Having a single function call to format source-destination port column info serves the
current (and presently only) use case better by having a single place to manage the
display format.
This commit does not introduce any actual formatting changes.
Change-Id: I1d479d0fd5690d12afb47e538057fdc2dd369ca2
Reviewed-on: https://code.wireshark.org/review/11539
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The only remaining explicit user of the packet_info members is the NTLMSSP dissector. However, there may be "hidden" use of it in the spnego dissector passing between ASN.1 functions.
Someone more familiar with the protocols could possibly trim some of the "extra copies" between packet_info and gssapi_encrypt_info_t structure, but I went the "better safe than sorry" route.
Change-Id: I160d2cfccadc5f49b128609223cdff0162c3ca85
Reviewed-on: https://code.wireshark.org/review/11575
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Also allow displaying the IPv6 header (correctly) as exactly 40 bytes long in
the bytes pane.
Ping-Bug: 10705
Change-Id: I1b4ea74202d519e7faf86c1c0f4f3c23403c2b2a
Reviewed-on: https://code.wireshark.org/review/11608
Reviewed-by: Michael Mann <mmann78@netscape.net>
Otherwise it can lead to a false verdict in after the check for Wireshark uninstall registry entry
Bug: 10867
Change-Id: I213ac8ffadfb3578b05d33b996540bd4330a0ec5
Reviewed-on: https://code.wireshark.org/review/11621
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
This is intentionally broken off of SSL to avoid confusion when UDP is involved.
Change-Id: Icfd3054be6aed2ebbd850a608efbc24f1a8f3831
Reviewed-on: https://code.wireshark.org/review/11612
Reviewed-by: Michael Mann <mmann78@netscape.net>
Since ssl_dissector_[add|delete] only take TCP dissectors, remove the parameter and just use it within the "internal" ssl_association_add call.
Change-Id: I0fdf941389934c20cbacf910250e17520614e706
Reviewed-on: https://code.wireshark.org/review/11591
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
SSDP now has its own protocol id to filter on (and use in Decode As), but all other fields are still HTTP as SSDP still doesn't have its own dissector.
Bug: 6190
Change-Id: I43394fb78ac699f0b06b9aa29df11a4e5345e260
Reviewed-on: https://code.wireshark.org/review/11616
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
In response PDUs we may only get a smb2_fid_info_t
via si->saved->file instead of si->file.
Change-Id: I1e1ecdabec6267f4e4ee9246d020fe6e51a13c1d
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/11598
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add expert info to the Change Cipher Spec tree when session resumption
is detected. This can be used as hint that decryption using a RSA key
file will not succeed because of missing key material.
The name of this expert info is "ssl.resumed" or "dtls.resumed" and the
expert info message is "This session reuses previously negotiated keys
(Session resumption)".
Change-Id: I4a83edb13417631c97d6cfc4a57e2086bd217878
Reviewed-on: https://code.wireshark.org/review/11583
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
While we're at it, get rid of a commented-out include, and update a
comment to give more information.
Change-Id: I910a26a3d7f4a50f0559abe5f2ab97a93c80357f
Reviewed-on: https://code.wireshark.org/review/11610
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It's a floating-point operation, so just use 4294967296.0.
Change-Id: I97258c8058821b6d46d740668271c0803617cdc1
Reviewed-on: https://code.wireshark.org/review/11615
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Use QDesktopWidget instead of QGuiApplication + QScreen. The former
exists in the Qt 4 API.
Ping-Bug: 11568
Change-Id: Icfbe9f78659b28efbc86061f94d946f70ab6dc41
Reviewed-on: https://code.wireshark.org/review/11604
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Change-Id: I1e4700b505746c49ea518dc401be590740720a57
Reviewed-on: https://code.wireshark.org/review/11600
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
I guess it's not at risk of being clobbered by a longjmp() in a way that
affects the behavior of the code, but the older GCC on that buildbot
doesn't do the dataflow analysis to figure it out.
Change-Id: I770380e2a22d00aeccf5937203bc70968712d37f
Reviewed-on: https://code.wireshark.org/review/11611
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The field that uses it is also "#if 0"'ed out.
"#if 0" out, rather than commenting out, the variable for that field, for
consistency.
Change-Id: If3c6ba6c780f41b35d3f28adcf4d8a29117c4652
Reviewed-on: https://code.wireshark.org/review/11609
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This includes wsutil/file_util.h, which includes io.h, so we don't need
to include it ourselves.
Change-Id: I96b111d2b5a4f27895c1e4b19c31eee2a4d5d554
Reviewed-on: https://code.wireshark.org/review/11595
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Id4d8d9a2d2befee7b82ac4e0e6f2f1b8f03b4532
Reviewed-on: https://code.wireshark.org/review/11603
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
A change-list is as follows:
- Removed un-necessary dissector revision updates from the file header since GIT tracks these nicely.
- Added proper size detection of Modbus RTU messages (including exception responses), when dealing with partial TCP segment reassembly.
- Moved the 'register' decode preferences to the Modbus dissector as TCP vs. RTU granularity isn't needed in this case.
- Obsoleted un-unused 'address type format' user preferences
- Cleaned up dissect_modbus_data to remove proto_tree_set_text instances.
- For decoded register tree objects, use register 'address' instead of 'value' for the filter field to provide a more useful filter.
- Added in conversation support, to attempt to track responses back to matching requests.
- Use conversation support to attempt to populate proper register address offsets in the response messages. Currently each request is saved and each response looks for the last prior request that matches the function code.
- Re-factored Modbus dissector to split apart request vs. response decoding. This has led to cleaner code paths, but some duplication where replies and requests are identical format.
