(There's also work needed in libpcap; that's also in progress.)
Change-Id: Iff5a34c139a000865e2d78cc17a4af5ff24fb44b
Reviewed-on: https://code.wireshark.org/review/14025
Reviewed-by: Guy Harris <guy@alum.mit.edu>
After switching to QPushButton for buttons in SearchFrame and GoToFrame
the widgets needs a maximum size to reduce the height of the frame.
Change-Id: I504e65add446c4262e9b1e02ff3e41c08d1cfdfd
Reviewed-on: https://code.wireshark.org/review/14019
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Add support for dissecting the optional 4-byte expiry field in
sub-document API request packets. This is permitted for any
single-path mutation request; increasing the length of the extras
section from 3 to 7 bytes.
Change-Id: I0609dbc6f6a8e62028cd20a28609fc3016e44910
Reviewed-on: https://code.wireshark.org/review/14004
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
DO NOT USE THIS FOR ANYTHING NEW.
Change-Id: Iee2ddaa2eeb735b33aef9e81b32bb4a3535e3451
Reviewed-on: https://code.wireshark.org/review/14023
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It doesn't correspond to anything we support - and the old Linux USB
LINKTYPE_ value of 186 doesn't give enough information to dissect the
packets (it discards the event type, for example), so we drop the rest
of our support for it as well.
Change-Id: I6f537d9263174aba4320edf5140e1d1540e979c8
Reviewed-on: https://code.wireshark.org/review/14020
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change size_t to something that is guaranteed to fit in a socklen_t.
Fix incorrect AC_DEFINE too.
Change-Id: I710f32fb1e5bd4f51843d380aa8ed8b6acd98c02
Reviewed-on: https://code.wireshark.org/review/14009
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Do showProtocolPreferences before removing the variable which
this depends on. The button does not work without at module.
Change-Id: I7d31aa5ab19340a4102523b13de961e799cae5e4
Reviewed-on: https://code.wireshark.org/review/14015
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Fixes a buffer overrun in dissct_rsl_ipaccess_msg when the tag is
exactly 0xff:
tag = tvb_get_guint8(tvb, offset);
tdef = &rsl_att_tlvdef.def[tag];
Bug: 11829
Change-Id: I25a3c6948242a52f59431ce84c108b2e52008930
Reviewed-on: https://code.wireshark.org/review/14011
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
packet-per.c:959:6: warning: Access to field 'aligned' results in a dereference of a null pointer (loaded from variable 'actx')
packet-ber.c:1606:29: warning: Access to field 'pinfo' results in a dereference of a null pointer (loaded from variable 'actx')
packet-ber.c:1612:24: warning: Access to field 'created_item' results in a dereference of a null pointer (loaded from variable 'actx')
packet-ber.c:3156:41: warning: Access to field 'pinfo' results in a dereference of a null pointer (loaded from variable 'actx')
packet-ber.c:3182:24: warning: Access to field 'created_item' results in a dereference of a null pointer (loaded from variable 'actx')
Change-Id: Ibae00dc29a869701fe903a5b0c9944279aaa3df7
Reviewed-on: https://code.wireshark.org/review/13936
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
DLM3 minor version 1, introduced in mainline kernel commit 757a4271 from
October 2011, added some fields and a Need Slots flag to Recovery
Command Status packets.
Change-Id: Ib994223afeae6b8d6ddb75404ab2031c5a63185b
Reviewed-on: https://code.wireshark.org/review/13983
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
- Use QPushButton for buttons and set the "Find" button as default
in SearchFrame.
- Use QPushButton for buttons, added a "Packet:" label, and set
the "Go to packet" button as default in GoToFrame.
- Set Qt::WA_MacSmallSize in OS X for FilterExpressionFrame and
PreferenceEditorFrame.
- Removed QFrame::StyledPanel and QFrame::Raised from ColumnEditorFrame.
- Update ui files to reflect that AccordionFrame is used for
AddressEditorFrame, FilterExpressionFrame and PreferenceEditorFrame.
Change-Id: Icfbfff973535317997109a1020dfe24ba932e098
Reviewed-on: https://code.wireshark.org/review/13995
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
It works the same regardless of what flavor of USB metadata there is,
and there's no good reason for any Bluetooth code to know, or care,
about particular flavors of USB metadata.
