fragment_add_work() should flag duplicate packets and overlapping packets
that are subsets of the existing reassembly as overlaps (and flag them if
there are conflicts), instead of silently adding them to the reassembly.
Currently the checks are only performed when the new segment is adding
additional bytes to the reassembly.
This is particularly useful for identifying when an earlier reassembly isn't
fully contained in the capture, and the identification / offset number has
wrapped around so that segments during two different reassemblies are being
mixed together. Closes#16872 and #15569.
Instead of using a single memcpy which relies
upon struct members being in contiguous
memory, use three separate calls to memcpy.
This fixes Coverity 1460754.
Remove the last package installation instances from .gitlab-ci.yml. Add
a comment at the top noting that dependencies should be added to our
Dockerfiles instead.
The wireshark/wireshark-ubuntu-dev image was recently upgraded to Ubuntu
20.04. Since then the following tests have been failing:
---- FAILED
test/suite_capture.py::case_wireshark_capture::test_wireshark_capture_from_fifo
FAILED
test/suite_capture.py::case_wireshark_capture::test_wireshark_capture_from_stdin
FAILED
test/suite_capture.py::case_tshark_capture::test_tshark_capture_from_fifo
FAILED
test/suite_capture.py::case_tshark_capture::test_tshark_capture_from_stdin
FAILED
test/suite_capture.py::case_dumpcap_capture::test_dumpcap_capture_from_fifo
FAILED
test/suite_capture.py::case_dumpcap_capture::test_dumpcap_capture_from_stdin
FAILED
test/suite_capture.py::case_dumpcap_autostop::test_dumpcap_autostop_filesize
FAILED
test/suite_capture.py::case_dumpcap_autostop::test_dumpcap_autostop_packets
FAILED
test/suite_capture.py::case_dumpcap_ringbuffer::test_dumpcap_ringbuffer_filesize
FAILED
test/suite_capture.py::case_dumpcap_ringbuffer::test_dumpcap_ringbuffer_packets
FAILED
test/suite_capture.py::case_dumpcap_pcapng_sections::test_dumpcap_pcapng_multi_in_multi_out
FAILED
test/suite_capture.py::case_dumpcap_pcapng_sections::test_dumpcap_pcapng_multi_in_single_out
FAILED
test/suite_capture.py::case_dumpcap_pcapng_sections::test_dumpcap_pcapng_single_in_multi_out
FAILED
test/suite_capture.py::case_dumpcap_pcapng_sections::test_dumpcap_pcapng_single_in_single_out
FAILED
test/suite_clopts.py::case_dumpcap_options::test_dumpcap_interface_chars
FAILED
test/suite_clopts.py::case_dumpcap_options::test_dumpcap_invalid_chars
FAILED
test/suite_clopts.py::case_dumpcap_options::test_dumpcap_valid_chars
----
This is because dumpcap can't load our local libraries after setting cap_net_raw+cap_net_admin:
----
-- Begin stderr for command ('/builds/wireshark/wireshark/build/run/dumpcap', '-D') --
/builds/wireshark/wireshark/build/run/dumpcap: error while loading shared libraries: libwsutil.so.0: cannot open shared object file: No such file or directory
-- End stderr for command ('/builds/wireshark/wireshark/build/run/dumpcap', '-D') --
----
Add $(pwd)/run to our rpath.
format_text uses the wrong bitmask when checking for two byte UTF-8
characters, resulting in rejecting half the possible two bytes characters,
including all of Arabic and Greek, and substituting REPLACEMENT CHARACTER
for them. Fixes#17070, and add some comments about the current behavior
that doesn't match existing comments.
Current CSV/YAML export from RTP stream exports just pure/unformated items. Therefore e.g. SSRC looks different way than shown in dialog. This patch adds additional columns with formated values.
In addition, export uses same method how to get values from a record as dialog uses.
It's possible for memcpy's source and destination
to be the same address, and so therefore
'overlap'. Use memmove instead, which
is safe for overlapping regions.
This fixes Coverity 1450802.
Selecting Edit / Preferences on my asan+ubsan build brings up the
following warning from ubsan:
/media/sf_wireshark.git/ui/qt/models/column_list_model.cpp:273:9:
runtime error: load of value 25, which is not a valid value for type 'bool'
The problem is in ColumnListModel::populate(), where a ListElement is
populated from fmt_data. The ListElement's "changed" component is not
initialized, though.
It looks like "changed" is not used anywhere. This patch removes it from
the ListElement struct.
For Qt 5.11 and newer use horizontalAdvance() instead of boundingRect().width()
to calculate the width of a QString to position the hover rectangle position,
and to select which byte(s) to highlight.
Closes#17033.
Instead of successively calling gcry_md_copy()
and gcry_md_close(), call gcry_md_reset(),
to avoid creating and releasing contexts.
Besides the minor performance improvement,
this should also fix Coverity 1450263
and 1450848, which detect
two resource leaks.
This bug affects Lua plugin dissectors for encapsulation protocols like
GRE. Typically the dissector creates a range for the payload packet, then
calls the next dissector with a tvb derived from the range, using
TvbRange_tvb(). The original version calls
tvb_new_subset_length_caplen() using the remaining capture length for the
reported_len argument. The fix passes -1 as the reported length, and
tvb_new_subset_length_caplen() calculates the new reported_len as required.
The bug only affects large packets captured with a snaplen and
truncated, then decoded with a Lua plugin for the encapsulation header.
Here's the typical bug symptom, gleaned from tshark decode of
an encapsulated IP payload:
[Expert Info (Error/Protocol): IPv4 total length exceeds packet length (114 bytes)]
[IPv4 total length exceeds packet length (114 bytes)]
Closes#15655.
Remember all the IDBs we've seen from the input file so far and, if
we're writing multiple files (splitting an input file into multiple
output files), add all those IDBs to each of the output files.
Fixes issue #17060.
We don't necessarily know why that stuff is there; is it some stuff used
in OLPC mesh networks (mesh control header), is it something added by
Ruckus wireless devices, is it something added by Atheros used by the
Ruckus devices, or something else? Sometimes the Ruckus devices seem to
add an OLPC-like 0x00 0x00, and sometimes they seem to add a copy of the
sequence number.
So just call it "Mysterious extra OLPC/Ruckus/Atheros/??? stuff".
Replace the special-purpose hack in the 802.2 LLC dissector for WSMP,
Ethertype 0x88DC, with a general mechanism in the 802.11 dissector to
attempt to determine whether the frame uses Ethertype protocol
discrimination (EPD) or LLC protocol discrimination (LPD) at the LLC
sublayer, as defined in IEEE Std 802-2014.
Fix l2cap reassembly resuming reassembly on old fragment that has
failed when a new packet arrives that matches the remaining
segmentation length of the failed reassembly.
Update the l2cap_index and set segmentation started to false so
that this does not happen anymore.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Fix error handlers in Listener draw() and reset() to avoid getting
LUA_ERRERR from lua_pcall(). Added error handler for Listener draw()
callback.
Handle LUA_ERRERR from lua_pcall() to avoid assert on this.
Changed some capitalized words in various error message.
Closes#16974.
Notes:
1. Wireshark internal max limit for ring buffer files is 100,000
2. Wireshark internal limit before warning the user is 65,535
3. GTK: The old GUI did not limit the value for this parameter
4. Qt: This value was limited to 1,000
Change:
Set the GUI limit to match the warning limit (65,535)