If the searchbar is already open focus on the bar and highlight
existing test, instead of closing an already open bar
Change-Id: I4f8ae2e903cb65c0ebca238f3bcc1c62b63b5c3b
Reviewed-on: https://code.wireshark.org/review/22223
Reviewed-by: Roland Knall <rknall@gmail.com>
Petri-Dish: Roland Knall <rknall@gmail.com>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Replace with easier to understand and already present NAME_RESOLVED given dummy address is always filled.
Change-Id: If8464f89e88722aac70689749fe0d4a31c119db2
Bug: 13798
Reviewed-on: https://code.wireshark.org/review/22110
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Heuristic PCH dissector was trying to access the packet's header (4 bytes) without asserting these bytes exist
Change-Id: Id2747e00ed353b1962293b3cd3ea6fbe9449a81d
Reviewed-on: https://code.wireshark.org/review/22220
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
To match the recently renamed file name.
Change-Id: Id784b955ec96a52a5f380d415094dce81e1774d5
Reviewed-on: https://code.wireshark.org/review/22222
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Implemented dissector to parse zigbee commands within SE metering cluster
Change-Id: Iffb179c3e6db88b91b9ec96ed4d4b12bbeac682e
Reviewed-on: https://code.wireshark.org/review/22221
Reviewed-by: Kenneth Soerensen <knnthsrnsn@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
- search for content fields taking into account length of last match
- handle absolute path to file file inclusion not using $RULE_PATH
- parse longer tokens (saw emerging-threats rule with enormous pcre)
- content offset is relative to start of frame, *not* previous content match
- show content modifiers 'rawbytes' and 'http_user_agent'
Change-Id: I0a4e0b857c8049380ed6aa47e4a3d3649e84d4ad
Reviewed-on: https://code.wireshark.org/review/22211
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I3bdca418801305d71b33fa07396497d82ad06e33
Reviewed-on: https://code.wireshark.org/review/22212
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
In change 18a3b0659c, I moved the table
that uses it, but not the actual definition, from libpcap.c to
pcap-common.c; they both should have been moved. Make it so.
Change-Id: I266fce455df3848b873cdfadb12cecdbf9c8d4d3
Reviewed-on: https://code.wireshark.org/review/22216
Reviewed-by: Guy Harris <guy@alum.mit.edu>
In 609ea4baa6
(I459249b98741cc069495c84ad4c47c0aa6768096) I unintentionally removed
the registration. Put it back.
Change-Id: I7cf216378e1610350949910091ee187ce150ca05
Reviewed-on: https://code.wireshark.org/review/22213
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Original sanity check was missed for fragmentation
Bug: 13755
Change-Id: If9e24e01a119c869b02f198456776c8e6c6f2ad0
Reviewed-on: https://code.wireshark.org/review/22193
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Set the merge module path based on our platform and version of Visual
Studio.
Change-Id: Ic866447f36d5264d61fc988f3f9d8b4d2e5c0827
Reviewed-on: https://code.wireshark.org/review/22192
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Currently the UMTS FP & MAC dissector's are named packet-umts_X.
This commit renames the UMTS RLC's files to show their relation.
Change-Id: I9e37be95f7c7d08278075a49b8abc2b480a13d64
Reviewed-on: https://code.wireshark.org/review/22188
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
For at least Qt, the main_window_update callback is not necessary to
make the stop button work. When restarting a live capture during a
flood (via Ctrl-R), this callback actually results in an infinite loop
in MainWindow::captureStop since the capture state never changes from
FILE_READ_IN_PROGRESS.
Remove this callback to ensure that the problematic
pipeActivated / sync_pipe_input_cb / capture_input_new_packets /
main_window_update / ... / on_actionCaptureRestart_triggered /
testCaptureFileClose / captureStop sequence is avoided.
Even though captureStop invokes capture_stop, I guess that this does not
change the state because the pipeActivated callback is already active.
Bug: 10917
Change-Id: I6ca4fa946963928b7bc8a53ca14f9a9a3a35eaa7
Reviewed-on: https://code.wireshark.org/review/22097
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
testCaptureFileClose can also be invoked while reading an existing
capture file (the original comment only applied to GTK+, not Qt). When
the user quits Wireshark while reading an offline pcap, this could
result in a confusing "Unsaved packets" dialog. Fix this by checking the
actual capture session state.
After fixing this, the next issue is that cf_close trips on an assertion
("cf->state != FILE_READ_IN_PROGRESS"). To address this problem, do not
close the capture file immediately, but signal to the reader (cf_read)
that this should be done (similar to the quit logic in GTK+).
Bug: 13563
Change-Id: I12d4b813557bf354199320df2ed8609070fdc58a
Reviewed-on: https://code.wireshark.org/review/22096
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
If the pdu length is too short, we can simply stop dissection and return
the number of bytes we processed.
Change-Id: I11581daa3fdb80b3d5a07754039ec1b640945b2e
Reviewed-on: https://code.wireshark.org/review/22187
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Cisco uses propietary option 65004 to transmit RPF Proxy Vector
information. Add the name of the option to the option identification.
Change-Id: I5ee9e4d44d6326d8a457a8a4bbb24896e17216e8
Reviewed-on: https://code.wireshark.org/review/22186
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
ITU-T Q.703 2.3.3 specifies that the length indicator MUST be set
to its correct value. Adding a expert_info warning makes it easier
to determine if a capture uses the optional extended sequence number
format found in Appendix A, for which a preference already exists.
