By punting to the default log handler. tshark is using
g_log_default_handler(), Qt is too. Is there a reason
Wireshark cannot do the same?
Using g_defaut_log_handler() allows the user to
selectively turn on INFO and DEBUG messages using
the environment variable G_MESSAGES_DEBUG.
The fact that the output format is now consistent with
tshark is also a nice bonus.
Ping #17271.
Put all the TLV stuff together. *If* some TLVs are only in the file
header and others are only in packets, thot should be the split; it
appears that the TLVS with a type with the 0x01 bit clear are for the
file header, so perhaps they can be split based on that.
Don't include the TLV header in the structure for the time_info TLV;
that matches other TLV structures. Write the time_info TLV in two
parts, as we do with the comment TLV.
Consistently use _TO_LE macros in our _TO_LE_IN_PLACE macros.
Add _FROM_LE_IN_PLACE and _TO_LE_IN_PLACE macros for the network_load
TLV.
Use %z, now that we require C99-or-later.
Check the length of TLVs.
Note some things found in files while reverse engineering.
FOr 11b and 11g, also set the metadata to provide the "short preamble"
indication.
Add some macros to wsutil/802_11-utils.h to help there, as I threatened
to do in the previous commit. :-)
Changes:
* Replaced large netperfmeter-dccp.pcapng.gz and netperfmeter.pcap.gz captures
by one common small netperfmeter.pcapng.gz for the suites follow_dccp and
netperfmeter.
* Updated test suites "follow_dccp" and "netperfmeter".
The configuration of the build machine is not part of our public
API. 'config.h' must not be installed with system headers,
otherwise it generates all sorts of collisions and generally makes
life unpleasant.
Use FT_ETHER for the MAC address, unless the scrambling bits are set,
in which case use a FT_BYTES field. Don't put the address in a separate
tvb, so the bytes it is extracted from can be highlighted. Don't decode
the payload if the payload scrambling bits are set. Add value_strings and
expert infos.
When building with GCC 10.2.0 and optimization level 3 some new
warnings turn up. Fix them.
./epan/crypt/dot11decrypt_util.c: In function ‘dot11decrypt_derive_pmk_r0’:
../epan/crypt/dot11decrypt_util.c:308:5: error: ‘sha256_res’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
308 | memcpy(pmk_r0_name, sha256_res, 16);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../epan/crypt/dot11decrypt_util.c: In function ‘dot11decrypt_derive_pmk_r1’:
../epan/crypt/dot11decrypt_util.c:357:5: error: ‘sha256_res’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
357 | memcpy(pmk_r1_name, sha256_res, 16);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../wiretap/wtap_opttypes.c: In function ‘wtap_block_add_if_filter_option’:
../wiretap/wtap_opttypes.c:782:12: error: ‘*((void *)&filter_dest+8)’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
782 | return filter_dest;
| ^~~~~~~~~~~
../wiretap/wtap_opttypes.c: In function ‘wtap_block_set_if_filter_option_value’:
../wiretap/wtap_opttypes.c:782:12: error: ‘*((void *)&filter_dest+8)’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
782 | return filter_dest;
| ^~~~~~~~~~~
From tools/check_typed_item_calls.py:
epan/dissectors/packet-mpeg-dsmcc.c:1212 proto_tree_add_item called for hf_dsmcc_dii_private_data_length - item type is FT_UINT8 but call has len 2
- add an option to decrypt even if not strictly in-sequence
In the top-level .editorconfig, note that we don't use CMake's standard
indentation.
Remove ascendtext.[ch] from wiretap/.editorconfig since it's no longer
needed.
DVB-DATA Multiprotocol Encapsulation (MPE) has the table id 0x3E, which
is conformant to DSM-CC sections with private data, and is by far the
most common "private" implementation. Only register MPE as the default
subdissector for 0x3E, don't register DSM-CC as well. (The order of
registration means that MPE is already the current default, but this
is not reliable.)
Support Decode As for the table ids so that DSM-CC can be used instead if
someone really wants that, and so that some other user private dissector
plugin (on 0x3E or any other user private table_id) can be used.
Switch ui/clopts_common.c, ui/filter_files.[ch], and ui/summary.[ch] to
4 space indentation. This brings them in line with all of the other
files in that directory and with ui/qt.
Fix the modelines in ui/qt/models/filter_list_model.cpp.
I believe this was the original intention, to use these API restricitons
with dissectors only (not that I necessarily agree with that policy either),
and through copy-paste and lack of clear guidelines it spread to other
parts of the build.
Rename the checkAPI groups to make it very clear that this is dissector-only.
This doesn't mean, of course, that good programming practices shouldn't be
followed everywhere. In particular assertions need to be used properly.
Don't use them to catch runtime errors or validate input data.
This commit will be followed by another removing the various ugly hacks
people have been using to get around the checkAPI hammer.
This commit should be a proper fix for the regression reported in #17250
(7fd71536 is a simple workaround). Such regression has been introduced by
b287e716 while fixing the infinite loop reported in #16897.
b287e716, while fixing the infinite loop, broke the decoding of perfectly
valid tags not yet supported by Wireshark.
AFAIK, the root cause of the infinite loop is the overflow of the `offset`
variable. Therefore checking for this overflow should be sufficient to avoid
the loop.
Note that we already check for sensible values for the 'tag_len' variable;
we should update `total_tag_len` accordingly.
Some words about testing: other than correctly handling unknown but valid
tags, it is important that this commit doesn't reintroduce the infinite
loop bug.
Fortunately #16897 provided a POC trace. Unfortunately, if you revert
b287e716, this POC doesn't work anymore in master-3.4 and master branches,
but it still triggers the infinite loop in master-3.2 branch.
Therefore I have been able to manually check that this MR + the
overflow check is enough to avoid the infinite loop bug, at least in master-3.2.
Some traffic with unknown but valid tags is available in e2ee14ae03.
Commit 73d793788c removed ws_printf.h from
column-utils.c, but left no prototype for snprintf, causing a build failure on
my Debian testing host. Let's #include <stdio.h> here.
1) G_GUINT16_FORMAT produces warnings about mismatched format string
formats and arguments if you use it with a 32-bit value.
2) There's no reason to format into a string buffer and then use
col_append_lstr(); col_append_fstr() suffices. (In col_append_ports(),
the formatting is done with col_snprint_port(), which attempts to
resolve the port number to a name, but we don't do that here, we just
format it as a number.)
Since fe94133f0d ws_snprintf()
and ws_vsnprintf() don't actually do anything anymore.
The return value of ws_[v]snprintf was discarded before,
now it too conforms to C99.
COContainerContent dissects PDInterfaceMrpDataAdjust and
PDInterfaceMrpDataAdjust dissects remaining COContainerContent
because of offset problem. Offset problem is fixed.
João Valverde