- xxx-time values are not UNIX timestamps (that is a CUPS-ism - they are
time since bootup in IPP itself)
- Change all of the display strings to use the official IANA values
(confusing otherwise)
- Add support for newer value/group tags.
- Add support for all enum attribute values.
- Add request/response tracking so you can easily match things up.
- Decode octetString, rangeOfInteger, textWithLanguage, nameWithLanguage,
dateTime, and resolution values.
- Don't treat integers and enums as interchangeable (they aren't).
- Integers and enums are signed integers.
- Put operation id or status code in info column.
Change-Id: I9fb5cd89d3c386a2b3932ef4c75967ce2547bc22
Reviewed-on: https://code.wireshark.org/review/17192
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Smith Kennedy <smith.kennedy@hp.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add notes about the Windows Installer and source packages.
Change-Id: Ic1aea3b547afab6dfdf0218b6ea257046a20cf00
Reviewed-on: https://code.wireshark.org/review/17562
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Not all uses of atoi() or various strto* routines in Wireshark expect
the string to contain *only* a number, so not all uses should require
that the byte after the number be a '\0'. Have the ws_strto* routines
take a "pointer a pointer set to point to the character after the
number" argument, and have the callers do the appropriate checks of the
character after that.
This fixes the VMS trace reading code so that it can read those files
again.
The get_ routines are handed command-line arguments, so they *do* expect
the string to contain only a number; have them check to make sure the
byte after the number is a '\0'.
Change-Id: I46fc1bea7912b9278e385fe38491a0a2ad60d697
Reviewed-on: https://code.wireshark.org/review/17560
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Allow the tool to provide a link to a helppage, displayed
by clicking on help in the configuration dialog.
The URL will be opened using an URL based service, therefore local
as well as remote URLs are possible.
Change-Id: I58b30244e97919d5cf6892faf96536ddc30fb5a7
Reviewed-on: https://code.wireshark.org/review/17549
Reviewed-by: Roland Knall <rknall@gmail.com>
For debugging...
Change-Id: I23eb70c89ac95371e1d7b05a52ffeed4f993a52a
Reviewed-on: https://code.wireshark.org/review/17135
Reviewed-by: Lucas Pardue <lucas.pardue@bbc.co.uk>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Make pkt_len unsigned.
Improve the error message for ws_strtou32() failure.
Change-Id: I080b4fc132c8e405bc1dbd87fc717c2b337517bc
Reviewed-on: https://code.wireshark.org/review/17547
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This patch fixes incorrect endian conversion in pdu length.
Actually pdu length is big endian.
Ping-Bug: 12122
Change-Id: I9f8827293e684a5b4c957138f5879efdd140c500
Reviewed-on: https://code.wireshark.org/review/17533
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Keepalive req/resp messages are shown as "Unknown type (0x00)" in info column.
This patch fixes them to "Keepalive Request" and "Keepalive Response".
Ping-Bug: 12122
Change-Id: If09192067736b78c7785ba1ff05ae62a05d3dc23
Reviewed-on: https://code.wireshark.org/review/17497
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix
../../ui/io_graph_item.h:251:29: warning: will never be executed [-Wunreachable-code]
guint64 t, pt; /* time in us */
^
Change-Id: I0e861e892c2c03151d9f98e31ac68ce296baa26a
Reviewed-on: https://code.wireshark.org/review/17545
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
That's another failure that can occur if you're trying to load a
libwireshark plugin in a program that doesn't use libwireshark if, for
example, references to an undefined symbol don't prevent the module from
being loaded in the first place.
Change-Id: I21629c0094fdca7dfbd88f39b7e6c10fb600b401
Reviewed-on: https://code.wireshark.org/review/17537
Reviewed-by: Guy Harris <guy@alum.mit.edu>
A handshake starts a new session, be sure to clear the previous state to
avoid creating a decoder with wrong secrets.
Renegotiations are also kind of transparant to the application layer, so
be sure to re-use an existing SslFlow. This fixes the Follow SSL stream
functionality which would previously ignore everything except for the
first session.
The capture file contains a crafted HTTP request/response over TLS 1.2,
interleaved with renegotiations. The HTTP response contains the Python
script used to generate the traffic. Surprise!
Change-Id: I0110ce76893d4a79330845e53e47e10f1c79e47e
Reviewed-on: https://code.wireshark.org/review/17480
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
atoi must lie in soft-deprecated list until close to complete removal.
Change-Id: Ia26ada56114559637fdc598913ee93523ed9434d
Reviewed-on: https://code.wireshark.org/review/17529
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
In a two-pass dissection with renegotiated sessions, the
is_session_resumed flag is not updated according to the current protocol
flow. Fix this by performing detection of abbreviated handshakes in
all cases, do not limit it to the decryption stage (where ssl != NULL).
