Change-Id: Ic0b5d7139e324cbbe786cb4a0cf7d9f924acdf04
Reviewed-on: https://code.wireshark.org/review/12818
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
for fix make distcheck
Change-Id: I20888b5ae719d2b9f361529f8fe6534bd7a01822
Reviewed-on: https://code.wireshark.org/review/12825
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I1a855b69f1d5213e73c8de3b49ceac9262898c95
Reviewed-on: https://code.wireshark.org/review/12827
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ifc99c47e4bf8c03355f60ab508cd7f9b2fb249e4
Reviewed-on: https://code.wireshark.org/review/12776
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This new extcap is for testing and educational purpose.
It relies on rankpkt-core functions to generate random packets.
Change-Id: If6890f0673545682995a2079458108edc0913b30
Reviewed-on: https://code.wireshark.org/review/11764
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
So include <epan/g_int64_hash_routines.h> to fix the build with those
versions.
Change-Id: I4c72ceff934ad0e94376c237130406f582dfce8f
Reviewed-on: https://code.wireshark.org/review/12820
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Kept backwards compatibility with GTK+ capture info dialog by keeping the protocols tracked hardcoded, but Qt should have more freedom.
Change-Id: I497be71ec761d53f312e14858daa7152d01b8c72
Reviewed-on: https://code.wireshark.org/review/12724
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This dissector was mostly code-reviewed in a previous change:
https://code.wireshark.org/review/#/c/11305
But it had an issue with a pointer using a sequence number (8 Bytes).
This change is meant to correct that, as well as a small formatting
error I found in the text shown.
Change-Id: Ib7e27eb2734c46e970b99161bd04438b5675bde4
Reviewed-on: https://code.wireshark.org/review/12660
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The col_item->col_custom_fields_ids list does not change between
packet so this can be initialized in build_column_format_array().
Change-Id: I171b583912dbd1568c3d85159fac1ab435dcaa7c
Reviewed-on: https://code.wireshark.org/review/12801
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We don't know when the capture started or ended (the time stamps of the
first and last packets aren't necessarily the time when the capture
started or ended), we don't know how many packets were dropped in the
capture process, and we don't know how many packets were seen in various
stages before they were received by whatever software dumped them out as
text, so we have no statistics to report.
Change-Id: Ia8bface63a95f925a6ccb19c32d188055809f203
Reviewed-on: https://code.wireshark.org/review/12812
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It doesn't need to exist after AirPDcapDecryptWPABroadcastKey() returns.
Change-Id: Ifaf08dfb285be3cf54429f7b77d44565962d4450
Reviewed-on: https://code.wireshark.org/review/12808
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It doesn't need to persist after the function returns.
Change-Id: Ic601a6ef6a0aa0f22f9c8b9a1c586cec95093f27
Reviewed-on: https://code.wireshark.org/review/12805
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Also add expert info "hint" that base64 decoding may be disabled.
Bug: 11853
Change-Id: Ib2138ae0c70e22f311e1369c66816ff9d6fbdb82
Reviewed-on: https://code.wireshark.org/review/12734
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I1b4545e132bce437570a1ea3afb2b707e7553f4b
Reviewed-on: https://code.wireshark.org/review/12718
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Improved the custom column prime regex so that all fields must be
separated by "||" or "or" to avoid false positives when having
multi-fields which is valid display filters but not valid for
custom columns (e.g. "udp and tcp").
Change-Id: Iec9942d458d6b265d04e14b5966907f1de43b782
Reviewed-on: https://code.wireshark.org/review/12751
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Change-Id: I4a90d1b2dbd5af4222ca4206f1c701842aa0d424
Reviewed-on: https://code.wireshark.org/review/12774
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Modify existing MainWindow::testCaptureFileClose() to handle restart scenario.
Bug: 9605
Change-Id: Ie57624ca482b050745474f5e1c61343f60292a42
Reviewed-on: https://code.wireshark.org/review/12733
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I34d24b05941f9a56c48273254d84cab3b91a12d5
Reviewed-on: https://code.wireshark.org/review/12780
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add support for Barracuda NGFirewall Ipfix Audit. Used documentation
found at https://techlib.barracuda.com/NG61/ConfigAuditReportingIPFIX
The configuration allows to switch between little endian and big
endian for a Ipfix collector. This commit expects big endian encoding.
However it seems that there is a bug in NGFirewall 6.1.1 which
interchanges the encoding (little-endian instead of big endian and vice
versa).
