Decrypt the key in commissioning and commissioning reply commands user keys.
The user must add the default TC-LK (as described in doc-09-5499-26) into the
key list for this feature to be visible.
Keys found in commissioning and commissioning reply commands are automatically
used for the reset of the capture
Use the SRC column to display the ZGP srcID
Bug: 13919
Change-Id: I90a7a7d1cdd003672bb2bd78e8ed76e1475d1208
Reviewed-on: https://code.wireshark.org/review/28084
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It's *not* the sum of the length of the option and the length of the
option header.
Change-Id: I0b5ab0e35ca33dc02a0bc2501e0f0f531ec3f376
Reviewed-on: https://code.wireshark.org/review/28701
Reviewed-by: Guy Harris <guy@alum.mit.edu>
it is an inorder traversal (left/parent/right).
Change-Id: Ia83efdfd45dab8c8386d84b3050af081312fde85
Reviewed-on: https://code.wireshark.org/review/28688
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
After a rotation, the post_rotation callback was just updating the root
tree max_edge when it should also update its children since some of them
might have lost or changed children.
Any change in max_edge will bubble up/propagate to the parent.
Change-Id: Ia6705d71de5c85847d51f97f86fd35f4da20c03a
Reviewed-on: https://code.wireshark.org/review/28687
Reviewed-by: Anders Broman <a.broman58@gmail.com>
According to the prediction, some new features will be
added in the future. I'm working on the implementation
of these new features. dissect_PNIO_status is updated
as "extern" and transferred to the packet-pn.c.
Because upcoming feature will have own c file and it
will use this dissection. Thus, dependence between
classes will be decreased and duplicated code lines
will be prevented. So that future changes will be easier.
Change-Id: I067d9582dcc8b9909e5a9bc3ab5f30d3c879b226
Reviewed-on: https://code.wireshark.org/review/28677
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Ensure that columns with numbers are sorted according to their numeric
value instead of their alphabetical order.
Bug: 11460
Change-Id: I6ccfb9d3699c7e95de4ed31eb9424c5687661593
Reviewed-on: https://code.wireshark.org/review/28652
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
- removed mptcp.duplicated_dsn in favor of mptcp.reinjection_of/mptcp.reinjected_in
reinjected_in lists the packets where the DSN was later reinjected in.
reinjection_of lists the packets in which this DSN was already transmitted.
- There was a bug where the max_edge property of the interval tree was not
correctly updated. Right now wireshark gives a dsn for every TCP frame (even
empty packets).
- Now displays mappings only for packets with data (seglen > 0).
- Renamed dsn_map to dsn2packet_map and mappings to ssn2dsn_mappings.
- precises the complexity of enabling certain MPTCP options so that the user
better understand their impact on processing speed.
Change-Id: I24adc3161021b7f6a084763a74dc580f1c1f2c2e
Reviewed-on: https://code.wireshark.org/review/28326
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Missunderstanding of Length, Enterprise ID is not excluded in Length.
Remove removal of 8bit in IE type since Enterprise IE shall start with
value 32768.
Change-Id: Ie5c2e972cd893e41382ef9f07a5327ec05cf4141
Reviewed-on: https://code.wireshark.org/review/28680
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Move the information from README.extcap into docbook.
Change-Id: Ic6504787750d04fe6c66479896cba8d6148d804d
Reviewed-on: https://code.wireshark.org/review/28690
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
This field was added in Riemann 0.2.13 and Riemann client 0.4.4:
797e8db998
Change-Id: I132155d090725461f0e7df3d203dbe3d4a215f75
Reviewed-on: https://code.wireshark.org/review/28692
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
For formats other than "Raw" and "UTF-8", the written file does not
match the actual stream data. It would be duplicated in strange ways.
Executing the "Save As" action twice while the dialog is open would also
write two different files (huh?).
As a quick fix, just replace the strange save logic by writing the text
field contents. A functional difference is that previously it would
write data while parsing the "follow data" list, now it uses the text
field contents. That data will now be truncated after 500 MB.
Bug: 14933
Change-Id: I498676389d0da3ac070346d6903bd2e6b0fc7674
Fixes: v1.11.0-rc1-2538-g80f9326b2f ("Add TCP/UDP/SSL Follow feature to QtShark")
Reviewed-on: https://code.wireshark.org/review/28663
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
"maxname" is the size of the buffer which also includes the "null
label" (represented by the NUL byte). Do not write this past the end.
Bug: 14955
Change-Id: I51e2237741807aded7ffb82c178d7d7ce5123f78
Fixes: v2.9.0rc0-1142-g53e04b621c ("DNS: fix in expand_dns_name")
Reviewed-on: https://code.wireshark.org/review/28657
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Erika Szelleová <szelleerika@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Verified that the tests failed without the fixes for the linked bugs.
The tests have full statement coverage(*1) for check_follow_fragments
and follow_tcp_tap_listener. For details and Scapy script, see:
https://git.lekensteyn.nl/peter/wireshark-notes/commit/crafted-pkt/badsegments.py?id=4ecf9d858b49e76d8a9c29df01ce1bd523ae6704
(*1) except for `if (data_length <= data_offset) { data_length = 0; }`
Change-Id: I625536df375272cf6c9116231194c39df1217fae
Ping-Bug: 13700
Ping-Bug: 14944
Reviewed-on: https://code.wireshark.org/review/28618
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It strips off all suffixes, which is not useful behavior; it assumes
that nobody uses "." for any purpose other than separating a file name
from an extension - 1994 called, they want their version of Windows
back (and UN*X called, too...).
