Only show value as String if valid as UTF-8 string.
Only show value as Boolean if 0 or 1.
Change-Id: I56168faafff9eaeeb21ec6d57b850013bbb94c33
Reviewed-on: https://code.wireshark.org/review/27212
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
A number of mistakes have been found now that captures are available.
Change-Id: I883d71439f407ab9d90be878c9f52a5a300b9c8c
Reviewed-on: https://code.wireshark.org/review/27192
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
In wtap_get_savable_file_types_subtypes(), in the search for a default
file type to use, stop as soon as we've found a usable file type, don't
keep searching.
Bug: 14601
Change-Id: Iff4ffe14f5ad07271c49a761e0856059353c1634
Reviewed-on: https://code.wireshark.org/review/27193
Reviewed-by: Guy Harris <guy@alum.mit.edu>
filter_expression_new was g_strdup()ing each of the strings in the "expression"
structure, but UAT is just going to immediately deep copy the structure (via
display_filter_copy_cb), so the copies made here are immediately leaking.
We could either free() these copies immediately after uat_add_record returns,
or skip the g_strdup altogether (which necessitates casting away the "const").
I chose the latter.
Testing Done: Linux x64 build. With a display filter configured in
~/.wireshark/preferences, Valgrind no longer reports three leaks from here.
Change-Id: I7913f260875ced597b9027c8ae92a4d6d44f6414
Reviewed-on: https://code.wireshark.org/review/27157
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Display element value as bytes if value is not a valid UTF-8 string.
Add a new utility function isprint_utf8_string().
Change-Id: I211d5ed423b53a9fd15eb260bbc6298b0b8f46a0
Reviewed-on: https://code.wireshark.org/review/27178
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Dissector for GSM-R protocol. Specification ETSI TS 102 610.
Trace example in https://wiki.wireshark.org/SampleCaptures [[attachment:gsm-r.uus1.pcap]]
Change-Id: I7496bfa141d75b3460f7c3bdbb791e24d4810231
Reviewed-on: https://code.wireshark.org/review/26929
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add the fileformats and I/O suites. Move some more common code to
subprocesstest.py and add a diffOutput method.
Change-Id: I2ec34e46539022bdce78520645fdca6dfc1a8c1a
Reviewed-on: https://code.wireshark.org/review/27183
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
In util_slow_dhcp.py, open stdout as O_BINARY on Windows.
Have ctest pass --verbose to test.py.
Call config.canCapture at test time so that we don't inadvertently skip
some tests.
Stringify our dumpcap config check.
Fix our Gcrypt variable.
Change-Id: I884ec23ddfc7c28b79d4a860c6c43c308598e6db
Reviewed-on: https://code.wireshark.org/review/27182
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Add missing BT5 bit fields to HCI LE Set Event Mask
command. Correct displayed field name.
Change-Id: Iacaba69226663e884b60ac5a75470de77317ea92
Signed-off-by: Allan Møller Madsen <almomadk@gmail.com>
Reviewed-on: https://code.wireshark.org/review/27177
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
protocol specification: in the file header
NCS 1.5: PKT-SP-NCS1.5-I04-120412, April 12, 2012 Cable Television
Change-Id: I95a1d769cb08c0e8160ca6fcdb99dd98e0f085cc
Reviewed-on: https://code.wireshark.org/review/27077
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Make sure err_str is valid before trying to assign a value.
Change-Id: I4e6524b93101ef28158996797e8462168e44dc2a
Reviewed-on: https://code.wireshark.org/review/27173
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Create Python versions of our various test shell scripts. Add CMake
tests for each suite. Tests can now be run directly via test.py, via the
"test" target, or via ctest, e.g.
ctest --verbose --jobs 3
Add a testing chapter to the Developer's Guide.
Add a way to disable ctest in dpkg-buildpackage.
Suites completed:
- capture
- clopts
- decryption
- dissection
Remaining suites:
- fileformats
- io
- mergecap
- nameres
- text2pcap
- unittests
- wslua
Change-Id: I8936e05edefc76a86b6a7a5da302e7461bbdda0f
Reviewed-on: https://code.wireshark.org/review/27134
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
"packet_dialog.cpp" does not use setCaptureFile, resulting in a NULL
dereference while trying to obtain the dissection context. Apply a fix
similar to v2.5.1rc0-121-g9198448f9d (pass a fixed dissection context to
ProtoTree). Additionally, fix a memleak and correct documentation.
Why not add "proto_tree_->setCaptureFile(cap_file_.capFile())" in
PacketDialog? Well, it also uses "proto_tree_->setRootNode(edt_.tree)"
which means that "cf_->edt" would be different from "edt_". If that is
the case, then "proto_construct_match_selected_string" will not return a
filter for FT_NONE fields (see the call chain in proto.c).
