in this case, we can simply exit the loop if we see an invalid pdu length
Change-Id: I818736f25d15d9054ea66b4670a5362b557b0e9f
Reviewed-on: https://code.wireshark.org/review/13083
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add dissection for two new packets types added in the MA USB v1.0a
Specification.
Change-Id: Ie693f5d721a446454cc927451b69859e1992ddb3
Reviewed-on: https://code.wireshark.org/review/13081
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
try to clean up the use of signed vs unsigned data types
in dissect_dcom_BSTR without affecting any other function:
offsets are gint
if we have to add a guint32 to an offset, do a range check before adding
if we see an overflow, return the number of bytes consumed up to that point
Change-Id: Ib06c19fee8e3477e07b190ca26743891a5b24c3d
Reviewed-on: https://code.wireshark.org/review/13082
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Return an error string if that happens.
If it doesn't fail, it will return a value >= 1; it will never return 0,
so don't check for that.
Change-Id: I6d7ee2683c1ceae73e9d9d61c0a6e6d30b2c4400
Reviewed-on: https://code.wireshark.org/review/13100
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We only need is_linux_bonding_device() if we have pcap_create(). We
need get_data_link_types() regardless of whether we have pcap_create()
or not.
Change-Id: I035f8ddcd57c0424662a2029f928bffa969a3f6c
Reviewed-on: https://code.wireshark.org/review/13099
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Few of these functions exist if we're not building with libpcap.
Change-Id: Icead80bc1993a229341fb4fcba6f1e5901c610ee
Reviewed-on: https://code.wireshark.org/review/13097
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We don't need it.
Change-Id: Idca29cbd7208c388a1f5d4e2b0131f5cfddc7896
Reviewed-on: https://code.wireshark.org/review/13096
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The latest WinPcap has both pcap_open() and pcap_create(), and the
latter is independent of whether we have remote capture.
Change-Id: I889555b74b0c15d5519a8d178719c938d374a938
Reviewed-on: https://code.wireshark.org/review/13094
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Move the code to open capture devices and get properties of capture
devices there, joining the code to get a list of capture devices.
This lets us do a better job of handling pcap_create() in WinPcap,
including handling both WinPcap with pcap_create() and WinPcap without
pcap_create() at run time, just in case somebody tries using WinPcap 3.x
with a Wireshark built with WinPcap 4.x.
It also could make it easier to use libpcap/WinPcap directly in
Wireshark and TShark, if we have versions of libpcap/WinPcap that run
small helper utilities to do privileged functions, allowing programs
using them never to need elevated privileges themselves. That might
make it easier to fix some issues with running TShark when not saving to
a file (we could avoid the file entirely) and with delays when stopping
a capture in Wireshark (Wireshark could stop writing to the file as soon
as you click the stop button, rather than letting dumpcap do so when the
signal gets to it).
It might also make it easier to handle future versions of
libpcap/WinPcap that support using pcap_create()/pcap_activate() for
remote captures, and other future extensions to libpcap/WinPcap.
Rename some XXX_linktype routines to XXX_datalink to indicate that they
work with DLT_ values rather than LINKTYPE_ values; future versions of
libpcap might use LINKTYPE_ values in newer APIs.
Check for pcap_create() on all platforms in CMake.
Change-Id: Ia12e1692c96ec945c07a135d246958771a29c817
Reviewed-on: https://code.wireshark.org/review/13062
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
If the error is something other than ENOENT, return that error
indication.
Change-Id: If866cab5f0de0e4fa8b1ed1cead1290feb88a3cb
Reviewed-on: https://code.wireshark.org/review/13091
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Copy over and adapt missing logic from the GTK+ UI which adds recent
capture filter entries when we start a capture.
Change-Id: Ifcf8b719e53727b7c269d9890731d542d1759efc
Ping-Bug: 11950
Reviewed-on: https://code.wireshark.org/review/13086
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
No need for the GTK dependency on dissectors/packet-ipv6.h.
Add the stream_addr typedef in follow.h to make some code simpler.
