Note that changes to tcp_analyze_sequence_number should be synced with
docbook/wsug_src/WSUG_chapter_advanced.asciidoc#ChAdvTCPAnalysis.
Change-Id: Iac72d2cf808d84c17fa5f12012675e0af1895cd1
Reviewed-on: https://code.wireshark.org/review/23989
Reviewed-by: Gerald Combs <gerald@wireshark.org>
** (process:8955): WARNING **: Field 'Uplink Time Unit' (pfcp.ul_time_unit) has a conflicting entry in its value_string: 3 is at indices 3 (Day) and 4 (Week))
** (process:8955): WARNING **: Field 'Downlink Time Unit' (pfcp.dl_time_unit) has a conflicting entry in its value_string: 3 is at indices 3 (Day) and 4 (Week))
Change-Id: I870af4a53721e0ffe0f9f778c8287e090f2b2929
Reviewed-on: https://code.wireshark.org/review/23985
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
** (process:8955): WARNING **: Field 'Class' (nfapi.csi.rs.class) has a conflicting entry in its value_string: 1 is at indices 1 (Class A) and 2 (Class B))
Change-Id: I6063fd5fe0094efe776a3a04556c633a4e495a9a
Reviewed-on: https://code.wireshark.org/review/23986
Reviewed-by: Michael Mann <mmann78@netscape.net>
Without any specific pattern, it is too weak and catch a lot of
unrelated UDP packets.
Change-Id: Iacac5ae65de59da1d46a06184517834edd91eb18
Reviewed-on: https://code.wireshark.org/review/23984
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Icb326dac7cfe0478df3d892df279ad0f241c7ba6
Reviewed-on: https://code.wireshark.org/review/23981
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: If4620a43d706f7067a018eb964e4db3733d65210
Reviewed-on: https://code.wireshark.org/review/23980
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
It is not registered by IANA
Change-Id: Iff462ee0a2366ae72681b34e4e7e107c8c479822
Reviewed-on: https://code.wireshark.org/review/23976
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It's been broken for over a year, needs to be modernized and as
implemented it's a maintenance nightmare. Get rid of it.
Ping-Bug: 13036
Change-Id: I34a6e4c28b6d3b96dd6550dd21e9cbeaf050d58f
Reviewed-on: https://code.wireshark.org/review/23967
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
Change-Id: I3b6a7c6dabfe017eb6c223ab2491e0a3cda8c56c
Reviewed-on: https://code.wireshark.org/review/23970
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
register.c is a built source. It should not be included in the distribution
and should be removed with the distclean target.
Remove XXX comment suggesting adding the cache to the distribution; let's
not do that.
Change-Id: I20f9467a93e2b5ad3ee56a5fa83381095b1d28c6
Reviewed-on: https://code.wireshark.org/review/23971
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
CMake 3.10 adds CMP0071 which results in warnings about applying AUTOMOC
and AUTOUIC on generated files. It somehow tries to do this for files
generated by QT5_ADD_RESOURCES and QT5_WRAP_UI.
As a workaround, just convert from the legacy macros to the new method.
Autogenerated ui_*.h and moc_*.h will now also be shown in the "External
Dependencies" tab in Visual Studio
Change-Id: I36df2212bbf0f938fcd4560000031b6137db93ca
Reviewed-on: https://code.wireshark.org/review/23917
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
[MS-SMB2] 2.2.13 CREATE Request, NameOffset:
> A zero length file name indicates a request to open the root of the share.
This also ends up enabling the parsing of missing
fields (InputBufferLength, AdditionalInformation, Flags) in QUERY_INFO
requests, which required a non-NULL saved->extra_info.
Change-Id: I9af3933cc6bb93247bad23c7dd82a52787595f69
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-on: https://code.wireshark.org/review/23959
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ie74dec4d854f65835a4e7e68dac609290a84d791
Reviewed-on: https://code.wireshark.org/review/23957
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fixes error: format '%lu' expects argument of type
'long unsigned int', but argument 4 has type 'guint64'
Change-Id: I431ab2e1920b7856ff686bd79bc881dee494706f
Reviewed-on: https://code.wireshark.org/review/23965
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
ps.c is already correctly cleaned in epan/Makefile.am. make distclean also
works well with tarballs so I think the other comment can also be removed.
ldconfig may be needed for tshark.
The installation step seems to do all the right things so just drop the
rather verbose description of the XDG Base Directory Spec.
Add the MKDIR_P and INSTALL variables for consistency and to address some
of the portability concerns raised in the comment (INSTALL usage still
needs to follow a standard form common for portable automake).
Remove redundant plugin_ldadd else clause.
Change-Id: Ic2cb04556f28622a8979b057e0abbe64256ed3c9
Reviewed-on: https://code.wireshark.org/review/23964
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Implemented a function to dissect zcl octet strings in a similar way as attributes
that have a data type of zcl octet string.
