Apparently FindPackageHandleStandardArgs uses if(DEFINED ...) to test
VERSION_VAR, for somewhat obscure reasons. If we didn't find a suitable
GLib package we must not define GLIB2_VERSION, otherwise the status
output is confused and just generally wrong.
Change-Id: Iad4012e69a7c641c50d1e399bbfdb51583cb3b40
Reviewed-on: https://code.wireshark.org/review/36990
Reviewed-by: João Valverde <j@v6e.pt>
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The uftp4.complete.reserved field takes up 3 bytes, however the
associated tree item only highlights 2 bytes. Fixed to highlight all 3
bytes.
Change-Id: I720f0829648543aca615d0b539ba996d2cff7216
Reviewed-on: https://code.wireshark.org/review/36995
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This moves us closer to fixing bug 16531; it addresses the second issue
there, as the right snapslen is used for packets in the second section,
so we no longer get errors reading the file.
It still doesn't fix the *names* of the interfaces, and it doesn't - and
*shouldn't* - show the interfaces with different interface numbers, as
the numbers are per-section rather than global.
Change-Id: Ia3aa3309b75a4bcd9f229048ddce6a981b9409b1
Ping-Bug: 16531
Reviewed-on: https://code.wireshark.org/review/36985
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
If a personal profile has the same name as a global profile (which
is usually the case if it has been copied without changing the name
afterwards), there was a bug where renaming the profile was no longer
possible.
Bug: 16423
Change-Id: Idafd216d007179a4c6221eafc2ff296d277d5b1d
Reviewed-on: https://code.wireshark.org/review/36902
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Have pcapng_read_block() take two pointers to a section_info_t as
arguments - one for the current section, if any, and one to something to
fill in, as information for the new section, if the block is an SHB.
The first of them is null when we're trying to read the first block;
that serves as an indication that "not an SHB" means "this file isn't a
pcapng file" rather than "this pcapng file is bad".
Change-Id: I1b0a8bfacde982b819e548847bcc9412d30788f3
Reviewed-on: https://code.wireshark.org/review/36984
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Move the byte order - and version - fields out of the per-file pcapng_t
structure and put them in a per-section section_info_t structure that
also contains the file offset of the SHB at the beginning of the
section.
Have a GArray of section_info_t structures pointed to by the pcapng_t
structure; update it as Section Header Blocks are read sequentially,
adding new structures.
In the random read routine, search backwards through the array of
section_info_t structures, looking for the first section where the SHB
is at or before the offset from which we're reading.
Change-Id: Iad06c8d1ff10595707b73f297f073803b5a0c8e5
Ping-Bug: 15707
Reviewed-on: https://code.wireshark.org/review/36981
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
An entire pcapng file is dissected as a unit, so there's only one file;
the "file_number" field counts Section Header Blocks, so it's a section
number, not a file number. Rename it to "section_number".
Change-Id: I3ee477c9aa0ee4cdfa7496935b2be915c31a4644
Reviewed-on: https://code.wireshark.org/review/36977
Reviewed-by: Guy Harris <gharris@sonic.net>
Make the buffers big enough to handle the largest possible time values
you can get with a 64-bit time_t.
Don't cast the seconds value to unsigned long; it's probably signed, and
may not fit in an unsigned long (64-bit on an ILP32 or LLP64 platform),
so cast it to gint64 and print using G_GINT64_MODIFIER followed by "d".
Bug: 16519
Change-Id: I3ab79dfa086d2c4dfb6b93eba8cef3bdce731731
Reviewed-on: https://code.wireshark.org/review/36971
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Provide Doxygen comment blocks for unit string and true false string
helper functions.
Change-Id: I70801561e9cd3ead5e3417ea9d297d828105f3d0
Reviewed-on: https://code.wireshark.org/review/36968
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Remember the delegates that we use and free them explicitly
in the destructor.
Change-Id: Iba07c3e9952dc152d94468b6b7c7e2c2a74c1f65
Reviewed-on: https://code.wireshark.org/review/36965
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Remember the delegates that we use and free them explicitly
in the destructor.
