Invoke the tap draw callback immediately after reloading a capture (or
changing a display filter) rather than waiting for a timer to expire.
Change-Id: I3d1549d1a18c8e173cd29d45f31ce7586e0d70fe
Reviewed-on: https://code.wireshark.org/review/26600
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Ensure the dialog is populated when the dialog is opened after a capture
file has already been loaded.
Change-Id: I9ba1b4a1eb7a8b21ce7dac4a820eadf10daa9845
Reviewed-on: https://code.wireshark.org/review/26601
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Minor display issues, and show in context tree 2
recently-introduced fields.
Change-Id: I14ecde0059d17abd17767d4d0c34ba093fa1987f
Reviewed-on: https://code.wireshark.org/review/26596
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Sadly, "cooked" means the GRE header isn't available; the extra data
pointer is null, so we can't dereference it.
Bug: 14548
Change-Id: I51ae67dcc144b7f5ab3c82dd9adf09b342b29ced
Reviewed-on: https://code.wireshark.org/review/26595
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Fix some wrongly named fields names related to
multiple entry PHRs.
Change-Id: I87b8b53ddfb86255d4840a73cdf4e570b7f9b9f0
Reviewed-on: https://code.wireshark.org/review/26590
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
This will likely change in the future as we:
- add support for 32-bits of flags for when there are
higher SCellIndex
- possibly add different filters for each type of ph measurement
- possibly add separate filters for the pcmax_c fields
Change-Id: Icb9b242910a41b1b9e448ae2cd1dbd54a418fd36
Reviewed-on: https://code.wireshark.org/review/26507
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Dissection is updated according to spec.
Unnecessary tab and spaces are removed.
Change-Id: Ia9b3252f5e9dcdc3617286a802fffeef250888c2
Reviewed-on: https://code.wireshark.org/review/26542
Reviewed-by: Birol Capa <birol.capa@siemens.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
- remove GEN field, that is obsoleted
- add SIGNAL command
- update return codes following the draft
Bug: 14542
Change-Id: I7eeb6f832d23688d5dc50f68224da9a7612429ff
Reviewed-on: https://code.wireshark.org/review/26553
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
In preparation for QUIC packet decryption, add a method to retrieve the
cipher used in a TLS session. (QUIC embeds the TLS handshake.)
Change-Id: If58e16bd0a01808dafa455ddc6c67ad23f33d7da
Reviewed-on: https://code.wireshark.org/review/26558
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
When a conversation contains two Initial Packet messages or payloads
spanning key updates, then the cipher might be unusable when trying to
decrypt an earlier packet. To solve this, perform decryption on the
first pass only and store the result (error message and plaintext).
Display an error message when payload decryption is not possible due to
missing keys (currently, TLS Exporter secrets from the TLS key log).
Refactor code for adding decrypted results/expert info to reduce code
duplication and have less ifdef's.
Bug: 13881
Change-Id: I932069b09840e14c7ccc6a235f62b8830f1b85aa
Reviewed-on: https://code.wireshark.org/review/26577
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Packet number (PKN) reconstruction must happen sequentially or the wrong
value can be derived. A wrong packet number will also result in
decryption value. Fix this by storing the full packet number per packet.
Always display the full PKN field for use in a column. Improve tracking
of the client and server side.
Bug: 13881
Change-Id: Ia386893e719411c21793aca509a6d07a06823e2e
Reviewed-on: https://code.wireshark.org/review/26574
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Use the exporter secrets as written by NSS or boringssl to derive packet
protection keys.
Test: tshark -r ngtcp2-09.pcap -ossl.keylog_file:ngtcp2-09.keys -V
Known issue: random access dissection of handshake and packet protection
data sometimes fails because packet number reconstruction requires a
sequential pass. This will be fixed later.
Bug: 13881
Change-Id: I58b2379d6bc2a6274b154b26054fa6cbbfa8e8fb
Reviewed-on: https://code.wireshark.org/review/26559
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Add support for "EXPORTER_SECRET" (NSS 3.34, boringssl 1c58471cc9f4) and
"EARLY_EXPORTER_SECRET" (NSS 3.35) key log lines. These secrets can be
used with the TLS-Exporter interface to derive QUIC 0-RTT/1-RTT keys.
