These will be backported, for the benefit of Lua scripts that want those
specific file types/subtypes (typically in order to write files of those
types); that allows those types to be fetched without having to know the
right string to hand to wslua_wtap_name_to_file_type_subtype().
"i" and "j" are too similar, so it's easy to use the wrong one if you're
using both as array indices and not easy enough to notice the mistake.
Use somewhat more meaningful names when we fix the index.
Fixes#17252.
This pull request includes:
* The "Follow DCCP stream" feature.
* Updated docbook documentation for the "Follow DCCP stream" feature.
* Test for the feature.
* Corresponding packet trace for the test.
When we're walking the list of fragments to free, if we encounter
FD_VISITED_FREE, we can conclude traversal of this fragment list immediately
(and go to the next hash bucket), since everything subsequent to this point in
the list has already been processed by free_all_reassembled_fragments. This
trims an O(n^2) hash table iteration down to O(n).
Before this change, a very ugly 1.1 GByte TFTP capture (with lots of
out-of-order and retransmitted blocks) takes 4 hours to process with
tftp.defragment=TRUE -- output completes after 1.25 hours, and then about
2.75 hours of time is spent doing repeated list traversals within
free_all_reassembled_fragments...(!) With this change, the same test completes
in 1.25 hours, with the cleanup taking just 71 msec.
Tested also with reassemble_test under Valgrind; No issues/leaks were reported.
Instead of a "supports name resolution" Boolean and bitflags for types of
comments supported, provide a list of block types that the file
type/subtype supports, with each block type having a list of options
supported. Indicate whether "supported" means "one instance" or
"multiple instances".
"Supports" doesn't just mean "can be written", it also means "could be
read".
Rename WTAP_BLOCK_IF_DESCRIPTION to WTAP_BLOCK_IF_ID_AND_INFO, to
indicate that it provides, in addition to information about the
interface, an ID (implicitly, in pcapng files, by its ordinal number)
that is associated with every packet in the file. Emphasize that in
comments - just because your capture file format can list the interfaces
on which a capture was done, that doesn't mean it supports this; it
doesn't do so if the file doesn't indicate, for every packet, on which
of those interfaces it was captured (I'm looking at *you*, Microsoft
Network Monitor...).
Use APIs to query that information to do what the "does this file
type/subtype support name resolution information", "does this file
type/subtype support all of these comment types", and "does this file
type/subtype support - and require - interface IDs" APIs did.
Provide backwards compatibility for Lua.
This allows us to eliminate the WTAP_FILE_TYPE_SUBTYPE_ values for IBM's
iptrace; do so.
Use guint64 instead of u_int64_t. GLib might make it easier to use
standard types at some point[1] but they haven't yet. Make our offsets
unsigned.
[1]https://gitlab.gnome.org/GNOME/glib/-/issues/1484
We allocate a QMimeData object at the beginning of PacketList::mouseMoveEvent.
Usually, this object is passed to a QDrag object by calling drag->setMimeData.
In this case, the QDrag object owns the mime data object and frees it when
it's no longer required.
If the mime data object contains no data that can be dragged and dropped, we
reach the end of PacketList::mouseMoveEvent without anyone taking care of
the mime object. We have to free it ourselves in this case.
The problem can be reproduced if you add a custom column for an element that
does not exist in your capture file. Left-click onto the empty column and
drag the empty column entry somewhere. An asan build will then show the
memory leak
Indirect leak of 240 byte(s) in 2 object(s) allocated from:
#0 0x7f351e153d30 in operator new(unsigned long) (...)
#1 0x7f3500b79802 in QMimeData::QMimeData() (...)
Indirect leak of 32 byte(s) in 2 object(s) allocated from:
#0 0x7f351e153d30 in operator new(unsigned long) (...)
#1 0x5635156dfbc7 in PacketList::mouseMoveEvent(QMouseEvent*) ...
#2 0x7f3502eb94d7 in QWidget::event(QEvent*) (...)
Conversations Statistics suggested the connection initiator was
Address A because of an address/port comparison, when the packet
list says it was Address B. This behavior is changed then the
conversations statistics now suggest the real initiator. Exporting
data from these statistics allow a loyal re-processing.
Closes#16919.
It has bit-rotted.
