Combine the GTK+ RTP Stream Analysis and RTP Graph Analysis dialogs into
one. Yell at the user less. Disable the Analyze RTP Stream menu item if
we don't have an RTP stream selected.
There are a *lot* of moving parts in this dialog. I've tested with the
few RTP captures I have but it's by no means complete.
"To do" items are listed at the top of rtp_analysis.cpp.
Change-Id: Id503977f069bebc46cc68bc749f0c9cbf4d37bf6
Reviewed-on: https://code.wireshark.org/review/9650
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
This reverts commit 4a39706272.
At least in one quick check, CMake 2.8.12.2 added that already with Qt 5.5.0.
Change-Id: Iabf0e4aa0aa34b380f981f7d039fb3d95847041e
Reviewed-on: https://code.wireshark.org/review/9654
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Ping-Bug: 11358
Change-Id: I9ecb5fe6bcd7f25c763d968bf56fb2d9bce2180c
Reviewed-on: https://code.wireshark.org/review/9639
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Remove unused SSL_FAST code. That approach cannot work in modern
libgcrypt anyway since the symbols were renamed and private to
libgcrypt. The RSA decryption routine is not even a hot path, it is only
called for decrypting the encrypted pre-master secret.
While at it, expand the SSL_PRIVATE_KEY macro and remove its definition.
Change-Id: Ied556d18501ea6cbac5fb27218364b3479ad62ce
Reviewed-on: https://code.wireshark.org/review/9572
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
and dissect the components of a tag
add a global true-false string for constructed vs. primitive
Change-Id: If10ecf97cde59e2be9ff5e3163073f6d14e6c61e
Reviewed-on: https://code.wireshark.org/review/9636
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I93ce7151467c890c12f7d612b5a7eecf5f91c189
Ping-Bug: 11358
Reviewed-on: https://code.wireshark.org/review/9640
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Interfaces can appear and disappear, changing the maximum length of the
interface name column; resize it each time we reconstruct the tree.
Change-Id: I38b40f6c3ce51272e8bbb0c7f7fbaa7255886e0e
Reviewed-on: https://code.wireshark.org/review/9641
Reviewed-by: Guy Harris <guy@alum.mit.edu>
AirPDcapStoreSa() was assuming that ctx->first_free_index would always
be within the ctx->sa array; nothing guarantees that. Fail if it's past
the end of the array; that means there *are* no free indices.
Change-Id: I73145ea3f3dda1b3800a41fa3a2b01ac344dcbfc
Reviewed-on: https://code.wireshark.org/review/9634
Reviewed-by: Guy Harris <guy@alum.mit.edu>
memcpy(NULL, NULL, 0) isn't guaranteed by ISO C90 to work, so don't do
it. Check whether the length is zero, and don't copy if it is. (If the
count is non-zero and the pointer is null, that's an error, and we
should fail there, so base the test on the length, not the pointer.)
Change-Id: I0b3dc1541b52670d8fef459754c9494cfcc59e5d
Reviewed-on: https://code.wireshark.org/review/9633
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This allows for a global place to enable/disable all heuristic dissectors. This removes the need for individual dissector preferences, but those will be removed at a later date. The more important part is the epan code to save/restore the enabled state of the heuristic dissector. The GTK dialog was more for quickly testing the feature (there was already some GTK code in place that started the heuristic dialog tab)
Change-Id: Ie10687505c27a4456c49d5c4c69a5fc5f6394275
Ping-Bug:11152
Reviewed-on: https://code.wireshark.org/review/9508
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 11354
Change-Id: I24a6f2b04e138902fb548ca500af35b18f08acdc
Reviewed-on: https://code.wireshark.org/review/9619
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
There seem to be multiple definitions of an "lsa_String" depending on the DCE/RPC dissector, so change was made just in EventLog.
Bug: 10264
Change-Id: I32e97c2a537b01d3bfe9dd03452b8ee1af4d1c2e
Reviewed-on: https://code.wireshark.org/review/9598
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
RTCP can be carried within TURN CannelData messages, or STUN/TURN Send
messages. The TURN message can be in UDP or TCP, of any port number (by
default the even port 3478). So the RTCP heuristic dissector used inside the
TURN ChannelData/Send payload needs to match regardless of the port number of
the packet.
Bug: 11336
Change-Id: I155b87c3e666478d3245366784d7d4e49c8e42c8
Reviewed-on: https://code.wireshark.org/review/9624
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The STUN heuristic dissector decoded a packet as a TURN ChannelData message
with a relatively weak heuristic. In order to avoid incorrect matches, it
checked for an existing conversation first, but the UDP layer dissector will
create a conversation so this check was basically useless.
