If no stream is given to FollowStreamDialog::follow(), then it
overwrites the display filter with a conversation filter for the first
packet in the capture file.
Pass an explicit stream number and the "Follow stream" button will set a
correct display filter.
Test: open pcap with three TCP streams. Statistics -> Conversations.
Select last TCP conversation (expect "tcp.stream eq 2"). Select the
second conversation (expect "tcp.stream eq 1") and activate "Filter Out"
button (expect "!(tcp.stream eq 1)" and not "!(tcp.stream eq 2) and
!(tcp.stream eq 1)").
Bug: 14254
Change-Id: I28744d7f76f5034b07ea5660b45399566e3a7d2c
Reviewed-on: https://code.wireshark.org/review/26520
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Changed type for the bitrate fields, from signed32 to unsigned32.
This fixes the problem of getting "-1" values at G_MAXUINT32.
TS 32.298 refers to TS 29.212 regarding bitrates, in TS 29.212 the
corresponding AVPs are defined as Unsigned32.
Change-Id: I6e0083bf034c7254ab48ca3c2c405cc20f5d6394
Reviewed-on: https://code.wireshark.org/review/26585
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
The "bag" was not deallocated when the key is successfully loaded.
Parse all bag elements rather than clearing the bag after the first
iteration (this restores previous behavior).
Change-Id: Ib52da6586f7435d18fa5b0660e7771436544b634
Fixes: v2.5.0rc0-613-gf63b68f707 ("Further cleanups.")
Reviewed-on: https://code.wireshark.org/review/26481
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
If the previous TCP segments already form one or more PDUs, then the
data source of these segments must not be removed. Otherwise
get_field_data (epan/print.c) will fail to find the data source which
correspond to the fields within these PDUs.
Also tested with the capture referenced in v1.11.3-rc1-1525-g21e0a63b29
(bug 9169), the "tshark -Vr mem-leak.pcap" output remains unchanged.
Bug: 14472
Change-Id: Ia448a6b84dd2eb84b00e56d3fcde04f7bec05b9d
Reviewed-on: https://code.wireshark.org/review/26397
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
In function 'add_header' coгple of if-statements didn't corespond
to comments above.
Change-Id: Idd846cebf7e17d0e2f49c7c7d3de466b899c73c6
Reviewed-on: https://code.wireshark.org/review/26573
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Draft -20 shortened the label used by Key Update, adjust accordingly.
Change-Id: I3761b94933165a65fd810eff7bef4373290346cd
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/26554
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This should solve the missing prototypes warnings
Change-Id: Iaf2ac6c0a151cfb614f76c4a6bb103e0210d3808
Reviewed-on: https://code.wireshark.org/review/26567
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
That dissector expects to be handed an 802.11 pseudoheader; the GRE
dissector passes the flags and version from the GRE header to
subdissectors registered in the gre.proto table, so they'd better either
expect the flags-and-version structure or ignore the pseudoheader. (For
802.11, the pseudoheader has radio information, but that's not available
from GRE.)
Use the no-FCS 802.11 frame dissector instead.
Bug: 14544
Change-Id: I6515901dc3674eb36ec768fa4f9a7a4040a78365
Reviewed-on: https://code.wireshark.org/review/26560
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Fix a dependency issue for the vagrant build system and update
it to the latest Ubuntu LTS release (16.04 LTS). Also give it
more vCPU's and RAM by default.
Change-Id: I058e6a05356dba57a55ada7fe84f959e227a04b4
Reviewed-on: https://code.wireshark.org/review/26541
Reviewed-by: Sake Blok <sake.blok@SYN-bit.nl>
Rather than requiring all callers to pass a non-null source argument,
explicitly allow a NULL source when the size is zero. This is consistent
with g_memdup behavior.
While at it, fix a memleak and avoid memset(0,0,0) in tests.
