We no longer use autotools/libtool, so we don't need to install
automake, autoconf, or libtool; we only support CMake, so we *do* need
to install it.
We no longer support GTK+, so we don't need to install it.
Change-Id: I41df9f67c8aba486220e77f7c8c67efa7784a7f2
Reviewed-on: https://code.wireshark.org/review/27152
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We don't use autotools, so there are no configuration scripts that need
to be generated by autogen.sh.
Change-Id: I8b2a5bc3cb91a4c2bc59069a29b8ca774b6f239f
Reviewed-on: https://code.wireshark.org/review/27150
Reviewed-by: Guy Harris <guy@alum.mit.edu>
In CMake files, we don't do some checks that our autotools scripts did;
speak of those in the past tense, as the autotools scripts are gone.
(Leave the comments there, to note that we *might* have to reinstate
those tests, although they're for old versions of macOS and GCC.)
In CMake files, we use some #defines because that's what autotools did;
speak of those in the past tense as well.
Change-Id: I594fe8225cf94b5087093febc11f6b0a7e42e7cd
Reviewed-on: https://code.wireshark.org/review/27149
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We don't support building with autotools (except for building the
support libraries using macos-setup.sh), and we don't support GTK+ and
thus don't require X11.
Change-Id: If9da937285016fc178a0153d38212404b0ff2c59
Reviewed-on: https://code.wireshark.org/review/27148
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Remove FAQ items that assume we are (and, in one case, that we're using
SVN...).
Change-Id: Ifd04ac0f34f562b2b0b588bed8db8f4e13317c18
Reviewed-on: https://code.wireshark.org/review/27147
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Qt 5.11 seems to have changed the include dependencies, so adding those, that are missing
Change-Id: I2b0482f7554467d6981be65bfd3fea1a3e118976
Reviewed-on: https://code.wireshark.org/review/27145
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Running tools/dfilter-test.py with LSan enabled resulted in 38 test
failures due to memory leaks from "fvalue_new". Problematic dfilters:
- Return values from functions, e.g. `len(data.data) > 8` (instruction
CALL_FUNCTION invoking functions from epan/dfilter/dfunctions.c)
- Slice operator: `data.data[1:2] == aa:bb` (function mk_range)
These values end up in "registers", but as some values (from READ_TREE)
reference the proto tree, a new tracking flag ("owns_memory") is added.
Add missing tests for some functions and try to improve documentation.
Change-Id: I28e8cf872675d0a81ea7aa5fac7398257de3f47b
Reviewed-on: https://code.wireshark.org/review/27132
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When converting byte array strings to a FT_PROTOCOL value (for example,
when using a display filter such as `eth contains aa:bb`), the converted
memory in GByteArray was not freed. If an error occurred (the value
cannot be parsed as hex string), then an error message was leaked.
Fix the above issues and avoid an unnecessary g_memdup.
Change-Id: I3a076b3a2384b1a0e15ea8518f2e0f66a7b6ea49
Reviewed-on: https://code.wireshark.org/review/27130
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
A filter such as "data.data[1] == 2" would leak the GSList structure.
Change-Id: If57ffbdbf815434f6e11fb53ffa031dde370a9ec
Reviewed-on: https://code.wireshark.org/review/27131
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Now that we only support CMake, that file would be reduced to
Wireshark is built using CMake.
which doesn't justify keeping it around.
Change-Id: I07d0ce0689ab274fd6c7dff3d8e5a8b31e110cbb
Reviewed-on: https://code.wireshark.org/review/27139
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Again, no more autotools/libtool, so no more .libs, as that's a
libtoolism.
Change-Id: I909c18b969ca8e04a252ff45f7f3e6bc9d0c8476
Reviewed-on: https://code.wireshark.org/review/27138
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Found by valgrind. Remove unnecessary "if" guard for g_free while at it.
Change-Id: I58a18472f2c82e4c6c810d3cb3eeb2358b64f4ab
Reviewed-on: https://code.wireshark.org/review/27133
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
.libs is a libtoolism, and we're not using autotools or libtool any
more, so there aren't any more libtoolisms.
