Use the 'r' prefix to prevent backslashes from being interpreted.
Change-Id: I736d70c72a862086501a59b3c1acac0d77e2d6d3
Reviewed-on: https://code.wireshark.org/review/30840
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
GnuTLS is an optional dependency, allow tests to run without it.
Change-Id: Ib1bd7beaf1d885a157a0e1a630ccc4fbc8786af1
Reviewed-on: https://code.wireshark.org/review/30839
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The case_decrypt_tls.test_tls_rsa_pq test is unexpectedly passing when
GnuTLS is disabled. It checks for '/' in the output, but that also
matches an error message. Use assertRun here and pretty much everywhere
else to catch such issues. Remove a few redundant returncode checks.
Change-Id: I0f9d1dadc0ca73eef9cffb3e2f452aa7c8395c95
Reviewed-on: https://code.wireshark.org/review/30838
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Dissector code added flag values in the flag branch label.
Values should be added by proto_tree_add_bitmask.
Individual flags were all '0' when expanding the branch
in the packet details window.
Use proto_tree_add_bitmask_with_flags instead and correct
flags values and length (as in packet-ip.c). Remove flag
values adding to label "by hand" and remove unused local vars.
Change-Id: Id5bc63d2e1a0453664d21f554f0f3b8c36d7263f
Reviewed-on: https://code.wireshark.org/review/30835
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Travis still uses Ubuntu 14.04 which ships with GnuTLS 3.2.11-2ubuntu1.
That package uses libgmp10 5.1.3+dfsg-1ubuntu1 which is not GPLv2+
compliant (libgmp10 6 or newer is needed), but aside from that it still
works. Drop the version requirement to enable GnuTLS with Travis builds.
Change-Id: I235f1127e4f56df3e16b5fa279f1929a1b9577f6
Reviewed-on: https://code.wireshark.org/review/30842
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Show the packages that are about to be installed.
Change-Id: Ifef21ae852075c5eb672bc0ca7b360f5b438283a
Reviewed-on: https://code.wireshark.org/review/30841
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
More information on Apple's proprietary AWDL protocol can be found in
Milan Stute, David Kreitschmann, and Matthias Hollick. "One Billion Apples'
Secret Sauce: Recipe for the Apple Wireless Direct Link Ad hoc Protocol"
in ACM MobiCom '18. https://doi.org/10.1145/3241539.3241566
Bug: 15245
Change-Id: I5ce18125b3c957f338909e46f18e30405a3d3941
Reviewed-on: https://code.wireshark.org/review/30413
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Switch from RSA decryption using Libgcrypt to GnuTLS. This prepares for
decryption using a PKCS#11 token. Requires GnuTLS 3.0.2 (or newer).
Change-Id: Ic42d84c825488e1f45b443a3e56d01600dd594c9
Reviewed-on: https://code.wireshark.org/review/30833
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Upcoming changes need GnuTLS >= 3.0.2. Require GnuTLS 3.2 (or newer) for
licensing reasons. The Debian control file still mentions 3.2.14 because
older packages linked with a GMP library that was not GPLv2+ compatible.
RHEL6 only has 2.12.23, but is already unsupported anyway.
Change-Id: I024b2a734ebb16b73a624bb2435c254e963d8b7d
Reviewed-on: https://code.wireshark.org/review/30832
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
RSA private keys can only be used for decrypting TLS sessions with a
full handshake that use the RSA key exchange. However currently the RSA
private key is always looked up even if it cannot be used (for example,
due to an (EC)DHE cipher or due to a resumed session).
Defer lookup of these private keys and make some more code conditional
on the availability of GnuTLS at compile time since future changes
switch to GnuTLS for RSA decryption.
Change-Id: I31dfd6cdfbd733818c798b1fb0e895cf5a987c5a
Reviewed-on: https://code.wireshark.org/review/30831
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Extcap executables require libwsutil.dll from the program directory.
These were loaded by setting the PATH environment variable, but this
is not thread-safe (and caused sporadic tests failures as a result).
Use SetDllDirectory instead, this also prevents loading DLL files
from arbitrary directories in PATH.
To make this work, the search logic for Npcap has to be modified to
avoid relying on SetDllDirectory. This implies that Npcap cannot be
used on Windows 7 anymore until KB2533623 (July 2011) is applied.
Change-Id: I3fc42ff76e75ae162b6dd31103451fb8f71c09e6
Reviewed-on: https://code.wireshark.org/review/30804
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Currently our Windows code looks for data files in the same
folder as the binary executable (presumably to make the
application relocatable, although it should be possible
to improve this with relative paths?).
Ping-Bug: 15301
Change-Id: I0fef4e87dc9d1d8edef81dd11755761fddd0fd12
Reviewed-on: https://code.wireshark.org/review/30819
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
libwireshark and libwiretap have their INTERFACE link dependencies
changed to the required set.
libwsutil keeps a default public visibility. Further work may
show some unneeded link requirements.
