The snaplength as saved in the capture file is set to the original
PCAP file length of 65535. In reality the package size can grow to
256kiB. Make use of the correct constant when writing the PCAP file.
Bug: 15292
Change-Id: Ib7710e4151cdc712f3344c1436252f9b3bfb556c
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30923
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It's not allways good to pick up frames for related call legs when
filtering.
Make different hf:s for the two use cases.
Change-Id: I33c640636a76173f3a7952f4a740491ccfac276d
Reviewed-on: https://code.wireshark.org/review/30922
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
To stop accepting SIP messages on the
hart-ip port.
Change-Id: Ifc653f4a3defb823336914e8be6f20453aedb6fe
Reviewed-on: https://code.wireshark.org/review/30914
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Rename DATAFILE_DIR to be closer to CMake and avoid mixing
with the staging dir path variable of the same name.
Change-Id: I7b1e02152d8bde14cca210fbfae4acbdba7d78d7
Reviewed-on: https://code.wireshark.org/review/30916
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
According to MS-SFU 2.2.2 PA_S4U_X509_USER checksum section;
PA-S4U-X509-USER may be returned inside encrypted-pa-data, but
it contains just the checksum data so do not try to dissect it.
Quote:
The padata of type 130 in the encrypted-pa-data field contains
the checksum value in the S4U request concatenated with the
checksum value in the S4U reply.
Change-Id: Ia124f56914ef2fefd5b0a64fccd176911321f246
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Reviewed-on: https://code.wireshark.org/review/30908
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add support for decoding a collection-ID from the
key-bytes.
Update DCP as collection_len is no longer in the
protocol and the system events have changed.
Change-Id: Ib910083d929a906729e2bba2b0f07ba23e093cf5
Reviewed-on: https://code.wireshark.org/review/30895
Reviewed-by: Dave Rigby <daver@couchbase.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Added dissection of Support Type Object LB type.
Change-Id: I7e654faed4874a87865f1d94a372eb8f00dde412
Reviewed-on: https://code.wireshark.org/review/30903
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Update the couchbase packet dissector with some re-factoring of the
FlexFrame dissector and then extra functionality for:
* FlexFrame on requests (magic 0x08)
* Durability
* Out-Of-Order requests
* DCP Stream ID
Additional checks are added to warn/error for invalid frame lengths and
for the case where the FlexFrame byte0 is 0xff, which is not defined by
the protocol.
Change-Id: I5f1fec8293284dadbdef717d02fa1eef27da7a0c
Reviewed-on: https://code.wireshark.org/review/30894
Reviewed-by: Dave Rigby <daver@couchbase.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fixes an issue where sometimes datafile_dir is not freed
before exiting.
Change-Id: I2ff7d1b8ea4e20a1ce98e5e11965073eb479bb03
Reviewed-on: https://code.wireshark.org/review/30909
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Don't set the display filter combo's minimum size. This lets us show
more filter expression buttons.
Clear the filter expression toolbar before redrawing it. This gets rid
of a leftover artifact here on macOS.
Change-Id: Iab944e8992caf554e024521df52d0089a4501674
Reviewed-on: https://code.wireshark.org/review/30902
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Make our package relocatable on Unix systems.
Linux, Solaris and FreeBSD are known to support $ORIGIN.
Change-Id: Ibcdda33d62c075bfa867d006cb6aaf5824609011
Reviewed-on: https://code.wireshark.org/review/30896
Petri-Dish: João Valverde <j@v6e.pt>
Reviewed-by: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This reverts commit 4154e35cde.
Apparently we do need to call PeekNamedPipe on Windows.
Change-Id: I9c9bbcb56bf1e1c2e6ae240ac5056b8a80674f15
Reviewed-on: https://code.wireshark.org/review/30900
Reviewed-by: Gerald Combs <gerald@wireshark.org>
GAP field dissection shows an acknack analysis. This analysis doesn't
make any sense in the GAP field.
Change-Id: I9c4cca2b722390112b6a350bd2310b48874e5c9d
Reviewed-on: https://code.wireshark.org/review/30897
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Somewhere in the code the handling of the offset goes wrong.
Instead of incrementing the offset it's the pointer to the offset
which is being incremented, leading to all sorts of problems.
Add a dereference to these few statements which lack them.
Bug: 15322
Change-Id: If575711a5b120f25f0172e0efb26e01f07244e8b
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30899
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
use an hf variable of type FT_ADDR
Change-Id: Ice88965825d05ee10825b1a7dc91475ffaa75cb2
Reviewed-on: https://code.wireshark.org/review/30890
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We can't install from DATAFILE_DIR on this platform, we
must use CMAKE_BINARY_DIR.