Change-Id: I79698eb6ee4f565efcb3f02ac6239914c6acf3f5
Reviewed-on: https://code.wireshark.org/review/36964
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Only use proto_tree_add_bytes_item() if you
1) are processing a hex string rather than binary byte array;
2) need the raw byte data.
While we're at it, fix the encoding argument in some calls adding
FT_BYTES fields to be ENC_NA, and, for some cases that could use
FT_UINT_BYTES, use proto_tree_add_item_ret_uint() to handle the length
and add a comment about that.
Change-Id: I6a1baca5c7da3001c0a6669f9c251e9773346c8c
Reviewed-on: https://code.wireshark.org/review/36967
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
MSVC falsely reports a '*/' found outside of comment warning
Change-Id: I41366c9760f6b698a1c6a4309cdfa2f9828bb0c2
Reviewed-on: https://code.wireshark.org/review/36961
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
modified the peekremote dissector to support 11ax flag in the extended
flags (one reserved bit set to 1 for ax and 1 for 160mhz). Also added
constants for new data rates MCS 10-11.When the 11ax flag is on,
decoding the phy as 11ax (11ax PHY is a different commit already in the
main code since november 2019)
Bug: 15740
Change-Id: Ida7977cdbbd5c83d2158115d9560c5acc815eab9
Reviewed-on: https://code.wireshark.org/review/36686
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Group them by the data types for which they're used, starting with the
byte-order definitions which (with the inclusion of ENC_NA) are used
with all types.
Put all the ones used for strings together, starting with the character
encodings, with the Zigbee flag and the flags for "this is a string but
we're going to interpret it as a byte array or time stamp".
Make ENC_CHARENCODING_MASK equal to ENC_STR_MASK; no, there's no reason
for ENC_STR_MASK to replace ENC_CHARENCODING_MASK - the opposite should
happen, as ENC_CHARENCODING_MASK at least specifies what the bits set in
it are used for, namely character encodings. If all #defines for
strings should have _STR_ in them, start with the character encoings.
Change-Id: I072420f313086153b4ea4034911fc293453dea00
Reviewed-on: https://code.wireshark.org/review/36962
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Rework the method verifying if there are more data in packed attribute
New version checks if there are any non-zero bits after the current bit in the
packet. If it sees some non-zero bits - that means there is some data in the
packet. If there are zero bits only - that means there is no more data in the
packet.
Changes affect RTSP/SDP dissector and they are specific for
SDP media attribute (a) fmtp/sprop-parameter-sets for H264 protocol
Bug: 16322
Change-Id: Ic4768c56f16b79cbf2ccac8a9736f8fa15043224
Reviewed-on: https://code.wireshark.org/review/36899
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Exporting dissected bytes did not consider the
selection of packets on Windows, if multiple
packets had been selected
Bug: 16516
Change-Id: I9d914fe1fed22f842d73caea397a3f37ffc0d523
Reviewed-on: https://code.wireshark.org/review/36958
Reviewed-by: Roland Knall <rknall@gmail.com>
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
parameter 'ti' not found in the function declaration [-Wdocumentation]
Change-Id: I4080cf118c3a81fd47fd4c32e8809d83256893dd
Reviewed-on: https://code.wireshark.org/review/36955
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This commit adds a basic dissector for ScyllaDB RPC protocol.
ScyllaDB (www.scylladb.com) is a No-SQL database serving multiple
client protocols (e.g. CQL). The newly introduced dissector
provides a way to inspect Scylla's internal protocol, used by
the nodes to communicate with each other - share data, gossip
the cluster state, update the schemas, etc.
This dissector implements only a shallow dissection of most packets,
i.e. recognizing the packet type. Two requests with deeper dissection
are MUTATION and READ_DATA, used by I/O operations in the database.
Bug: 16471
Change-Id: Ibba8262bd4e5a637b24b3e7846c42c6534ef811b
Signed-off-by: Piotr Sarna <sarna@scylladb.com>
Reviewed-on: https://code.wireshark.org/review/36633
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Add some ENC_ values for various flavors of packed BCD, and use that
instead of explicitly calling tvb_bcd_dig_to_wmem_packet_str() and
adding the result.
