Do it before we even *try* to read the block, so that it's done in one
place rather than having to be done in every routine to handle
particular block types.
The check was missing in the routine to read sysdig event blocks, so if
we got a huge sysdig even block we'd try to allocate a huge amount of
memory.
Bug: 14403
Change-Id: Iff0fb0387e4499420598361be6d241f2832042d7
Reviewed-on: https://code.wireshark.org/review/25702
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Skip the contents of <style> and <script> tags. Add URL footnotes
similar to `lynx -dump`.
Change-Id: I721bdfabeacc000d604aa8475f13be1d797ad0fb
Reviewed-on: https://code.wireshark.org/review/25697
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It's only being used as a working buffer to hold the raw options data we
read in.
Change-Id: I17b812e447f575ad92394b9f957658fc655cdf8e
Reviewed-on: https://code.wireshark.org/review/25701
Reviewed-by: Guy Harris <guy@alum.mit.edu>
No need for len, and call caplen event_filelen and move it after
event_len.
Change-Id: I8b3825d4022ee083ee52f83f7a69f22829ed9fc4
Reviewed-on: https://code.wireshark.org/review/25698
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Separate the stuff that any record could have from the stuff that only
particular record types have; put the latter into a union, and put all
that into a wtap_rec structure.
Add some record-type checks as necessary.
Change-Id: Id6b3486858f826fce4b096c59231f463e44bfaa2
Reviewed-on: https://code.wireshark.org/review/25696
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Previously, dissect_cip_generic_service_req and dissect_cip_generic_service_rsp
set lengths at different levels of the packet. In some cases, this would
cause a malformed packet when the data length was zero. This fixes the
malformed error by explicitly setting the length, instead of using -1.
The length of the service data set is not the data paylod for both
cases. Previously, for requests, it attempted to highlight the whole CIP
layer, but this was already covered by the full CIP protocol layer
length.
Change-Id: I4b4a99d30b9e04872fcf7ffb127c496e6062856c
Reviewed-on: https://code.wireshark.org/review/25672
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
1. Add Decode Options for 4 Safety I/O types. Previously, you could only decode as "CIP Safety", which only showed as a generic data block (because all important things for parsing are in the FwdOpen).
2. Change some timestamp display formatting to match other related timestamp fields (now all Dec)
3. Don't create connections for Null Forward Opens.
Change-Id: Ia1031b3887739a864a453b9e566ebe6f29fa5b8b
Reviewed-on: https://code.wireshark.org/review/25664
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
They were used by the now-removed draft-07 support.
Change-Id: I4762d2a6bb81e231010f1fd4b2b51278bb3c4329
Reviewed-on: https://code.wireshark.org/review/25695
Reviewed-by: Guy Harris <guy@alum.mit.edu>
of Quick UDP Internet Connection
Change-Id: Ibe18191fca6495d817f6bc10ec4b5df552548396
Reviewed-on: https://code.wireshark.org/review/25690
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The first is deprecated, as per https://spdx.org/licenses/.
Change-Id: I8e21e1d32d09b8b94b93a2dc9fbdde5ffeba6bed
Reviewed-on: https://code.wireshark.org/review/25661
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Go back to having pcapng_read_block() and
pcapng_read_section_header_block() treating SHB read errors that might
be due to the file not being a pcapng file separately from other errors.
This keeps us from treating pcapng files with malformed SHBs as not
being pcapng files, making us dissect them using the pcapng file
dissector rather than reporting the malformation.
Change-Id: I1d92cc4ac521668b88638b2b3ed5257340451798
Ping-Bug: 14402
Reviewed-on: https://code.wireshark.org/review/25675
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Check only in the if (global) case, and note that it's necessary in that
case; in the !global case, note why we don't have to check for a null
pointer.
Change-Id: I80322204ec94eb3901f7bceabccb29351794adc8
Reviewed-on: https://code.wireshark.org/review/25674
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Don't include glib if RC_INVOKED is defined so that the Microsoft Windows
Resource Compiler doesn't generate the following complaint:
\path\to\glib/gatomic.h(87): warning RC4011: identifier truncated to '__GCC_HAVE_SYNC_COMPARE_AND_SWA'
Change-Id: I6637aee2842de4e7041b66ff4428f617478efcb4
Reviewed-on: https://code.wireshark.org/review/25670
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
When dissecting an if_tsresol option in an IDB, calculate the resolution
from the base and the offset. If the result overflows, mark it as an
overflow; otherwise, mark it with the units for more values than 1
microsecond. Store the calculated resolution, which we initialize to
the default of 1 microsecond.
When displaying time stamps in blocks, use the calculated resolution,
rather than re-calculating it. If it's 0, it means the resolution is
too high, so don't calculate it and end up dividing by zero.
Bug: 14402
Change-Id: Idc34ededb4f7250b3604b14d4468c32f6592793f
Reviewed-on: https://code.wireshark.org/review/25673
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Do not check reported length but captured length, otherwise it can
can trigger an exception when trying to fetch at offset 4.
Once the (very basic heuristic) is verified, cann the right dissection
function.
Bug: 14399
Change-Id: Ie09d80e04f2501c940693a2ea9ecbd2f84d1e22f
Reviewed-on: https://code.wireshark.org/review/25666
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Using NULL as profile name indicates the Default profile and
profile_exists() must not return FALSE for the Default profile.
This is a regression from ge0d04a75.
Change-Id: I2463a7d3e12dda794f3391d999442a303d80621c
Reviewed-on: https://code.wireshark.org/review/25659
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
This avoids an illegal pointer to free() on error.
Bug: 14397
Change-Id: Id6e535141c7a3ee7b3d1822875b571e2199a5387
Reviewed-on: https://code.wireshark.org/review/25660
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
The main benefit of this feature is that it enables users to see the
succession of HTTP requests that led to a specific request.
A sample PCAP is available here:
https://bugs.wireshark.org/bugzilla/attachment.cgi?id=16085
Change-Id: I7c521315b848fbce659fdc01e43f261d804a3a48
Reviewed-on: https://code.wireshark.org/review/25319
Reviewed-by: Moshe Kaplan <me@moshekaplan.com>
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>