Currently the function is used for event data (publish event and publish event log),
as well as top up code (consumer top up and publish top up log).
Bug: 14138
Change-Id: Idae6240312bedeaa12f10777e1009b110d5f834d
Reviewed-on: https://code.wireshark.org/review/23881
Reviewed-by: Michael Mann <mmann78@netscape.net>
Hopefully this will allow more people to figure out how to compile
Wireshark without 1) e-mailing wireshark-dev, 2) asking in
ask.wireshark.com, or 3) filing a bug, if the underlying problem is that
1) they didn't install the appropriate xyzzy-dev package for
something Wireshark uses
or
2) they're trying to use autotools on macOS and they've
installed a recent, and not-very-pkg-config-friendly, version
of Qt.
Change-Id: I69236558f207ed0bf81d2acdc0230630f6069dec
Reviewed-on: https://code.wireshark.org/review/23963
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This treats macOS/OSX like any other Unix-like build target (Darwin),
thus removing autotools support for macOS-specific build options.
Anyone needing that is advised to use the fully-supported-on-macOS CMake
build.
Change-Id: I88e2fa7a8eea42241efcf84223ac2362d38b1e12
Reviewed-on: https://code.wireshark.org/review/23951
Petri-Dish: João Valverde <j@v6e.pt>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
It seems to be some sort of development helper, and since CMake doesn't
use it presumably it is not useful anymore.
Change-Id: I23e4ab24199f21310ebd09064c3ae53e48673e4d
Reviewed-on: https://code.wireshark.org/review/23945
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Petri-Dish: João Valverde <j@v6e.pt>
Reviewed-by: João Valverde <j@v6e.pt>
Change-Id: I31be23516d7fb169daa827b505bcde04426e84dc
Signed-off-by: Adam Wujek <adam.wujek@cern.ch>
Reviewed-on: https://code.wireshark.org/review/23961
Reviewed-by: Michael Mann <mmann78@netscape.net>
Since the packet has an output and input buffer, having a field just
called "size" or "offset" was confusing.
Change-Id: Iadb45fa50e6ea6ffaa7c3b041704837641f64ab6
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-on: https://code.wireshark.org/review/23958
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Due to the use of target_include_directories (when sshdump or ciscodump
are enabled), the minimum required version is 2.8.11. The supported OS
versions do not change, but Debian Wheezy users must enable backports.
Change-Id: I883c81e5e81425ca1869f442686faf1e66a638f3
Reviewed-on: https://code.wireshark.org/review/23955
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The Qt5Widgets_EXECUTABLE_COMPILE_FLAGS option is only needed for CMake
before 2.8.12 and before as documented by Qt, so this ugly piece can be
restricted to older CMake versions. That also helps avoiding exposing
the Qt 5.5.0 in Windows since that requires a much newer CMake version.
For those older versions, use COMPILE_FLAGS such that -fPIC is added
after -fPIE (the latter is enabled by CMAKE_POSITION_INDEPENDENT_CODE).
Tested with CMake 2.8.11, 2.8.12.2, 3.0.2 and 3.9.4 using Qt 5.9.2 and
GCC 7.2.0.
Change-Id: I4962f7f5a087ee5b8c79905dd3b2cce17c731bdf
Fixes: v2.1.0rc0-566-gd66d379ac8 ("Try retroactively applying the Qt folks' fix for QTBUG-47942.")
Reviewed-on: https://code.wireshark.org/review/23954
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
nfs dissector wrongly have used proto_tree_add_item to display a
counter, by assuming that last argument is a value.
Replace proto_tree_add_item with proto_tree_add_uint or
proto_tree_add_subtree_format when a loop counter must be
displayed. Update tree item size calculation.
Change-Id: I4137e42673fa33cae61494effe1195206fbf7f28
Signed-off-by: Tigran Mkrtchyan <tigran.mkrtchyan@desy.de>
Reviewed-on: https://code.wireshark.org/review/23748
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Need to use UI name to select between different tables.
Change-Id: I2f25435e6ac1a2f1a15e651cd3ef1bbc9e860d89
Reviewed-on: https://code.wireshark.org/review/23952
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This kind of generator expressions do not seem to work in CMake 3.0. It
works fine in CMake 3.1.0 and later versions.
Change-Id: I262566a5ea831ae0fbe4b6a3249b59401f9d3b15
Fixes: v2.5.0rc0-1334-gd3f636ece0 ("cmake: fix CMP0026 deprecation warning in CMake 3.9")
Reviewed-on: https://code.wireshark.org/review/23949
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
A renegotiated session with decrypted records has !maybe_encrypted which
means that the plaintext buffer is passed to dissect_ssl3_handshake. Do
not assume that this plaintext buffer might be encrypted, it is
definitely not the case.
Change-Id: I2ce9a5305e5cbc24b5c7e93077f7e796bf8cb406
Fixes: v2.5.0rc0-1314-g9d189c7e20 ("ssl: assume everything after CCS is encrypted")
Ping-Bug: 14117
Reviewed-on: https://code.wireshark.org/review/23948
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This will help detect some bogus checkapi runs in the future.
