For numeric values such as port numbers, "4430..4434" looks more
natural than "4430 .. 4434", so support that.
To make this possible, the display filter syntax needs to be restricted.
Assume that neither field names nor values can contain "..". The display
filter `data contains ..` will now be considered a syntax error and must
be written as `data contains ".."` instead. More generally, all values
that contain ".." must be quoted.
Other than the ".." restriction, the scanner deliberately accepts more
characters that can potentially form invalid input. This is to prevent
accidentally splitting input in multiple tokens. For example, "9.2." in
"frame.time_delta in {9.2.}" is currently parsed as one token and then
rejected because it cannot be parsed as time. If the scanner was made
stricter, it could treat it as two tokens (floats), "9." and "2." which
has different meaning for the set membership operator.
An unhandled edge case is "1....2" which is parsed as "1 .. .. 2" but
could have been parsed as "1. .. .2" instead. A float with trailing dots
followed by ".." seems sufficiently weird, so rejection is fine.
Ping-Bug: 14180
Change-Id: Ibad8e851b49346c9d470f09d5d6a54defa21bcb9
Reviewed-on: https://code.wireshark.org/review/26960
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Allow "tcp.srcport in {1662 1663 1664}" to be abbreviated to
"tcp.srcport in {1662 .. 1664}". The range operator is supported for any
field value which supports the "<=" and "=>" operators and thus works
for integers, IP addresses, etc.
The naive mapping "tcp.srcport >= 1662 and tcp.srcport <= 1664" is not
used because it does not have the intended effect with fields that have
multiple occurrences (e.g. tcp.port). Each condition could be satisfied
by an other value. Therefore a new DVFM instruction (ANY_IN_RANGE) is
added to test the range condition against each individual field value.
Bug: 14180
Change-Id: I53c2d0f9bc9d4f0ffaabde9a83442122965c95f7
Reviewed-on: https://code.wireshark.org/review/26945
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It has been replaced by cmake.
Change-Id: I83a5eddb8645dbbf6bca9f026066d2e995d8e87a
Reviewed-on: https://code.wireshark.org/review/26969
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a destination directory flag to git-export-release.sh. Use it to
replace the current "dist" target. Use it in the RPM section to avoid a
symlink.
Change-Id: I30ae76b3ab1a995d232e748b79aa37440f90f854
Reviewed-on: https://code.wireshark.org/review/26974
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add some notes about avoiding the use of git stash.
Change-Id: I441adef099e5d64834a73e9f0f260d00c21be585
Reviewed-on: https://code.wireshark.org/review/26973
Reviewed-by: Gerald Combs <gerald@wireshark.org>
That way I won't have to restore the dir after a "git -dfX"
Also Update CMake to 1.11.0 (current) and Qt to 5.9.5 (LTS)
Change-Id: Idcc481b517d6379f97fa5d30ce3b886cfcf3c9d4
Reviewed-on: https://code.wireshark.org/review/26951
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
Tests are independent and can be run in parallel using pytest-xdist
(https://github.com/pytest-dev/pytest-xdist), document it.
While at it, allow running the tests from other directories.
Change-Id: I3e55c549669f7d59d35cd64eca53680cea6dec2d
Reviewed-on: https://code.wireshark.org/review/26943
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
tools/dfilter-test.py is the main script, others are imported as needed.
Change-Id: I5ce7bd298b90d3e16c83c6b219c2717ccbcf2a10
Reviewed-on: https://code.wireshark.org/review/26944
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Valgrind considers the "cpuid" instruction to always depend on inputs from eax
and ecx, even though it's only a subset of values of eax for which ecx is
relevant. If ecx is undefined when cpuid is executed, the outputs of cpuid
will be considered undefined.
Instead of suppressing the resulting uninitialised-value warning (the
suppression for which is now out-of-date anyway, now that
register_all_protocols is moved to a worker thread), let's simply set ecx to
zero in ws_cpuid.