For the "Saving XXX" status bar message, just use the entire last
component of the file name.
Change-Id: Ib34fde3e49cd791c7baf333eebb71a8dbd672c19
Reviewed-on: https://code.wireshark.org/review/28638
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Strip off only extensions that correspond to file types we know about;
QFileInfo::baseName() strips off *all* extensions, where "extension" is
"anything preceded by a .", so it turns foo.bar.pcap.gz into foo, not
foo.bar. We don't want that; instead, we strip off only those
extensions that correspond to file types we know how to read, so we'd
strip off .pcap.gz in foo.bar.pcap.gz, and strip off .pcap in
foo.bar.pcap, leaving foo.bar in both cases.
Change-Id: I5385921ad2f0fef815d52e9902fef15735fd9dae
Reviewed-on: https://code.wireshark.org/review/28636
Reviewed-by: Guy Harris <guy@alum.mit.edu>
1. CIP Generic I/O: Add a "Decode As" option for CIP Class 1
2. Combine the 2 CIP conversation filters into one. There would never have
been more than 1 selected. This should be easier for users and less
clutter in the conversation menu.
3. CIP Safety: Name the data field as cipsafety.data instead of
enip.connection_transport_data, to make it like other CIP I/O data.
4. Minor: Rename some more variables/functions from enip to cip, to
reflect which actual protocol these are.
Change-Id: Id895f412e3584a5efcb7e69175a1b2bb3d5e9627
Reviewed-on: https://code.wireshark.org/review/28610
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. Use proto_tree_add_bitmask for the flags example
2. GLib download link was dead
3. Remove old frontend information. I can't find any download for
hethereal, and Packetyzer is so old that it's not useful for any current
developers.
Change-Id: Ifa0a7363fccb95fb2ef315d84fbbcf7414ae6a6d
Reviewed-on: https://code.wireshark.org/review/28632
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When switching from ASCII to other modes (such as Hex), the previous
text to packet number mapping was not cleared. This resulted in
using the wrong packet number when hovering over the packet data.
Change-Id: I29ba1786925490c33fc9181373a31d51f5091642
Reviewed-on: https://code.wireshark.org/review/28614
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In the Qt Follow TCP Stream dialog with the ASCII mode, sometimes
selecting the first few bytes would wrongly select a packet with a
higher frame number.
This happens because Qt iterates through the list of payloads, then
stores appends the payload data and maps the new cursor position to the
packet number. If the payload data was empty, then it would overwrite
previous cursor positions.
To fix this, do not add records for empty TCP payloads.
Bug: 14898
Change-Id: I598d73899b56eac3d2a022f108bf097bdd363b5c
Reviewed-on: https://code.wireshark.org/review/28613
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When two segments overlap each other, previously the second segment
would wrongly be appended to the first one while it should only append a
subset from the end of the second segment. (It is assumed that the very
first segment is received in time such that an extension on both the
left and right side of the previous stream is not possible.)
Make sure that "frag_follow_record->data" uses a subset (starting at the
end of the previous stream) instead of the full tvb contents. While at
it, add some documentation and restructure the logic to avoid code
duplication and unnecessary memory allocations.
(From bug 9882:) Tested with hao123-com_packet-injection-filtered.pcap,
it now ignores the new overlapping data. Likewise for overlap-2.pcap.
Tested with retransmission_with_additional_payload.pcapng (bug 13700).
Unfortunately, there is no extra expert info to warn about the
non-matching overlapping segment data, but that is a separate issue.
Bug: 13700
Change-Id: I74a941199d75b23b5d297e4dd534680ae610627d
Reviewed-on: https://code.wireshark.org/review/28597
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Restore the direction for the first check_follow_fragments call to match
the situation before commit 57acc227f0 (which broke other things, so its
logic was reimplemented in commit v2.3.0rc0-1449-g66fa31415f ("tcp: Fix
Follow TCP tap data and when its tapped.")).
Ensure that the ACK value is checked before processing the sequence
number and payload for the current flow.
Bug: 14944
Change-Id: If8947d7732683a4943f405eb72b1a8526a35a6dc
Fixes: v2.1.0rc0-1339-g57acc227f0 ("KISS the Follow TCP functionality.")
Reviewed-on: https://code.wireshark.org/review/28612
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
To improve readability, do not repeat "follow_record" a dozen times.
No functional change.
Change-Id: I854434974a94d69d4591ad1bc3acf911073b0923
Reviewed-on: https://code.wireshark.org/review/28596
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reverse the payload chunks list to achieve a running time of O(n) rather
than O(n²) for insertion of all chunks. Executing a RelWithDebInfo+ASAN
build with `tshark -r chargen-session.pcapng.gz -qz follow,tcp,hex,0`
previously took 11m5s to complete, but now finishes in 16 seconds.
Tested using a capture file with 152k TCP packets (from bug 11777).
Backport note: must update ui/gtk/follow_stream.c too.
Change-Id: Icf70d45f33d4399e53209fb6199d3809608c8d99
Reviewed-on: https://code.wireshark.org/review/28595
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
For example, if the file is foo.pcap, make the default name for a saved
PDF of some graph be foo.pdf, as it was prior to 2.6, not foo.pcap.pdf.
Change-Id: Ide99c9c7fa1f3d16f829e731f968a209fbb52b8d
Reviewed-on: https://code.wireshark.org/review/28624
Reviewed-by: Guy Harris <guy@alum.mit.edu>