Change-Id: Idc9ef37f9650197da096cc8e3cb3ed459b71dea0
Reviewed-on: https://code.wireshark.org/review/27137
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Do all the per-record processing in a libpcap_try_record() routine. EOF
on the header is OK, but a short read on the header *might* be due to
the format being tested not being the format of the file rather than due
to the file having been cut short.
Change-Id: I5748ed550fa1079dc9c746fd93ee5c59187b80a1
Reviewed-on: https://code.wireshark.org/review/27135
Reviewed-by: Guy Harris <guy@alum.mit.edu>
g_get_charset, g_get_filename_charsets, g_strerror, g_get_home_dir all
return a const char pointer. get_global_random is internally called by
g_random_int, g_random_int_range, etc.
On Arch Linux with glibc 2.26-11 and glib2 2.56.0+7+g66948ae23-1,
"call_init" is not visible in the stack trace, so replace it by "...".
It also has "possibly lost" entries due to GLib types initialization
(gobject_init -> _g_enum_types_init). Finally "g_private_set" internally
leaks after calling "g_private_get_impl".
Change-Id: Ifb2be3188add7bdd060d1e7321c8126e5924a738
Reviewed-on: https://code.wireshark.org/review/27118
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Since draft -11, NCI CID has become non-fixed with a length prefix. See
https://tools.ietf.org/html/draft-ietf-quic-transport-11#section-7.13
Only dissection is implemented, processing it for connection migration
will be done in the future.
Bug: 13881
Change-Id: I4be8c2eb306d5c1090b28ed2a6386c6c9006c561
Reviewed-on: https://code.wireshark.org/review/27107
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Include "quic.connection.number" for easier filtering of a connection
and to detect which connection packets are associated with. Expert info
is shown when a packet cannot be associated (due to dissector bug or
protocol violations).
Bug: 13881
Change-Id: I097e41d1abff629d6f8cc25396bad60c6790e84e
Reviewed-on: https://code.wireshark.org/review/27099
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
v1: TS 29.060 7.3.2: A PDP context has not been created in the GGSN if the
Cause differs from "Request accepted", "New PDP type due to network
preference" or "New PDP type due to single address bearer only"
v2: TS 29.274 8.4: Acceptance in a Response / triggered message:
"Request accepted", "Request accepted partially", "New PDN type due to
network preference" and "New PDN type due to single address bearer only"
Change-Id: I8d3b2fc3c35e4a3e3d281cf0e5c97f084616a05d
Reviewed-on: https://code.wireshark.org/review/27093
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Try to read up to 3 pcap records, making the value a #define so that we
can crank it up if necessary.
Bug: 14595
Change-Id: Ie9d62a1763fe7d1d46fdd8781691ea975770f3d7
Reviewed-on: https://code.wireshark.org/review/27111
Reviewed-by: Guy Harris <guy@alum.mit.edu>
offset has to be volatile, as it's used in a loop that involves the
setjmp/longjmp-based TRY mechanism.
Instead of passing pointers to the offset to routines that dissect
headers, have the routines take the offset as an argument and return the
updated offset, to avoid having to mark said pointers as pointing to a
volatile variable.
Update comments while we're at it.
Change-Id: I3058a4e6a736c234ad7508521c9fe9da358b6096
Reviewed-on: https://code.wireshark.org/review/27109
Reviewed-by: Guy Harris <guy@alum.mit.edu>
From compilation log:
epan/ipv4.h:19:10: fatal error: 'wsutil/inet_ipv4.h' file not found
tools/oss-fuzzshark/fuzzshark.c:27:10: fatal error: 'version_info.h' file not found
Change-Id: I3e147e014ae398ae07e64aec5a6535a8f9e357a3
Reviewed-on: https://code.wireshark.org/review/27076
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Even though these are (currently) implemented in the enip dissector,
these conversations are actually for different types of CIP connections.
This changes makes it obvious to CIP users/developers what these are.
EtherNet/IP (enip) is mainly the encapsulation layer that allows CIP to
function on Ethernet.
Change-Id: I760f832026e35aec412d51d80e85a997b341e0b4
Reviewed-on: https://code.wireshark.org/review/27086
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The DOXYGEN_* variables which we use to create doxygen.cfg are native
paths and are not compatible with Cygwin. We could try to make them
compatible, but given that we're trying to migrate away from Cygwin set
"DOXYGEN_EXECUTABLE" to "DOXYGEN_EXECUTABLE-NOTFOUND" if "cyg" is anywhere
in its path.