Change-Id: I43345e3a0a5471e9655f34e36ccf1562d6526758
Reviewed-on: https://code.wireshark.org/review/23946
Reviewed-by: Michael Mann <mmann78@netscape.net>
Value stored to 'offset' is never read
Change-Id: Ia7f651edec36a75c60816a3803e53dc86d749262
Reviewed-on: https://code.wireshark.org/review/23942
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Value stored to 'item' is never read
Change-Id: I964c06d1a3896e9e5c52dfcb2f17478f15350910
Reviewed-on: https://code.wireshark.org/review/23941
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Use correct start offset for Join Request and Join Accept.
Always show the MAC Header fields (and add the RFU).
Add subtree for Join Request and Join Accept.
Register the dissector to be able to "Decode As" and calling the
dissector from Lua.
Change-Id: I644530f2ae36f5a9d2ea89e4446995a5caa4eea4
Reviewed-on: https://code.wireshark.org/review/23944
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Erik de Jong <erikdejong@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Only Wireshark Qt is officially supported on macOS.
Change-Id: Id0e3429891173d4b91e99061bcf11df2e38bc0bf
Reviewed-on: https://code.wireshark.org/review/23931
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Change-Id: I85be2eb645ab00d711f525d711ebf90f200595cc
Reviewed-on: https://code.wireshark.org/review/23943
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This treats macOS/OSX like any other Unix-like build target, thus removing
autotools support for macOS-specific build options.
Anyone needing that is advised to use the fully-supported-on-macOS CMake
build.
Change-Id: I631464a90e16e3db89538801c741657a0a4a7451
Reviewed-on: https://code.wireshark.org/review/23911
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
There are some issues with the inline comments. Rephrase those
comments. Furthermore, use the MQTT v3.1 and v3.1.1 specification
language to fix some inline comments.
Change-Id: Ia3864e1b66ef1eb4bbd8cb90aed674c7d9c4b7be
Signed-off-by: Flavio Santes <flavio.santes@1byt3.com>
Reviewed-on: https://code.wireshark.org/review/23937
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The packet-PROTOABBREV.c template recommends to provide a short
description of the protocol below the license header. Currently,
this information is not present in the packet-mqtt.c dissector.
This patch adds the protocol description taken from the official
specification. Links to the v3.1 and v3.1.1 specifications are
also provided by this patch.
Change-Id: I9bb85aa3b78c8804c923f77c163904a7949f6899
Signed-off-by: Flavio Santes <flavio.santes@1byt3.com>
Reviewed-on: https://code.wireshark.org/review/23936
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Since CMake 3.9, all policies before CMP0036 emit a warning. Fix the
warning by not relying on the old behavior (existence of the LOCATION
property).
Tested with Ninja, the cmake output, rules.ninja and build.ninja output
is identical (minus the deprecation warning).
Change-Id: I058699380b01a9c02d9b98fd485ce6ded427abe3
Reviewed-on: https://code.wireshark.org/review/23915
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
According to README.extcap documentation all extcap tools must
support the --extcap-dlts option. For performance reasons support
for this option was removed by commit:
9328eb6 androiddump: Register interfaces when list interfaces
A side effect of not implementing the option is that dumpcap is
then also called to try to retrieve interface capabilities
for all androiddump interfaces. As extcap interfaces are not
local network interfaces errors like these are logged
whenever the interface list is refreshed:
Capture Dbg sync_if_capabilities_open
Capture Info sync_pipe_run_command() starts
Capture Dbg argv[0]: /usr/local/bin/wireshark/dumpcap
Capture Dbg argv[1]: -i
Capture Dbg argv[2]: android-tcpdump-wlan0...
Capture Dbg argv[3]: -L
Capture Dbg argv[4]: -Z
Capture Dbg argv[5]: none
Capture Dbg sync_pipe_open_command
Capture Dbg read 25 ok indicator: E len: 333 msg: E
Capture Dbg sync_pipe_wait_for_child: wait till child closed
Capture Dbg sync_pipe_wait_for_child: capture child closed after 0.000s
Capture Info sync_pipe_run_command() ends, taking 0.012s, result=-1
Capture Msg Capture Interface Capabilities failed. Error -1, The
capabilities of the capture device "android-tcpdump-wlan0..."
could not be obtained (android-tcpdump-wlan0...:
SIOCETHTOOL(ETHTOOL_GET_TS_INFO) ioctl failed: No such device).
Please check to make sure you have sufficient permissions, and
that you have the proper interface or pipe specified. ()
To avoid error prints and to fulfil the documented equirements for extcap
tools register a fake interface with what would be the properties of such
an interface.
Change-Id: If174adbb64c66132be4225f854bbf9f66d2f5ed1
Reviewed-on: https://code.wireshark.org/review/23093
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>