Bug: 14620
Change-Id: I6eeaf32b650a2095e15f64bbe64b54cdd545c7a9
Fixes: v2.5.0rc0-1608-g4d6454e180 ("Qt: Drag n Drop Filter expression from Packet Tree")
Reviewed-on: https://code.wireshark.org/review/27160
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
When normal interfaces are unavailable (chmod -x dumpcap), and after
toggling "Disable external capture interfaces" twice and then refreshing
the interfaces list (F5), a double-free occurs in ui/iface_lists.c:147
for "global_capture_opts.ifaces_err_info".
Change-Id: I98697653ab1c123186892408112c34afdd1766f5
Fixes: v1.99.0-rc1-1005-g35b4487538 ("Handle empty interface lists when the list changes.")
Reviewed-on: https://code.wireshark.org/review/27161
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
"make dist" will currently fail with "git archive" archives because
dftestfiles and dftestlib is missing. To encourage distributors to run
tests, ensure that these files (1.64MiB uncompressed, 688KiB
gzip-compressed) are bundled.
Change-Id: I1fc2bd6df45db40e64e7691235f716bbf3562f87
Reviewed-on: https://code.wireshark.org/review/27158
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
This change reflects that the 64-bit timestamp in AVSP is in TAI
timescale and not UTC.
Change-Id: I13807ab446492c2b4f37a57989e1e0122afcc6aa
Reviewed-on: https://code.wireshark.org/review/27144
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Transfer ctype values from GET request to response to be able
to decode the payload correctly.
Change-Id: Ida7598aefbd3f245dd487d50562539395f130ac4
Reviewed-on: https://code.wireshark.org/review/27163
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
The header Identifier and Length fields are using big endian encoding.
Change-Id: I1b557168ae467cc5eb63ada3991279cf080fa687
Reviewed-on: https://code.wireshark.org/review/27162
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
The IETF has assigned many more Processor Architecture IDs since RFC 4578, so
let's add those to the BOOTP dissector.
There's also now a published erratum for RFC 4578's Client Architecture type
table, so we should update the dissector table to match. Since it leads to a
relatively widespread (and difficult to troubleshoot) problem, let's add an
"expert info" warning when we see a packet specifying EFI BC as its Client
Architecture, since it is almost certainly intended to be EFI x64.
And, while we're here, RFC 4578 describes the Client Architecture type field as
an array of 16-bit values, so let's implement that too.
Testing Done: Examined packet captures from EFI DHCP with architecture ID 7
(now displays as "EFI x64") and 9 (now displays as "EFI BC", with a warning
to explain that "EFI x64" was probably intended). Manually edited packets
to contain multiple entries in the Client Arch option, and they all showed
correctly (including the warning for type 9). Manually edited a packet to
contain an odd number of bytes for the Client Arch option, and saw the
expected warning. Ran 30000 iterations of fuzz-test.sh with a corpus of 5
DHCP/PXE packets as input, and an additional 1000 iterations with the "-g"
(valgrind) option.
Change-Id: I2ef153316141eb051785fc86f420ad2f721f2a76
Reviewed-on: https://code.wireshark.org/review/27155
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This adds support for the TPM 2.0 "protocol" as defined
by the Trusted Computing Group (TCG) specification.
The specification can be found here:
https://trustedcomputinggroup.org/tpm-library-specification/
The specification defines the format of the all TPM requests
and responses that this dissector supports.
A sample capture file that can be used for testing this
can be found in the https://wiki.wireshark.org/SampleCaptures
It is called policy-authorizeNV.pcap.
Change-Id: I557cb779f3adc5313e6d3498bbfeb56fdd308fbf
Reviewed-on: https://code.wireshark.org/review/26866
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add missing section on display filter functions to WSUG and make it
consistent with the wireshark-filter(4) manual. "count" was added in
Wireshark 1.12 (bug 9480). "len" was added in Wireshark 1.6.x.
"size" (added in 1.8.x) is not documented since it works like "len",
except that it is not limited to strings and byte arrays. I think that
"len" should be extended to other types while removing "size".
Change-Id: I2c8e2b4a11f007de7852a797bed971af86840b47
Reviewed-on: https://code.wireshark.org/review/27146
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We no longer use autotools/libtool, so we don't need to install
automake, autoconf, or libtool; we only support CMake, so we *do* need
to install it.
We no longer support GTK+, so we don't need to install it.
Change-Id: I41df9f67c8aba486220e77f7c8c67efa7784a7f2
Reviewed-on: https://code.wireshark.org/review/27152
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We don't use autotools, so there are no configuration scripts that need
to be generated by autogen.sh.
Change-Id: I8b2a5bc3cb91a4c2bc59069a29b8ca774b6f239f
Reviewed-on: https://code.wireshark.org/review/27150
Reviewed-by: Guy Harris <guy@alum.mit.edu>
In CMake files, we don't do some checks that our autotools scripts did;
speak of those in the past tense, as the autotools scripts are gone.
(Leave the comments there, to note that we *might* have to reinstate
those tests, although they're for old versions of macOS and GCC.)
In CMake files, we use some #defines because that's what autotools did;
speak of those in the past tense as well.