Replace a bunch of compile-out "#if 0" with runtime "if (0)", and the "#ifdef
debug" with a static const, both of which should reduce the chance of this
bit-rotting again in future by ensuring that these code paths will at least be
compiled -- even if they are not actively used. The default is kept at FALSE,
so the behavior is unchanged, and toggling it still requires recompilation.
fd->data no longer exists; The nearest equivalent uses (dangerous!) tvb_get_ptr
to dump the address of the first byte of the tvb data, in case that is somehow
useful... I'm guessing it exists for live debugging.
We no longer have access to the structures for the hash keys. For the time
being, let's just #ifdef out the code that tries to print those keys. Maybe we
should move the key structures to an epan/reassemble-int.h so that we can
access them from this test code again...?
And zap an extra comma which snuck into a table... Clearly this code hasn't
been compiled in a while.
Tested with debug=FALSE and debug=TRUE, under Valgrind as well as natively, on
a Linux host.
The file request and file acknowledge APDUs of the auxiliary file system
resource are exactly the same as in the application mmi resource.
We already have a function that dissects file acknowledge. Move the
dissection of file request into a separate function as well.
Call the two functions for both ami and afs resources.
For QT >5.11, stringWidth() uses horizontalAdvance, which gives different
(longer) widths than the old boundingRect().width() method.
Other locations use the boundRect().width() method directly, resulting
in underestimating line widths and clipping the last characters in
the byte view window.
Fix by forcing all width calculations to use stringWidth().
Closes#17087.
The minimum required version of Qt is now 5.6, and thus the minimum
required version of macOS is 10.8. Reflect that in macos-setup, and
remove version checks and older packages installed to support
Snow Leopard and Lion.
In file included from ../sharkd_daemon.c:31:
../wsutil/wsgetopt.h:38:21: warning: redundant redeclaration of ‘optarg’ [-Wredundant-decls]
38 | WS_DLL_PUBLIC char *optarg;
| ^~~~~~
In file included from /usr/include/bits/getopt_posix.h:27,
from /usr/include/unistd.h:883,
from ../wsutil/socket.h:33,
from ../sharkd_daemon.c:28:
/usr/include/bits/getopt_core.h:36:14: note: previous declaration of ‘optarg’ was here
36 | extern char *optarg;
| ^~~~~~
In file included from ../sharkd_daemon.c:31:
../wsutil/wsgetopt.h:52:19: warning: redundant redeclaration of ‘optind’ [-Wredundant-decls]
52 | WS_DLL_PUBLIC int optind;
| ^~~~~~
In file included from /usr/include/bits/getopt_posix.h:27,
from /usr/include/unistd.h:883,
from ../wsutil/socket.h:33,
from ../sharkd_daemon.c:28:
/usr/include/bits/getopt_core.h:50:12: note: previous declaration of ‘optind’ was here
50 | extern int optind;
| ^~~~~~
In file included from ../sharkd_daemon.c:31:
../wsutil/wsgetopt.h:57:19: warning: redundant redeclaration of ‘opterr’ [-Wredundant-decls]
57 | WS_DLL_PUBLIC int opterr;
| ^~~~~~
In file included from /usr/include/bits/getopt_posix.h:27,
from /usr/include/unistd.h:883,
from ../wsutil/socket.h:33,
from ../sharkd_daemon.c:28:
/usr/include/bits/getopt_core.h:55:12: note: previous declaration of ‘opterr’ was here
55 | extern int opterr;
| ^~~~~~
In file included from ../sharkd_daemon.c:31:
../wsutil/wsgetopt.h:61:19: warning: redundant redeclaration of ‘optopt’ [-Wredundant-decls]
61 | WS_DLL_PUBLIC int optopt;
| ^~~~~~
In file included from /usr/include/bits/getopt_posix.h:27,
from /usr/include/unistd.h:883,
from ../wsutil/socket.h:33,
from ../sharkd_daemon.c:28:
/usr/include/bits/getopt_core.h:59:12: note: previous declaration of ‘optopt’ was here
59 | extern int optopt;
| ^~~~~~
In file included from ../sharkd_daemon.c:31:
../wsutil/wsgetopt.h:131:19: warning: redundant redeclaration of ‘getopt’ [-Wredundant-decls]
131 | WS_DLL_PUBLIC int getopt (int ___argc, char *const *___argv, const char *__shortopts)
| ^~~~~~
In file included from /usr/include/bits/getopt_posix.h:27,
from /usr/include/unistd.h:883,
from ../wsutil/socket.h:33,
from ../sharkd_daemon.c:28:
/usr/include/bits/getopt_core.h:91:12: note: previous declaration of ‘getopt’ was here
91 | extern int getopt (int ___argc, char *const *___argv, const char *__shortopts)
| ^~~~~~
Commit 69df23fc40 refactored sharkd_loop()
making the use of argv[] dependent on the #define _WIN32. Add _U_ for
the #ifndef _WIN32 case.
