In autotools, if we find pcap_open(), define HAVE_PCAP_REMOTE, so we
build the remote capture support.
In both autotools and CMake, only check for pcap_setsampling() if we
have pcap_open(), as the compile fails if we have pcap_setsampling() but
don't have remote capture.
Change-Id: I0e7b78a2d372ea658a19ed2f6493532928c36872
Reviewed-on: https://code.wireshark.org/review/24680
Reviewed-by: Guy Harris <guy@alum.mit.edu>
As stated in https://tools.ietf.org/html/rfc6388#section-3.2
MP2MP uses the same structure as the P2MP FEC element.
Bug: 13171
Change-Id: Ia619deac6075f5eb27dff2144edbbb60b440cc46
Reviewed-on: https://code.wireshark.org/review/24677
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
According to specification, AdjustDCPBoundary is
a sub block for adjusting the DCP boundary.
Change-Id: I2515e2b3592ff0e5e67487b1785db41015964b21
Reviewed-on: https://code.wireshark.org/review/24673
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
- Fix detection of TDS7 Prelogin responses to have fewer false positives.
This was causing regular responses to be recognized as Prelogin responses if they
happened to begin with a DONEINPROC token.
- Define symbolic constents for the Prelogin options.
- Apply the version_convert processing to the relevant prelogin options as well as
to the loginack_progversion.
- Correct the display of the program version in version_convert.
- Factor out the setting of tds7_version so it can be called from the dissect_tds7_login
as well as dissect_tds_login_ack_token. This is needed to correctly handle tokens
which come before the loginack token in the login response.
- Fix the wording of a comment in my last commit.
Change-Id: I57615bbb1e780db37cda25d8d5d7f964f68b337e
Reviewed-on: https://code.wireshark.org/review/24664
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Change-Id: I1007fdff01b370c06a8ccfb1145fd162ffde9a94
Reviewed-on: https://code.wireshark.org/review/24674
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reads pcapng blocks from a pipe. Section header blocks are parsed for
endianess. All other blocks only have the general block header parsed
for type and length, and then endianess converted if necessary.
Outputs all blocks using the original endianess format so none of the
other block types or options require parsing.
Change-Id: I2f4f0175013d8fc2cda42a63e7deacad537951e3
Bug: 11370
Reviewed-on: https://code.wireshark.org/review/24536
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Now also trying to resolve C-RNTIs in FACH from the global RNTIs map
Change-Id: If9ce5b73d6855271c15001fd73d8acaaaf9d1864
Reviewed-on: https://code.wireshark.org/review/24665
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
RXLEV and RXQUAL fields in RSL "Uplink Measurements" use same scale
format (0-63, 0-7) as RXLEV and RXQUAL in RR. RXQUAL value-string is
moved to packet-gsm_a_common.c in order to use it in both protocols.
Change-Id: Idadd9505225353fec76b9605e2045a5222669475
Reviewed-on: https://code.wireshark.org/review/24663
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
While we are at it, let's add a partial dissection of
PLMN-IdentityWithOptionalMCC-r6 IE.
Bug: 14248
Change-Id: I20b76bc74c248914db21629f8ce77799fccb1612
Reviewed-on: https://code.wireshark.org/review/24661
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The "Decompressed header" tab contains some human-readable text, but no
field was associated with it. Instead, the fields were attached to raw
compressed headers which, all with the same offset and length.
Ensure that each byte in the decompressed header tab is accounted for.
The only fields that are still pointing to the raw compressed buffer is
the http2.header field (covering a full raw header), the representation
type (a few bits, at most 1 octet) and the index length (guessed length,
an exact value is probably not worth the cpu cycles).
Change-Id: Ic0118e9ed583841a2d353f8b8c28dcafea3401f2
Reviewed-on: https://code.wireshark.org/review/24660
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The HTTP2 decompressed headers tab is composed from multiple TVBs, these
have a null "real_data" pointer. Do not access it directly but use an
accessor which Does The Right Thing™.
