Only use proto_tree_add_bytes_item() if you
1) are processing a hex string rather than binary byte array;
2) need the raw byte data.
While we're at it, fix the encoding argument in some calls adding
FT_BYTES fields to be ENC_NA, and, for some cases that could use
FT_UINT_BYTES, use proto_tree_add_item_ret_uint() to handle the length
and add a comment about that.
Change-Id: I6a1baca5c7da3001c0a6669f9c251e9773346c8c
Reviewed-on: https://code.wireshark.org/review/36967
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
MSVC falsely reports a '*/' found outside of comment warning
Change-Id: I41366c9760f6b698a1c6a4309cdfa2f9828bb0c2
Reviewed-on: https://code.wireshark.org/review/36961
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
modified the peekremote dissector to support 11ax flag in the extended
flags (one reserved bit set to 1 for ax and 1 for 160mhz). Also added
constants for new data rates MCS 10-11.When the 11ax flag is on,
decoding the phy as 11ax (11ax PHY is a different commit already in the
main code since november 2019)
Bug: 15740
Change-Id: Ida7977cdbbd5c83d2158115d9560c5acc815eab9
Reviewed-on: https://code.wireshark.org/review/36686
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Group them by the data types for which they're used, starting with the
byte-order definitions which (with the inclusion of ENC_NA) are used
with all types.
Put all the ones used for strings together, starting with the character
encodings, with the Zigbee flag and the flags for "this is a string but
we're going to interpret it as a byte array or time stamp".
Make ENC_CHARENCODING_MASK equal to ENC_STR_MASK; no, there's no reason
for ENC_STR_MASK to replace ENC_CHARENCODING_MASK - the opposite should
happen, as ENC_CHARENCODING_MASK at least specifies what the bits set in
it are used for, namely character encodings. If all #defines for
strings should have _STR_ in them, start with the character encoings.
Change-Id: I072420f313086153b4ea4034911fc293453dea00
Reviewed-on: https://code.wireshark.org/review/36962
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Rework the method verifying if there are more data in packed attribute
New version checks if there are any non-zero bits after the current bit in the
packet. If it sees some non-zero bits - that means there is some data in the
packet. If there are zero bits only - that means there is no more data in the
packet.
Changes affect RTSP/SDP dissector and they are specific for
SDP media attribute (a) fmtp/sprop-parameter-sets for H264 protocol
Bug: 16322
Change-Id: Ic4768c56f16b79cbf2ccac8a9736f8fa15043224
Reviewed-on: https://code.wireshark.org/review/36899
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Exporting dissected bytes did not consider the
selection of packets on Windows, if multiple
packets had been selected
Bug: 16516
Change-Id: I9d914fe1fed22f842d73caea397a3f37ffc0d523
Reviewed-on: https://code.wireshark.org/review/36958
Reviewed-by: Roland Knall <rknall@gmail.com>
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
parameter 'ti' not found in the function declaration [-Wdocumentation]
Change-Id: I4080cf118c3a81fd47fd4c32e8809d83256893dd
Reviewed-on: https://code.wireshark.org/review/36955
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This commit adds a basic dissector for ScyllaDB RPC protocol.
ScyllaDB (www.scylladb.com) is a No-SQL database serving multiple
client protocols (e.g. CQL). The newly introduced dissector
provides a way to inspect Scylla's internal protocol, used by
the nodes to communicate with each other - share data, gossip
the cluster state, update the schemas, etc.
This dissector implements only a shallow dissection of most packets,
i.e. recognizing the packet type. Two requests with deeper dissection
are MUTATION and READ_DATA, used by I/O operations in the database.
Bug: 16471
Change-Id: Ibba8262bd4e5a637b24b3e7846c42c6534ef811b
Signed-off-by: Piotr Sarna <sarna@scylladb.com>
Reviewed-on: https://code.wireshark.org/review/36633
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Add some ENC_ values for various flavors of packed BCD, and use that
instead of explicitly calling tvb_bcd_dig_to_wmem_packet_str() and
adding the result.
Change-Id: I07511d9d09c9231b610c121cd6ffb3b16fb017a9
Reviewed-on: https://code.wireshark.org/review/36952
Reviewed-by: Guy Harris <gharris@sonic.net>
They were added in the code, but weren't documented.
Change-Id: Iaa12e2d33aa4a4b889c00a7f10b12b4c9b6e8197
Reviewed-on: https://code.wireshark.org/review/36953
Reviewed-by: Guy Harris <gharris@sonic.net>
It has to be initialized to false, otherwise you get random misreported
cycles.
Change-Id: I1ffa1f8fae4883960ebf0522e44bc9e1378b2470
Reviewed-on: https://code.wireshark.org/review/36939
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Expand the description of the "TCP ZeroWindow" analysis flag.
Change-Id: Icf9b5cb60d305150eb13e5d74f4a4d2008fa96e4
Reviewed-on: https://code.wireshark.org/review/36938
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add support to the MSRP dissector to reassemble messages from multiple
packets.
