The libpcap library on Windows can fill error buffer with localized
message obtained from system. The localized message is encoded in active
code page and can contain non-ASCII characters.
Bug: 15715
Change-Id: I7451c6831ae83503ddeb5314e172c76f3dab500e
Reviewed-on: https://code.wireshark.org/review/32993
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The functions loaded from dll are prefixed with "p_".
Use the dll functions where appropriate.
Change-Id: I7cf2c7dc0d04502fa7f922ca2822808bdc02f324
Reviewed-on: https://code.wireshark.org/review/33010
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Do not fully trust the output from neither pkg-config nor pcap-config.
These tools might provide bogus output. Instead, use their outputs as
hints to let CMake find the correct include and (static) library paths.
Correct some variable names (PCAP_STATIC_LIBRARIES and PCAP_INCLUDE_DIRS
*must not* be the result of find_path/find_library) and ensure that an
empty include directory from pkg-config does not result in an empty
PCAP_INCLUDE_DIRS variable that would break the build.
Change-Id: If3de90fb497d8163d92e4fe190a227159f0b6acb
Fixes: v3.1.0rc0-645-gc602119bcf ("Use pkg-config if possible; if not, use pcap-config if present.")
Reviewed-on: https://code.wireshark.org/review/32999
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
First try finding libpcap with pkg-config. If that fails (either because
the system doesn't have pkg-config or because it does but there's no .pc
file for libpcap), check for pcap-config and, if it's present, use that,
otherwise fall back on manually searching for it.
Pick up the code from tcpdump's FindPCAP.cmake.
Change-Id: I87963aaa7cccac0b5cd942f48eb5d08779695f92
Reviewed-on: https://code.wireshark.org/review/32992
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add extra fields to display the components of the layout
nfl_util for the files layout type. These components include
whether the layout is dense or sparse, whether the client
should send the commit to the metadata server or data server
and lastly the stripe unit size.
Change-Id: I8c054c68353eb5bd711b2f95d8dcf74ecc2aab03
Reviewed-on: https://code.wireshark.org/review/32952
Reviewed-by: Anders Broman <a.broman58@gmail.com>
proto.h:853:5: warning: declaration is marked with '\deprecated' command but does not have a deprecation attribute [-Wdocumentation-deprecated-sync]
proto.h:866:5: warning: declaration is marked with '\deprecated' command but does not have a deprecation attribute [-Wdocumentation-deprecated-sync]
Change-Id: I50a462c7a05f36ba60484980fd8ae9026effc047
Reviewed-on: https://code.wireshark.org/review/32922
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I9b0c6b118b5f866abc969a437bbd9b9a28271bf0
Reviewed-on: https://code.wireshark.org/review/32841
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The easiest way to trigger the crash was to forget the {display=...} in the
extcap config value sentence.
This change fixes the crash by simply ignoring invalid value sentences.
Bug: 15668
Bug: 15728
Change-Id: I2f41682460c3e08fa766046949f013247bc0a846
Reviewed-on: https://code.wireshark.org/review/32984
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When a stream index is explicitly given (as is done for items from the
Conversations statistics dialog), it does not have to query the stream
index from the packet list. Skip checking the packet list then.
Bug: 15672
Change-Id: I3f79e6a0997726535c38f9766b894b042ffbf916
Reviewed-on: https://code.wireshark.org/review/32972
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When extcap is started for capture, the argument call is appended to extcap
commandline if the associated value is not empty or the argument is boolflag.
Unfortunately such rule did not apply when constructing the arguments list
for selector reload action. This could lead to extcap being called with
the argument calls without required values (eg. multicheck, selector, string).
This change makes the --extcap-reload-option selector to not contain argument
calls for which the value is not available.
Bug: 15725
Change-Id: Ic2456c03b3eb7c7525d19e64ea02afd99ed5f6cb
Reviewed-on: https://code.wireshark.org/review/32967
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
IEC 60870-5-101 is the traditional serial version of '104. The headers are different but the ASDU dissection is identical.
Changes made to the '104 dissector to accommodate '101 are as follows:
- Added in a new protocol dissector 'iec60870_101'. This dissector handles the '101 header and calls the ASDU dissector when required.
- The existing '104acpi' dissector has been renamed to 'iec60870_104' to better align with the '101 addition
- The '104asdu' protocol has been renamed to 'iec60870_asdu' in order to make it more generalized between the two variants. Updated variable names and display filter fields as needed.
- 3 preferences exist in the iec60870_101 dissector to allow for configurable length of the COT, ASDU Addr and IOA fields. These are fixed their max length in '104 (2, 2 and 3 octets respectively) but are configurable in '101.
