Fix distinction between HAVE_LIBGNUTLS and HAVE_LIBGCRYPT. If GnuTLS is
unavailable, then the only missing feature is decryption using an RSA
private key file. Regardless of GnuTLS, allow SSL decryption (e.g. using
a SSL key log file or a PSK configured via preferences).
This change has no functional effect when GnuTLS and gcrypt are both
available (or not). Additionally, decryption is possible if only
libgcrypt is available.
Further changes to make ssl-utils more maintainable and documented:
- Group related functions, add markers and documentation. The following
functions are moved (with no further modifications):
- ssl_data_realloc, ssl_data_copy: related to StringInfo.
- ssl_change_cipher, ssl_create_flow: related to the decryption of a
session.
- ssl_decompress_record: related to Record Decompression.
- ssl_lib_init: moved to an arbitrary place.
- ssl_set_server: moved closer to ssl_packet_from_server.
- ssl_is_valid_content_type, ssl_is_valid_handshake_type: move closer
to dissection code.
- ssl_dissect_hnd_hello_ext_status_request,
ssl_dissect_hnd_hello_ext_status_request_v2,
ssl_dissect_hnd_hello_ext_elliptic_curves,
ssl_dissect_hnd_hello_ext_ec_point_formats: move to TLS extensions.
- Remove unused forward declaration of _gcry_rsa_decrypt.
- ssl-packet-utils.h:
- Remove ssl_equal, ssl_hash. These are only used in
packet-ssl-utils.c.
- ssl_private_key_equal, ssl_private_key_hash,
ssl_common_register_options: inline when decryption is not
possible.
- Remove ws_symbol_export.h, enable SSL debug log when libgcrypt is
compiled in (instead of depending on GnuTLS).
- Move/merge stub code when GnuTLS or libgcrypt are not available:
- ssl_find_cipher: move.
- ssl_cipher_setiv: move.
- ssl_generate_pre_master_secret, ssl_generate_keyring_material: move.
Compile-tested all combinations:
- no GnuTLS, no libgcrypt: CentOS 6.
- no GnuTLS, has libgcrypt: CentOS 6. Passes all decryption tests
except for the ones that need a RSA private key file.
- has GnuTLS, no libgcrypt: Arch Linux.
- has GnuTLS, has libgcrypt: Arch Linux. The decryption tests pass.
(GnuTLS support is useless without gcrypt, but included for completeness.)
Change-Id: I727248937331f8788de8ed78248bb33296206096
Reviewed-on: https://code.wireshark.org/review/11052
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
In a case that Setup part is used as payload within rest of data
(setup and remaining data merged), no bytes are highlighted
on bytes pane. Also move next dissector tree under root tree.
Change-Id: If127f6f2061c60795f2b9940c3a6cb6034cdbdf7
Reviewed-on: https://code.wireshark.org/review/11026
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
- call set callback even when no check callback is available
- convert an ascii string containing hex to an hex string for PT_TXTMOD_HEXBYTES entries
- move update_cb call to the end of stringPrefEditingFinished() (to avoid calling it each time a character is typed in the edit line)
- when a new row is created, ensure that UAT record is configured with the default enum value selected by the GUI
Bug: 11396
Change-Id: I9d1094629b4a014fed1704b35cd795cd7f2f136a
Reviewed-on: https://code.wireshark.org/review/11032
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use QToolButtons to display the expert indicator and comment icons in
the main status bar. Use the same style sheet hack we use in
ProgressFrame to un-style the buttons.
Make sure we specify the @2x comment icon in our .qrc file so that it's
loaded and used on retina displays. Move the comment and expert .pngs to
the stock icon directory and use StockIcon to load them. Remove
status.qrc since it's no longer used.
Change-Id: I84485b22656f8f9af29ad3c02446ffefb6657ed5
Reviewed-on: https://code.wireshark.org/review/11048
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
This reverts commit 222de975c4.
I realized how to do it with a compile test.
Change-Id: I9468c50777e387c572f60411ca39ea86ba6ce520
Reviewed-on: https://code.wireshark.org/review/11078
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This reverts commit 6bdfa95a1e.
Next I'll revert my change, as I realized how I *can* do it with a compile test, instead.
Change-Id: I75335ef4522af23340fdc9e5d68634cb5a5835d8
Reviewed-on: https://code.wireshark.org/review/11077
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The spec file will build with Qt5 unless told not to; ./configure has to tell
it not to (if the user doesn't have/want Qt).
Change-Id: Ib75462d20c841e75e425b5b07117f10e5573ad58
Reviewed-on: https://code.wireshark.org/review/11061
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
There are other compilers that won't like it or even that may not like
it.
