Change-Id: I1f863eea427529537df004e9782311d5c69ed4bd
Reviewed-on: https://code.wireshark.org/review/21505
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This function returns TRUE/FALSE depending whether the specified ProtoField/Dissector
needs to be dissected. By using this function in conjunction with the TreeItem.visible
attribute, Lua dissectors can be significantly sped up by making less C interop calls
which are relatively slow in terms of dissection especially when using sub-protocols
where the dissection of an entire protocol can be skipped.
Added tests for TreeItem:referenced to protofield.lua
Change-Id: I44feacb91a2a5b0e3c28c0ccd8d6b04cccd67261
Reviewed-on: https://code.wireshark.org/review/21387
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
After v2.3.0rc0-3167-ge6f944d632, the NSH dissector could call itself
recursively and since the minimum header length was not validated, it
could result in a stack overflow due to infinite recursion.
Add checks based on the text from
https://tools.ietf.org/html/draft-ietf-sfc-nsh-12#section-3.2
This patch also fixes a regression since v2.3.0rc0-3171-g2273cf0e7b
where the wrong tvb was passed to subdissectors. Tested with the two
captures from bug 11490.
Bug: 13612
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1156
Change-Id: I8cacfa267557e8373ff8134f4b020d927e37842f
Reviewed-on: https://code.wireshark.org/review/21499
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Automatically resets intarnal epan session after reaching to
specified number of packets, for example
-M 1000
will reset the session every 1000 packets.
this is more like a proposal since the usage is very specific
it is useful for 24/7 live capture with dissection and sending
data directly to another application.
example:
tshark -Y "gtp" -M 100000 -T fields -e gtp.message -e gtp.teid
Change-Id: I8ee8b0380017c684120a93cb3fb43f41615a9c04
Reviewed-on: https://code.wireshark.org/review/21312
Reviewed-by: Evan Huus <eapache@gmail.com>
Petri-Dish: Evan Huus <eapache@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The packet details context menu allows you, through the Protocol
Preferences sub menu to manipulate (disable) the protocol dissection
through the Disable <protocol>... option. This opens up the appropriate
dialog and select the applicable protocol.
This fails for protocols which have their can_toggle flag reset (e.g.
the frame protocol). The dialog opens, but the protocol can't be found,
hence the top item is selected.
Instead disable the menu option for protocols which can't have their
enabled state toggled.
Change-Id: Ifa83f656a8ab747f379d3ca0114520e5efed4b67
Reviewed-on: https://code.wireshark.org/review/21494
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Do some whitespace cleanup while we're at it.
Change-Id: I1c55ce916b6d8344736f5732130613f63cf4d60f
Reviewed-on: https://code.wireshark.org/review/21502
Reviewed-by: Guy Harris <guy@alum.mit.edu>
When using a filter such as "ncp.alloc_reply_lvl2 == FALSE", a memory
leak would occur as follows:
1. dfilter_fvalue_from_unparsed is called and
2. ends up calling _uint64_from_unparsed
3. which fails with error message "\"FALSE\" is not a valid number.".
4. Next, mk_fvalue_from_val_string is called which maps "FALSE" to 0
5. and the filter is successfully compiled.
6. dfwork_free deliberately does not free the error message (since
there should be none at this point) and we have a memleak (from 3).
Fix this memleak by clearing the error message when a successful
value_string mapping is found.
Change-Id: I78d59a4336342b09dc5448ea994b2e1d199d7f3f
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1302
Reviewed-on: https://code.wireshark.org/review/21497
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
They're not necessary for most hardware; remove the unnecessary checks,
and add comments indicating why they're not necessary (or fix the
"maximum value of actual_octets is" part of the comment).
They *are* necessary for Series III hardware; put in the check.
Change-Id: Idd64a74099d5cf7398a2ddb850442e53c9206724
Reviewed-on: https://code.wireshark.org/review/21491
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add some additional blank lines, remove some extra, blank lines, fix
indentation.
Make vVW510024_E_IS_VLAN 32-bits, to match the other flags.
Change-Id: Id1cd63ff2b75764907a44e9f8525b1537666fde1
Reviewed-on: https://code.wireshark.org/review/21488
Reviewed-by: Guy Harris <guy@alum.mit.edu>
There's only a 17-byte PLCP header with the Series III hardware.
Change-Id: Ice8dfbbc5daa0578ee4eb6588fc8a8b597806d0d
Reviewed-on: https://code.wireshark.org/review/21487
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That makes it clearer that the Series I hardware doesn't do HT or VHT.
Change-Id: Ibeccfcba997555bef06098828f01951dc32a6d2c
Reviewed-on: https://code.wireshark.org/review/21486
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Fix "VHTPPDU" to be "VHT PPDU".