Ping-Bug: 13881
Change-Id: I7ff3e51ce0bd868353aacb2e3a52b28f144af341
Reviewed-on: https://code.wireshark.org/review/24981
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
If no stream is given to FollowStreamDialog::follow(), then it
overwrites the display filter with a conversation filter for the first
packet in the capture file.
Pass an explicit stream number and the "Follow stream" button will set a
correct display filter.
Test: open pcap with three TCP streams. Statistics -> Conversations.
Select last TCP conversation (expect "tcp.stream eq 2"). Select the
second conversation (expect "tcp.stream eq 1") and activate "Filter Out"
button (expect "!(tcp.stream eq 1)" and not "!(tcp.stream eq 2) and
!(tcp.stream eq 1)").
Bug: 14254
Change-Id: I28744d7f76f5034b07ea5660b45399566e3a7d2c
Reviewed-on: https://code.wireshark.org/review/26520
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Changed type for the bitrate fields, from signed32 to unsigned32.
This fixes the problem of getting "-1" values at G_MAXUINT32.
TS 32.298 refers to TS 29.212 regarding bitrates, in TS 29.212 the
corresponding AVPs are defined as Unsigned32.
Change-Id: I6e0083bf034c7254ab48ca3c2c405cc20f5d6394
Reviewed-on: https://code.wireshark.org/review/26585
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
The "bag" was not deallocated when the key is successfully loaded.
Parse all bag elements rather than clearing the bag after the first
iteration (this restores previous behavior).
Change-Id: Ib52da6586f7435d18fa5b0660e7771436544b634
Fixes: v2.5.0rc0-613-gf63b68f707 ("Further cleanups.")
Reviewed-on: https://code.wireshark.org/review/26481
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
If the previous TCP segments already form one or more PDUs, then the
data source of these segments must not be removed. Otherwise
get_field_data (epan/print.c) will fail to find the data source which
correspond to the fields within these PDUs.
Also tested with the capture referenced in v1.11.3-rc1-1525-g21e0a63b29
(bug 9169), the "tshark -Vr mem-leak.pcap" output remains unchanged.
Bug: 14472
Change-Id: Ia448a6b84dd2eb84b00e56d3fcde04f7bec05b9d
Reviewed-on: https://code.wireshark.org/review/26397
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
In function 'add_header' coгple of if-statements didn't corespond
to comments above.
Change-Id: Idd846cebf7e17d0e2f49c7c7d3de466b899c73c6
Reviewed-on: https://code.wireshark.org/review/26573
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Draft -20 shortened the label used by Key Update, adjust accordingly.
Change-Id: I3761b94933165a65fd810eff7bef4373290346cd
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/26554
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This should solve the missing prototypes warnings
Change-Id: Iaf2ac6c0a151cfb614f76c4a6bb103e0210d3808
Reviewed-on: https://code.wireshark.org/review/26567
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
That dissector expects to be handed an 802.11 pseudoheader; the GRE
dissector passes the flags and version from the GRE header to
subdissectors registered in the gre.proto table, so they'd better either
expect the flags-and-version structure or ignore the pseudoheader. (For
802.11, the pseudoheader has radio information, but that's not available
from GRE.)
Use the no-FCS 802.11 frame dissector instead.
Bug: 14544
Change-Id: I6515901dc3674eb36ec768fa4f9a7a4040a78365
Reviewed-on: https://code.wireshark.org/review/26560
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Fix a dependency issue for the vagrant build system and update
it to the latest Ubuntu LTS release (16.04 LTS). Also give it
more vCPU's and RAM by default.
Change-Id: I058e6a05356dba57a55ada7fe84f959e227a04b4
Reviewed-on: https://code.wireshark.org/review/26541
Reviewed-by: Sake Blok <sake.blok@SYN-bit.nl>
Rather than requiring all callers to pass a non-null source argument,
explicitly allow a NULL source when the size is zero. This is consistent
with g_memdup behavior.
While at it, fix a memleak and avoid memset(0,0,0) in tests.
Change-Id: I86a092625a508544d180da959e4afdd0366539f4
Reviewed-on: https://code.wireshark.org/review/26496
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Mališa Vučinić <malishav@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Evan Huus <eapache@gmail.com>
Gerald Combs