Move */ to a separate line below the SPDX identifier.
Change-Id: Id1032215449cfccae0933147b45e04b65e0b727f
Reviewed-on: https://code.wireshark.org/review/27211
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Move UAT file creation to config.py.
Run the text2pcap and some of the clopts tests under our default
environment.
Use "in" instead of "has_key".
Change-Id: Ie5c70fb33c29676672bed7bf8205cff0bba77f8a
Reviewed-on: https://code.wireshark.org/review/27234
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
dissect_ldss_transfer had a trivial read overrun: "line" was not
NUL-terminated, and strtol/g_ascii_strtoull will keep reading and discarding
any leading whitespace, so a malformed LDSS packet (with only whitespace
characters following the tag on a "Size:"/"Start:"/"Compression:" line) could
trigger a read overrun.
Let's replace the tvb_memdup with tvb_get_string_enc, which does some checking
of the input characters (which, it seems, must always be ASCII), and produces a
neat NUL-terminated string.
Testing Done: On Linux x64, ran "valgrind tshark -r fuzz-2018-04-23-14422.pcap"
without the fix (to reproduce the failure), and then with the fix, and
observed that no errors were reported anymore after the fix. 60,000 iters of
fuzz-test with ldss_filtered.pcap as input, plus 1,000 iters under valgrind.
Launched wireshark and opened ldss_filtered.pcap, and examined the dissection
of the "ldss and tcp" packets; All looks good.
Bug: 14615
Change-Id: I3fccc4ffbe315a3cff6ea03cc7db37f884b0582c
Reviewed-on: https://code.wireshark.org/review/27204
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
ENABLE_CHM_GUIDES is no longer in CMakeOptions.txt
Change-Id: I217ac89f12c95e66591465e3230c19968dcc0bde
Reviewed-on: https://code.wireshark.org/review/27209
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Change-Id: I541bd728c159e95c2d5daa8ce0bfea3961ff1db9
Reviewed-on: https://code.wireshark.org/review/27203
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
When using coloring rules the selected packet is sometime hard to recognize. The stylesheet of the packet list is extended for this.
Bug: 14621
Change-Id: Ied465e0e211b3c11e69cb71f89988eb45622dd72
Reviewed-on: https://code.wireshark.org/review/27141
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Fix false positives due to method names that are considered deprecated:
int CaptureFileDialog::open(...
first_elapsed = QString().sprintf(
int open(QString &file_name, unsigned int &type);
Change-Id: Ib3c255a9f17b2cb44cd441e5277a97db63afaa72
Reviewed-on: https://code.wireshark.org/review/27189
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
These directories have had trailing slashes for years and users seem to
rely on it, so restore this assumption for backwards compatibility. The
underlying API function (Dir.persconffile_path()) is not changed because
trailing slashes were not documented for that function.
For consistency, ensure that all Lua Dir functions return paths without
trailing slashes.
Bug: 14619
Change-Id: Ia299864999578884b1ad1cd48f1bd883bce6879d
Fixes: v2.5.0rc0-579-gfb052a637f ("Use g_build_filename() instead, fix indentation")
Reviewed-on: https://code.wireshark.org/review/27166
Reviewed-by: João Valverde <j@v6e.pt>
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Only show value as String if valid as UTF-8 string.
Only show value as Boolean if 0 or 1.
Change-Id: I56168faafff9eaeeb21ec6d57b850013bbb94c33
Reviewed-on: https://code.wireshark.org/review/27212
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
A number of mistakes have been found now that captures are available.
Change-Id: I883d71439f407ab9d90be878c9f52a5a300b9c8c
Reviewed-on: https://code.wireshark.org/review/27192
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
In wtap_get_savable_file_types_subtypes(), in the search for a default
file type to use, stop as soon as we've found a usable file type, don't
keep searching.
Bug: 14601
Change-Id: Iff4ffe14f5ad07271c49a761e0856059353c1634
Reviewed-on: https://code.wireshark.org/review/27193
Reviewed-by: Guy Harris <guy@alum.mit.edu>
filter_expression_new was g_strdup()ing each of the strings in the "expression"
structure, but UAT is just going to immediately deep copy the structure (via
display_filter_copy_cb), so the copies made here are immediately leaking.
We could either free() these copies immediately after uat_add_record returns,
or skip the g_strdup altogether (which necessitates casting away the "const").
I chose the latter.
Testing Done: Linux x64 build. With a display filter configured in
~/.wireshark/preferences, Valgrind no longer reports three leaks from here.
Change-Id: I7913f260875ced597b9027c8ae92a4d6d44f6414
Reviewed-on: https://code.wireshark.org/review/27157
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Display element value as bytes if value is not a valid UTF-8 string.
