Change-Id: Ifb68af443c6f13dfab99e32488d86c148621a316
Signed-off-by: Tom Haynes <loghyr@primarydata.com>
Reviewed-on: https://code.wireshark.org/review/17399
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I72812fa0650da0cde37ea6cbef81a3c7a9ba333d
Reviewed-on: https://code.wireshark.org/review/17373
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The OMG standard has changed in this new version. I have fixed
the implementation.
Change-Id: Ie9054ed52c66580c76096af86e0fb8e34a44e9d1
Reviewed-on: https://code.wireshark.org/review/17348
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ica9fc960946542badb64af12769e7dfa3793db82
Signed-off-by: Tom Haynes <loghyr@primarydata.com>
Reviewed-on: https://code.wireshark.org/review/17397
Reviewed-by: Michael Mann <mmann78@netscape.net>
The fields have names beginning with "ecatf.", the dissector is called
"ecatf", and it's only the frame layer of EtherCAT anyway, so just call
it "ecatf".
Change-Id: I2f127363fd115c307f0525f612fe184a30d46c55
Reviewed-on: https://code.wireshark.org/review/17406
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have all dissector tables have a "supports Decode As" flag, which
defaults to FALSE, and which is set to TRUE if a register_decode_as()
refers to it.
When adding a dissector to a dissector table with a given key, only add
it for Decode As if the dissector table supports it.
For non-FT_STRING dissector tables, always check for multiple entries
for the same protocol with different dissectors, and report an error if
we found them.
This means there's no need for the creator of a dissector table to
specify whether duplicates of that sort should be allowed - we always do
the check when registering something for "Decode As" (in a non-FT_STRING
dissector table), and just don't bother registering anything for "Decode
As" if the dissector table doesn't support "Decode As", so there's no
check done for those dissector tables.
Change-Id: I4a1fdea3bddc2af27a65cfbca23edc99b26c0eed
Reviewed-on: https://code.wireshark.org/review/17402
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We register dissectors for "Decode As" for {SSL,TLS}-over-TCP, so we
should actually set up the "Decode As" stuff for it.
Change-Id: I2a738667efdec1007069df74885a4fe8fc3fcbab
Reviewed-on: https://code.wireshark.org/review/17400
Reviewed-by: Guy Harris <guy@alum.mit.edu>
dissection and display the problem more prominetly.
Change-Id: Ia1a32667a18e1e5b60b5c167da9b6dd945ba3dfc
Reviewed-on: https://code.wireshark.org/review/17385
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
time_util.c was already fixed, but the header was missing the change,
breaking the build on a very old compiler.
Change-Id: I95685c9a3e25dcb7567f2551b92f20c8792a6e47
Reviewed-on: https://code.wireshark.org/review/17384
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
If the heuristics fail to detect a resumed session, then it must mark
the session as a normal session. This will also prevent from
applying secrets that do not apply to this renegotiated session.
Bug: 12793
Change-Id: I90f794a7bbaf7f1839e39656ac318183ecf48887
Reviewed-on: https://code.wireshark.org/review/17376
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
No more memleaks reported for the attachment in bug 12790 :-)
Change-Id: I8472e442143b332edfacdf9ef3b8b893f1ec4386
Ping-Bug: 12790
Reviewed-on: https://code.wireshark.org/review/17365
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Before:
SUMMARY: AddressSanitizer: 399684 byte(s) leaked in 17208 allocation(s).
After addressing to-do by calling ddict_free:
SUMMARY: AddressSanitizer: 3024 byte(s) leaked in 256 allocation(s).
After fixing all remaining leaks cases in the flex file for diameter:
SUMMARY: AddressSanitizer: 735 byte(s) leaked in 58 allocation(s).
Not bad huh :-)
Ping-Bug: 12790
Change-Id: I0c730ad77ae15c69390bc6cf0a3a985395a64771
Reviewed-on: https://code.wireshark.org/review/17364
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
pcapng_open and pcapng_read have 'wblock' allocated on the stack, so if
they return, they do not have to set wblock.block to NULL.
pcapng_read_block always sets wblock->block to NULL and may initialize
it for SHB, IDB, NRB and ISB. Be sure to release the memory for IDB and
ISB. It is better to have more wtap_block_free calls on a NULL value
than missing them as this would be a memleak (on the other hand, do not
release memory that is stored elsewhere such as SHB and NRB).
Ping-Bug: 12790
Change-Id: I081f841addb36f16e3671095a919d357f4bc16c5
Reviewed-on: https://code.wireshark.org/review/17362
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Otherwise the statistics will be wrong if the capture duration is greater
than G_MAXINT32 and it the user specifies an interval of 0
Bug: 12778
Change-Id: I83a0f627ec0bb7c535446c17afa486835091ab8b
Reviewed-on: https://code.wireshark.org/review/17367
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
strdup and strcmp is a recipe for leaking.