Add the wsar_html* targets to "Docs" and exclude them from Visual Studio's
default build.
Change-Id: Id23a3c43a9f4f1edb2d827bbf36a3a7eb64f0212
Reviewed-on: https://code.wireshark.org/review/27100
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Strawberry Perl ships with xsltproc but no DocBook XML files, which will
break the User's and Developer's Guide targets. Set XSLTPROC_EXECUTABLE
to XSLTPROC_EXECUTABLE-NOTFOUND if "strawberry" is anywhere in its path.
Change-Id: I070eaa247a24a1a79fcdb01256dd5812aa8f6fa8
Reviewed-on: https://code.wireshark.org/review/27101
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
TLS 1.3 draft 26 up to 28 are purely editorial, but since QUIC draft-11
will actually use the latest TLS 1.3 draft, add these versions. See
https://github.com/quicwg/base-drafts/wiki/5th-Implementation-Draft
Bug: 12779
Change-Id: I31316afa900c4b085caeed2529b388617211bff7
Reviewed-on: https://code.wireshark.org/review/27108
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It *looks* as if a bluecom packet has a count of blocks, and a sequence
of that number of blocks, with each one containing a block header and a
block data.
Dissect the packet in that fashion. If we get an exception (other than
"we hit the snaplen") while dissecting a block, record it and step on to
the next block.
Don't try to avoid hitting the snaplen - we *want* that to be reported,
so the user knows that the capture only includes the first part of the
packet.
Change-Id: I1b668ffea9b67d3a6ff06100b868f7d941c1f509
Reviewed-on: https://code.wireshark.org/review/27106
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Now that the DCID is known from the connection, fix offset calculation.
Bug: 13881
Change-Id: Ic64505247ec0e2d1de2bd5153e4d2264be5114c2
Depends-On: I58740c38bb62400d22481a26f83f247f9b539d56
Reviewed-on: https://code.wireshark.org/review/27098
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
QUIC connections can survive address and port changes and should not be
tracked per UDP conversation, but by Connection ID instead. To make this
possible, early on (before full dissection), DCID and SCID are parsed
from the header and then used to associate packets with new or existing
QUIC connections.
Previously a "connection" was always created when missing (in a
conversation). Now it will only be created if an Initial Packet is
found (by DCID or address + port). If not found, as side-effect packet
number tracking will fail. This can be changed if needed.
This work also prepares for proper draft-11 short packet dissection and
use of NEW_CONNECTION_ID frames. Additionally, it now assumes draft 11
rather than draft 10 if the version number is not recognized.
Only tested with ngtcp2-10.pcap which has a single UDP conversation.
Bug: 13881
Change-Id: I58740c38bb62400d22481a26f83f247f9b539d56
Reviewed-on: https://code.wireshark.org/review/27068
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
These fields have always been 16-bit values, see
https://tools.ietf.org/html/draft-ietf-quic-transport-11#section-6.4.1
Noticed with picoquic-11.pcap, note that ngtcp2-10.pcap triggers the
expert info due to a bug fixed in ngtcp2 2939ff618e4a.
Bug: 13881
Change-Id: I867703f5399f3d9c2cfe7d0488f4be83c0a5b4a2
Reviewed-on: https://code.wireshark.org/review/27097
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The header length has increased in draft -11.
Bug: 13881
Change-Id: Iaa3f4cb14b88a3c5cb53373245c1929113910893
Reviewed-on: https://code.wireshark.org/review/27096
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
For optional tags that act as a boolean, their presence is sufficient
and not need to set a value after them.
Change-Id: I3b4a6bbbdacf1a008e8df90a20c4eede4b0db1bd
Reviewed-on: https://code.wireshark.org/review/27095
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
If the calculated packet length in the header is bigger than the actual
packet length value from the header, reject the packet.
Change-Id: I86cb24c66ee0d6fd2ed6f9240d44c1adc5f0bf91
Reviewed-on: https://code.wireshark.org/review/27087
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Guy Harris