Fix heuristic checks to handle sliced packets correctly. "Correctly"
means "fail the heuristic", as the heuristic checks every single byte of
the putative Ixia trailer, as one thing it does is check the checksum,
which is in the last 2 bytes of the trailer and checks everything before
it. So just return 0 if the full trailer isn't part of the captured
data.
Try to handle being handed a tvbuff that contains an FCS by looking at
the putative "magic number" locations where it would be if the tvbuff
didn't include the FCS and, if that doesn't match, where it would be if
it *did* include the FCS. If the former doesn't match but the latter
does, assume that means it does include the FCS, and do all other
processing under that assumption.
Clean up some comments.
Fix an hf_ variable name to match the field name, and put the tvbuff
value fields in the order of their types.
Don't fail if the field length is 0 - it's a value length, so it could
in theory be 0. Rely on the length checks for individual types to catch
problems.
Change-Id: Idc834aa6637cfbbafd6499060a007e720378154e
Reviewed-on: https://code.wireshark.org/review/10024
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The Ixia trailer is a variable-length sequence of TLVs followed by some
fixed-length fields. Describe it as such.
Realign some #defines while we're at it.
Change-Id: I5fc45a1d44978f1dc1f13e7098c3f797838db7b3
Reviewed-on: https://code.wireshark.org/review/10022
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Protocol is TLV protocol and with this change I add one more field to it.
It is entire backward compatible.
Format is as follow:
Fields Trailer Length 0xAF12(Signature) Trailer Checksum
The fields portion of the trailer is a series of 2-byte fields followed by variable
length data. The first byte indicates the field type, the 2nd byte indicates the
field length. The values supported are listed below:
1 Reserved (Original Packet Size)
3 Timestamp (From Local Timebase)
4 Timestamp (From NTP source)
5 Timestamp (From GPS)
6 Timestamp (From 1588)
7 Timestamp (From Holdover)
Change-Id: I0a3b31cfbc5b6273e1f5326d9841e449735967fe
Reviewed-on: https://code.wireshark.org/review/9854
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
TODO:
- LUA is commented out probably needs to be built with MSVC 2015.
- GeoIP is commented out, causes packet-ip* to not build.
- Qt not built, needs Qt with MSVC 2015
Change-Id: I1658077931b89b9a22ee32e5ed7de38e07fb6a55
Reviewed-on: https://code.wireshark.org/review/8683
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I1e6bf52fad1b1fffefc174a557ff836f400e8fd7
Reviewed-on: https://code.wireshark.org/review/9996
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This option skips some bytes when fuzzing, that prevents some headers from being changed. This focuses fuzzer to a smaller part of the packet.
Change-Id: I1db83235e93f2774a9991e3af70f633487b816fa
Reviewed-on: https://code.wireshark.org/review/9982
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Essentially: Do the version checks at compile time using
#if statements (even though the compiler
probably optimized out the run time checks).
Change-Id: I4879b39729ba5bd6b1c478ac43c107cb9fb445b3
Reviewed-on: https://code.wireshark.org/review/10006
Reviewed-by: Bill Meier <wmeier@newsguy.com>
[...]\packet-pdc.c(205) : fatal error C1001: An internal error has occurred in the compiler.
(compiler file 'f:\dd\vctools\compiler\utc\src\p2\main.c', line 246)
To work around this problem, try simplifying or changing the program near the locations listed above.
Please choose the Technical Support command on the Visual C++
Help menu, or open the Technical Support help file for more information
INTERNAL COMPILER ERROR in 'C:\Program Files\Microsoft Visual Studio 14.0\VC\BIN\cl.EXE'
Please choose the Technical Support command on the Visual C++
Help menu, or open the Technical Support help file for more information
Change-Id: I505898d0c76244a56d75af1a1c5bf30554dd9a2b
Reviewed-on: https://code.wireshark.org/review/10005
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Add RpcServiceResponseTimeDialog, which handles DCE-RPC and ONC-RPC
service response time statistics. Try to make it as lightweight as
possible, since we might want to pull this into the RPC dissectors
similar to the other SRT statistics.
Allow program names on the command line in place of numbers or UUIDs. Make
matches case-insensitive. E.g. the following are equivalent:
-z rpc,srt,100003,3
-z rpc,srt,nfs,3
-z rpc,srt,NFS,3
as are the following:
-z dcerpc,srt,f5cc5a18-4264-101a-8c59-08002b2f8426,56
-z dcerpc,srt,nspi,56
-z dcerpc,srt,NSPI,56
Change-Id: Ie451c64bf6fbc776f27d81e3bc248435c5cbc9e4
Reviewed-on: https://code.wireshark.org/review/9981
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Inserting QTreeWidgetItems individually is slow. This isn't a problem if
you only have a few items but the Expert Information dialog can have
thousands. Add "packet" tree items in groups, which should be much
faster. Note that we still add "group" tree items individually since
that gives us a nice progress indicator.