Bug: 11902
Change-Id: I84c497188eadedf6781dce309888242b0dc1592f
Reviewed-on: https://code.wireshark.org/review/12703
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
at the moment, AirPDcapDecryptWPABroadcastKey() does not free the buffer
allocated by AES_unwrap() if there's an error while parsing the returned data
this could be fixed by adding more g_free() calls or by using wmem
memory
Change-Id: I332968da2186fbd17cbb7708082fa701dcab668e
Reviewed-on: https://code.wireshark.org/review/12744
Reviewed-by: Michael Mann <mmann78@netscape.net>
return an error if our key is shorter than the key type required for the
encryption method we detected
this check prevents an out-of-bounds memory access when the key is copied
Bug: 11826
Change-Id: Ic779b5d87aa97a3b2d2b2c92ce12d0fff4a85adc
Reviewed-on: https://code.wireshark.org/review/12743
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
to make sure that AirPDcapDecryptWPABroadcastKey() does not leak memory
when it returns an error
Change-Id: I01dc8dc0d6cc1e72e9784a262e35e24844e35dbc
Reviewed-on: https://code.wireshark.org/review/12745
Reviewed-by: Michael Mann <mmann78@netscape.net>
rec_length_remaining is the amount of data we haven't already read from
the record; it starts out as the record length and gets decreased. It
is not the length of data in the packet.
Change-Id: I46cd78e29aee13a686f1f6c8efbe258277e15686
Reviewed-on: https://code.wireshark.org/review/12759
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Before reading the record header of a REC_FRAME{2,4,6} record, make sure
the record length is >= the length of that header.
Whe calling fix_pseudo_header(), pass the actual length of the packet
data, not the remaining length of the record (which may include
padding), so we don't read past the end of the packet data.
Bug: 11827
Change-Id: I1c63a4cb014c4616ffdd202660e68c576f266872
Reviewed-on: https://code.wireshark.org/review/12756
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Set initial value for confirmUnsavedCheckBox.
Change-Id: I7dfebf21e516a9d1be1bd3f543a00834222c9ff7
Reviewed-on: https://code.wireshark.org/review/12739
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Use this as a common regex to split multi-field custom columns.
Change-Id: I40f76743284c5981c95d2e47d6d1d2a7f357d2ea
Reviewed-on: https://code.wireshark.org/review/12753
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
for cipher_len==56, some bytes of the output array are not written
An alternative approach would be to add a check for cipher_len.
I understand from RFC 3394 that the AES key wrap algorithm works on
multiples of 64bits and has no upper limit, we couldn't easily reject 56
bytes cipher_len.
Bug: 11527
Change-Id: Ie82357bbe5512de391813dd55098df7a16bda9ae
Reviewed-on: https://code.wireshark.org/review/12741
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
The kernel sets the URBs status to -EXDEV in this case. Don't require
status == OK in this case.
Set pinfo->p2p_dir for USB packets. Sent/received is from the
perspective of the host.
Bug: 11868
Change-Id: I2be2348507bef47272d3d8786019ec90457141ac
Reviewed-on: https://code.wireshark.org/review/12731
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
GTK already has it, but Qt forgot about it, so multi-field custom column
works ok if previously saved in GTK-shark. Invalid validation prevent from
modifying and saving multi-field custom column in Qt version.
While at it, rename "custom field" to "custom fields" to ensure
we think about multi-field custom column.
Change-Id: I99588150ccb38be11b75f5dd5b0f6443e7055ebb
Reviewed-on: https://code.wireshark.org/review/12685
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I37602d0e2148150b55b2812855bccf2f181d31b8
Reviewed-on: https://code.wireshark.org/review/12737
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The working directory for g_spawn_sync should not be escaped, it is
simply passed to chdir. The escaping was needed for the command, so do
so (hmm... maybe the argv arguments should be escaped too for Windows).
Also remove an unnecessary NULL command argument for extcap_foreach.
Note: there is still a memleak when exiting because the ifaces table is
not cleared after querying the list.
Change-Id: I1251d623b954a81848044b6d1faf8dcec8ce465b
Reviewed-on: https://code.wireshark.org/review/12530
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Qt already has a menu item for this in Statistics -> Capture File Properties
Bug: 9628
Change-Id: I85dd6f85d43fbfb60c2f4db82d9a02d91866127c
Reviewed-on: https://code.wireshark.org/review/12725
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
It's always TRUE.
Clean up indentation while we're at it.
Change-Id: I11f5b849274b68bbda4fa32a8d909d6d5e71cbb1
Reviewed-on: https://code.wireshark.org/review/12732
Reviewed-by: Guy Harris <guy@alum.mit.edu>