Fix dead store (Dead assignement/Dead increment) Warning found by Clang
Change-Id: I3ac2e2b6a1ed7621f65f1a98e8b7b3704e8b299d
Reviewed-on: https://code.wireshark.org/review/34481
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Update build-in vendor ID list with last years additions.
Change-Id: I1916e160f6bcea5e94ce203b50f4a27a6ca1d261
Reviewed-on: https://code.wireshark.org/review/34460
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Fix linking of new Initial packets after a Retry packet in case the
client Initial packet has an empty SCID. Update a comment to drop
"Stateless" from "Stateless Retry" to match newer QUIC drafts.
Tested with quic-go-b083fd6f0e36-d22-dsb.pcapng.
Bug: 13881
Change-Id: Idc8b1ad6283ace95ae059a6ef6ee268c1ffb4097
Reviewed-on: https://code.wireshark.org/review/34469
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
When saving audio data from RTP stream(s) in Sun AU format we (still) do
not harness the build-in codec framework. This results in empty Audio
files for all but PCM encoded RTP streams. At least warn the user about
the codec not being supported for saving in Audio file.
Change-Id: Ia76caf71d0d5319a66dbf1cee517c0922bf7a561
Reviewed-on: https://code.wireshark.org/review/34466
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The jitter buffer label in the RTP player dialog has an effectively
empty tooltip. Since on the label itself there's little to tell this
tooltip can be removed.
Change-Id: I9429e4f02991734b800280e2cae73a27f71c3663
Reviewed-on: https://code.wireshark.org/review/34467
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use g_get_real_time() to get real time because GTimeVal and g_get_current_time()
was deprecated in glib 2.62.
Change-Id: I78fee34e2f5b634c91c6420b01915cfc070f38a4
Reviewed-on: https://code.wireshark.org/review/34468
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add "native" support for the "zig-zag" version of a varint in proto.[ch] and
tvbuff.[ch]. Convert the use of varint in the KAFKA dissector to use the (new)
"native" API.
Ping-Bug: 15988
Change-Id: Ia83569203877df8c780f4f182916ed6327d0ec6c
Reviewed-on: https://code.wireshark.org/review/34386
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When writing a capture as a commview file the header written is two
bytes longer than the specification. Even though we count 24, we
actually write 26. This makes the commview file corrupt, as is apparent
when reading such file, eg., after using Save As... with this format.
Replace writing 2 bytes for the last two fields in the header by 1 byte
each, as per the header specification.
Change-Id: I9436f7837b2e3617a389619884bf93ad146e95f3
Reviewed-on: https://code.wireshark.org/review/34450
Reviewed-by: Guy Harris <guy@alum.mit.edu>
These environment variables are read very frequently, read them once to
globals for performance improvment.
Change-Id: I4f05a5edca85b370674cc5f85fce40bd1af695cb
Reviewed-on: https://code.wireshark.org/review/34449
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
clang complains, gcc doesn't.
Error:
In file included from ../ui/qt/enabled_protocols_dialog.cpp:10:
In file included from ../ui/qt/enabled_protocols_dialog.h:15:
../ui/qt/models/enabled_protocols_model.h:121:18: error: 'filterAcceptsRow' overrides a member function but is not marked 'override' [-Werror,-Winconsistent-missing-override]
virtual bool filterAcceptsRow(int sourceRow, const QModelIndex &sourceParent) const;
Change-Id: Ifbba736158a841752da27349925a3b55556728ca
Reviewed-on: https://code.wireshark.org/review/34447
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Fix missing override declarations for packetlist header information
Change-Id: If9d1cbcae20b5d098ff7b74cd263a6a21a296598
Reviewed-on: https://code.wireshark.org/review/34446
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Change-Id: Iba1eb865eac1d22d1490769ae9509b1389594a09
Reviewed-on: https://code.wireshark.org/review/34418
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Allow a selection of the list based on the protocol type. That way
one can easily enable/disable for instance just heuristic protocols
Change-Id: I1ee8df5d9887c764272ec55b33703855c0c91f5a
Reviewed-on: https://code.wireshark.org/review/34442
Reviewed-by: Roland Knall <rknall@gmail.com>
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Due to changes in Qt 5.11, the first section is no longer moveable
by default. This is due to internal storage mechanism. For strictly
flat tables it is not an issue to make the first column moveable
again. (see https://codereview.qt-project.org/c/qt/qtbase/+/207947)
Bug: 15879
Change-Id: If4f1371404cd252ec9f65a27c25b1c68781a0c33
Reviewed-on: https://code.wireshark.org/review/34445
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
The heuristic is a bit expensive, set default off.