Change-Id: Ib974fed9782d60aa2b91e3e712ba737000b79b4b
Fixes: v2.5.0rc0-1627-g8a6ea0e454 ("Qt: Further cleanup ByteView")
Reviewed-on: https://code.wireshark.org/review/24658
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Alexander Gryanko <xpahos@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Slight adjustment to I394fa91a5cfa1700fb12441d4884c0367b39df8b
Change-Id: Id097a39265f49a79f3d39855ef6b5c95ffe8c4f1
Reviewed-on: https://code.wireshark.org/review/24654
Reviewed-by: Michael Mann <mmann78@netscape.net>
Added a link inside the Topic Information feature so users can
quickly go to the discovery data associated with the writer sending
this submessage.
Change-Id: I3a89630a275e5d857e8bbf86dc5171c9f0921d5b
Reviewed-on: https://code.wireshark.org/review/24646
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ia827c43b161a2b64804b0eac220b428eb853d255
Reviewed-on: https://code.wireshark.org/review/24647
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Instead of calling wmem_strbuf_finalize, which frees the strbuf
structure and makes it unsuitable for reuse, call wmem_strdup +
wmem_strbuf_truncate. This fixes a heap-use-after-free.
Bug: 14248
Change-Id: I498e10ed9f9afa7fa72b607eb43f68c710de777e
Reviewed-on: https://code.wireshark.org/review/24650
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Make sure each ui/*.[ch] file uses identical (4-space) indentation.
Remove ui/.editorconfig. Fix up other formatting where needed.
SPDX-abbreviate the license blurb in the files we modify.
Change-Id: I5faa1c1eae9a4b6220422ad8e4ba7a341c7deb1f
Reviewed-on: https://code.wireshark.org/review/24632
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Make sure process_netbios_name doesn't write past the beginning of its
buffer.
Bug: 14249
Change-Id: Idb294ba2362e48b879bc4c0c0ddaf64fcf1b5d72
Reviewed-on: https://code.wireshark.org/review/24651
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Missed out some that would probably result in too many links.
Added FT_FRAMENUM_RETRANS_PREV and FT_FRAMENUM_RETRANS_NEXT to enum,
these display as arrows like REQUEST and RESPONSE do.
Change-Id: I6e8d222955f2ba59a713e8a389837b55a1c7f262
Reviewed-on: https://code.wireshark.org/review/24600
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
"file(GENERATE ...)" is only supported since 2.8.12, since the list of
sources is fixed at cmake time, just use "file(WRITE ...)".
Change-Id: If4a547803ab536cf8d131045692d3e58301b0cd2
Fixes: v2.5.0rc0-1763-gfe0c2b0485 ("Rewrite make-dissector-reg.py in C")
Reviewed-on: https://code.wireshark.org/review/24638
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Since v2.1.0rc0-2202-g6b54fbf3bf, wslua is also not necessary in the
include path, so remove that too.
Change-Id: Ib227b71b08da9fc397d6618b60100ab819570b86
Reviewed-on: https://code.wireshark.org/review/24640
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Match closer the behavior of autotools which does not include epan in
its include paths by default.
Change-Id: I885bc7942490a5674c6ac75f9a8ea221555e3784
Reviewed-on: https://code.wireshark.org/review/24639
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Also add some more errors checks, we only pass valid files to make-dissectors.
Change-Id: I9c068e47f35ee6c3da0112ee9ce905af35030475
Reviewed-on: https://code.wireshark.org/review/24625
Reviewed-by: João Valverde <j@v6e.pt>
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Join the protocol registration threads so that they call g_thread_unref
which in turn detaches/terminates the thread. This gets rid of many TSan
and DRD errors here. The remaining ones appear to be false positives.
Add g_thread_new to glib-compat (untested).
Change-Id: I4beb6746ed08656715cf7870ac63ff80cf1ef871
Reviewed-on: https://code.wireshark.org/review/24619
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Otherwise we can call CRC functions with a negative value, leading to
a segmentation fault.
Bug: 14250
Change-Id: I394fa91a5cfa1700fb12441d4884c0367b39df8b
Reviewed-on: https://code.wireshark.org/review/24621
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I7c683449155f7dcb63731e6575cf92c30be78934
Fixes: v2.5.0rc0-1841-gd865871627 ("Qt: About Dialog move to QTreeView and fix copy")
Reviewed-on: https://code.wireshark.org/review/24637
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Switch ui/win32/console_win32.[ch] to 4-space indentation to match the
other files in that directory. Remove ui/.editorconfig. SPDX-abbreviate
the license blurb in all files in that directory.