Add a new utility function isprint_utf8_string().
Change-Id: I211d5ed423b53a9fd15eb260bbc6298b0b8f46a0
Reviewed-on: https://code.wireshark.org/review/27178
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Dissector for GSM-R protocol. Specification ETSI TS 102 610.
Trace example in https://wiki.wireshark.org/SampleCaptures [[attachment:gsm-r.uus1.pcap]]
Change-Id: I7496bfa141d75b3460f7c3bdbb791e24d4810231
Reviewed-on: https://code.wireshark.org/review/26929
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add the fileformats and I/O suites. Move some more common code to
subprocesstest.py and add a diffOutput method.
Change-Id: I2ec34e46539022bdce78520645fdca6dfc1a8c1a
Reviewed-on: https://code.wireshark.org/review/27183
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
In util_slow_dhcp.py, open stdout as O_BINARY on Windows.
Have ctest pass --verbose to test.py.
Call config.canCapture at test time so that we don't inadvertently skip
some tests.
Stringify our dumpcap config check.
Fix our Gcrypt variable.
Change-Id: I884ec23ddfc7c28b79d4a860c6c43c308598e6db
Reviewed-on: https://code.wireshark.org/review/27182
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Add missing BT5 bit fields to HCI LE Set Event Mask
command. Correct displayed field name.
Change-Id: Iacaba69226663e884b60ac5a75470de77317ea92
Signed-off-by: Allan Møller Madsen <almomadk@gmail.com>
Reviewed-on: https://code.wireshark.org/review/27177
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
protocol specification: in the file header
NCS 1.5: PKT-SP-NCS1.5-I04-120412, April 12, 2012 Cable Television
Change-Id: I95a1d769cb08c0e8160ca6fcdb99dd98e0f085cc
Reviewed-on: https://code.wireshark.org/review/27077
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Make sure err_str is valid before trying to assign a value.
Change-Id: I4e6524b93101ef28158996797e8462168e44dc2a
Reviewed-on: https://code.wireshark.org/review/27173
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Create Python versions of our various test shell scripts. Add CMake
tests for each suite. Tests can now be run directly via test.py, via the
"test" target, or via ctest, e.g.
ctest --verbose --jobs 3
Add a testing chapter to the Developer's Guide.
Add a way to disable ctest in dpkg-buildpackage.
Suites completed:
- capture
- clopts
- decryption
- dissection
Remaining suites:
- fileformats
- io
- mergecap
- nameres
- text2pcap
- unittests
- wslua
Change-Id: I8936e05edefc76a86b6a7a5da302e7461bbdda0f
Reviewed-on: https://code.wireshark.org/review/27134
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
"packet_dialog.cpp" does not use setCaptureFile, resulting in a NULL
dereference while trying to obtain the dissection context. Apply a fix
similar to v2.5.1rc0-121-g9198448f9d (pass a fixed dissection context to
ProtoTree). Additionally, fix a memleak and correct documentation.
Why not add "proto_tree_->setCaptureFile(cap_file_.capFile())" in
PacketDialog? Well, it also uses "proto_tree_->setRootNode(edt_.tree)"
which means that "cf_->edt" would be different from "edt_". If that is
the case, then "proto_construct_match_selected_string" will not return a
filter for FT_NONE fields (see the call chain in proto.c).
Bug: 14620
Change-Id: I6eeaf32b650a2095e15f64bbe64b54cdd545c7a9
Fixes: v2.5.0rc0-1608-g4d6454e180 ("Qt: Drag n Drop Filter expression from Packet Tree")
Reviewed-on: https://code.wireshark.org/review/27160
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
When normal interfaces are unavailable (chmod -x dumpcap), and after
toggling "Disable external capture interfaces" twice and then refreshing
the interfaces list (F5), a double-free occurs in ui/iface_lists.c:147
for "global_capture_opts.ifaces_err_info".
Change-Id: I98697653ab1c123186892408112c34afdd1766f5
Fixes: v1.99.0-rc1-1005-g35b4487538 ("Handle empty interface lists when the list changes.")
Reviewed-on: https://code.wireshark.org/review/27161
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
"make dist" will currently fail with "git archive" archives because
dftestfiles and dftestlib is missing. To encourage distributors to run
tests, ensure that these files (1.64MiB uncompressed, 688KiB
gzip-compressed) are bundled.
Change-Id: I1fc2bd6df45db40e64e7691235f716bbf3562f87
Reviewed-on: https://code.wireshark.org/review/27158
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
This change reflects that the 64-bit timestamp in AVSP is in TAI
timescale and not UTC.