Change-Id: I07511d9d09c9231b610c121cd6ffb3b16fb017a9
Reviewed-on: https://code.wireshark.org/review/36952
Reviewed-by: Guy Harris <gharris@sonic.net>
They were added in the code, but weren't documented.
Change-Id: Iaa12e2d33aa4a4b889c00a7f10b12b4c9b6e8197
Reviewed-on: https://code.wireshark.org/review/36953
Reviewed-by: Guy Harris <gharris@sonic.net>
It has to be initialized to false, otherwise you get random misreported
cycles.
Change-Id: I1ffa1f8fae4883960ebf0522e44bc9e1378b2470
Reviewed-on: https://code.wireshark.org/review/36939
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Expand the description of the "TCP ZeroWindow" analysis flag.
Change-Id: Icf9b5cb60d305150eb13e5d74f4a4d2008fa96e4
Reviewed-on: https://code.wireshark.org/review/36938
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add support to the MSRP dissector to reassemble messages from multiple
packets.
Bug: 8270
Change-Id: I464c91b2e6e3c4edc242b3e2f52a8febc455e5ae
Reviewed-on: https://code.wireshark.org/review/36894
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
A retransmitted ChangeCipherSpec could result in resetting the cipher.
The subsequent Finished message and application data messages would
therefore fail to decrypt. In legitimate TLS sessions, there should not
be a CCS without starting a new handshake, so that remains unaffected.
To ease debugging this issue, log the packet number and add some extra
details to the debug log. Move or remove ssl_packet_from_server calls to
avoid redundant work and to keep the debug log cleaner.
Additionally, try harder to dissect handshake messages if we know for
sure that they are decrypted. This allows inspection of a broken
Finished message that had a too large fragment length.
Tested with a private capture file from Stig Bjørlykke.
Change-Id: If6f15f8b72c467ea9ef15ddcaf2c5ebe980c27c8
Reviewed-on: https://code.wireshark.org/review/36929
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If we launch a TCPStreamDialog in a situation where we can't select a
corresponding tcp stream, we leave the constructor before graph_
is initialized.
Later on, the destructor calls graph_segment_list_free(&graph_).
This requires that graph_ was initialized before.
Make sure that we initialize graph_ in the constructor, regardless
of errors.
(There's other aspects of this issue. We shouldn't be able to
launch a TCPStreamDialog when we have no tcp stream...)
Change-Id: I7b4ddadca8f699d30ec45f0fe6021ae9d36ced53
Reviewed-on: https://code.wireshark.org/review/36935
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In the constructor, we allocate a delegate for the name column and assign
it by calling QAbstractItemView::setItemDelegateForColumn(). This does
not pass ownership of the delegate to QAbstractItemView, it's still
up to us to free the delegate.
ASAN warns about this
Indirect leak of 48 byte(s) in 1 object(s) allocated from:
...
#1 ... in ProfileTreeView::ProfileTreeView(QWidget*) ui/qt/widgets/profile_tree_view.cpp:46:17
#2 ... in Ui_ProfileDialog::setupUi(QDialog*) ui/qt/qtui_autogen/include/ui_profile_dialog.h:67:31
#3 ... in ProfileDialog::ProfileDialog(QWidget*) ui/qt/profile_dialog.cpp:59:13
#4 ... in MainWindow::on_actionEditConfigurationProfiles_triggered() ui/qt/main_window_slots.cpp:2239:36
Add a destructor for ProfileTreeView and free the delegate there.
Change-Id: I2a76abb7ec174c91ad15bfac91f2b47bea29f511
Reviewed-on: https://code.wireshark.org/review/36934
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use the toolchain included with Command Line Tools instead of the one
from Xcode.app. This fixes the build on macOS 10.14.6:
FAILED: epan/crypt/CMakeFiles/crypt.dir/dot11decrypt_tkip.c.o
/Applications/Xcode-11.3.1.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/cc ...
...