Change-Id: I68aa5a3ae7ae184ea8d27d9dba06b968ac3d2472
Reviewed-on: https://code.wireshark.org/review/24636
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
No need to make it an option; it's not an option in CMake.
Change-Id: I43dd25b9b73e6f372bd6612aea6372b950b0ca74
Reviewed-on: https://code.wireshark.org/review/24635
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reserved values are a bit of a hack. (If this were Swift....)
Change-Id: I243e8f497345f44d94af6106287556b8831fba92
Reviewed-on: https://code.wireshark.org/review/24633
Reviewed-by: Guy Harris <guy@alum.mit.edu>
CANT_GET_INTERFACE_LIST does *NOT* mean "No remote interfaces found.",
as in "there are no remote interfaces"; a NULL return from
get_remote_interface_list() and an err value of 0 means that.
CANT_GET_INTERFACE_LIST means "something bad happened and the error
string says what it is". Display that error string, so when people
report problems:
https://github.com/the-tcpdump-group/libpcap/issues/666
they'll give the actual error message, and I'll fix my breakage of the
rpcap protocol negotiation:
2972769d03
rather than just wondering what the problem was and asking the reporter
of the problem for more information.
Report anything other than "there are no remote interfaces" as an error,
not a warning.
Change-Id: Ia9381953d080e037254f21e47ee7ecc4619b7254
Reviewed-on: https://code.wireshark.org/review/24627
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I7ca67ceaf72a1e4cc1c7b3ccc8fed79fafefe575
Reviewed-on: https://code.wireshark.org/review/24614
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
DCE/RPC is a FT_GUID type, but has some special handling. "Regular"
FT_GUID dissector tables still not supported.
Bug: 13122
Change-Id: I328776ffe5bbe87ecfbe6719f04d18b1b237a583
Reviewed-on: https://code.wireshark.org/review/24602
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Not all file systems returns a sorted list of filenames, so we need
to sort the entries before using the list in the Profile popup and
the Manage Profiles dialog.
Change-Id: Ic1f2bfa77fb47fb8c406d891aee49b484876b4f7
Reviewed-on: https://code.wireshark.org/review/24615
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Let the build system handle the dependencies. Make sure to update the file
even if nothing has changed to avoid re-running the script every time.
Change-Id: I2229c13578a6278a04152825c98d8b889081dcb7
Reviewed-on: https://code.wireshark.org/review/24597
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
- Fix an issue, where the url was opened twice on Linux
- Make the filter case insensitive if so wished for
- Allow the copy to either copy the selected column (just Copy) or copy the complete row, with tab separation
- Move to QTreeView instead to make it similar to the rest of the tables
Change-Id: Ie6064f2ad2014e24546553c5febe63358e2f69ec
Reviewed-on: https://code.wireshark.org/review/24570
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jim Young <jim.young.ws@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Draft -22 moved the server version to an extension and makes HRR look
like a SH. SH is now interpreted as TLS 1.2. Detecting TLS 1.3/HRR
requires scanning SH extensions before parsing the message, so do that.
Changes:
- Add draft 22 version identifier.
- Recognize special Server Hello magic for HRR.
- Dissect SupportedVersions for SH/HRR, rename the field to match spec.
- Recognise new Server Hello format (including legacy fields).
- Move version detection up to handshake message dissection to allow
HRR (disguised as SH) to be detected as such. DTLS does not have HRR
and fragmentation makes it harder, so use its version as usual.
- Ignore ChangeCipherSpec again for draft 22 (do not add expert info).
- Allow NST ticket_nonce to be empty.
Change-Id: I9d5f7dba173e1b5c901bf9a6917c65520ee60a2f
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/24340
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Don't just do it if we're actually creating protocol tree information
for the "Frame" protocol; that information is used even when we're *not*
creating protocol tree information for "Frame".
Bug: 14245
Change-Id: Ie3754e15754fb6a73529e20d8fa68956e206a994
Reviewed-on: https://code.wireshark.org/review/24593
Reviewed-by: Guy Harris <guy@alum.mit.edu>