Bug: 8270
Change-Id: I464c91b2e6e3c4edc242b3e2f52a8febc455e5ae
Reviewed-on: https://code.wireshark.org/review/36894
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
A retransmitted ChangeCipherSpec could result in resetting the cipher.
The subsequent Finished message and application data messages would
therefore fail to decrypt. In legitimate TLS sessions, there should not
be a CCS without starting a new handshake, so that remains unaffected.
To ease debugging this issue, log the packet number and add some extra
details to the debug log. Move or remove ssl_packet_from_server calls to
avoid redundant work and to keep the debug log cleaner.
Additionally, try harder to dissect handshake messages if we know for
sure that they are decrypted. This allows inspection of a broken
Finished message that had a too large fragment length.
Tested with a private capture file from Stig Bjørlykke.
Change-Id: If6f15f8b72c467ea9ef15ddcaf2c5ebe980c27c8
Reviewed-on: https://code.wireshark.org/review/36929
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If we launch a TCPStreamDialog in a situation where we can't select a
corresponding tcp stream, we leave the constructor before graph_
is initialized.
Later on, the destructor calls graph_segment_list_free(&graph_).
This requires that graph_ was initialized before.
Make sure that we initialize graph_ in the constructor, regardless
of errors.
(There's other aspects of this issue. We shouldn't be able to
launch a TCPStreamDialog when we have no tcp stream...)
Change-Id: I7b4ddadca8f699d30ec45f0fe6021ae9d36ced53
Reviewed-on: https://code.wireshark.org/review/36935
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In the constructor, we allocate a delegate for the name column and assign
it by calling QAbstractItemView::setItemDelegateForColumn(). This does
not pass ownership of the delegate to QAbstractItemView, it's still
up to us to free the delegate.
ASAN warns about this
Indirect leak of 48 byte(s) in 1 object(s) allocated from:
...
#1 ... in ProfileTreeView::ProfileTreeView(QWidget*) ui/qt/widgets/profile_tree_view.cpp:46:17
#2 ... in Ui_ProfileDialog::setupUi(QDialog*) ui/qt/qtui_autogen/include/ui_profile_dialog.h:67:31
#3 ... in ProfileDialog::ProfileDialog(QWidget*) ui/qt/profile_dialog.cpp:59:13
#4 ... in MainWindow::on_actionEditConfigurationProfiles_triggered() ui/qt/main_window_slots.cpp:2239:36
Add a destructor for ProfileTreeView and free the delegate there.
Change-Id: I2a76abb7ec174c91ad15bfac91f2b47bea29f511
Reviewed-on: https://code.wireshark.org/review/36934
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use the toolchain included with Command Line Tools instead of the one
from Xcode.app. This fixes the build on macOS 10.14.6:
FAILED: epan/crypt/CMakeFiles/crypt.dir/dot11decrypt_tkip.c.o
/Applications/Xcode-11.3.1.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/cc ...
...
/Library/Developer/CommandLineTools/SDKs/MacOSX10.14.sdk/usr/include/_stdio.h:93:16: error: pointer is missing a nullability type specifier (_Nonnull, _Nullable, or _Null_unspecified) [-Werror,-Wnullability-completeness]
unsigned char *_base;
Change-Id: I45d80dce1a0aca7a9f6a945171ebd8789314e924
Link: https://www.wireshark.org/lists/wireshark-dev/202004/msg00065.html
Reviewed-on: https://code.wireshark.org/review/36924
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
The IEEE 1278.1-2012 spec for DIS (Distributed Interactive Simulation)
specifies the format of Articulated Part VP record as:
8bits Record Type enum
8bits Change Indicator unsigned integer
16bits ID unsigned integer
32bits Parameter Type enum
32bits Parameter Value floating point
32bits Padding unused
(Section 6.2.94.2)
The dissector was interpreting the last 64bits as one value, this patch
fixes it to interpret it as 32bit float and 32bit padding.
Change-Id: Id509715f02daeecf12e3094fc1ed63e81705852b
Reviewed-on: https://code.wireshark.org/review/36922
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
The headers for UFTP version 4 contain a header length field which gives
the length of the header in 4 byte words. Currently, only the raw value
is displayed, not the actual byte count (for example 4 instead of 16).
Several headers contain a timestamp field composed of 4 byte seconds and
4 byte microseconds since the UNIX epoch. These are currently being
interpreted incorrectly as nanoseconds instead of microseconds.
The FILEINFO header contains a file timestamp field composed of 4 bytes
seconds since the epoch that is currently displayed as a raw value
instead of as a timestamp.
Change-Id: I936eb5317ca6802a094d8c1e01ae8ae78bb5cb7c
Reviewed-on: https://code.wireshark.org/review/36910
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
According to
https://asciidoctor.org/docs/asciidoc-asciidoctor-diffs/
[discrete] is preferred over [float] for discrete headings.
Change-Id: I4d67a72c19a8cf75ad8cf37c55e6f5abddb14d04
Reviewed-on: https://code.wireshark.org/review/36925
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Update the name resolution section of the User's Guide. Use title case
in the rest of the chapter and switch [float]s to [discrete]s.