Move the code that processes the RSSI values before the code that
processes the next two bytes of the header, so it's done in order; that
makes it a bit easier to see the layout of that header (although 2 bytes
of it are processed below).
Fix the comment describing what the first 16 bytes of the record data
after the stats are. Don't use vVW510021_W_STATS_HEADER_LEN - that's
for the Series II hardware.
Fix some indentation.
Change-Id: If47c4a44fd5e72971a28daf6af88d5e19c53abbe
Reviewed-on: https://code.wireshark.org/review/21482
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The code to scan the list has always required a null terminator, but
change 96f517647a got rid of the null
terminator.
Change-Id: I13c1553114e08e8617adaf8874ffb5e7c7c4b2d3
Reviewed-on: https://code.wireshark.org/review/21477
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I13e6a465b0e169f2f4ce134df3c873c416737b33
Reviewed-on: https://code.wireshark.org/review/21476
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Also adjust whitespace for a few places where if (tree) would mess up
expert_info use.
Change-Id: I79b8f7105515fb9ce220a46f3e875be466ee1044
Reviewed-on: https://code.wireshark.org/review/21474
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add support to configure a port number for encapsulating TCP
packets in UDP.
Change-Id: I9aea1eda4537b05e76e76ed0417acb34705bad9e
Reviewed-on: https://code.wireshark.org/review/21473
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Tüxen <tuexen@wireshark.org>
This is needed for decryption to work in draft -20. Since lots of
implementations are still at draft -18, maintain decryption support for
older draft versions. Tested with tls13.pcapng (attachment 15156).
Change-Id: Ieb7d85136221573007b529b40e4eadc60eac174f
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/21467
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
RawPublicKey (RFC 7250) has been incorporated in the Certificate
message, update the definition and restructure the code accordingly.
No functional change for X.509 certs, but RPK types will now be
correctly handled for TLS 1.3 (including the context and extensions).
Ran the test suite and tested for regressions using
rpk-certficate-message.pcapng from bug 11480.
Change-Id: If551a30344851313430201cb6d6198b2091efc2d
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/21466
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
During 'Darwin' transfer type conversion the network data is taken
as-is, without checking validity. This results in indexing errors.
Add validation before using as array index.
Bug: 13676
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1307
Change-Id: I24ca49bb21ba36a8d6a3c078ac2c05ded7b8d382
Reviewed-on: https://code.wireshark.org/review/21470
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Add the tree for the type/length/element ID for *all* IEs, whether we
know the IE type or not.
The total length of the IE is 2 + the value of the length field; always
advance by that much. This prevents infinite loops.
Fix the name of a field.
Bug: 13678
Change-Id: Iadc537653999a4a796c6689b180cf1b75e175035
Reviewed-on: https://code.wireshark.org/review/21472
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Those lists require null terminators; fix the script to add them, and
re-run the script (with the current tip of the master branch for
xcbproto and mesa).
Change-Id: I76c156521e79753f5c19cae16e9caa031abd2496
Reviewed-on: https://code.wireshark.org/review/21471
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Field 'SPC-2 Opcode' (scsi.spc.opcode) has a conflicting entry in its value_string: 132 is at indices 26 (Receive Copy) and 27 (Receive Copy Results))
Change-Id: I5916bab1bb493226003e86b5a6b693fd4a727499
Reviewed-on: https://code.wireshark.org/review/21458
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I5830581c843af41f48bc9645c2be7cf35fa00391
Reviewed-on: https://code.wireshark.org/review/21463
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The "extension_data" field is zero length.
Ping-Bug: 12779
Change-Id: I7a512d7940f55a5edf2c4f71bf1684c3d4e4733a
Reviewed-on: https://code.wireshark.org/review/21465
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Doesn't seem to make a difference at the moment, but ask
for it regardless.
