Added IP address and port number to the comp_req_list_entry so
get_mfn_from_fn_and_reqid can check for matching IP and port number
when searching for the reply to a request.
Change-Id: Iad00bca5c1104cf8c335001f84264fe55d2e45fc
Reviewed-on: https://code.wireshark.org/review/11599
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Checking WIRESHARK_ABORT_ON_DISSECTOR_BUG here looks somewhat redundant but it's not:
it's needed to prevent REPORT_DISSECTOR_BUG() from throwing an exception when
we're not dissecting (when nobody's going to catch the exception).
Change-Id: I4dfc484bdf13bca236bfff1388d4399e26880ad7
Reviewed-on: https://code.wireshark.org/review/11272
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ib9719ac893288b9f26acabb81158ed42b2351fb5
Reviewed-on: https://code.wireshark.org/review/11572
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
That's a UI convention, and the GUI shouldn't honor that convention - a
user might get confused if they try to save to "-" and end up with
nothing (and with a ton of crap in a log file if programs launched from
the GUI end up with their standard output and error logged).
While we're at it, make randcap report write and close errors.
Change-Id: I9c450f0ca0320ce4c36d13d209b56d72edb43012
Reviewed-on: https://code.wireshark.org/review/11666
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: Ie6f28fd749219ddadc53820f94866e91cca297cb
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/11596
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I16280d3fd4023c5a16026e8e10f1d12dfca45641
Reviewed-on: https://code.wireshark.org/review/11657
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
It doesn't actually *close* any handle, so it's best called a "finish"
routine rather than a "close" routine.
In libwiretap modules, don't bother setting the finish routine pointer
to null - it's already initialized to null (it's probably best not to
require modules to set it).
Change-Id: I19554f3fb826db495f17b36600ae36222cbc21b0
Reviewed-on: https://code.wireshark.org/review/11659
Reviewed-by: Guy Harris <guy@alum.mit.edu>
randpkt.c:556:1: warning: no previous prototype for ‘randpkt_seed’
randpkt.c:610:6: warning: no previous prototype for ‘randpkt_example_init’
randpkt.c:632:6: warning: no previous prototype for ‘randpkt_example_close’
randpkt.c:638:6: warning: no previous prototype for ‘randpkt_loop’
Change-Id: Ieab604a22fa7ebf5c049ab497abd56af0a788d36
Reviewed-on: https://code.wireshark.org/review/11654
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I28ce51f3c06f78b85792bce4a13ef39eb75d7890
Reviewed-on: https://code.wireshark.org/review/11648
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
- start decoding when we have eapol1+2 packets
Do not insist on a complete captured handshake, decode what we can.
- more robust way to detect eapol #2 packets
At least Win 10 is violating the spec on rekey by setting the secure
bit in #2. Unpatched version shows and handles #2 as #4, breaking
decoding after rekey.
- fixed eapol rekey key handling
Inital patch (see https://code.wireshark.org/review/8268)
is adding redundant keys, since it scans all the time
and not only once.
- ignore tailing garbage after eapol sections in frame
See https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9065#c8
Included testcase to test decode for incomplete handshakes and eapol2
packets with secure bit set on rekey.
Ping-Bug: 9065
Change-Id: Id775088db9b5aaa80da9efdeed6902d024b5c0cd
Reviewed-on: https://code.wireshark.org/review/11484
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This change should fix some complains from coverity.
Change-Id: Ic46212e12892779b2aa0276e028fea2d9fbb6985
Reviewed-on: https://code.wireshark.org/review/10545
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
In the main toolbar get our initial icon size using the PM_SmallIconSize
pixel metric. On Windows this varies directly with the system text
magnification setting.
Pinging bug 11675 since we still need to adjust the icon sizes in the
filter edits, progress frame, status bar, and likely other places.
Ping-Bug: 11675
Change-Id: I53a78627ce850bd6dbd4628da481badee63a1208
Reviewed-on: https://code.wireshark.org/review/11605
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Be more consistent about using the ws_ routines, as we suggest in
README.developer.
In C++ on UN*X, define ws_close as ::close rather than close, so that it
works even in classes with methods or members named "close".
Change-Id: Ide2652229e6b6b4624cbddae0e909a4ea1efa591
Reviewed-on: https://code.wireshark.org/review/11637
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The only file system operations it does are printing of debugging output
to the standard output, so it doesn't need <wsutil/file_util.h>.
Change-Id: Ia5caf62a3aab418f039669aa0b54e163e54d0d21
Reviewed-on: https://code.wireshark.org/review/11635
Reviewed-by: Guy Harris <guy@alum.mit.edu>
libwiretap no longer uses standard I/O routines to read files; those
includes are left over from when it did.
Change-Id: Ia46c5e24ed25c6bd254cd271746ace539a37e590
Reviewed-on: https://code.wireshark.org/review/11634
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(And with #defines of read as _read and write as _write on Windows,
which might make structure members have surprising names if you try to
look at them in a debugger.)