Change-Id: I594fe8225cf94b5087093febc11f6b0a7e42e7cd
Reviewed-on: https://code.wireshark.org/review/27149
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We don't support building with autotools (except for building the
support libraries using macos-setup.sh), and we don't support GTK+ and
thus don't require X11.
Change-Id: If9da937285016fc178a0153d38212404b0ff2c59
Reviewed-on: https://code.wireshark.org/review/27148
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Remove FAQ items that assume we are (and, in one case, that we're using
SVN...).
Change-Id: Ifd04ac0f34f562b2b0b588bed8db8f4e13317c18
Reviewed-on: https://code.wireshark.org/review/27147
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Qt 5.11 seems to have changed the include dependencies, so adding those, that are missing
Change-Id: I2b0482f7554467d6981be65bfd3fea1a3e118976
Reviewed-on: https://code.wireshark.org/review/27145
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Running tools/dfilter-test.py with LSan enabled resulted in 38 test
failures due to memory leaks from "fvalue_new". Problematic dfilters:
- Return values from functions, e.g. `len(data.data) > 8` (instruction
CALL_FUNCTION invoking functions from epan/dfilter/dfunctions.c)
- Slice operator: `data.data[1:2] == aa:bb` (function mk_range)
These values end up in "registers", but as some values (from READ_TREE)
reference the proto tree, a new tracking flag ("owns_memory") is added.
Add missing tests for some functions and try to improve documentation.
Change-Id: I28e8cf872675d0a81ea7aa5fac7398257de3f47b
Reviewed-on: https://code.wireshark.org/review/27132
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When converting byte array strings to a FT_PROTOCOL value (for example,
when using a display filter such as `eth contains aa:bb`), the converted
memory in GByteArray was not freed. If an error occurred (the value
cannot be parsed as hex string), then an error message was leaked.
Fix the above issues and avoid an unnecessary g_memdup.
Change-Id: I3a076b3a2384b1a0e15ea8518f2e0f66a7b6ea49
Reviewed-on: https://code.wireshark.org/review/27130
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
A filter such as "data.data[1] == 2" would leak the GSList structure.
Change-Id: If57ffbdbf815434f6e11fb53ffa031dde370a9ec
Reviewed-on: https://code.wireshark.org/review/27131
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Now that we only support CMake, that file would be reduced to
Wireshark is built using CMake.
which doesn't justify keeping it around.
Change-Id: I07d0ce0689ab274fd6c7dff3d8e5a8b31e110cbb
Reviewed-on: https://code.wireshark.org/review/27139
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Again, no more autotools/libtool, so no more .libs, as that's a
libtoolism.
Change-Id: I909c18b969ca8e04a252ff45f7f3e6bc9d0c8476
Reviewed-on: https://code.wireshark.org/review/27138
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Found by valgrind. Remove unnecessary "if" guard for g_free while at it.
Change-Id: I58a18472f2c82e4c6c810d3cb3eeb2358b64f4ab
Reviewed-on: https://code.wireshark.org/review/27133
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
.libs is a libtoolism, and we're not using autotools or libtool any
more, so there aren't any more libtoolisms.
Change-Id: Idc9ef37f9650197da096cc8e3cb3ed459b71dea0
Reviewed-on: https://code.wireshark.org/review/27137
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Do all the per-record processing in a libpcap_try_record() routine. EOF
on the header is OK, but a short read on the header *might* be due to
the format being tested not being the format of the file rather than due
to the file having been cut short.
Change-Id: I5748ed550fa1079dc9c746fd93ee5c59187b80a1
Reviewed-on: https://code.wireshark.org/review/27135
Reviewed-by: Guy Harris <guy@alum.mit.edu>
g_get_charset, g_get_filename_charsets, g_strerror, g_get_home_dir all
return a const char pointer. get_global_random is internally called by
g_random_int, g_random_int_range, etc.
On Arch Linux with glibc 2.26-11 and glib2 2.56.0+7+g66948ae23-1,
"call_init" is not visible in the stack trace, so replace it by "...".
It also has "possibly lost" entries due to GLib types initialization
(gobject_init -> _g_enum_types_init). Finally "g_private_set" internally
leaks after calling "g_private_get_impl".
Change-Id: Ifb2be3188add7bdd060d1e7321c8126e5924a738
Reviewed-on: https://code.wireshark.org/review/27118
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Since draft -11, NCI CID has become non-fixed with a length prefix. See
https://tools.ietf.org/html/draft-ietf-quic-transport-11#section-7.13
Only dissection is implemented, processing it for connection migration
will be done in the future.
Bug: 13881
Change-Id: I4be8c2eb306d5c1090b28ed2a6386c6c9006c561
Reviewed-on: https://code.wireshark.org/review/27107
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Include "quic.connection.number" for easier filtering of a connection
and to detect which connection packets are associated with. Expert info
is shown when a packet cannot be associated (due to dissector bug or
protocol violations).
Bug: 13881
Change-Id: I097e41d1abff629d6f8cc25396bad60c6790e84e
Reviewed-on: https://code.wireshark.org/review/27099
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>