Change-Id: I1cf906f58734a90263141362f2da33a140f93533
Reviewed-on: https://code.wireshark.org/review/13063
Reviewed-by: João Valverde <j@v6e.pt>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Most probably this issue was introduced as a copy paste from RNG-REQ packet when INIT-RNG-REQ packet was first created.
Change-Id: I5eb0ac666c76b48d70b3383312f0598b6110cc03
Reviewed-on: https://code.wireshark.org/review/13085
Reviewed-by: Michael Mann <mmann78@netscape.net>
Have subdissectors do the bit math checking for particular flag bits.
Change-Id: Ie6350e316f79af879be9fc512ce215f24449a7e5
Reviewed-on: https://code.wireshark.org/review/13071
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
See I651e76c6d53b0
Change-Id: I8082f22da0d16655104ad8699f08abdaf916a941
Reviewed-on: https://code.wireshark.org/review/13078
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change the tokenizer to two regular expressions, which
make the parsing of the sentence strings a lot safer and faster.
Change-Id: I444adb8db10b689dd387c0caa951981ba28be917
Reviewed-on: https://code.wireshark.org/review/13040
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
This is the correct fix commit 0e7b7dc883.
(As committed, deleting these two lines makes the dissector return the wrong
number of bytes processed.)
Change-Id: I2e88bbc6942f6af40199d5b03a71e182c1896871
Reviewed-on: https://code.wireshark.org/review/13074
Reviewed-by: Anders Broman <a.broman58@gmail.com>
* rename 'system' variable to 'system_msg'.
* change 'system' variable type to gboolean.
Fixes compile error on OSX.
Change-Id: I772b3126e6f7ebdab0797eaac223787956e02aef
Reviewed-on: https://code.wireshark.org/review/13075
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
[KISS - Keep It Simple, Stupid]
Convert the Follow TCP functionality to use a tap from the TCP dissector that passes the tvb of the payload. This makes things A LOT simpler, but relies on the TCP dissector to make all decisions.
The "tap" logic passes tvb data
1. Before calls to process_tcp_payload
2. Before hf_tcp_segment_data fields (that aren't retransmissions or otherwise handled)
Follow up patches will be necessary to clean up all of the supporting "follow" functionality that is now useless.
Bug: 6925
Bug: 9780
Change-Id: I4e7f5d453519be839de39a109bafa899b9987139
Reviewed-on: https://code.wireshark.org/review/13038
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fix:
* Byte 0 of OSC MIDI argument denotes a 'port', not a 'channel'.
* Byte 1 is either
* 'system' message (0xf0 - 0xff) and handled byte-wise or
* 'non-system' message and handled nibble-wise
* Left nibble denotes 'status'
* Right nibble denotes 'channel'
Tidy up:
* Simplify/shorted format strings for whole MIDI message.
* Add 'port' value.
* Mask 'status' and 'channel' as twin nibbles.
* Change data bytes (Bytes 2, 3) to be reported as decimals by default.
* Mask data bytes (Bytes 2, 3) with 0x7f.
* Add note names for 'noteOn', 'noteOff', 'notePressure' messages.
* Add velocity value for 'noteOn', 'noteOff' messages.
* Add pressure value for 'notePressure', 'channelPressure' messages.
* Add 14-bit (7bit LSB, 7bit MSB) value for 'pitchBend' messages.
Change-Id: I651e76c6d53b01225c3245f10fc555310c7e8c8a
Reviewed-on: https://code.wireshark.org/review/13060
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Have the TCP dissector pass FIN bit to subdissectors (HTTP only one currently using it) so subdissector can use information to determine that no more segments are coming.
Bug: 9848
Change-Id: I4aebb5141f41d99598e4776bf25e74101016f5d1
Reviewed-on: https://code.wireshark.org/review/12984
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
We don't check HAVE_LIBPCAP elsewhere, and we do use GLib functions, but
don't use the GLib dynamic-loading APIs ourselves, and don't appear to
use anything from libpcap or libwiretap, so include only <glib.h> and
include it unconditionally.
