Error:
../ui/alert_box.c: In function ‘cfile_write_failure_alert_box’:
../ui/alert_box.c:359:13: error: this statement may fall through [-Werror=implicit-fallthrough=]
simple_error_message_box(
^~~~~~~~~~~~~~~~~~~~~~~~~
"Frame %u%s has a network type that differs from the network type of earlier packets, which isn't supported in a \"%s\" file.",
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
framenum, in_file_string,
~~~~~~~~~~~~~~~~~~~~~~~~~
wtap_file_type_subtype_string(file_type_subtype));
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../ui/alert_box.c:364:9: note: here
case WTAP_ERR_PACKET_TOO_LARGE:
^~~~
Change-Id: I55464afff5625ae8c587470e417234560c7e606c
Reviewed-on: https://code.wireshark.org/review/30623
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
We set the file encapsulation to WTAP_ENCAP_IXVERIWAVE when we open the
file; we don't need to update it when we read packets. and we don't need
to set the per-packet encapsulation because it's set to the file
encapsulation for us by wtap_read() and wtap_seek_read().
Change-Id: I2f123e3fb0d505334f3451685290bdbae77a598b
Reviewed-on: https://code.wireshark.org/review/30622
Reviewed-by: Guy Harris <guy@alum.mit.edu>
If we have no records, we can't determine the link-layer type.
Also:
Use more signed values, and do more sanity checks on the file header and
TLVs to make sure we don't run into the first packet.
When writing the file header, accumulate the header length/first packet
offset in a 32-bit variable, and stuff it into the
offset-to-first-packet fields (plural) once we're done.
Change-Id: I3aeb5258bc16ddd8cf0ec86ef379287d0c4b351a
Reviewed-on: https://code.wireshark.org/review/30620
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Encrypted packets were decrypted two times. One time to scan for
new keys. If no keys were found the decrypted data was simply
discarded. Then later on the packet was decrypted again for
dissection.
Avoid decrypting packets two times by storing the result from first
decryption if no key was found. Skip the second attempt.
Note though that in the special case where a key was actually found
inside an encrypted packet the decryption will still be performed
twice. First time decrypt, discover the key, and return the EAPOL
keydata. Second time decrypt and return the decrypted frame.
Change-Id: I1acd0060d4e1f351fb15070f8d7aa78c0035ce39
Reviewed-on: https://code.wireshark.org/review/30568
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Decrypt EAPOL keydata information and have it dissected with the
ieee80211 dissector.
This is achieved by letting the Dot11Decrypt engine retrieve the EAPOL
keydata decrypted while extracting the GTK during 4-way handshake.
The ieee80211 dissector then stores the decrypted data in packet proto
data so that the wlan_rsna_eapol subdissector can retrieve it for
dissection.
Change-Id: I2145f47396cf3261b40e623fddc9ed06b3d7e72b
Reviewed-on: https://code.wireshark.org/review/30530
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If a capture source is a pipe and it reaches the end of its input, don't
stop capturing globally since we might have other active interfaces. We
do need to stop capturing if all of our interfaces are pipes and none of
them are open, so add a check to do so.
Change-Id: Id7f950349e72113c9b4bfeee4f0a9c8a97aefe8c
Reviewed-on: https://code.wireshark.org/review/30615
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Continue the conversion from use of globals (the config module) to
fixtures. If a program (like wmem_test or tshark) is unavailable, it
will be skipped now rather than failing the test.
The general conversion pattern is:
- Decorate each class with `@fixtures.uses_fixtures` and (for tests that
run tshark) `@fixtures.mark_usefixtures('test_env')`.
- Convert all `config.cmd_*` to `cmd_*` and add an argument.
- Convert all `config.*_dir` to `dirs.*_dir` and add an argument.
- Convert users of `os.path.join(dirs.capture_file, ...)` to use a new
'capture_file' fixture to reduce boilerplate code. Inline variables if
possible (this conversion was done in an automated way using regexes).
Some other changes: tests that do not require a test environment (like
wmem_test) will use 'base_env' which avoids copying config files,
`env=config.test_env` got removed since this is the default. Some test
classes in suite_clopts were combined. Removed unused imports.
Change-Id: Id5480ffaee7d8d56cf2cb3189a38ae9afa7605a1
Reviewed-on: https://code.wireshark.org/review/30591
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Dequeue and write packets in capture_loop_dequeue_packet. This ensures
that we properly handle pcapng packets both inside our capture loop and
after it's finished.
Change-Id: Iacc980c90481b1378761eac83d8044aaddabfdc2
Reviewed-on: https://code.wireshark.org/review/30609
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Update sshdump and ciscodump to use it.
Change-Id: I5fbb9e3a870ec8baa0f326ad34733743cbb981f3
Reviewed-on: https://code.wireshark.org/review/30571
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It's operating system dependent, but the library takes care of it
on different operating systems.