Do that and try to keep this thing intact.
Ping-Bug: 15301
Change-Id: I5c0b787f8b1a148dda52f26242ab681e3c3a0d44
Reviewed-on: https://code.wireshark.org/review/30879
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
When no content is provided, creating the tree with empty content leads
to malformed IMF.
Ping-Bug: 15090
Change-Id: Idf521c26f69638a94300792e50dba29645a45a68
Reviewed-on: https://code.wireshark.org/review/30874
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
The asn1 is based on [MS-SFU] 2.2.2 PA_S4U_X509_USER
Change-Id: Ic072b7c4eca5c924da8833f85529098f6a93f436
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Reviewed-on: https://code.wireshark.org/review/30871
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We don't need it and, if there *is* no pcap.h header, because the pcap
headers aren't installed, it won't compile.
Bug: 15317
Change-Id: Ie2a107f6117aad8f87943cd72269211f13b71142
Reviewed-on: https://code.wireshark.org/review/30883
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Don't bother checking to see if our pipe has data.
Change-Id: I55f24850a16f66be9c679ad51e35df9f35c206db
Reviewed-on: https://code.wireshark.org/review/30877
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
- Correct cluster ID
- Parse ZDP Status
- Move from client to server
- Classify as notify instead of request
Change-Id: Idb3d26d3212af2762465d7ec02efcb8978830af3
Reviewed-on: https://code.wireshark.org/review/30859
Reviewed-by: Martin Boye Petersen <martinboyepetersen@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ic559133086f4529f8dcc7b99cce6dbb97c11e197
Reviewed-on: https://code.wireshark.org/review/30860
Reviewed-by: Martin Boye Petersen <martinboyepetersen@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Two trivial cleanups of the definition of the tftp.destination_file field:
There is probably no need to shout DESTINATION in capital letters, and change
"source" to "destination" in the field's blurb.
Testing Done: Built on macOS 10.12.6. Examined the capture attached to
bug 10305 (tftpConversationError.pcapng, which includes a TFTP WRQ), and saw
that the capitalization of the "Destination File" field is as expected in
the packet dissection, and that the status bar now describes the field as
the "TFTP destination file name".
Change-Id: I9f5bded321c16d4e200bf1caf80ad5733ecc8287
Reviewed-on: https://code.wireshark.org/review/30857
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Handling of preferences is often done in the dissector handoff
registration. Therefore this function is often registered as
callback while registering preference handling for the module.
In this way the preferences are processed both when registering
the dissector and when changes happen.
Some dissectors opt to register a seperate callback function to
be called when preferences change. Now these have to be called
from the dissector handoff function explicitly, in order to have
the preferences processed during dissector registration.
This becomes explicitly apparent when the port registration comes
into play. With the migration to using dissector registration on
ports with preference this port (range) is often retrieved from
the preferences to match against the ports in a packet to determine
an incoming or outgoing packet of a server. In case the callback
function is not called from the dissector registration this
determination fails, until the preferences are applied/changed,
causing the preference handling callback to be called.
This change add the calling of the callback during dissector
registration, fixing some dissector port registrations in the
process.
Change-Id: Ieaea7f63f8f9062c56582a042a3a5a862e286406
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30848
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The indent macros used for DEBUG_CONVERSATION have become unbalanced, making
the conversation debug output migrate rightwards for no good reason. This
simple change corrects it by ensuring that DINDENT and DENDENT are neatly
paired up throughout conversation.c .
Testing Done: Built on macOS 10.12.6 with DEBUG_CONVERSATION enabled. Tested
tshark with a few captures, and observed that the debug output, while still
being indented, generally stayed along the left margin of the screen instead
of migrating steadily over to the right.
Change-Id: Ic91e4562296d34f74c4d832edbf75172562672b8
Reviewed-on: https://code.wireshark.org/review/30856
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Process mmdbresolve output one character at a time and only after
ws_pipe_data_available tells us that we can do so without blocking.
Bug: 14701
Change-Id: Ib8f5eabed28e9385585a022d948b83f830c6358c
Reviewed-on: https://code.wireshark.org/review/30850
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Even if the certificate has a RSA public key, be sure to lookup the key
only if it is an actual RSA key exchange. Move the hashtable to the
secrets module to enable reuse.
Change-Id: I39010831079d3b65d5d4368ec97d02491c1615a5
Reviewed-on: https://code.wireshark.org/review/30854
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This is already done in epan_init.
Change-Id: I2bbfd22ef4a552003dc3644e9d21b5a5ca3465ba
Reviewed-on: https://code.wireshark.org/review/30849
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>