Change-Id: Iaab5622cbde216d5fedd4bc014c83e4eef95f8a0
Reviewed-on: https://code.wireshark.org/review/11631
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Either remove them completely, or put them inside an #ifdef.
Change-Id: Iceff4909e250c17812f38d94e067f7c37ab72e1b
Reviewed-on: https://code.wireshark.org/review/11630
Reviewed-by: Guy Harris <guy@alum.mit.edu>
While we're at it, rename a variable to avoid colliding with the read()
routine.
Change-Id: I6629ec761f48751f34a2e7d04180d7583ad85710
Reviewed-on: https://code.wireshark.org/review/11626
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That removes the last bit of Wireshark source that explicitly includes
io.h and most if not all of the code that explicitly includes unistd.h
for read()/write()/lseek()/close(). I'll update the documentation to
recommend including <wsutil/file.h> for all file I/O.
Change-Id: I7c8be50447daba0dc6a78c7331e637468710b2d8
Reviewed-on: https://code.wireshark.org/review/11625
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have wsutil/file_util.h include them on UN*X, just as it includes io.h
on Windows, so we can have a rule of "if you do file operations, include
<wsutil/file_util.h> and use the routines in it".
Remove includes of unistd.h, fcntl.h, and sys/stat.h that aren't
necessary (whether because of the addition of them to wsutil/file_util.h
or because they weren't needed in the first place).
Change-Id: Ie241dd74deff284e39a5f690a297dbb6e1dc485f
Reviewed-on: https://code.wireshark.org/review/11619
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Having a single function call to format source-destination port column info serves the
current (and presently only) use case better by having a single place to manage the
display format.
This commit does not introduce any actual formatting changes.
Change-Id: I1d479d0fd5690d12afb47e538057fdc2dd369ca2
Reviewed-on: https://code.wireshark.org/review/11539
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The only remaining explicit user of the packet_info members is the NTLMSSP dissector. However, there may be "hidden" use of it in the spnego dissector passing between ASN.1 functions.
Someone more familiar with the protocols could possibly trim some of the "extra copies" between packet_info and gssapi_encrypt_info_t structure, but I went the "better safe than sorry" route.
Change-Id: I160d2cfccadc5f49b128609223cdff0162c3ca85
Reviewed-on: https://code.wireshark.org/review/11575
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Also allow displaying the IPv6 header (correctly) as exactly 40 bytes long in
the bytes pane.
Ping-Bug: 10705
Change-Id: I1b4ea74202d519e7faf86c1c0f4f3c23403c2b2a
Reviewed-on: https://code.wireshark.org/review/11608
Reviewed-by: Michael Mann <mmann78@netscape.net>
Otherwise it can lead to a false verdict in after the check for Wireshark uninstall registry entry
Bug: 10867
Change-Id: I213ac8ffadfb3578b05d33b996540bd4330a0ec5
Reviewed-on: https://code.wireshark.org/review/11621
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
This is intentionally broken off of SSL to avoid confusion when UDP is involved.
Change-Id: Icfd3054be6aed2ebbd850a608efbc24f1a8f3831
Reviewed-on: https://code.wireshark.org/review/11612
Reviewed-by: Michael Mann <mmann78@netscape.net>
Since ssl_dissector_[add|delete] only take TCP dissectors, remove the parameter and just use it within the "internal" ssl_association_add call.
Change-Id: I0fdf941389934c20cbacf910250e17520614e706
Reviewed-on: https://code.wireshark.org/review/11591
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
SSDP now has its own protocol id to filter on (and use in Decode As), but all other fields are still HTTP as SSDP still doesn't have its own dissector.
Bug: 6190
Change-Id: I43394fb78ac699f0b06b9aa29df11a4e5345e260
Reviewed-on: https://code.wireshark.org/review/11616
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
In response PDUs we may only get a smb2_fid_info_t
via si->saved->file instead of si->file.
Change-Id: I1e1ecdabec6267f4e4ee9246d020fe6e51a13c1d
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/11598
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add expert info to the Change Cipher Spec tree when session resumption
is detected. This can be used as hint that decryption using a RSA key
file will not succeed because of missing key material.
The name of this expert info is "ssl.resumed" or "dtls.resumed" and the
expert info message is "This session reuses previously negotiated keys
(Session resumption)".
Change-Id: I4a83edb13417631c97d6cfc4a57e2086bd217878
Reviewed-on: https://code.wireshark.org/review/11583
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
While we're at it, get rid of a commented-out include, and update a
comment to give more information.
Change-Id: I910a26a3d7f4a50f0559abe5f2ab97a93c80357f
Reviewed-on: https://code.wireshark.org/review/11610
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It's a floating-point operation, so just use 4294967296.0.
Change-Id: I97258c8058821b6d46d740668271c0803617cdc1
Reviewed-on: https://code.wireshark.org/review/11615
Reviewed-by: Guy Harris <guy@alum.mit.edu>
AndyL