Change-Id: Ib0cb863810a1cbcae2fef0b5a035c63682246a0f
Reviewed-on: https://code.wireshark.org/review/34441
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
RTP packets picked up by the dissector as it's a niche protocol set
heuristics to default off.
Change-Id: I33c6c3fc0f4a593cc4ed5866515cdcea669bee54
Reviewed-on: https://code.wireshark.org/review/34440
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
That also keeps us from looking at the non-existent first octet of an
empty buffer.
Bug: 16031
Change-Id: I3fcf4201d21dc44ccd8815cb0637c1eae4995560
Reviewed-on: https://code.wireshark.org/review/34439
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
jsmn_parse() is handed a buffer and a count of octets in the buffer; it
treats either running out of octets, as specified by the count, *OR*
seeing a NUL as meaning "end of JSON string".
That means that a buffer, of arbitrary size, the first octet of which is
zero is a null string and considered valid JSON.
That is clearly bogus; it messes up both tests for JSON files *and*,
potentially, heuristic checks for JSON in packet payloads.
Bug: 16031
Change-Id: I5ee78b613df3358f19787f2ce28ddc883368f03d
Reviewed-on: https://code.wireshark.org/review/34438
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Check the time stamp microseconds field; it must be < 10^6.
Check the first few packets, not just the first packet.
Change-Id: I35a58a79d48db13daee937374caae40bc320e9e7
Ping-Bug: 16031
Reviewed-on: https://code.wireshark.org/review/34437
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
On a big-endian machine, if the upper 16 bits of the length are non-zero
and the lower 16 bits are zero, that means that the length is
*little*-endian.
What we really care about is whether the file is in the reading host's
native format, so we can just fetch integral values without swapping, or
not in that format, in which case we have to byte-swap integral values.
Rename the variable and redo the code to match.
(This may have caused the PacketLogger reader to fail on big-endian
machines.)
Change-Id: Ie1a82a7d40e2c58c0b8d482d7c95ab60061ca980
Ping-Bug: 10861
Reviewed-on: https://code.wireshark.org/review/34434
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
There's no point in trying to read more packets to check the file type.
Change-Id: Ic2c5a7692b60fab8a0022503338a40befe00d358
Ping-Bug: 16031
Reviewed-on: https://code.wireshark.org/review/34433
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Check some more field values, and fix some tests to check against the
maximum possible value given in the i4b_trace.h file rather than against
that value + 1. (> max, or >= max+1, are both reasonable, but > max+1
isn't.)
Check the first few packets, not just the first packet.
Make some header fields unsigned, as that's how we treat them in most
cases; that way we treat them that way by default.
Change-Id: I8c2d28af048c676a3dbae367bbb49c886e0dc566
Ping-Bug: 16031
Reviewed-on: https://code.wireshark.org/review/34432
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Do not reuse Session AMBR fields for MFBR and GFBR.
Add averaging window and EPS bearer identity cases.
Change-Id: I34fad0b5f38aa097bb968106de2bbb86278579b9
Reviewed-on: https://code.wireshark.org/review/34430
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Calling the directly from the context menu and setting data
just before the execute of the menu can lead to information
not present.
Furthermore for future changes, the move to have QMenu only
as a local variable is being reverted
Change-Id: I470da26e658ae81ca416b3864889a4317b865755
Reviewed-on: https://code.wireshark.org/review/34428
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Make it consistent with -z conv,ip and -z endpoints,ip
Bug: 15660
Change-Id: I9a3d2e95fed47231c0bab20e6cf069987eed142f
Reviewed-on: https://code.wireshark.org/review/34426
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Ping-Bug: 15799
Change-Id: Icad9c4de620c0ffc9c4aa1a0b1b0d1ea444f481f
Reviewed-on: https://code.wireshark.org/review/34425
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add hf_ fields for "raw" Sequence and Acknowledgment numbers. They will only be
visible when "Relative sequence numbers" preference is TRUE.