Add some comments while we're at it.
Change-Id: I6ea2063a015e424fc84a407231e80ef3e2a79c98
Reviewed-on: https://code.wireshark.org/review/14001
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Do not use the client-supplied session ticket for decryption when the
session is not resumed as the cached key (associated with that ticket)
is invalid for this new session. SSL Session IDs are unaffected by this
issue as only the server-issued Session ID is considered.
This fixes decryption of a SSL capture which uses the keylog file for
decryption, but where the session tickets are invalid because the server
was restarted.
Additionally, the session and session tickets stores are split to avoid
exporting session tickets via File -> Export SSL Session keys. Session
tickets should only be used internally, the CLIENT_RANDOM identifier is
shorter and is the preferred method to link secrets.
Change-Id: If96d7a4e89389825478e67e9a65401ce0607aa66
Reviewed-on: https://code.wireshark.org/review/13994
Reviewed-by: Michael Mann <mmann78@netscape.net>
Coverity rightfully complains about inproper use of negative value.
maxlength special value '-1' should be handled appropriately.
Change-Id: Ie1818121e39fa668094d012980016444ca868e6e
Reviewed-on: https://code.wireshark.org/review/13978
Reviewed-by: João Valverde <j@v6e.pt>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Idf98bcf617d4d6343aa233e42898cf5f26b08e33
Reviewed-on: https://code.wireshark.org/review/13974
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
IEEE has run out of Payload IE IDs so ZigBee and
future IEs must use Vendor OUIs.
Change-Id: I6eed4382d099364605649eb7577a5e2691e97dd3
Reviewed-on: https://code.wireshark.org/review/13971
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
wtap_read() and wtap_seek_read() now do so before calling the read or
seek-read routine, so there's no need to do so in those routines.
Rename hcidump_process_packet() to hcidump_read_packet() while we're at
it, as it doesn't just process an already-read packet, it does the
reading as well as the processing.
Change-Id: Ic13da6a2096e68550d80f2eff31f03d0edb58147
Reviewed-on: https://code.wireshark.org/review/13998
Reviewed-by: Guy Harris <guy@alum.mit.edu>
As discussed in https://www.wireshark.org/lists/wireshark-dev/201309/msg00182.html
VJ decompressor was removed from Wireshark 1.12 due to license incompatibility
Let's mark the corresponding preference as obsolete so that people do not think
it is still supported
Change-Id: I7030ef5f402a0c7e242e77a52baf18f450a95024
Ping-Bug: 12138
Reviewed-on: https://code.wireshark.org/review/13993
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This the result of updated 'PAN ID Compression field value for frame
version 0b10' table in IEEE spec which clarifies the interpretaion
of the PAN ID Compression bits for different combinations of Src
and Dst Addresses.
Change-Id: Ia70836b8571beae80a3f507be4f39736e13eb110
Reviewed-on: https://code.wireshark.org/review/13984
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
They should not be necessary.
Change-Id: I9246d86862392c65839c18d13d8634bcf510d55e
Reviewed-on: https://code.wireshark.org/review/13992
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
If you include something from the wiretap directory, always precede it
with wiretap/.
Fix some includes of files in the top-level directory to use a path
relative to the current directory, not relative to the wiretap
directory.
This makes it a bit clearer what's being included.
Change-Id: Ib99655a13c6006cf6c3112e9d4db6f47df9aff54
Reviewed-on: https://code.wireshark.org/review/13990
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
According to the EIGRP draft RFC (https://tools.ietf.org/html/draft-savage-eigrp-04#section-6.8.1), 2nd bit (0x2) in EIGRP classic bit field should be interpreted as Candidate Default (CD)
Reported by Garri
Bug:12136
Change-Id: I56dcbbc7db480e67962e2edfbd8d9c6b117f30ef
Reviewed-on: https://code.wireshark.org/review/13987
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add support for using regular expressions in the Search Frame
when searching in packet list, packet details and packet bytes.
This search is in many cases faster than plain string search.
Change-Id: I2d8a709046f90d7b278fb39547fc4e2e420623bc
Reviewed-on: https://code.wireshark.org/review/13981
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Change g_list into wmem_list to solve the leak. Leak found by valgrind.