Change-Id: I13807ab446492c2b4f37a57989e1e0122afcc6aa
Reviewed-on: https://code.wireshark.org/review/27144
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Transfer ctype values from GET request to response to be able
to decode the payload correctly.
Change-Id: Ida7598aefbd3f245dd487d50562539395f130ac4
Reviewed-on: https://code.wireshark.org/review/27163
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
The header Identifier and Length fields are using big endian encoding.
Change-Id: I1b557168ae467cc5eb63ada3991279cf080fa687
Reviewed-on: https://code.wireshark.org/review/27162
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
The IETF has assigned many more Processor Architecture IDs since RFC 4578, so
let's add those to the BOOTP dissector.
There's also now a published erratum for RFC 4578's Client Architecture type
table, so we should update the dissector table to match. Since it leads to a
relatively widespread (and difficult to troubleshoot) problem, let's add an
"expert info" warning when we see a packet specifying EFI BC as its Client
Architecture, since it is almost certainly intended to be EFI x64.
And, while we're here, RFC 4578 describes the Client Architecture type field as
an array of 16-bit values, so let's implement that too.
Testing Done: Examined packet captures from EFI DHCP with architecture ID 7
(now displays as "EFI x64") and 9 (now displays as "EFI BC", with a warning
to explain that "EFI x64" was probably intended). Manually edited packets
to contain multiple entries in the Client Arch option, and they all showed
correctly (including the warning for type 9). Manually edited a packet to
contain an odd number of bytes for the Client Arch option, and saw the
expected warning. Ran 30000 iterations of fuzz-test.sh with a corpus of 5
DHCP/PXE packets as input, and an additional 1000 iterations with the "-g"
(valgrind) option.
Change-Id: I2ef153316141eb051785fc86f420ad2f721f2a76
Reviewed-on: https://code.wireshark.org/review/27155
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This adds support for the TPM 2.0 "protocol" as defined
by the Trusted Computing Group (TCG) specification.
The specification can be found here:
https://trustedcomputinggroup.org/tpm-library-specification/
The specification defines the format of the all TPM requests
and responses that this dissector supports.
A sample capture file that can be used for testing this
can be found in the https://wiki.wireshark.org/SampleCaptures
It is called policy-authorizeNV.pcap.
Change-Id: I557cb779f3adc5313e6d3498bbfeb56fdd308fbf
Reviewed-on: https://code.wireshark.org/review/26866
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add missing section on display filter functions to WSUG and make it
consistent with the wireshark-filter(4) manual. "count" was added in
Wireshark 1.12 (bug 9480). "len" was added in Wireshark 1.6.x.
"size" (added in 1.8.x) is not documented since it works like "len",
except that it is not limited to strings and byte arrays. I think that
"len" should be extended to other types while removing "size".
Change-Id: I2c8e2b4a11f007de7852a797bed971af86840b47
Reviewed-on: https://code.wireshark.org/review/27146
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We no longer use autotools/libtool, so we don't need to install
automake, autoconf, or libtool; we only support CMake, so we *do* need
to install it.
We no longer support GTK+, so we don't need to install it.
Change-Id: I41df9f67c8aba486220e77f7c8c67efa7784a7f2
Reviewed-on: https://code.wireshark.org/review/27152
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We don't use autotools, so there are no configuration scripts that need
to be generated by autogen.sh.
Change-Id: I8b2a5bc3cb91a4c2bc59069a29b8ca774b6f239f
Reviewed-on: https://code.wireshark.org/review/27150
Reviewed-by: Guy Harris <guy@alum.mit.edu>
In CMake files, we don't do some checks that our autotools scripts did;
speak of those in the past tense, as the autotools scripts are gone.
(Leave the comments there, to note that we *might* have to reinstate
those tests, although they're for old versions of macOS and GCC.)
In CMake files, we use some #defines because that's what autotools did;
speak of those in the past tense as well.
Change-Id: I594fe8225cf94b5087093febc11f6b0a7e42e7cd
Reviewed-on: https://code.wireshark.org/review/27149
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We don't support building with autotools (except for building the
support libraries using macos-setup.sh), and we don't support GTK+ and
thus don't require X11.
Change-Id: If9da937285016fc178a0153d38212404b0ff2c59
Reviewed-on: https://code.wireshark.org/review/27148
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Remove FAQ items that assume we are (and, in one case, that we're using
SVN...).
Change-Id: Ifd04ac0f34f562b2b0b588bed8db8f4e13317c18
Reviewed-on: https://code.wireshark.org/review/27147
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Stig Bjørlykke