Options are set with this precedence:
- if user-provided, use it
- if not, take the one from config file
- (username only) if none in the config file, take the current user from OS
Change-Id: I00dcc1c9a8613e6d1250b6404bf2100f6ccff7b7
Reviewed-on: https://code.wireshark.org/review/30558
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If, in the process of opening the input file, we determine that it has
packets of more than one link-layer type, we can catch attempts to write
that file to a file of a format that doesn't support more than one
link-layer type at the time we try to open the output file.
If, however, we don't discover that the file has more than one
link-layer type until we've already created the output file - for
example, if we have a pcapng file with a new IDB, with a different
link-layer type from previous IDBs, after packet blocks for the earlier
interfces - we can't catch that until we try to write the packet.
Currently, that causes the packet's data to be written out as is, so the
output file claims it's of the file's link-layer type, causing programs
reading the file to misdissect the packet.
Report WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED on the write attempt
instead, and have a nicer error message for
WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED on a write.
Change-Id: Ic41f2e4367cfe5667eb30c88cc6d3bfe422462f6
Reviewed-on: https://code.wireshark.org/review/30617
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Just silently not bothering to do any work isn't all that useful in that
case; giving the usage message indicates that you need both input and
output files.
Change-Id: I9512d3e45e1e9a9d4bccb28b49aeea8c12ad0100
Reviewed-on: https://code.wireshark.org/review/30614
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Previously 'tshark -z expert' was failing with abort when a packet
contains a comment
- Add a new comment parameter and update the tshark's manual page
- Add a new comment_level severity and change the default lavel to it.
- Add various 'tshark -z expert' tests
Change-Id: I188317da5e00019b8f2b725f0fe84942f774520f
Reviewed-on: https://code.wireshark.org/review/30610
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Count field of APP_ACK_CONF submessage was dissected using a signed
integer rather than unsigned. That avoids the dissection to be concluded
due to a wrong type error.
Change-Id: Ie5f85ce5b3d745d74e1b50d96a77560fb854034b
Reviewed-on: https://code.wireshark.org/review/30605
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Update another regex to also allow '0' in the preference name.
Change-Id: I61e39a160d86195c989ab53623bc5887a10dcaad
Reviewed-on: https://code.wireshark.org/review/30606
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
EXPERIMENTAL, this has not been widely validated yet. It is not clear whether
there is any deeper sense in how the prior ASN.1 cnf was done.
If this is used, it might also be beneficial to rename the double-overloaded
"type".
Removing pre-existing empty line at the end of packet-pkix1explicit-template.c
to comply with coding style requirements.
Change-Id: Iaddeb62f8abb8605b182091ea9c64b8f2172a884
Reviewed-on: https://code.wireshark.org/review/30599
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Attribute types for use in PKCS #10 certificate requests as specified
in PKCS#9 / RFC 2985
A CSR including one of the PKCS#9 OIDs, SubjectAltNames within an
pkcs-9-at-extensionRequest, can be generated with the following OpenSSL command
line on most Linux systems:
openssl req -new -sha256 -nodes -keyout domain.key \
-subj "/C=US/ST=CA/O=Acme, Inc./CN=example.com" \
-reqexts SAN -config \
<(cat /etc/ssl/openssl.cnf \
<(printf "\n[SAN]\nsubjectAltName=DNS:example.com,DNS:www.example.com")) \
-out attr_with_san.csr
Change-Id: I5ae4bd782003c65286bbebf41b96d142e4e99a60
Reviewed-on: https://code.wireshark.org/review/30600
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Update the regex to also allow '0' in the preference name.
Change-Id: I881079b579b9193dd31dda2150d9a50c000c0dd3
Reviewed-on: https://code.wireshark.org/review/30602
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
as "Unknown"
Bug: 15276
Change-Id: I313f9d98d0c305a1508f465ec99ae98a91d3d9e9
Reviewed-on: https://code.wireshark.org/review/30603
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The one in pkix1explicit might be broken, while it might have unexpected
side-effects to mess with that. Anyway, RFC 2986 defines the Attribute
sequence for PKCS10 directly.
Change-Id: I854b5b5fb83322a1302d011c9cd6f2d5c9fc2b78
Reviewed-on: https://code.wireshark.org/review/30585
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Those frames *don't* have their link-layer headers stripped, even on
PF_PACKET/SOCK_DGRAM captures (hopefully, nobody will consider that a
bug and "fix" it).
The "hatype" field is the ARPHRD_ value for the adapter, as returned by
SIOCGIFHWADDR; in monitor mode, those frames will have an hatype of
ARPHRD_IEEE80211_RADIOTAP. Add an "sll.hatype" dissector table, which
we check before checking the "sll.ltype" dissector table, and have the
radiotap dissector register in that table.
We still use the special hack for an hatype of ARPHRD_NETLINK, because,
for *those* frames, the "protocol" field of the nominal SLL header is
the netlink family, not an Ethertype or anything else that the SLL
dissector would handle.