Change-Id: I0d50e4217994bc930914c0fbcf1c5d2fc18a0e3a
Reviewed-on: https://code.wireshark.org/review/11072
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Not all systems support this glyph
Change-Id: I99784101b4d462991351554e44a5618bfea42a84
Reviewed-on: https://code.wireshark.org/review/11063
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
Change-Id: If5897e8137f729503edf2cafb49b2ebeab4716ad
Reviewed-on: https://code.wireshark.org/review/10997
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Make sure we can build from the tarball using CMake. Tested on Windows.
Change-Id: Iffc1ac964279e573aa2a8280b9bb4e799f10a974
Reviewed-on: https://code.wireshark.org/review/11066
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Try to work around QTBUG-47948:
1>C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\include\xutility(
2798): warning C4996: 'std::_Equal1': Function call with parameters that
may be unsafe - this call relies on the caller to check that the passed
values are correct. To disable this warning, use -D_SCL_SECURE_NO_WARNI
NGS. See documentation on how to use Visual C++ 'Checked Iterators' [c:\
Development\wireshark\cmbuild\ui\qt\qtui.vcxproj]
C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\include
\xutility(2783) : see declaration of 'std::_Equal1'
C:\Qt\5.5\msvc2013_64\include\QtCore/qvector.h(728) : see refe
rence to function template instantiation 'bool std::equal<const T*,con
st T*>(_InIt1,_InIt1,_InIt2)' being compiled
with
[
T=uint
, _InIt1=const uint *
, _InIt2=const uint *
]
C:\Qt\5.5\msvc2013_64\include\QtCore/qvector.h(720) : while co
mpiling class template member function 'bool QVector<uint>::operator =
=(const QVector<uint> &) const'
C:\Development\wireshark\ui\qt\main_window_slots.cpp(314) : se
e reference to function template instantiation 'bool QVector<uint>::op
erator ==(const QVector<uint> &) const' being compiled
c:\development\wireshark\ui\qt\main_window.h(125) : see refere
nce to class template instantiation 'QVector<uint>' being compiled
Change-Id: Id6d4554c1b82370d175052e76c1104cd0db0462d
Reviewed-on: https://code.wireshark.org/review/11051
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Use the pcap captures from test/captures/ and
- Get information for the input pcap file with capinfos
- Generate an ASCII hexdump with text2pcap
- Convert the ASCII hexdump back to pcap using text2pcap
- Get information for the output pcap file with capinfs
- Check that file type, encapsulation type, number of packets and data size
in the output file are the same as in the input file
Change-Id: I659204fb0a46e9cd99d03eb666f55fac95ae053e
Reviewed-on: https://code.wireshark.org/review/11042
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Heartbeat requests with large payload sizes would not be detected
because the record length is smaller than the type, length and MAC,
resulting in an integer overflow. This patch corrects that issue by
moving the term to payload_length which is at most 0xffff.
While a record length smaller than 19 should be considered as
unencrypted, this was not obvious from the integer overflow in
`payload_length <= record_length - 16 - 3`. Explicitly check for that
condition although it makes no difference in the end.
When the payload + padding does not fit in the record, assume malicious
intent (Heartbleed) and do not display a padding. Instead display an
export info item. Remove if(tree) due to the addition of expert info.
Tested with small-hb.pcap from the linked bugreport.
Bug: 9983
Change-Id: I26b164632ecd6bdb49e78bbcb9b163f635c94628
Reviewed-on: https://code.wireshark.org/review/1105
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
It seems that sme (for example: my...) configurations need it to
build Wireshark.
Change-Id: I3d4c8c84d705fd0b99b100b1e2173819f62936d9
Reviewed-on: https://code.wireshark.org/review/11024
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
There is possible that request will be send from two devices
in the same time. Fix request-response tracking to support this case.
Change-Id: Iaacf910d952f8dff96073e7155ea4947f9b8cbc3
Reviewed-on: https://code.wireshark.org/review/11014
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Now Bluetooth menu is named Wireless, so add Bluetooth prefix to distinguish them.
Change-Id: I7a3d1b73e0e5fd5e3cc9b1b13d0cb9a32868a8be
Reviewed-on: https://code.wireshark.org/review/10525
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Go to packet on close files is not valid (for currently open one).
Disable it.
Change-Id: Ib7b65c9ea7e94857692c8ac5ddd3971c52ac717f
Reviewed-on: https://code.wireshark.org/review/11023
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Jam and Ego commands have been added at end of July 2015.
Ego seems to be sniffer for skateboard
wireless communication and control.