- The ASDU dissector has been modified to accept a data parameter that contains the fixed/configurable lengths of COT, ASDU Addr and IOA fields.
Bug: 15688
Change-Id: Ib0c918a40d24967caa8588067fa9e9a240af4ca5
Reviewed-on: https://code.wireshark.org/review/32802
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When gathering our dependencies, work around an issue with libbrotli's
install name similar to what we do with libssh.
Bug: 15730
Change-Id: I571746848e3343d81c286be66f6fe6510c698d6f
Reviewed-on: https://code.wireshark.org/review/32990
Reviewed-by: Gerald Combs <gerald@wireshark.org>
It looks like PSIDs have a maximum length of 4 bytes. If we encounter an
invalid PSID, add an expert item to the tree and return.
Bug: 15604
Change-Id: I74e45a56bb0322d4ef95f87a5e2a11c32f43f00a
Reviewed-on: https://code.wireshark.org/review/32986
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Creating Job Object named "Local\Wireshark child process cleanup"
results in the job being shared between all Wireshark instances run
within a single session.
When two or more Wireshark instances were running, debug message appeared:
"Could not assign child cleanup process: Access is denied. (5)"
As the child process was not assigned to a job, it was possible that the
child process was still active even after Wireshark did terminate.
This fixes the issue by creating unnamed job object which is not shared.
Change-Id: I59adc2aacff0151802163f155d68cbc8022c1479
Reviewed-on: https://code.wireshark.org/review/32985
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Even though the three route subobjects type values overlap (mostly),
the range for RRO subobjects is not limited by an l-bit. For regular
type values this makes no difference, there is a difference for the
private subobjecs of an RRO. With the restriction on type value in the
code the private subobjects of RRO could never be reached.
Removing the type value limitation for RRO solves this. While at it
remove the superfluous rsvp class check for these high type values.
Change-Id: I63941085919902ab74f4b4b7ea74b2d362512da6
Reviewed-on: https://code.wireshark.org/review/32969
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
It's not used unless we have either zlib or libbrotli, so don't define
it if we have neither of them. This fixes no-zlib/no-libbrotli builds.
Change-Id: I97358c9197a2ab789f85498cc4e40d301ecb792d
Reviewed-on: https://code.wireshark.org/review/32975
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Adding defragmentation of control and access layer messages.
Adding dissection of Friend Update and Heartbeat control messages.
Bug: 15722
Change-Id: Ib6d8899a2d089dfa3b3eee6cd3e5248b8dc26aff
Reviewed-on: https://code.wireshark.org/review/32948
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It's what sets {package}_FOUND.
Combine two "do this if zlib was found" blocks.
Change-Id: I55062a11c7ae7e6f32886615a0201df55f700d1e
Reviewed-on: https://code.wireshark.org/review/32974
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
If we didn't find zlib, don't look for its version number in zlib.h, and
don't look for inflate() or inflatePrime() in the library.
Trim off some trailing blank lines while we're at it.
Change-Id: I834a9a76928a00cf5e182bd4224ebc91d36d69a4
Reviewed-on: https://code.wireshark.org/review/32973
Reviewed-by: Guy Harris <guy@alum.mit.edu>
RFC7427 describes the Digital Signature Authentication for IKEv2. This
consists of the Signature Hash Algo Notify and a new format of the
authentication data. The Notify was already present. This patch only adds
the capability to parse the new format of the authentication data.
Change-Id: Id1949397c1a2caa9898ecf44ecd580b5417d3343
Signed-off-by: Dr. Lars Voelker <lars-github@larsvoelker.de>
Reviewed-on: https://code.wireshark.org/review/32913
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
On UNIX, when statically built, libxml2 can depends on other libraries
such as lzma. These dependencies are already retrieved through
pkg-config so append them to LIBXML2_LIBRARIES otherwise static build
will fail
Change-Id: I362064969488ec53042aa323eadb54fef026d8a5
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-on: https://code.wireshark.org/review/32968
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Lack of handshake reassembly caused Certificate handshake messages to be
reported as "Encrypted Handshake Messages" and broke decryption in some
cases. Fix this by properly tracking handshake fragments and delay
dissection until all fragments are available.
Now when a fragmented Handshake message is found:
* The first fragment will have "(fragmented)" appended to the record
tree item as well as the "Handshake Protocol" item.
* "Reassembled Handshake Message in frame: X" is added for fragments.
* The last reassembled handshake message will be displayed together with
a fragment list.