Change-Id: If503a7daa9133adf1b8c330ec28c4c824d4f551d
Reviewed-on: https://code.wireshark.org/review/30592
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have the routines always take a parameters pointer; pass either null or
a pointer to an initialized-to-nothing structure in cases where we were
calling the non-_ng versions.
Change-Id: I23b779d87f3fbd29306ebe1df568852be113d3b2
Reviewed-on: https://code.wireshark.org/review/30590
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It loads, but displays nothing (either in Safari 12, or a presumably
recent Chrome, on my Mac).
Change-Id: I4a5530007ddf3c14a5fd349998318d5868da5d5c
Reviewed-on: https://code.wireshark.org/review/30588
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Four variants of wtap_dump_open_ng exists, each of them take the same
three parameters for the SHB, IDB and NRB blocks that has to be written
before packets are even written. Similarly, a lot of tools always create
these arguments based on an existing capture file session (wth).
Address the former duplication by creating a new data structure to hold
the arguments. Address the second issue by creating new helper functions
to initialize the parameters based on a wth. This refactoring should
make it easier to add the new Decryption Secrets Block (DSB).
No functional change intended.
Change-Id: I42c019dc1d48a476773459212ca213de91a55684
Reviewed-on: https://code.wireshark.org/review/30578
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
We need to pass the original proto_tree pointer to sub-dissectors,
not the p_ipv6_pinfo_select_root() return value. Rename the "_tree"
argument to follow the existing style and make the code more readable.
Bug: 15270
Change-Id: I0322f015abc0d6426d6f05c16c48e928c253c2eb
Reviewed-on: https://code.wireshark.org/review/30579
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Also add convenience functions for getting/setting the PDCP-NR struct.
Change-Id: Id30d380ecb2910e5f32e08b791657696bb513910
Reviewed-on: https://code.wireshark.org/review/30569
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Change-Id: I15f5989f08b7e3851a7c4b949d63434fbc750020
Reviewed-on: https://code.wireshark.org/review/30557
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Adjust the CMake configuration to generate grapvhiz files with an
improved layout.
Documentation: https://cmake.org/cmake/help/latest/module/CMakeGraphVizOptions.html
To generate a dependency graph from the build directory (example):
cmake . --graphviz=wireshark.dot
fdp wireshark.dot -Tpdf -o wireshark.pdf
Change-Id: Icf238668004224b9d373d8080e549b9b583f676c
Reviewed-on: https://code.wireshark.org/review/30564
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
A lot of file dissectors (pcapng, json, etc.) assumed that the packet
size is equal to the file size. This is not true if the file was
compressed and could result in silently truncating reads or failing to
open a file (if the compressed file is larger than the actual data).
Observe that a lot of file dissectors are simply copies of each other.
Move the fixed implementation to wtap.c and reuse the methods everywhere
else. While at it, avoid an unnecessary large allocation/read in
ruby_marshal.
Change-Id: I8e9cd0af9c4d1bd37789a3b509146ae2182a5379
Reviewed-on: https://code.wireshark.org/review/30570
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
After fetching a length from the packet ensure those bytes exist to
avoid integer overflows by callers (while avoiding having to ensure
every caller checks for overflows).
Also add a check to ensure the loop in question is progressing through
the TVB; report a dissector bug if it doesn't.
Bug: 15250
Change-Id: I9434bfe9d530942fd45342690383df2decacdba1
Reviewed-on: https://code.wireshark.org/review/30560
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Remove "Export SSL Session Keys", "Import/Export Color Filters" and
"Export Raw Bytes" dialogs. These were only used by GTK+ as Qt has its
own implementation.
Change-Id: I0520a0f6e35d0f8a55c58e77f89c5229393c2b23
Reviewed-on: https://code.wireshark.org/review/30559
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If it *is* called when global_capture_opts.use_pcapng is false, don't
just silently drop the packet on the floor, abort.
Change-Id: Idb8f8e4c4ba231cfe674a81da34bf46e00f8247c
Reviewed-on: https://code.wireshark.org/review/30562
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add capture_loop_wrote_one_packet, which increments the appropriate
counters and checks for autostop and ring buffer conditions. Call it
when we write a pcap or pcapng packet. This fixes `-b packets:NUM` for
pcapng output.
Change-Id: Ie2bdd725fbee59c1ae10b05be84ae9a3a6d80111
Reviewed-on: https://code.wireshark.org/review/30561
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
A race condition exists with msbuild where building some targets
(generate_{developer,user}-guide.xml, {developer,user}_guide_pdf) will
result in parallel, repeated execution of the commands to copy 'ws.css'.
Synchronize those executions using a single target to avoid this.
Change-Id: Ie93d07e504bc18fa4e4e8aac5b611fba329ff188
Reviewed-on: https://code.wireshark.org/review/30553
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Dario Lombardo