Change-Id: I7093de72592466c32e130b952f9979f1b47fa280
Reviewed-on: https://code.wireshark.org/review/36923
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Support for the -m (monospace font) flag was removed from Wireshark in
2.3/2.4 in g37252634c4. Remove it from the man page and help output.
Change-Id: Idaafeb6cd30d7deea6086a065168c91affd6f0ad
Reviewed-on: https://code.wireshark.org/review/36926
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Add an illustration of the advanced preferences along with some examples
from https://wiki.wireshark.org/Preferences/Layout.
Change-Id: I5dd6afe06bef9a0f5e1862f13fb716d63032cd96
Reviewed-on: https://code.wireshark.org/review/36927
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Add proto_item_get_display_repr(), which returns a string, allocated
with a specified wmem scope, containing the display representation of
the value of a proto_item.
Use it in the LLDP dissector, to append that string to the parent
protocol tree item; use packet scope, so it doesn't hang around forever
(the previous code used the NULL scope, meaning explicit freeing was
required, but it wasn't explicitly freeing the value, so it was
leaking).
Change-Id: I146380118833b1daef9dea8bd9463001e5b9325f
Reviewed-on: https://code.wireshark.org/review/36931
Petri-Dish: Guy Harris <gharris@sonic.net>
Reviewed-by: Guy Harris <gharris@sonic.net>
true_false_strings have no helper function to properly retrieve the
string representing the true or false value, much like unit_strings,
even though this is not uncommon in dissectors.
This change introduces the helper function and modifies the dissectors,
so that they use this helper i.s.o. their own expressions.
Change-Id: I477ed2d90a9a529fc5dcfef7e3ea42ec180d27ae
Reviewed-on: https://code.wireshark.org/review/36920
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Don't use hf_text_only. For the protocol tree items that are just
subtrees, use proto_tree_add_subtree(); for the emergency call numbers,
give them real FT_STRING fields, using tvb_bcd_dig_to_wmem_packet_str().
Change-Id: I721271e26502abce8d8ce2375fc0916c0de586e6
Reviewed-on: https://code.wireshark.org/review/36928
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
The validator doesn't prevent the input focus from being transferred out
of the QLineEdit, and it merely prevents the user from entering a value
that's considered "invalid" rather than "not valid but "intermediate"".
For QIntValidator(), values that have more digits than the maximum value
are "invalid", but values that have the same number of digits but that
are larger are just "intermediate".
This means the user will be able to send such a value to the extcap
module.
So we explicitly check the validator in ExtArgText::isValid(), so that
1) we provide visual feedback (at least to people who can detect a red
background) for out-of-range values that don't have too many digits and
2) prevent them from being treated as valid and passed to the extcap
module.
Bug: 16510
Change-Id: Ie5b90cf5dbb57c91744f6a28a71674b65ef21bb6
Reviewed-on: https://code.wireshark.org/review/36914
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Reviewed-by: Roland Knall <rknall@gmail.com>
Otherwise values look confusing since at first glance they look like hex
values, for instance "-22cB".
Change-Id: I8ce3c108876f5acd65c5d6418c18ce43f618eb25
Reviewed-on: https://code.wireshark.org/review/36907
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Update "Import From Hex Dump" via GUI to allow the same timestamp format as
supported by the command line tool text2pcap. Added support for:
%F Equivalent to %Y-%m-%d (the ISO 8601 date format).
%s The number of seconds since the Epoch, 1970-01-01 00:00:00 +0000 (UTC).
While at it changed the following:
- Subsecond timestamp dot format (.) is now shown in the timestamp Example Label.
- A timestamp format without any format (%) now disables Import button.
The field "Timestamp format" in the GUI now accepts exactly the same formatting
as the text2pcap's -t time format option.
Change-Id: Ie48362f86ed3214288635767d1fc4161599d1907
Reviewed-on: https://code.wireshark.org/review/36417
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Distinguished Name (AFI 17) is not a widely used address family, but
there is ongoing work in the LISP IETF working group to standardize its
use within the LISP control plane protocol. The encoding is quite
simple, it's just a zero-terminated ASCII string. Details can be found
in the following IETF draft:
https://tools.ietf.org/html/draft-farinacci-lisp-name-encoding
Change-Id: I701f54d0c5e95b14ad48030935eb059bd68c9a0e
Reviewed-on: https://code.wireshark.org/review/36892
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix the field length of "Length of Destination Interface
field" and "Length of Network Instance field" which should
be two-octet long but only one in the current codes.
Change-Id: Id303b92812bb2551ec570ec807d602d0fb44f27a
Signed-off-by: Yoshiyuki Kurauchi <ahochauwaaaaa@gmail.com>
Reviewed-on: https://code.wireshark.org/review/36908
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add more tabs and fix some type mismatch
Add some expert info for wide used flag
Add dissection of FRACSEC in milliseconds if it possible
Change-Id: Ic681a69e0659c6b6e33f77a8016e14708a7dca08
Reviewed-on: https://code.wireshark.org/review/36888
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>