The executable dependencies are adjusted accordingly.
Change-Id: I3a534f72403819cac136ae47a3d80acee76e0fb3
Reviewed-on: https://code.wireshark.org/review/30815
Reviewed-by: João Valverde <j@v6e.pt>
Pass the correct buffer size to find_signature so that we don't read
past it.
Bug: 15279
Change-Id: I822ed0fe8b48196dadd9c0062ed53fa1c4f6f404
Reviewed-on: https://code.wireshark.org/review/30809
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Fix the pattern match in make-no-reassembly-profile.py. Have it only
write changed preferences.
Change-Id: I14f23a56f9ec598930591fae9eac2f14747c55bb
Reviewed-on: https://code.wireshark.org/review/30805
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Make sure a pointer isn't NULL before trying to dereference it.
Bug: 15280
Change-Id: If2686940a0347154d9a59f5e2141511e7e1f49a4
Reviewed-on: https://code.wireshark.org/review/30807
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Due to the lack of setting the size of the data objects,
the exported objects file contains junk data. Set the
actual size of the object data feed to the tap.
Patch originally from Darius Davis <darius@vmware.com>
Bug: 15304
Change-Id: I020a9f010e97f960e8a60b4c991acd0f678ec39c
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30803
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Resolve our output encoding name to something that's hopefully the same
on all platforms so that we don't print
Warning: Output encoding is utf-8 and not UTF-8.
on Windows.
Change-Id: I9c7703eac6e12f5a95f701e8a9bea7d17a513fef
Reviewed-on: https://code.wireshark.org/review/30795
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When we capture from multiple interfaces, we won't necessarily write our
IDBs in the same order we read them. This means that we need to call
pcapng_adjust_block when we write packets, not when we read them.
Otherwise we might map a given capture source's local interface number
to the wrong global IDB entry.
Bug: 15311
Change-Id: Ia787d7f167dcd18d432020a715e2321f4060b851
Reviewed-on: https://code.wireshark.org/review/30798
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a script that disables all of our desegmentation and reassembly
preferences and use it to create a "No Reassembly" profile.
Change-Id: Icd0b72e9e271a511e637acde9018f3aae018e589
Reviewed-on: https://code.wireshark.org/review/30799
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The attribute value of the ifname attribute is a 0-terminated string that
contains the interface name. Add an hf variable for this name and
display it as a string.
Change-Id: I0bd4caae49274f3e471a6eefb210db8d56f020f7
Reviewed-on: https://code.wireshark.org/review/30789
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Wslua converts an invalid ethernet address to all 0's. Add a test for
this case.
Change-Id: I59bd1f9e0b94805c563fe891b22cadd32ae054d8
Reviewed-on: https://code.wireshark.org/review/30791
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix `tools/generate-nl80211-fields.py --update` to match the output from
v2.9.0rc0-1896-g43134ae252 ("netlink-*: fix various VALS/TFS misuse").
Update to match nl80211.h from Linux v4.19-rc6-1865-g0d4e14a32dca.
Change-Id: I101146867a62f2f881752c42229a218c12d6dda7
Reviewed-on: https://code.wireshark.org/review/30794
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Due to a incorrect check the details of MCAST-VPN NLRI were
never dissected. Also the Originating Router's IP Addr of a
S-PMSI A-D Route was not dissected.
Bug: 15307
Change-Id: Ic7481ed034e4cbf0dcab4aa150f05da2f5aac508
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30796
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When frame data exceeds the snap length given in the PCAP file header,
add an expert item warning of this inconsistency.
Change-Id: I700fd987320d7505aee33158895ba32ec2b480f6
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30788
Tested-by: Petri Dish Buildbot
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The TFTP protocol uses 16-bit block numbers. After block 65535, the block
number simply wraps back to zero. This change implements recovery of the bits
lost from the upper end of the block number, allowing for correct tracking of
block numbers in large TFTP transfers. The resulting "Full Block Number" is
added to the TFTP tree, marked as GENERATED; The "Full Block Number" is now
used in all places which previously received the truncated 16-bit block number.
An expert note is added when the block number at the protocol level is about to
wrap around to zero.
I chose to use 32 bits for the block numbers... even with the absolute-minimum
blocksize (8 bytes), that allows for 32 GByte files to be correctly handled;
With a more reasonable blocksize, it theoretically allows for files on the
order of terabytes.
Testing Done: On macOS 10.12.6, built Wireshark, and examined a handful of
TFTP packet captures in the GUI, including the transfer of a large file
(115,836 blocks of 1,456 bytes each). Observed that the packet info shows
untruncated block numbers where previously the displayed block numbers would
wrap back to zero after block number 65,535. Constructed a few packet
captures with bizarre sequences of block numbers, and observed that they
were dissected as expected. Checked that a display filter for "tftp.block"
and "tftp.block.full" worked as expected.