Bug: 15913
Change-Id: Icfbdc435e82723d663dce36c3a5cc513c837bdaf
Reviewed-on: https://code.wireshark.org/review/34421
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. he_mac_headers can be changed at runtime, so it is not "static" or "const"
2. Optimize out extended length calculation.
Ping-Bug: 15866
Change-Id: Ibf8191a7043a22109ae8a3db481bfbbef583b110
Reviewed-on: https://code.wireshark.org/review/34424
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
List syntax is *not* one of the more straightforward parts of AsciiDoc.
Change-Id: Icfed27de84c8c11cad02c4ba4d359786cd480eea
Reviewed-on: https://code.wireshark.org/review/34423
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Confusing though it might be, a patch-matching expression containing
only the name of a Boolean field matches all packets containing that
field, regardless of whether the field is true or false; you need to
compare the field against 1 to check whether it's true.
Change-Id: I615acc4d71964c8474e6f3655ade8814cbe07b22
Reviewed-on: https://code.wireshark.org/review/34422
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Create a state for the start of an SMTP conversation. If bytes seen don't match
a command and conversation is still in the "start" state, treat bytes as message data,
not a command.
Bug: 16026
Change-Id: I229b316a77819b07bf8cf93bed72570a947c6cf3
Reviewed-on: https://code.wireshark.org/review/34412
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The Linux kernel includes a module called drop monitor which -
unsurprisingly - monitors packet drops.
Once enabled, the module will periodically send netlink notifications to
user space over generic netlink. Historically, these notifications only
included the program counter where the drop occurred and the number of
packets that were dropped in this location in the last interval.
Patches in net-next (queued for Linux kernel 5.4) extend drop monitor
with another mode of operation where the dropped packets themselves are
sent to user space along with relevant metadata as netlink
notifications. This allows users to perform a more detailed analysis of
the dropped packets.
This patch adds a dissector for these netlink packets. The dissector is
expected to be invoked by the generic netlink dissector and during its
hand off routine it adds an entry in the 'genl.family' dissector table.
The various netlink attributes are dissected by calling
dissect_netlink_attributes(), in a similar fashion to the rtnetlink
dissector. The dropped packet itself is encoded in the netlink attribute
'NET_DM_ATTR_PAYLOAD' and dissected by invoking a dissector from the
'sll.ltype' dissector table based on the packet's protocol which is
encoded in the 'NET_DM_ATTR_PROTO' attribute.
Bug: 16018
Change-Id: I10bfa4b9c9d8f5e82769c250f929f74693142a23
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Reviewed-on: https://code.wireshark.org/review/34351
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This is a refactoring/redesign of the "Resolved Addresses" dialog,
allowing for sorting/filtering and searching within the addresses
and ports.
Change-Id: I5071e92ff699323b6c93fc533eeaf92e0db334de
Reviewed-on: https://code.wireshark.org/review/34398
Reviewed-by: Roland Knall <rknall@gmail.com>
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. Use switch statement for request/response functions
2. Reorder functions to limit the need for forward declarations
3. Use proto_tree_add_item_ret_uint and proto_tree_add_item_ret_length to
limit "duplicate" functionality.
4. Create initial (simple) request/response matching. This can probably be
improved upon.
5. Use the request/response matching structures to pass (ioctl) context between
request and response.
Change-Id: I3f4c16c07f4b3aa9556d229d003a4842ff118cd9
Reviewed-on: https://code.wireshark.org/review/34404
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
IEEE 802.11-2016 Section 9.4.2.25 RSNE
All information after Element ID, Length, and Version are optional; therefore the minimal IE length is 2.
Bug: 15905
Change-Id: I231e31c6a0fe5a26d5dd7c1c36be4e9816a7bb50
Reviewed-on: https://code.wireshark.org/review/34411
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
The menu for a prototree when opened from a packetdialog was
different than the one opened underneath packetlist. Those
two are now the same.
Change-Id: I57572287daa5a3b1de1f5bc8e95b382d5869af6e
Reviewed-on: https://code.wireshark.org/review/34395
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>