Therefore, the STUN heuristic dissector no longer matches TURN ChannelData
messages at all. If it matches another TURN message type, then it sets the
dissector for the conversation to be the non-heuristic dissector, and then
ChannelData messages will be decoded by that.
Based on the new heuristic dissector enable/disable model, in the near future
I might add another heuristic for a weaker check, to include TURN ChannelData.
Bug: 11152
Change-Id: I3f3763ce5f7be71e1402e620424df45e7ea99ee5
Reviewed-on: https://code.wireshark.org/review/9486
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Make TURN-based TFTP heuristic dissector check for valid opcode and error code
before matching TURN payload content.
The TFTP heuristic dissector incorrectly matched TURN ChannelData message data
content when it shouldn't. Unfortunately, the TFTP protocol has very little
constrained structure to perform heuristic detection with. It basically
always matched/succeeded.
Bug: 11335
Change-Id: I950fd5a273fef63d7b069c87d1146cbd752c3bd9
Reviewed-on: https://code.wireshark.org/review/9489
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Merge rtp_sample_header_t into rtp_sample_t. That's the only place it
was used. Note that rtp_sample_t is used for writing rtpdump files.
Move the rtp_sample_t definition to tap-rtp-common.c. Rename it to
rtpdump_info_t. Make rtp_write_sample static.
Change-Id: I04e7428f634efa87a98e5d6c82a354f94ab1765d
Reviewed-on: https://code.wireshark.org/review/9629
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Adding the additional rpath in the build process appears to have fixed
the problem I was trying to debug.
Change-Id: I518deea67837f7e084e503b8e5ae7c3f188df3c8
Reviewed-on: https://code.wireshark.org/review/9628
Reviewed-by: Guy Harris <guy@alum.mit.edu>
macdeployqt will stuff them into the bundle for us; exclude anything in
the Qt frameworks directory from the lists of dependencies for us to
copy or munge. (We don't copy them correctly - that results in the
underlying binary being copied to the Frameworks directory - and we
leave it up to macdeployqt to do the munging.)
Change-Id: I10cfb8dcb2abadde9d5c52252979267912710f80
Reviewed-on: https://code.wireshark.org/review/9627
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This doesn't fix any of the underlying problems discussed in bug 10613
but it does keep us from dereferencing a NULL pointer.
Change-Id: I9317366a6ae6e563dcadb32bccee87e8803c37e3
Ping-Bug: 10613.
Reviewed-on: https://code.wireshark.org/review/9626
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Qt 5.5 and later have @rpath-based install names for the frameworks,
which means that, if they're not installed in some frameworks directory
searched by default (such as /Library/Frameworks) - which is the default
case with the Qt installer - they won't be found by default.
Add the directory in which the frameworks exist as an rpath in the
Wireshark binary, so that they'll be found, and then remove it from the
Wireshark binary in the app bundle, as the directory in which the
frameworks exist on the machine on which Wireshark was built is
irrelevant to the machines on which it's being deployed - the frameworks
are included in the bundle, and we already add an rpath to find them
there.
Change-Id: I54e033743e7b17eab26976064dcd7cd000f97c78
Reviewed-on: https://code.wireshark.org/review/9625
Reviewed-by: Guy Harris <guy@alum.mit.edu>
I have some other hammers to try it hit it with to get it to actually
work with Qt 5.5.
Change-Id: Ie20ccbcee62fa48f768ba22478d07b9dc18d0139
Reviewed-on: https://code.wireshark.org/review/9623
Reviewed-by: Guy Harris <guy@alum.mit.edu>
the range.
Previously the length was ignored and 8 bytes were always read.
The constraint on int64() and le_int64() becomes stricter to match int()'s ones:
the range must be 1, 2, 4 or 8 octets long.
Change-Id: Ic66798757564ac840c332b978effb418726a654c
Reviewed-on: https://code.wireshark.org/review/9622
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
We need to preserve the full path of the framework binary.
Change-Id: I3a13eaffc07028a26fbd970db02cc1cce3fdcd5d
Reviewed-on: https://code.wireshark.org/review/9621
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That's easier than trying to carefully copy the relevant bits.
Change-Id: I2f174a735bf91f6434929c25ca33aced03e19597
Reviewed-on: https://code.wireshark.org/review/9620
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Make each Lua Proto object have an alloacted ett value, so
that they expand/contract only for the same protocol.