Change-Id: I7c99c7f2801a6d44d1bc693b59f38a76e08cfe4a
Reviewed-on: https://code.wireshark.org/review/22135
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Some phones (Android and iOS smartphones) encode emoji characters as
UTF-16 big endian and although the UTF-16 is not specified in the 3GPP
23.038 (GSM 03.38) it seems to be widely supported
Bug: 13808
Change-Id: Ic4a600e42fb4b471223aaef1a661bd002835b519
Reviewed-on: https://code.wireshark.org/review/22181
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change guard that prevents decryption of v2015 to only check if frame counter
suppression is not used.
Add new aux header fields.
Cleanups.
Bug: 13805
Change-Id: Ib025e724415d7d7b85d63e2f44a37c7c691e9de6
Reviewed-on: https://code.wireshark.org/review/22165
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
In abda30e9e validation of JSON UTF-8 characters was implemented but it
doesn't handle well the valid characters
Bug: 13806
Change-Id: Id8777065cfff9deae94f457dee08017d03b50f20
Reviewed-on: https://code.wireshark.org/review/22169
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The two code paths don't share any code, so they might as well be in
separate routines.
That makes it even easier to read.
Change-Id: I8ee335f4cac2aedc42216db7f9674e1a609d9347
Reviewed-on: https://code.wireshark.org/review/22179
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Move some commented-out code where it belonged, and #if 0 it out
instead.
Have only *one* test for OCTO.
Change-Id: I6e8803f936ebd88f1705b2185f034ec0b2bddb77
Reviewed-on: https://code.wireshark.org/review/22177
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Two separate checks for OCTO, one right after the other, is a bit
confusing.
Change-Id: I702aa1809dc7271b69b5419dc850228fac516ed6
Reviewed-on: https://code.wireshark.org/review/22175
Reviewed-by: Guy Harris <guy@alum.mit.edu>
While we're at it, note in the comment for get_utf_16_string() the
"decoding UTF-16" algorithm in RFC 2781.
Change-Id: I5d7dc5c09af0474c055796e49e0c7b94fa87d2ad
Reviewed-on: https://code.wireshark.org/review/22171
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It's now FindMACOS_FRAMEWORKS.cmake.
(But is it actually *used*? CMakeLists.txt does the check itself.)
Change-Id: I6e972869b94da959dc7c9a3fccacfbd35e0e992c
Reviewed-on: https://code.wireshark.org/review/22163
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It's now "macOS".
While we're at it, note that the property list from which it fetches
version information still calls it "Mac OS X".
Change-Id: I438ef9dc65c2619d7378b0deb5efc84734a2ac6d
Reviewed-on: https://code.wireshark.org/review/22159
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Bug: 13745
Change-Id: Ibd00ea4818eb4b47a2c46324c1bfc878fef03d1e
Reviewed-on: https://code.wireshark.org/review/22155
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Refactors the print.c json output functions to be more intuitive and
to allow easy switching to single json keys with a json array of values
instead of duplicate json keys. With this commit the json output does
not change at all.
These changes have been tested on multiple decrypted http2 traces with
the following testing method:
- Save the pcap file as json with a build of the current master branch.
- Save the pcap file as json with a build of the master branch + this
commit.
- Compare the files for changes with the "cmp" utility.
No differences were found between files for multiple different decrypted
http2 traces. Printing with the "-x" or "-j" options also does not
produce any changes either.
Bug: 12958
Change-Id: Ibd3d39119c3a08906389aa8bbf4e2a2b21dd824e
Reviewed-on: https://code.wireshark.org/review/22064
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Put them in the same order as the order in which the _VERSION values are
defined and in which they're invoked.
Similarly, do the "make sure we have the requested version installed"
tests in the same order as the un-installation order (which is the
reverse of the installation order).
Change-Id: I0e2bd1d249832090c3d81bacfe010de19de54cdf
Reviewed-on: https://code.wireshark.org/review/22158
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We now require libgcrypt, and libgcrypt requires libgpg-error.
Change-Id: Ifdf40acb11fef84485310321523500b1396736b6
Reviewed-on: https://code.wireshark.org/review/22157
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We want a newer version of libgcrypt to get additional crypto functions.
Update to the current release, 1.7.7.
Update to the current release of libgpg-error, 1.27, while we're at it.
Update to the current "stable" version of GnuTLS, 3.4.17; 2.12.19
doesn't work with libgcrypt 1.7.7. 3.4.17 requires Nettle, and Nettle
requires GMP, so, if we're building with GnuTLS, download and install
the current versions of Nettle and GMP.
GMP requires lzip, so download and install it as well.
Clean up some "version >= x.y.z" checks to check the major version
number in all cases.
Change-Id: I39cccd34e0d7f49ac35b0bbacdab03251d42a1de
Reviewed-on: https://code.wireshark.org/review/22156
Reviewed-by: Guy Harris <guy@alum.mit.edu>
When a mandatory information element is missing, try to report an expert info,
instead of throwing a fatal malformed exception (or of reporting nothing at all).
According to TS 24.007 11.2.3, a mandatory i.e. may be part of the imperative part
of the message, so that expert info should be at PI_ERROR level
Change-Id: Id399c236f2923db36540bbda0d29d666548f7cbd
Reviewed-on: https://code.wireshark.org/review/22134
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This makes those tests more like other such tests.
Change-Id: Ide920d4083f6092ce5892adf4fc178236c49729f
Reviewed-on: https://code.wireshark.org/review/22150
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have them all be "usb-XXX", where XXX indicates the type of header.
Change-Id: I7f1bfea7e264b17c57f94c484d64d1cce91b9b78
Reviewed-on: https://code.wireshark.org/review/22147
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Correct some symbolic references in source file comments
and add a note about the CMake configuration options.
Change-Id: Idb670a2c798c2a52cdce142340ce8fc5a2022508
Reviewed-on: https://code.wireshark.org/review/22138
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Roland Knall