/Library/Developer/CommandLineTools/SDKs/MacOSX10.14.sdk/usr/include/_stdio.h:93:16: error: pointer is missing a nullability type specifier (_Nonnull, _Nullable, or _Null_unspecified) [-Werror,-Wnullability-completeness]
unsigned char *_base;
Change-Id: I45d80dce1a0aca7a9f6a945171ebd8789314e924
Link: https://www.wireshark.org/lists/wireshark-dev/202004/msg00065.html
Reviewed-on: https://code.wireshark.org/review/36924
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
The IEEE 1278.1-2012 spec for DIS (Distributed Interactive Simulation)
specifies the format of Articulated Part VP record as:
8bits Record Type enum
8bits Change Indicator unsigned integer
16bits ID unsigned integer
32bits Parameter Type enum
32bits Parameter Value floating point
32bits Padding unused
(Section 6.2.94.2)
The dissector was interpreting the last 64bits as one value, this patch
fixes it to interpret it as 32bit float and 32bit padding.
Change-Id: Id509715f02daeecf12e3094fc1ed63e81705852b
Reviewed-on: https://code.wireshark.org/review/36922
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
The headers for UFTP version 4 contain a header length field which gives
the length of the header in 4 byte words. Currently, only the raw value
is displayed, not the actual byte count (for example 4 instead of 16).
Several headers contain a timestamp field composed of 4 byte seconds and
4 byte microseconds since the UNIX epoch. These are currently being
interpreted incorrectly as nanoseconds instead of microseconds.
The FILEINFO header contains a file timestamp field composed of 4 bytes
seconds since the epoch that is currently displayed as a raw value
instead of as a timestamp.
Change-Id: I936eb5317ca6802a094d8c1e01ae8ae78bb5cb7c
Reviewed-on: https://code.wireshark.org/review/36910
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
According to
https://asciidoctor.org/docs/asciidoc-asciidoctor-diffs/
[discrete] is preferred over [float] for discrete headings.
Change-Id: I4d67a72c19a8cf75ad8cf37c55e6f5abddb14d04
Reviewed-on: https://code.wireshark.org/review/36925
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Update the name resolution section of the User's Guide. Use title case
in the rest of the chapter and switch [float]s to [discrete]s.
Change-Id: I7093de72592466c32e130b952f9979f1b47fa280
Reviewed-on: https://code.wireshark.org/review/36923
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Support for the -m (monospace font) flag was removed from Wireshark in
2.3/2.4 in g37252634c4. Remove it from the man page and help output.
Change-Id: Idaafeb6cd30d7deea6086a065168c91affd6f0ad
Reviewed-on: https://code.wireshark.org/review/36926
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Add an illustration of the advanced preferences along with some examples
from https://wiki.wireshark.org/Preferences/Layout.
Change-Id: I5dd6afe06bef9a0f5e1862f13fb716d63032cd96
Reviewed-on: https://code.wireshark.org/review/36927
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Add proto_item_get_display_repr(), which returns a string, allocated
with a specified wmem scope, containing the display representation of
the value of a proto_item.
Use it in the LLDP dissector, to append that string to the parent
protocol tree item; use packet scope, so it doesn't hang around forever
(the previous code used the NULL scope, meaning explicit freeing was
required, but it wasn't explicitly freeing the value, so it was
leaking).
Change-Id: I146380118833b1daef9dea8bd9463001e5b9325f
Reviewed-on: https://code.wireshark.org/review/36931
Petri-Dish: Guy Harris <gharris@sonic.net>
Reviewed-by: Guy Harris <gharris@sonic.net>
true_false_strings have no helper function to properly retrieve the
string representing the true or false value, much like unit_strings,
even though this is not uncommon in dissectors.
This change introduces the helper function and modifies the dissectors,
so that they use this helper i.s.o. their own expressions.
Change-Id: I477ed2d90a9a529fc5dcfef7e3ea42ec180d27ae
Reviewed-on: https://code.wireshark.org/review/36920
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Don't use hf_text_only. For the protocol tree items that are just
subtrees, use proto_tree_add_subtree(); for the emergency call numbers,
give them real FT_STRING fields, using tvb_bcd_dig_to_wmem_packet_str().
Change-Id: I721271e26502abce8d8ce2375fc0916c0de586e6
Reviewed-on: https://code.wireshark.org/review/36928
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
João Valverde