Note: Previously, handshake records with a message length larger than
the available data was assumed to be encrypted. This restriction had to
be lifted, but can now cause false positives (reporting encrypted data
as unencrypted handshake fragments).
The provided capture is not minimal but should be comprehensive as it is
generated with randomly sized TLS record and TCP segment lengths using
`./tls-handshake-fragments.py hs-frag.pcap --seed=1337 --count=100` and
https://git.lekensteyn.nl/peter/wireshark-notes/tree/crafted-pkt/tls-handshake-fragments.py
(A copy of this script is attached to bug 3303.)
Bug: 3303
Bug: 15537
Bug: 15625
Change-Id: I779925aba30548a76c20e0e37b39d01d2c88a764
Reviewed-on: https://code.wireshark.org/review/32857
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
On UNIX, when statically built, pcap can depends on other libraries such
as -lnl-3. Add a call to pkg-config to find them and append them to
PCAP_LIBRARIES (and so to CMAKE_REQUIRED_LIBRARIES) otherwise all
check_function_exists calls will fail
Change-Id: I98361c05553738d015310fae76c17dfc08e131ff
Ping-Bug: 15713
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-on: https://code.wireshark.org/review/32946
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
When reading the keyring xml file stop reading the name early enough
not to overrun the name buffer.
Change-Id: Ia98ddcd37b17e9865e24ef53a9146d85af1ae30f
Reviewed-on: https://code.wireshark.org/review/32954
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The following 3GPP AVPs have been added
- Sponsoring-Action (542)
- Max-Supported-Bandwidth-DL (543)
- Max-Supported-Bandwidth-UL (544)
- Min-Desired-Bandwidth-DL (545)
- Min-Desired-Bandwidth-UL (546)
- Service-Authorization-Info (548)
- Priority-Sharing-Indicator (550)
- AF-Requested-Data (551)
- Pre-emption-Control-Info (553)
Description of AVPs have been taken from 3GPP TS 29.214 version 14.3.0.
Change-Id: I3df5c458f28e1076ddc74bd9d2e32e0c98e14834
Reviewed-on: https://code.wireshark.org/review/32962
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This makes it possible to set the console.log.level from the Advanced
preferences window.
Change-Id: I5c5551f089a935eef77f54fdcad0ba060f14edfd
Reviewed-on: https://code.wireshark.org/review/32930
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Currently an extended vendor parser only gets the vendor_type directly and
the vendor_id indirectly. For some cases (eap fragmentation et al.) it is
important to have access to the eap_code and the eap_identifier as well.
This patch is adding this.
Change-Id: I848cbe58dc4f8e4034382a9c9ca43d350a61bb18
Signed-off-by: Dr. Lars Voelker <lars-github@larsvoelker.de>
Reviewed-on: https://code.wireshark.org/review/32944
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
USE_STATIC will:
- always link statically with external libraries (such as glib2)
- will not set rpath to avoid the following error:
CMake Error at cmake_install.cmake:50 (file):
file RPATH_CHANGE could not write new RPATH:
/usr/lib
to the file:
/home/fabrice/br-test-pkg/br-arm-full-static/target/usr/bin/tshark
No valid ELF RPATH or RUNPATH entry exists in the file;
Change-Id: I242dc1a091cc211ee891568a2dee5080c9974fba
Ping-Bug: 15713
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-on: https://code.wireshark.org/review/32945
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
On Windows, ws_pipe_spawn_sync always leaks 'winargs', and leaks 'argv'
on some error paths. Fix these and refactor the common argument parsing
functionality to reduce duplication of functionality.
Change-Id: I8fa5ca45aec20b53f6fa243b0dd07241a345f7ab
Reviewed-on: https://code.wireshark.org/review/32932
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Tomasz Moń <desowin@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Dissect and skip the header and support for dissection of data coalesced
in the same TCP segment. It does not properly work for two-pass
dissections though, see comment 3 of the linked bug for a sample.
(The existing v2 dissector does not support coalescing at all.)
Requires enabling TCP preference "Try heuristic sub-dissectors first".
Decode As - TCP Port can be used to change the proxied dissector.
Bug: 15714
Change-Id: Ic6ba926eaef81a2cef3c7e00e1cb6eddc3bbc486
Reviewed-on: https://code.wireshark.org/review/32916
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Source/Destination addresses/ports are not specific to v2, they also
apply to v1, so drop the "v2" part. Rename fields and shorten the label
for consistency with the "ip.dst" and "tcp.dstport" fields.
Change-Id: I4187f9e278a315ccda7fa803106d368039e0f25c
Ping-Bug: 15714
Reviewed-on: https://code.wireshark.org/review/32940
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>