Suppresses:
> [2005/2398] Building C object CMakeFiles/sharkd.dir/sharkd_daemon.c.o
> /projects/wireshark/sharkd_daemon.c:357:33: warning: unused parameter 'argv' [-Wunused-parameter]
> sharkd_loop(int argc _U_, char* argv[])
> ^
> 1 warning generated.
Fedora and RHEL/CentOS put libsofthsm2.so in a different location
than Debian/Ubuntu, so look there too. This causes test_tls_pkcs11
to pass instead of being skipped (if softhsm2 and the other
prerequisites are installed.)
Save a copy of the pathname used to open a file in the wtap structure.
This allows the BER file reader to put a pointer to it in the
pseudo-header; it also would allow file readers to attempt to read
"associated" files that have the same name as the file, but with a
different extension.
Instead of having cf_open() special-case BER files, and calling a
routine in the BER dissector to specify the file name to the dissector,
have separate dissectors for "dissect packet payload as BER" and
"dissect a file as BER", and have the latter get the pathname of the
file from the pseudo-header and determine the ASN.1 syntax from that.
(Side-effect - this means that you can now dissect a BER file, and have
the syntax be determined by the file extension, in TShark as well; the
above cf_open() special-casing was *not* done in TShark, so it didn't
work before. Now the application code doesn't need to do any of that,
so it works in TShark as well as Wireshark.)
Eliminate WTAP_FILE_TYPE_SUBTYPE_ERF and
WTAP_FILE_TYPE_SUBTYPE_SYSTEMD_JOURNAL - instead, fetch the values by
name, using wtap_name_to_file_type_subtype().
This requires that wtap_init() be called before epan_init(); that's
currently the case, but put in comments to indicate why it must continue
to be the case.
Increase the minimum required version of Qt from 5.3 to 5.6. The various
Linux distribution versions that shipped with earlier Qt versions (RHEL
6, Fedora 23, openSUSE 13.2, Debian jessie, Ubuntu 16.04) have either
reached end of support or will do so soon.
The official Qt 5.6 releases for macOS require 10.8, so make that the
minimum macOS version.
Remove a bunch of no-longer-needed version checks.
When handling uncompressed packets:
* Add bounds checks before allocating or reading memory.
* Limit amount of memory allocated to the size of the IP header plus the
maximum needed size of the TCP header, not entire packet contents.
* Check for IPv4 before processing.
* Use more constant macros for easier reading and review.
When handling compressed packets:
* Add bounds checks when calculating size of compression header.
General:
* Add extra comments.
* Use reported length instead of captured length for calculating
syn+ack values (since that's what the sender would use).
* Added support for dissecting mPackets with arbitrary preamble length,
in accordance with IEEE 802.3br-2016
Changed fpp.preamble type from FT_UINT64 to FT_BYTES
* Allowed for capture device to signal non-integer preamble length by padding with zero.
Added fpp.preamble.pad to indicate any alignment padding bits
* Added missing printouts of SMD types
i.e. SMD-E, SMD-V, SMD-R, SMD-S0, ...
* Added missing printouts of decoded fragment numbers
i.e. 0, 1, 2, 3
Add dissect_pkt_line helper that dissects a single pkt-line and
simplifies the pre-existing dissect_git_pdu().
A later patch will make use of this same helper for HTTP support.
Part of #17093
Testing with tftpConversationError.pcapng attached to issue 10305 revealed this
warning on the console:
GLib-CRITICAL **: 16:47:08.092: g_str_has_suffix: assertion 'str != NULL' failed
The cause is that the filename retrieved from the tftpinfo struct could
potentially be NULL when dissect_a615a_heur is called, for instance if the TFTP
RRQ/WRQ was not captured or not associated with the same conversation as the
DATA packet.
It's interesting that this condition arises from this capture
file... Perhaps the conversation tracking is amiss? To be investigated.
Without knowing the filename, there appears to be no way to meaningfully
dissect the protocol beyond just dissecting just the file length and the
protocol version; For simplicity, I opted to maintain the present behavior and
have the heuristic test fail if the filename is not known.
Pascal Quantin