Change-Id: I97f06f56b7d87c671c0aaea1a0e60f2df7adfbd1
Reviewed-on: https://code.wireshark.org/review/13067
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Extention -> Extension
Change-Id: I1624721b2e7725ec6129b3ad06327e25c0a6291d
Reviewed-on: https://code.wireshark.org/review/13053
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
VS2010 didn't like the extra ; in the variable declarations (C99 issue?)
Change-Id: Ic0fcd8342cdd3669172985a2d8023eb7b375c0b9
Reviewed-on: https://code.wireshark.org/review/13068
Reviewed-by: Michael Mann <mmann78@netscape.net>
That makes it clearer that they're libwiretap headers.
Change-Id: Ia78a3496913b901073ee59e62bfb72c1677450fa
Reviewed-on: https://code.wireshark.org/review/13064
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I4d54b851e3bd316e10edea29d1d7e311be338c71
Reviewed-on: https://code.wireshark.org/review/13054
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
If we're dissecting heuristically, and we don't have the full fragment,
but it looks like the beginning of an RPC call or reply, ask for more
data rather than rejecting it.
That way, we can recognize handle large calls and replies, such as large
NFS writes, when transported over TCP.
Clean up conversation handling while we're at it.
Bug: 11955
Change-Id: I0237255165a277a051d355810f1500cf4228d7c8
Reviewed-on: https://code.wireshark.org/review/13061
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Regular expressions follow the Qt Regex syntax, which is
formulated after the Perl Regex syntax. A more detailed
overview of the possible rules can be found at:
http://doc.qt.io/qt-4.8/qregexp.html
If a required option is present, even the double-click on
the interface will first start the options dialog (Qt only)
Required fields are marked bold and put first in the dialog.
Additionally if validation failes (which it will if a required
field is kept empty, but also if a non-required textfield is
violating the defined regex), the label of the field is marked
with red.
Change-Id: If04a1146d0dfa778332ab2a39122c7a6ee1e93d2
Reviewed-on: https://code.wireshark.org/review/12914
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Change some Netscaler ICA fields to display absolute time and
not epoch timestamp seconds.
Change Process ID field to display decimal number
Change-Id: I57eb8883f4699072df90c0ea351e4bce3313dc0e
Reviewed-on: https://code.wireshark.org/review/13049
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This makes it possible to use a capture filter on an interface
with user DLTs (147-162).
Bug: 11656
Ping-Bug: 11668
Change-Id: Ie9931b27e8dc8ea239e7e04e26d0ae1cacba50c9
Reviewed-on: https://code.wireshark.org/review/12996
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Add support for Generic Framing Procedure. Generic Framing Procedure (GFP)
is used to map octet-aligned variable length payloads (e.g. Ethernet, MPLS,
octet-aligned PPP, IP) into octet-synchronous signals such as SONET/SDH
(ITU-T G.707) and OTN (ITU-T G.709). GFP is a telecommunications industry
standard defined in ITU-T G.7041/Y.1303.
(https://www.itu.int/rec/T-REC-G.7041/)
Bug: 11961
Change-Id: Idf5b311e82b051b1ee65bde5149b3de405537b02
Reviewed-on: https://code.wireshark.org/review/13043
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If we ever need to look at the value of any field in the packet, we
should do it the way we do in the RTP analysis code, rather than walking
the entire protocol tree.
Get rid of an unnecessary extra level of indirection for the filter
string.
Change-Id: Ie95c0171da79e7f24019a3f67396f6a533959881
Reviewed-on: https://code.wireshark.org/review/13046
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Instead, prime the epan_dissect_t's tree to look for rtp.ssrc, and
extract that value with proto_get_finfo_ptr_array().
Also, have the filter used to check whether the packet is a candidate
for RTP analysis to check for RTPv2 (and add a check for IPv4 or IPv6
back to the Qt version), and get rid of an unnecessary extra level of
indirection for that string.
In the Qt version, if findStreams() set the error string, don't
overwrite it with a "No streams found." indication, and fix error
handling for the "filter didn't compile" case.
Change-Id: I09d0ea37ccd4806d99e3b6394f2a8a376e974705
Reviewed-on: https://code.wireshark.org/review/13045
Reviewed-by: Guy Harris <guy@alum.mit.edu>