Change-Id: I94ff4f1321b2b2f2cde23f3281a6b79fd7048009
Reviewed-on: https://code.wireshark.org/review/21436
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I4c703d380010ed784946a0093307423c227d37eb
Reviewed-on: https://code.wireshark.org/review/21450
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Field 'Return Code' (nmas.return_code) has a conflicting entry in its value_string: 4294965609 is at indices 56 ((-1687) EVALUATION VERSION WARNING) and 58 ((-1689) THREAD CREATE))
Field 'Return Code' (nmas.return_code) has a conflicting entry in its value_string: 4294965610 is at indices 55 ((-1686) DLL FAILED LOADING) and 59 ((-1690) SECURE CHANNEL REQUIRED))
Field 'Return Code' (nmas.return_code) has a conflicting entry in its value_string: 4294965611 is at indices 54 ((-1685) UNICODE FAILED INIT) and 60 ((-1691) NO DEFAULT USER SEQUENCE))
Field 'Return Code' (nmas.return_code) has a conflicting entry in its value_string: 4294965612 is at indices 53 ((-1684) CODEPAGE FAILED INIT) and 61 ((-1692) NO TREENAME))
Field 'Return Code' (nmas.return_code) has a conflicting entry in its value_string: 4294965613 is at indices 52 ((-1683) DOUBLEBYTE FAILED INIT) and 62 ((-1693) MECHANISM NOT FOUND))
Field 'Payload Error' (nmas.encrypt_error) has a conflicting entry in its value_string: 4294965609 is at indices 56 ((-1687) EVALUATION VERSION WARNING) and 58 ((-1689) THREAD CREATE))
Field 'Payload Error' (nmas.encrypt_error) has a conflicting entry in its value_string: 4294965610 is at indices 55 ((-1686) DLL FAILED LOADING) and 59 ((-1690) SECURE CHANNEL REQUIRED))
Field 'Payload Error' (nmas.encrypt_error) has a conflicting entry in its value_string: 4294965611 is at indices 54 ((-1685) UNICODE FAILED INIT) and 60 ((-1691) NO DEFAULT USER SEQUENCE))
Field 'Payload Error' (nmas.encrypt_error) has a conflicting entry in its value_string: 4294965612 is at indices 53 ((-1684) CODEPAGE FAILED INIT) and 61 ((-1692) NO TREENAME))
Field 'Payload Error' (nmas.encrypt_error) has a conflicting entry in its value_string: 4294965613 is at indices 52 ((-1683) DOUBLEBYTE FAILED INIT) and 62 ((-1693) MECHANISM NOT FOUND))
Change-Id: I2bdaa16b04c9d34cfbc5e83ca2b612326216224a
Reviewed-on: https://code.wireshark.org/review/21451
Reviewed-by: Michael Mann <mmann78@netscape.net>
Field 'Selector........' (mq.inq.sel) has a conflicting entry in its value_string: 2002 is at indices 221 (MQCA_BASE_Q_NAME) and 222 (MQCA_BASE_OBJECT_NAME))
Change-Id: Ie81b58bf9c32ea38ff5d0808accdd8e9dac3b81a
Reviewed-on: https://code.wireshark.org/review/21453
Reviewed-by: Michael Mann <mmann78@netscape.net>
Field 'SAM Mode' (pn532.sam.mode) has a conflicting entry in its value_string: 3 is at indices 2 (Wired Card Mode) and 3 (Dual Card Mode))
Change-Id: I5ee07aff43e2f5ba7a2757057a0da80e2f747541
Reviewed-on: https://code.wireshark.org/review/21455
Reviewed-by: Michael Mann <mmann78@netscape.net>
Field 'Trace Kind' (nettl.kind) has a conflicting entry in its value_string: 536870912 is at indices 2 (Incoming PDU - PDUIN) and 3 (PDUIN))
Field 'Trace Kind' (nettl.kind) has a conflicting entry in its value_string: 268435456 is at indices 4 (Outgoing PDU - PDUOUT) and 5 (PDUOUT))
Change-Id: I14d47225a4ae83b6667313e5c0ca13e4d4d64831
Reviewed-on: https://code.wireshark.org/review/21452
Reviewed-by: Michael Mann <mmann78@netscape.net>
Field 'padata-type' (kerberos.padata_type) has a conflicting entry in its value_string: 1 is at indices 1 (kRB5-PADATA-TGS-REQ) and 2 (kRB5-PADATA-AP-REQ))
Field 'padata-type' (kerberos.padata_type) has a conflicting entry in its value_string: 15 is at indices 15 (kRB5-PADATA-PK-AS-REP-19) and 16 (kRB5-PADATA-PK-AS-REQ-WIN))
Field 'padata-type' (kerberos.padata_type) has a conflicting entry in its value_string: 20 is at indices 21 (kRB5-PADATA-USE-SPECIFIED-KVNO) and 22 (kRB5-PADATA-SVR-REFERRAL-INFO))
Change-Id: I504291b8eb181c9e40d54421f583755cfc4f17db
Reviewed-on: https://code.wireshark.org/review/21454
Reviewed-by: Michael Mann <mmann78@netscape.net>
Field 'Error' (qsig.error) has a conflicting entry in its value_string: 43 is at indices 12 (proceduralError) and 42 (notActivated))
Change-Id: Ic1468f32922644933a79db504a4ecfb6e2289bd2
Reviewed-on: https://code.wireshark.org/review/21457
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
- Select one of the capturing interfaces when start capture
- Only send user changed control values when start capture
- Don't show hidden interfaces
- Allow a toolbar with no interfaces
- Renamed button role "reset" to "restore"
- Improved control number validation
- Updated documentation
Change-Id: Icc8d04043c95c1f3ef8d7cdc3b251be4471cba0a
Reviewed-on: https://code.wireshark.org/review/21445
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>