so state
that.
Change-Id: Ifa4ef053cf741a5aa269031e6983c7989ca1e64c
Reviewed-on: https://code.wireshark.org/review/22569
Reviewed-by: Michael Mann <mmann78@netscape.net>