Reset the resumption assumption after the first ChangeCipherSpec
(normally from the server side, but explicitly add this in case client
packets somehow arrive earlier in the capture). This should not have a
functional effect on normal TLS captures with Session Tickets.
Bug: 12793
Change-Id: I1eb2a8262b4e359b8c1d3d0a1e004a9e856bec8c
Reviewed-on: https://code.wireshark.org/review/17483
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Change-Id: I68b4fa08a7f65b92e56a6e72a6bb113e72ee33da
Reviewed-on: https://code.wireshark.org/review/17524
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Replace the error-prone next/prev handling with GList and GHashTable
Cleanup extcap_parser to only expose necessary functions
Remove token know-how from extcap
Change-Id: I7cc5ea06f58ad6c7a85ac292f5d2cb3d33e59833
Reviewed-on: https://code.wireshark.org/review/17496
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Flexible array members are supported by gcc, clang and even MSVC2013.
Note, so far it was only used in the Windows-specific airpcap.h.
Trailing commas in enum declaration are already in use since for
these dissectors (commit ID is the first occurrence):
epan/dissectors/packet-gluster.h v2.1.0rc0-1070-g3b706ba
epan/dissectors/packet-ipv6.c v2.1.2rc0-81-ge07b4aa
epan/dissectors/packet-netlink.h v2.3.0rc0-389-gc0ab12b
epan/dissectors/packet-netlink-netfilter.c v2.3.0rc0-239-g1767e08
epan/dissectors/packet-netlink-route.c v2.3.0rc0-233-g2a80b40
epan/dissectors/packet-quic.c v2.3.0rc0-457-gfa320f8
Inline functions using the "inline" keyword are supported via all glib
versions we support (if it is missing, glib will define a suitable
inline macro).
Other c99 functions listed in the README.developer document were found
to be compatible with GCC 4.4.7, Clang 3.4.2 and MSVC 2013.
Change-Id: If5bab03bfd8577b15a24bedf08c03bdfbf34317a
Reviewed-on: https://code.wireshark.org/review/17421
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That way, for signed values, the caller knows whether ERANGE means "too
large" or "too small"; this is analogous to what the C routines return.
Change-Id: Ifc1fc4723733be606487093f8aa77ae2d89d2c40
Reviewed-on: https://code.wireshark.org/review/17512
Reviewed-by: Guy Harris <guy@alum.mit.edu>
-1 is not an unsigned number. For that matter, neither is +1;
"unsigned" means "without a sign", and they both have signs.
ANSI C's strto{whatever} routines - even the ones that supposedly are
for "unsigned" values - and the GLib routines modeled after them allow a
leading sign, so we have to check ourselves.
Change-Id: Ia0584bbf83394185cde88eec48efcdfa316f1c92
Reviewed-on: https://code.wireshark.org/review/17511
Reviewed-by: Guy Harris <guy@alum.mit.edu>
cmdarg_err() prints a message, but it doesn't exit.
Change-Id: I887d96bce483f873a4375cb6b5254915d014f1b1
Reviewed-on: https://code.wireshark.org/review/17509
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Clean up indentation while we're at it.
Change-Id: Ie7223f96c758bd71d2435203635db9c2b28e2249
Reviewed-on: https://code.wireshark.org/review/17508
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That's a less gross hack to suppress load failures due to not having
libwiretap than providing a no-op failure-message routine, as it at
least allows other code using a failure-message routine, such as
cmdarg_err() and routines that call it, to be used.
We really should put libwiretap and libwireshark plugins into separate
subdirectories of the plugin directories, and avoid even looking at
libwireshark plugins in programs that don't use libwireshark.
Change-Id: I0a6ec01ecb4e718ed36233cfaf638a317f839a73
Reviewed-on: https://code.wireshark.org/review/17506
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Check IKEv1 Certificate Request Payloads for an empty
Certificate Authority field, which is allowed by RFC 2408.
Suppress dissection of this field if it is indeed empty.
Change-Id: Ifb997e460a4c12003215fde86c374cfc769c5d72
Reviewed-on: https://code.wireshark.org/review/17501
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Instead use ws_strtoi/u functions. atoi() doesn't make any kind
of check so it should be avoided. ws_strtoi/u should be used
instead of strtol & co., but they're still acceptable for some
cases that deviate from the basic usage.
Change-Id: I145ff4d8f893852e024c4ea8fc6a836b15bd2b0d
Reviewed-on: https://code.wireshark.org/review/17502
Reviewed-by: Michael Mann <mmann78@netscape.net>
In the current code many functions have been used for convertion
(strtol, atoi, g_ascii_strtoll, etc). Those utilities want to be
the only, shared, way to convert integers.
Change-Id: I22ba1bf54e144e73a4728612a4437de5a2d339e2
Reviewed-on: https://code.wireshark.org/review/17414
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Dario Lombardo <lomato@gmail.com>