Change-Id: I676cdd3513d3124994ef35dce8d1d99e1c6f943a
Reviewed-on: https://code.wireshark.org/review/10521
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
On Debian Wheezy, the cmake build would fail with:
/usr/bin/ld: CMakeFiles/wsutil.dir/privileges.c.o: relocation
R_X86_64_PC32 against symbol `started_with_special_privs' can not be
used when making a shared object; recompile with -fPIC
Issue was introduced with v1.99.10rc0-222-g3fb1d68 ("cmake: Enable PIE
when it is available by default").
Bug: 11587
Change-Id: I62eec8d1db020128eeeb77b38e3316abf71e6e6a
Reviewed-on: https://code.wireshark.org/review/10916
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Balint Reczey <balint@balintreczey.hu>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This reverts commit 5e5e2019ee.
This change was proposed in https://cmake.org/Bug/view.php?id=13194 to
catch some Clang warnings concerning invalid -m flags, but it is causing
legitimate breakage when setting CMAKE_C_FLAGS=-gsplit-dwarf.
CMakeFiles/CMakeError.log shows:
/usr/bin/clang -gsplit-dwarf -DC__W_VALID CMakeFiles/cmTC_04cc8.dir/src.c.o -o cmTC_04cc8 -rdynamic
clang-3.7: warning: argument unused during compilation: '-gsplit-dwarf'
With the additional regex, basic checks (like -Wall but also -fPIE) are
incorrectly reported as unsupported. Follow upstreams action here and
remove it, it is still not present as of CMake 3.3.2.
Change-Id: I8a1e97b16c2bb929436cca669fdb42f33612c490
Reviewed-on: https://code.wireshark.org/review/10880
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
"argument unused during compilation" warnings suggest that some options
do not make sense (such as passing the -gsplit-dwarf option to the
linking command while it is only valid during compilation).
For now we do not care about these warnings, the option is accepted by
clang and whether it used in a particular step or not is uninteresting.
Change-Id: I3b6efa0dccd33c7f351c5938a29adef64ac1706d
Reviewed-on: https://code.wireshark.org/review/10893
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
tvb_get_ipv6() takes a struct e_in6_addr *, use that here too.
Change-Id: Id8b368daa05c151a61d4bc01dc88c00da13e9c88
Reviewed-on: https://code.wireshark.org/review/10953
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Balint Reczey <balint@balintreczey.hu>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Found by clang analyzer.
Change-Id: I1c8448f7402179d33d6ccb8b182b0612817a8e09
Reviewed-on: https://code.wireshark.org/review/10976
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Similar to TCP:
- Maps TCP connections to their respective MPTCP stream (mptcp.stream)
based on the token/key.
- Ability to distinguish master subflow and to list subsequent subflows
- Can display relative MPTCP data sequence signal (DSS) sequence numbers/acks
(mptcp.dss.dsn/mptcp.dss.ack), or absolute values
(tcp.options.mptcp.rawdataack)
- Adds an MPTCP panel in Preferences
- fixes RM_ADDR analysis (i.e., it can contain several address ids)
- adds an MPTCP tap to list conversations in tshark -z "conv,mptcp"
Change-Id: I2766aa2f534c25b0f583ef84c20e74c7b2fa496e
Reviewed-on: https://code.wireshark.org/review/10577
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
It doesn't use a configure script, so we have to pass in -arch flags,
minimum version flags, "where's the SDK" flags, etc. by setting MYCFLAGS
and MYLDFLAGS for the make, rather than for the configure script.
Change-Id: I8c95851051cd2a9ddd7a9caf6faccd2e9fd2b4a7
Reviewed-on: https://code.wireshark.org/review/10995
Reviewed-by: Guy Harris <guy@alum.mit.edu>
If we're seeing only one side of a conversation (we're not seeing any ACKs)
then things get really, really slow as the number of unacked segments grows.
1000 is, of course, an arbitrary limit.
Bug: 11589
Change-Id: I42652965b736da50122c722e6ac386c4d481e57f
Reviewed-on: https://code.wireshark.org/review/10971
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Make the main welcome message more prominent.
Change-Id: I92d2ed88abbe504af8a0818f9902e39a9fc3d6d5
Reviewed-on: https://code.wireshark.org/review/10969
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
(cherry picked from commit 1f400db73e2bf4685c4a49b1d0898b37ac858d9f)
Reviewed-on: https://code.wireshark.org/review/10988
Reviewed-by: Guy Harris <guy@alum.mit.edu>
For it shall cast a blight upon xmllint validation.
Change-Id: I3d39f1ace960aba738e494190dad1f15da2e39d9
Reviewed-on: https://code.wireshark.org/review/10990
Reviewed-by: Gerald Combs <gerald@wireshark.org>