While we're here, make sure we show the dialog before tapping packets.
Bug: 11439
Change-Id: I8a182f4158d078cae5f42b8d1355414197f423e1
Reviewed-on: https://code.wireshark.org/review/10000
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
This is functions used when redissecting after a Lua plugins reload.
Change-Id: Ida14526faec1992006938a6732ee894ac83c2d12
Reviewed-on: https://code.wireshark.org/review/9995
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Change-Id: I7a7778802c442b254626a7676cb74ca2855fa65e
Reviewed-on: https://code.wireshark.org/review/9977
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If we assume that, the time stamps of the sample captures on the
Colasoft site are in the range 2000-2014, and the HTTP time stamps in
the HTTP capture from there are close to the packet time stamps.
Change-Id: Id0e29c03dc8ada40f1040b95f169b4f3a8954a0f
Reviewed-on: https://code.wireshark.org/review/9986
Reviewed-by: Guy Harris <guy@alum.mit.edu>
if we don't do this, there'll be a dangling tap listener and we'll see a
crash when its reset method is called
this can be triggered by opening another expert info dialogue, this will
invoke cf_retap_packets() and reset_tap_listeners() which in turn calls
the reset method of each registered tap listener
Bug: 11432
Change-Id: I8fc13351666c875e1a3641f31bada8e80d167ab2
Reviewed-on: https://code.wireshark.org/review/9979
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Always set is_removed when insert data in a node.
Change-Id: I8fb50932a369e3f4fe8a1f743462683fff705cc2
Reviewed-on: https://code.wireshark.org/review/9978
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
As the comment says, "Entries must be sorted by
WTAP_FILE_TYPE_SUBTYPE_xxx values in ascending order." If they're not,
the file type to file type string routines don't give the right answer.
Change-Id: I06afe7bb98cb36c54ddc831113bb632598ab2eb0
Reviewed-on: https://code.wireshark.org/review/9975
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This will allow integer value 0 again.
Change-Id: Ibfa4249ea8b887971d3b3214ad9e4d095d20d155
Reviewed-on: https://code.wireshark.org/review/9973
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
This is initial support for reloading Lua plugins without
restarting the application.
Still todo:
- Deregister FileHandlers
- Support deregister ProtoField with existing abbrev (same_name_hfinfo)
- Add a progress dialog when reloading many plugins
- Search for memory leakages in wslua functions
Change-Id: I48870d8741251705ca15ffe1068613fcb0cb18c1
Reviewed-on: https://code.wireshark.org/review/5028
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
to 0.
Change-Id: I837bf8ac9d5724dd485f0bc62f3fe32bedd3eb0e
Reviewed-on: https://code.wireshark.org/review/9970
Reviewed-by: Anders Broman <a.broman58@gmail.com>
==5932== 33 (32 direct, 1 indirect) bytes in 1 blocks are definitely lost in loss record 2,124 of 4,121
==5932== at 0x4C28BED: malloc (vg_replace_malloc.c:263)
==5932== by 0xA024F30: g_malloc (gmem.c:159)
==5932== by 0xA03A9E5: g_memdup (gstrfuncs.c:384)
==5932== by 0x70754D2: gp_init_zbee_security (packet-zbee-nwk-gp.c:1459)
==5932== by 0xA03A78C: g_slist_foreach (gslist.c:840)
==5932== by 0x67E867C: init_dissection (packet.c:249)
==5932== by 0x67DC202: epan_new (epan.c:160)
==5932== by 0x414B16: cf_open (tshark.c:2464)
==5932== by 0x40CF8A: main (tshark.c:2169)
Change-Id: I7c0ce0717957525ca18eb4888ed3389debc89a49
Reviewed-on: https://code.wireshark.org/review/9967
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I81b46ec7d9d919ff2779d1005063e9ef6c92e097
Reviewed-on: https://code.wireshark.org/review/9966
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: Ib0f4cc47ede7b840cba38ecad04bd17bb6bccd55
Reviewed-on: https://code.wireshark.org/review/9965
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Right now the output encapsulation type is ignored if the output (default) format is set to pcapng.
Change-Id: Ibffaaed5979bf63ed4e3fa3b1f859a82b401d80b
Reviewed-on: https://code.wireshark.org/review/9911
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>