==14755== 3,384 (504 direct, 2,880 indirect) bytes in 21 blocks are definitely lost in loss record 3,380 of 3,418
==14755== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==14755== by 0xA806610: g_malloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==14755== by 0xA81C22D: g_slice_alloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==14755== by 0xA7FD4F3: g_list_append (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==14755== by 0x67CD825: build_get_attr_all_table (packet-cip.c:5402)
==14755== by 0x67CD825: proto_register_cip (packet-cip.c:8067)
==14755== by 0x71C83F9: register_all_protocols (register.c:229)
==14755== by 0x65F14D7: proto_init (proto.c:521)
==14755== by 0x65CF961: epan_init (epan.c:126)
==14755== by 0x1153F0: main (tshark.c:1220)
Change-Id: I9c25ee5b5bf04b9afb8b0bf22bb6f3d7022bf4d3
Reviewed-on: https://code.wireshark.org/review/13969
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The current code which dissects the idProduct (and to some extend the
idVendor) item for USB devices is overly complicated. A better method
to format the product string in the right way is using:
proto_tree_add_uint_format_value.
This gets rid of the additinal string and item manipulation altogether.
Change-Id: Iadd69b7dc284e62039402de53418f41460d88a5d
Reviewed-on: https://code.wireshark.org/review/13973
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
The argument to the resize method for QByteArray is an int, not a
size_t.
Change-Id: Id30bc03daec6d6ead8669794b5cb0247718be66b
Reviewed-on: https://code.wireshark.org/review/13977
Reviewed-by: Guy Harris <guy@alum.mit.edu>
if the bit is set, it's an R(NAK) block
Change-Id: I0e44bd72d1c2a69a582792d08bf450e6ef2d163b
Reviewed-on: https://code.wireshark.org/review/13976
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Add an option to decode the packet bytes from base64 or zlib compressed.
Also add configurable start byte and end byte to make it possible to
decode a subset of bytes. It's also possible to select a range in ASCII
view and select "Show selected" from the context menu to make a subset.
In ASCII view a null terminator is replaced by UTF8 symbol for NULL,
and a CR is replaced by UTF8 symbol for carriage return. This is done
to make it possible to "Show selected" from the context menu.
Change-Id: Ie03c9912c304c121af6ca9e998a6e8445b5382c5
Reviewed-on: https://code.wireshark.org/review/13958
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
File had both whitespaces and tabs for indentation. Replace
whitespace indentation with tabs. This is the same indentation
mode as ws80211.c file uses.
Change-Id: I46bbd675f5089eb502b489fdfd70f30510bc95ef
Reviewed-on: https://code.wireshark.org/review/13963
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The standard says that UDPv6 is the index 2. However, the dissector
contained the old implementation of RTI DDS (which had SHMEM = 2
and UDPv6 = 5). I have updated the dissector to be compliant with
the standard and indirectly be compliant with the new version of
RTI DDS which now implements the standard in this aspect.
Change-Id: Iaade0e457fda35362c04a7658d62242cf8868127
Reviewed-on: https://code.wireshark.org/review/13922
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. More Identity attributes
2. Port attributes
3. Set Attribute List request highlighted too much attribute data
4. TCP/IP object, Attr 5 needs padding
5. Switch most attributes to use wrappers instead of dissect_epath() directly.
6. Change new Volume 8 attributes to treat path size as words instead of bytes, when parsing size+EPATH formats.
Change-Id: I1b8c476475c6fbb9c7cdb99ec4a6c28934631a19
Reviewed-on: https://code.wireshark.org/review/13898
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
'const gpointer' is the same as 'void *const'. Replace with gconstpointer
where straightforward (assuming that was the intent) and use gpointer everywhere
else for clarity (that does not change *API* constness contract; it just means
a variable is not declared immutable inside the called funtion).
Change-Id: Iad2ef13205bfb4ff0056b2bce056353b58942267
Reviewed-on: https://code.wireshark.org/review/13945
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
TL and T0 are followed by TA(1), TB(1) and TC(1), in this order
Change-Id: I356da8bb475d55f36e5b9ff02d35fcf35c457223
Reviewed-on: https://code.wireshark.org/review/13961
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
use the same hf as for ATQB's FWI
Change-Id: I2c1db117688e16e91fc4072d9b6f4bba46f64fd6
Reviewed-on: https://code.wireshark.org/review/13960
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>