Change-Id: I0c86ae85b8ae4cc59b037e5f68f408833205fadd
Reviewed-on: https://code.wireshark.org/review/9914
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It is no longer supported on El Capitan's clang, which was causing my
cmake/osx/qt build to fail with:
clang: error: optimization flag '-fno-delete-null-pointer-checks' is not
supported
Change-Id: Idfac336758cdea9a34446d8281cd237ad3ee6823
Reviewed-on: https://code.wireshark.org/review/11571
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
Fixes memleak in reassemble.c
480 bytes in 60 blocks are definitely lost in loss record 3,010 of 3,059
at 0x4C28C10: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0xADA3328: g_malloc (in /usr/lib/libglib-2.0.so.0.4600.1)
by 0xADBA512: g_slice_alloc (in /usr/lib/libglib-2.0.so.0.4600.1)
by 0x6575C7D: fragment_reassembled (reassemble.c:804)
by 0x6577785: fragment_add_seq_check_work (reassemble.c:2027)
by 0x6577880: fragment_add_seq_next (reassemble.c:2068)
by 0x6E614E6: dissect_sccp_message (packet-sccp.c:2875)
by 0x6E63641: dissect_sccp (packet-sccp.c:3401)
by 0x6546CF7: call_dissector_through_handle (packet.c:620)
by 0x6546EA1: call_dissector_work (packet.c:706)
by 0x6547A04: dissector_try_uint_new (packet.c:1163)
by 0x6547A65: dissector_try_uint (packet.c:1189)
Change-Id: I0117b48e1e5d5688c49f264f24387dd6de1d6e08
Reviewed-on: https://code.wireshark.org/review/11541
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
We don't have any Flex scanners that support an interactive command-line
interface, so none of our scanners are, or need to be, interactive.
Mark text2pcap's scanner as not interactive.
That means none of our scanners should call isatty(), so they don't have
any need to include <io.h> on Windows; remove that include from the
Lucent/Ascent text capture scanner.
Update a comment to reflect that what matters isn't whether we can read
from a terminal or whether we actually do so, what matters is whether
they read *interactively* from a terminal (if you want to run text2pcap
reading from the standard input and type at it, be my guest).
Change-Id: I59979d1fdb37e1913125a400963ff7a3fa6b9bbd
Reviewed-on: https://code.wireshark.org/review/11587
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
On Windows (and probably X11) it's possible to set an offscreen window
geometry. Add a rect_on_screen function to qt_ui_utils and use it as a
sanity check in MainWindow::loadWindowGeometry.
If this doesn't work well (e.g. if we end up with dueling Qt and GTK+
geometries) we might want to create separate Qt and GTK+ preferences.
Bug: 11568
Change-Id: Icde1181671770356e87f07d584894ec3148e1bd2
Reviewed-on: https://code.wireshark.org/review/11584
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
I don't know where Matthew Gast got his 4.9 GHz channels, but IEEE Std
802.11-2012 and ARIB STD T-71 have something different.
Change-Id: I5d86b12193e38422d3702f36cb106fe858daa4b5
Reviewed-on: https://code.wireshark.org/review/11585
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Updated the WSDG Windows build instructions to use CMake.
Change-Id: I5006c07e09ec6f628e8bc44006a3f1086e831a3c
Reviewed-on: https://code.wireshark.org/review/11485
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Found by clang analyzer.
Change-Id: Idb2e80edbb5b264fd257a7b4208ff75bd543df88
Reviewed-on: https://code.wireshark.org/review/10970
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
not including the padding and auth data.
Change-Id: Ib883fcb44def8d6fbdde19729519b40b32d78577
Reviewed-on: https://code.wireshark.org/review/11563
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Added the option --extcap-capture-filter to extcap to send the capture filter
from the main screen to the extcap binary.
Change-Id: I75f0d7dbec810551225377f9221053298488cdd5
Reviewed-on: https://code.wireshark.org/review/11423
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
This fixes a regression in commit e0e574d167.
Change-Id: I447001a84e17a76ec77c48f736bbfcd8cc6324a1
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/11574
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This fixes a regression in commit e0e574d167.
Change-Id: Iccdeeb488ec70727fc637ca548637e5a5e54ef1c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/11573
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Code has been restyled towards a more modular approach. This will allow
the split of the code into a core and an app. Once splitted the code can
be reused by other apps, useful for testing.
Change-Id: I96083a7cc1a3417d10961700e5c7c27d32e350e8
Reviewed-on: https://code.wireshark.org/review/11355
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Found by clang analyzer.
Change-Id: I1c5cb13e174df588c8834508b10790d3fd5b272a
Reviewed-on: https://code.wireshark.org/review/11564
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Clean up indentation while we're at it.
Change-Id: If2068fe17664d78c8fc9747b0ee63bac0213d174
Reviewed-on: https://code.wireshark.org/review/11567
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add "placeholders" in Profinet dissector to make that possible.
Change-Id: I000069ec72b5810c5675a30df1c121aa179000b3
Reviewed-on: https://code.wireshark.org/review/11557
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This is hopefully just the first step in getting DCE/RPC dissection to use "standard" APIs instead of homegrown ones.
For starters, it allows Decode As functionality to be less hacky (although incomplete in Qt)
Change-Id: Ia0923a3d8d514ab7acce32e26ee7e08f6e24feca
Reviewed-on: https://code.wireshark.org/review/11468
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The target here is the Decode As dialog where protocols have multiple registrations into a dissector table and that shows up as multiple entries in the Decode As dialog list with the same name so users are unsure which "dissector" they are choosing.
The "default" behavior (done in this commit) is to not allow duplicates for a dissector table, whether its part of Decode As or not. It's just ENFORCED for Decode As.
Bug: 3949
Change-Id: Ibe14fa61aaeca0881f9cc39b78799e314b5e8127
Reviewed-on: https://code.wireshark.org/review/11405
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>