Testing done: Built Wireshark on Linux amd64. Before this change, running
"tools/valgrind-wireshark.sh ./test/captures/dhcp.pcap" with
valgrind-3.12.0.SVN on Debian 9.4 amd64 would yield the following Valgrind
error:
==2416== Thread 2:
==2416== Conditional jump or move depends on uninitialised value(s)
==2416== at 0xACB8B22: ws_mempbrk_sse42_compile (ws_mempbrk_sse42.c:58)
==2416== by 0x74F4960: register_all_protocols_worker (register.c:37)
==2416== by 0xB1403D4: g_thread_proxy (gthread.c:784)
==2416== by 0xD438493: start_thread (pthread_create.c:333)
==2416== by 0xB4CAACE: clone (clone.S:97)
With the change, the above message is gone. Inspected the disassembly of
function ws_cpuid, and it looks sane -- just an added "xor ecx, ecx" at the
top.
Change-Id: I2fb382309cac234c400286a6e9fac7d922912c63
Reviewed-on: https://code.wireshark.org/review/26733
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add assert and remove some code from scan builds.
Change-Id: I32747d1a61f183e4c918d9f50ec8337eaef47f0d
Reviewed-on: https://code.wireshark.org/review/26483
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Copy the current wireshark.spec.in and update it for use with CMake.
Remove the Qt4, GTK+2, and GTK+3 options. Add Ninja and mmdbresolve
options.
The rpm-package target builds a tarball using git-export-release.sh and
therefore must be run from a git checkout. The RPM _prefix macro is set
to CMAKE_INSTALL_PREFIX, so you'll probably want to run
cmake -DCMAKE_INSTALL_PREFIX=/usr ...
Change-Id: Ib014494d8858a0059126404cd91528ded5d8a9f6
Reviewed-on: https://code.wireshark.org/review/26579
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Remove our popcount implementation in favor of ws_count_ones, which
is our other popcount implementation. This required updating and
running process-x11-xcb.pl.
Change-Id: I8634c55242113b338c5b0173837c35f98b148b4f
Reviewed-on: https://code.wireshark.org/review/26454
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The dissector had been a plugin since at least 1.3 (based on comments in the
dissector). Not all of the most current APIs were used for functionality
and there was some cruft left over.
Also disable F5ETHTRAILER by default since it doesn't have a discriminating
heuristic.
Change-Id: I8c977167a906eafd6fbb663d2fe6c44f080f2209
Reviewed-on: https://code.wireshark.org/review/26428
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
MaxMind is discontinuing its legacy databases in April in favor of
GeoIP2, which use a newer database format (MaxMind DB). The reference C
library (libmaxminddb) is available under the Apache 2.0 license which
isn't quite compatible with ours.
Add mmdbresolve, a utility that reads IPv4 and IPv6 addresses on stdin
and prints resolved information on stdout. Place it under a liberal
license (MIT) so that we can keep libmaxminddb at arm's length. Add
epan/maxmind_db.[ch], which spawns mmdbresolve and communicates with it
via stdio.
Migrate the preferences and documentation to MaxMindDB.
Change the IPv4 and IPv6 asnum fields to FT_UINT32s. Change the
geographic coordinate fields to FT_DOUBLEs.
Bug: 10658
Change-Id: I24aeed637bea1b41d173270bda413af230f4425f
Reviewed-on: https://code.wireshark.org/review/26214
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Trap ABRT and try to pass it on to our runners.
Change-Id: I6e5a9fd63822c9bc84e116b3574abc4ccca448f5
Reviewed-on: https://code.wireshark.org/review/26227
Reviewed-by: Gerald Combs <gerald@wireshark.org>
This codec plugin serves a dual purpose.
First it is to add L16 codec suppport to Wireshark.
Second it is an illustration of a basic codec plugin module.
Change-Id: I64394dab3257ae49dece0257b16cd969503918e2
Reviewed-on: https://code.wireshark.org/review/26131
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Our 802.11 decryption code isn't tied to any specific product. Change
the file and API names to dot11decrypt.
Change-Id: I14fd951be3ae9b656a4e1959067fc0bdcc681ee2
Reviewed-on: https://code.wireshark.org/review/26058
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>