Change-Id: I522c71964e39f671a4101df9b2b432433fc1c12e
Reviewed-on: https://code.wireshark.org/review/17363
Reviewed-by: Michael Mann <mmann78@netscape.net>
Use same wmem_epan_scope() as "w" (tvbparse_wanted_t).
Change-Id: I73fdb1fb3b55a91b7bb0fc36e435024c6f0b3d73
Ping-Bug: 12790
Reviewed-on: https://code.wireshark.org/review/17361
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
According to documentation of uat_copy_cb_t, if uat->copy_cb is NULL,
memcpy() should be used.
This affected IKEv1 and IKEv2 UAT tables (possibly others).
Change-Id: I27ebdc08385d260945699f101e714d3abb288b22
Reviewed-on: https://code.wireshark.org/review/17245
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Fix the "Number of SPIs" field name in the Delete payload.
References: RFC 2408, RFC 7296
Change-Id: I205fb830275fc011e6605fdae53c6b9141e1628b
Reviewed-on: https://code.wireshark.org/review/17353
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
A XMPP stanza may be fragmented inside a conversation, so don't
check for this only when starting a new conversation.
Change-Id: I63b987184f52645e6c72c3c4155b39b7948de828
Reviewed-on: https://code.wireshark.org/review/17344
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Make "Resolve Names" enabled if at least one of the custom column
fields can be resolved.
Change-Id: I702471be5d90c91f71209923e6abcc6921dca850
Reviewed-on: https://code.wireshark.org/review/17350
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Search address type by name iterates over an array, but fails to find its end.
Therefore it may dereference invalid pointers, or NULL.
Add the proper check in the for loop and make sure an end condition is always
there in the array searched.
Change-Id: I60ade9d438dc394340b6483b4fcb23e5ce432000
Reviewed-on: https://code.wireshark.org/review/17337
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Some type changes were not carried forwared into the conversation
debugging code. These changes allow compilation again.
Change-Id: I90dde7cc94496828cf8931d74225773c2cea42a1
Reviewed-on: https://code.wireshark.org/review/17336
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Added the dissection of three parameters.
Change-Id: I07e7b655ad7fd3462625c2fb565e41593c62f897
Reviewed-on: https://code.wireshark.org/review/17346
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Issue reported by Lucas Pardue
Change-Id: Ic3c53fce9751a556c5f1aa30d55687a60c9c6a4d
Reviewed-on: https://code.wireshark.org/review/17345
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Lucas Pardue <lucas.pardue@bbc.co.uk>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Issue reported by Lucas Perdue
Change-Id: I4852f6bad7a4c98b345ff198b33ab560eacb5ed0
Reviewed-on: https://code.wireshark.org/review/17341
Reviewed-by: Lucas Pardue <lucas.pardue@bbc.co.uk>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Issue reported by Lucas Perdue
Change-Id: I9c4ede6ba2fb0303aab05f1d59835e5a8b386a3e
Reviewed-on: https://code.wireshark.org/review/17340
Reviewed-by: Lucas Pardue <lucas.pardue@bbc.co.uk>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Before redissection, PacketList::freeze() is called which clears the
model. This results in a NULL-deref when pressing Ctrl-F (Packet
Search) or Ctrl-G (Go To Packet). Reproducer: in a large capture file,
enter some display filter (e.g. "udp") and immediately press Ctrl-F.
Thanks to Github user SNAPESNATCH for the initial report via IRC that
included a helpful stack trace on Windows.
Change-Id: If7334d6df4e9591fb1f2a52e3e2f837285b2959f
Reviewed-on: https://code.wireshark.org/review/17326
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Both of them need to have the CAN ID/flags field of the header
byte-swapped as necessary to make sure it's in the *reading* host's byte
order, not the *writing* host's byte order, if the two are different.
Change-Id: Iac1589fdd9fe4d9ee6fbac8d821b48694d68919b
Reviewed-on: https://code.wireshark.org/review/17333
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Libpcap just backed out the "host-endian" SocketCAN LINKTYPE_ value; we
don't need it any more.
Change-Id: I33a7dc21207a0009e20b4abaefe1119eb649c39a
Reviewed-on: https://code.wireshark.org/review/17327
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The created XML proto_item can be faked (if not visible and not referenced),
so ensure we store the correct item length to be used in XMPP.
This will avoid an invalid "Malformed Packet" for some XMPP packets.
Change-Id: I79d805b725dbeb93f26a38b72bdcc84187aee16f
Reviewed-on: https://code.wireshark.org/review/17324
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
RFC 6120 section 4.6.1 defines the use of a single whitespace as
"whitespace keepalive", so indicate this in the Info column.
Change-Id: I685431d91be2a37fbd66f8d1cdabe53f33092e93
Reviewed-on: https://code.wireshark.org/review/17323
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Change-Id: I842fd2339788c2cbe5ca88294aaf74bf9adc5ae2
Reviewed-on: https://code.wireshark.org/review/17285
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Binh Trinh