Change-Id: I86a092625a508544d180da959e4afdd0366539f4
Reviewed-on: https://code.wireshark.org/review/26496
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Mališa Vučinić <malishav@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Evan Huus <eapache@gmail.com>
GSMTAP_TYPE_LTE_NAS has been set to 0x12 by osmocom:
https://gerrit.osmocom.org/5018
Change-Id: Ia248e54cd73eaa9b8ad02aa40145e5a87baca79e
Reviewed-on: https://code.wireshark.org/review/24554
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Filter does not work due to same shared short name for cell-id being used for two different asn.1 defintions
cell-ID OCTET STRING,
cell-ID CellIdentity,
Change-Id: I5921bc82d46f38d43f9083e41d3a0558821042eb
Reviewed-on: https://code.wireshark.org/review/26545
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Pavel Strnad <pavel_strnad@hotmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Use a single filter for short/long (truncated) BS values to ease
filtering.
Rename other filters to the new mac-nr.bsr.* format.
Fill the missing entries in 8 bits buffer size levels array.
Change-Id: If150f9a951efb40e554c5ea18639cfd4539a1319
Reviewed-on: https://code.wireshark.org/review/26539
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
RFC 7668 section 3.2.2 states that IID formed from the 48-bit Bluetooth
device addresses does not toggle the Universal/Local bit, but Linux
kernel BT IPSP code before version 4.12 does toggle this bit.
Add an option to turn this on when needed.
Change-Id: I77f84a5d56e77bb2c61770237fe53367498cc194
Reviewed-on: https://code.wireshark.org/review/26533
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Currently the "Continue without Saving" button is visually highlighted
in the "Unsaved packets..." dialog, but pressing Enter triggers "Save"
instead. Even after changing button focus with arrow or tab keys,
pressing Enter will not confirm the action (but Spacebar does).
Restore the expected behavior for Linux and Windows, but preserve the
fix for macOS since (for which this was originally added).
Bug: 14531
Change-Id: Ic20fc5809b55949f6fd960bcb32618a4fa7fd1e9
Fixes: v2.3.0rc0-2672-gb0335359e5 ("Qt: Give discard button focus (but not as default)")
Reviewed-on: https://code.wireshark.org/review/26511
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Pass Type I vs. II/III via dissector data instead of pinfo
Append type to protocol name
Put vlan number into pinfo when appropriate
Put version 1 and version 2 dissection into separate blocks
Rename priority into cos (as per draft-rfc)
Add new subheader from draft-3
Change-Id: I6eb7fe7073a6cc92e2028b0491de5e0f3f036b4e
Reviewed-on: https://code.wireshark.org/review/26512
Petri-Dish: Jörg Mayer <jmayer@loplof.de>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
Ensure that a selected field (via selectedFieldChanged) becomes visible
in the packet details view when selected from the bytes view (or when
found via a search).
As making a field always visible seems a desirable feature (and in the
interest of simplifying preferences), enable this by default using the
smarter EnsureVisible hint.
Remove the associated preferences and mark them GTK+ only.
Change-Id: I05a918c1e09135c0b4e10f04024bff092756e55c
Fixes: v2.5.0rc0-2383-g6b2764a41e ("ProtoTree behavior fixes.")
Reviewed-on: https://code.wireshark.org/review/26509
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
When allocating structs this increases a lot the code readability.
Change-Id: I86b26ea3debb400d6e1e8012206008740e528b23
Reviewed-on: https://code.wireshark.org/review/26523
Reviewed-by: Anders Broman <a.broman58@gmail.com>
They've been replaced by direct cast.
Change-Id: I99fbc0463af724dc2592fbfe24a63c645902c703
Reviewed-on: https://code.wireshark.org/review/26522
Reviewed-by: Anders Broman <a.broman58@gmail.com>
which is the name of the field before it
Change-Id: I7661bcff58b8a1031dcde84dd46499b7b93b42df
Reviewed-on: https://code.wireshark.org/review/26517
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Mention Npcap on the WinPcap installer page and add a link to it.
Update some other text and tell developers to use NSIS 3.0 while we're
here.
Change-Id: I64728f014f518439ba4a38eda7a283274d40fcdc
Reviewed-on: https://code.wireshark.org/review/26515
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Switch a build example to CMake + Ninja. Add syntax highlighting
annotations.
Change-Id: I5ee0af548f44ed5be6f6e8367f5167dc499df017
Reviewed-on: https://code.wireshark.org/review/26514
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Peter Wu