Bug: 11356
Change-Id: I68fb3ff00e080b47d540344aba2554e392b7f1c4
Reviewed-on: https://code.wireshark.org/review/9611
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Copy only the stuff needed at run time; don't bother with all the
headers, etc..
Change-Id: Id9d2ec916b6742a6cb6e2ec3c0f7ed1a65a8a93c
Reviewed-on: https://code.wireshark.org/review/9617
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Do it in a loop, so we can change it to handle Qt 6 if, as, and when it
comes out (assuming they label its packages as Qt6Package).
Change-Id: I1d33d3e9726981b1940fb4409184c486628cb31b
Reviewed-on: https://code.wireshark.org/review/9615
Reviewed-by: Guy Harris <guy@alum.mit.edu>
When looking for Qt framework dependencies, look for dependencies that
begin either with @rpath or with the Qt framework directory.
Then, first transform @rpath/ to a path relative to the Qt framework
directory, and then strip off everything past the framework directory,
to get the absolute path of the framework directory (not of the
framework binary - we want to copy the whole framework).
In the loop looking for dependencies on things *other* than Qt
frameworks, exclude Qt framework references with absolute paths from the
dependencies we find; they get processed later. (We already excluded
those with @rpath paths.)
Change-Id: I1e345a5fb82c758d5c1541693b46cb36d2677fab
Reviewed-on: https://code.wireshark.org/review/9614
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add a columnsChanged slot to PacketList and move the column update code
from redrawVisiblePackets there. Make sure we call
packet_list_model_->recreateVisibleRows, which should fix the behavior
described in bug 11324. Call columnsChanged when we, uh, change columns.
Add a sectionMoved slot to handle column reordering.
Don't rebuild the column list when we update the widgets in the column
preferences frame. Do enable and disable the "remove" button as needed.
Try to keep the user from removing all of the columns in both the packet
list and column preferences.
Left as an exercise for the reader: The GTK+ UI also fails when you
remove all of the columns via the preferences:
packet_list.c:377:packet_list_sort_column: assertion failed: (col)
Bug: 11324
Change-Id: Id58cf98e42cbda9aa2fc370ea06b8bcc6098c8ca
Reviewed-on: https://code.wireshark.org/review/9591
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
macdeployqt doesn't actually seem to deploy any of Qt into the app
bundle, probably because we're using it in a fashion they didn't intend
(i.e., not doing everything with *their* build tools), so we just extend
our dependency-binding stuff to handle the Qt libraries, and copy over
the Qt plugins ourselves.
We also add the rpaths to the executables and libraries as part of the
app bundle building process; I thought it'd fix macdeployqt's problem,
but it didn't, however, it's probably cleaner to do it there anyway.
Change-Id: I134c2b1a32e168e82de67f0b674d17167481d69a
Reviewed-on: https://code.wireshark.org/review/9612
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This reverts commit 8d78077d0d.
Reverted as requested.
Change-Id: I99461820d28215a52cc6bae6792f2892018d28b8
Reviewed-on: https://code.wireshark.org/review/9609
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Be less aggressive about resetting the packet list model so that we
retain our selection when (un)coloring packets or rebuilding columns.
Correctly enable a colorization menu item while we're here.
Change-Id: I8d1c8f26dbb8a814b8344b609695b77632006e4b
Reviewed-on: https://code.wireshark.org/review/9608
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Change-Id: Ib876ad4b0c6d700da1eec8c8512225c123ad14da
Reviewed-on: https://code.wireshark.org/review/9604
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: Ic7cdb78d6a162351900e9e1ea8f4ad74ded167d3
Reviewed-on: https://code.wireshark.org/review/9587
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This allows better presentation of heuristic dissectors to the end user.
Change-Id: I2ff3985ab914e83c2989880cc0c7b9904045b3f6
Reviewed-on: https://code.wireshark.org/review/9602
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The size of some of the wslua source files has grown large, and it's hard
to quickly find things. So split them up based on class name, as much as
seems reasonable. Also have the make-wsluarm.pl Perl script handle this.
Change-Id: Ib495ec5c2a4df90495c0a05504856288a0b09213
Reviewed-on: https://code.wireshark.org/review/9579
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
The readlink function does not guarantee to nul-terminate its result string.
Therefore, it should be done in wsutil/filesystem.c.
Change-Id: Id96533e825a302a1922ce9ac7ee47d5525ac9c39
Reviewed-on: https://code.wireshark.org/review/9597
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Gerald Combs