Bug: 15305
Change-Id: Ic72ca49c975b1db76e8c5653e64e2a7c34eede5d
Reviewed-on: https://code.wireshark.org/review/30775
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Replace a TAB with spaces.
Change-Id: I3d5c79af4116614ef78dd8a71eb42e93875c0637
Reviewed-on: https://code.wireshark.org/review/30790
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
- Adding rfc4884 support failed to properly add the unused fields if
no length field was present.
- The was a logic error when both length and MTU size were present.
- reformat the lines in that section to no longer adhere to 80 columns
Change-Id: I3bcca25cc7d5e866a040c5c6a8011144ebc3370e
Reviewed-on: https://code.wireshark.org/review/30781
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fixes a bug where the packet direction was reversed
for WTAP_ENCAP_BLUETOOTH_HCI (aka raw HCI or H1).
Change-Id: I2f404ed543062818ac6a8c6ca58d5ecfd7644bc8
Signed-off-by: Allan Møller Madsen <almomadk@gmail.com>
Reviewed-on: https://code.wireshark.org/review/30778
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The deadlock can be observed with a slow malloc implementation, e.g.
ASAN_OPTIONS=fast_unwind_on_malloc=0 tshark --version
(This calls extcap_run_all which uses threads and ws_pipe_spawn_sync.)
Change-Id: Iff329c465c53ed177980368cd645f59222f88dd3
Reviewed-on: https://code.wireshark.org/review/30777
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
While --extcap-interfaces is now run in parallel, --extcap-config (for
each discovered interface) would only run sequentially after that. Make
sure that the latter command also fully parallel and do not wait for all
extcap interfaces to be discovered first.
This saves another 80ms startup time on Linux (unoptimized ASAN+Debug).
Change-Id: I303fd8fda647b304d5bdaf048a3d1628ec9e02b4
Ping-Bug: 15295
Reviewed-on: https://code.wireshark.org/review/30773
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
RFC 6733, ch3. specifies message length field as three octets and indicates the
length of the Diameter message including headers and padding.
Change-Id: I73694a085bbafb3ae280e02fa4c9e26868b31f76
Reviewed-on: https://code.wireshark.org/review/30772
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The installation step cannot depend on CMAKE_CFG_INTDIR.
This step is executed in a cmake script without the build
tool so variables like $(Configuration) of Visual Studio
don't get substituted, breaking the installation.
Ping-Bug: 15301
Change-Id: Idc0c48b6dc440ad1d9b2d6a2824cc89190997b60
Reviewed-on: https://code.wireshark.org/review/30784
Reviewed-by: João Valverde <j@v6e.pt>
While at it prefer to use add_definitions() instead of config.h. This
puts all definitions in the same place and limits the scope to the
respective wsutil API.
Change-Id: Idc30914220b876865e0ae47709e6f17eb9b0fc2c
Reviewed-on: https://code.wireshark.org/review/30782
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
Install headers to support plugins development on Windows.
Change-Id: I3161bd2f730edf62ab44fee6ce4fedbb9aee0d31
Reviewed-on: https://code.wireshark.org/review/30776
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
The glib gboolean and integer types are used interchangably,
while a proper use is easily achievable.
While at it, replace the duplicate definition of the IPv4 source
and destination addresses (endian sensitive).
Change-Id: I5378544f370dc41962eb6303ddeeecb184db14f4
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30770
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Instead of annotating every TFTP ERROR packet as "TFTP blocksize out of range",
let's flag them as TFTP error packets using their own expert info type.
Let's also try to figure out whether an ERROR packet represents a "close"
operation after a transfer-size ("tsize") query. Such ERROR packets aren't
really errors, so we can use a separate expert info type to report those with
lower severity.
Testing Done: On macOS 10.12.6, built Wireshark, and examined a handful of
TFTP packet captures in the GUI, including tsize probes and real errors
(file not found, permission denied). From the menu, chose Analyze > Expert
Information, and saw the tsize probes listed together at "Chat" severity,
and actual errors reported at "Warning" severity, all appropriately labeled.
Change-Id: I5605ce00559264ed94a47435c8f6d253f143fefb
Reviewed-on: https://code.wireshark.org/review/30760
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In RTI Connext DDS 5.3.3 and later PID_TYPE_CONSISTENCY has six
new fields: Ignore Sequence Bounds, Ignore String Bounds,
Ignore Member Names, Prevent Type Widening, Force Type Validation,
Ignore Enum Literal Names.
Change-Id: I456097a3baf733351dcb86f2cba0a3f03d2fc100
Reviewed-on: https://code.wireshark.org/review/30753
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
packets.
Topic Information Feature used to link packets belonging to the same
topic now is used in APP_ACK and APP_ACK_CONF packets.
Change-Id: Ib4e1dd4dfed41962bc76e8600a1213247a3bf588
Reviewed-on: https://code.wireshark.org/review/30752
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Gerald Combs