data: the invalid frame number will crash Wireshark.
Bug: 10885
Change-Id: I3ae278b77a9449136fbaaac52f2bbaa8a510bf76
Reviewed-on: https://code.wireshark.org/review/7651
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The capture timer was never enabled on capture start or disabled on
capture stop. This is now implemented.
Bug: 10601
Change-Id: Iae23a952986a2c5dddf92b6ac0d1f1bc1c83719c
Reviewed-on: https://code.wireshark.org/review/7582
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Remove the setUniformRowHeights(true) call in the PacketList
constructor. This means that the packet list now calculates its height
by querying the Qt::SizeHintRole for every item instead of simply
multiplying item_height * number_of_rows.
Implement SizeHintRole in PacketListModel::data so that size
calculations aren't unbearably slow. We don't have any row text until an
item is drawn (via DisplayRole), so items with multiple lines end up
being rendered twice. Note where we make assumptions on line heights.
Although we call gtk_tree_view_set_fixed_height_mode() in the GTK+ UI we
don't have this problem there. GTK+ is apparently less strict about
enforcing row heights.
Bug: 10924
Change-Id: I98e9f4f5f321c2e03f18498e0a7e7556f88792a1
Reviewed-on: https://code.wireshark.org/review/7430
Petri-Dish: Evan Huus <eapache@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This allows for exporting the SSL session keys for captures which were
decrypted using a RSA certificate, but where the server does not support
session resumption.
To avoid frequent reallocations, the expected length is used as initial
string size.
Tested against a nginx server with ssl_session_cache off.
Note that all keys loaded via ssl.keylog_file are exported, not just the
displayed ones!
Change-Id: Ie3a93d3692885502f46442953fa53303d16672d7
Reviewed-on: https://code.wireshark.org/review/7175
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Enable the reliable Magic Hello heuristics by default and dissect
further packets as HTTP2 as well. The weak frame heuristics is still
disabled by default.
Change-Id: I783d036fb6c6d867daedf251a5264fdf3b475447
Reviewed-on: https://code.wireshark.org/review/7615
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I78376c5578ee1f1871260db478a9c0d994f5bd38
RFC6594: Use of the SHA-256 Algorithm with RSA, Digital Signature Algorithm (DSA), and Elliptic Curve DSA (ECDSA) in SSHFP Resource Records
RFC7479: Using Ed25519 in SSHFP Resource Records
Reviewed-on: https://code.wireshark.org/review/7654
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Part 2
Change-Id: I4fa4a48fe047b7231f1cf084d8c798ada15372c5
Reviewed-on: https://code.wireshark.org/review/7607
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
TLSv1.2 gained an additional SignatureAndHashAlgorithm field for fields
marked with the digitally-signed attribute. This was already implemented
before for ServerKeyExchange, let's reuse that.
Note that the SignatureAndHashAlgorithm tree and fields (hash algo,
signature algo) are repurposed in a different context, but since the
structure is the same it is kept like this.
By the way, add support for DTLSv1.2 too. RFC 6347 section 4.2.6
suggests that the implementation is the same (as far as the dissector is
concerned).
Also update the comments and remove the additional "Signature with
client's private key" subtree since the CertificateVerify message has no
other items.
Bug: 11045
Change-Id: I025901b85e607f04d60357ff14187cc13db2ae5d
Reviewed-on: https://code.wireshark.org/review/7650
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
In the FPM dissector test, only check the fields produced by the
frame and FPM dissectors.
Change-Id: I212afb8a8a4a7a9aa54391b0d5971b982b819395
Reviewed-on: https://code.wireshark.org/review/7643
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Graham Bloice <graham.bloice@trihedral.com>
Unfortunately that row number may come from a dissector/tap but allowing us
to continue just causes us to die horribly later (and we can't except out of
processing a tap).
Change-Id: I37f03385db55dbe55f91e2ec6a03add5664857ba
Ping-Bug: 10885
Reviewed-on: https://code.wireshark.org/review/7652
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: If9ecbb6ff77fff8131adf526bfec2bb08aa644aa
Reviewed-on: https://code.wireshark.org/review/7642
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Since commit v1.99.4rc0-70-g0bec885 (Remove use of sprintf for ftype
string formatting), Wireshark aborts with "Null pointer passed to
bytes_to_hexstr_punct()". This happened with a SSL capture where the
ssl.handshake.extensions_padding_data had a zero length.
Fix it by producing a zero-length string instead (as done by the
previous implementation).
Change-Id: I711d786a9ae692eb44c5e49a30d5fea41c5af31e
Reviewed-on: https://code.wireshark.org/review/7649
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I656d6193aad740ab88bf16fb25c202e766e3092a
Reviewed-on: https://code.wireshark.org/review/7616
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The sha1 function outputs a multiple of 20 bytes while the ptk buffer
has only a size of 64 bytes. Follow the hint in 802.11i-2004, page 164
and use an output buffer of 80 octets.
Noticed when running Wireshark with ASAN, on exit it would try to free a
"next" pointer which was filled with sha1 garbage. It probably got
triggered via 3f8fbb7349 which made
AirPDcap responsible for managing its own memory.
Bug: 10849
Change-Id: I10c1b9c2e224e5571d746c01fc389f86d25994a1
Reviewed-on: https://code.wireshark.org/review/7645
Reviewed-by: Evan Huus <eapache@gmail.com>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
at the moment, we don't forward such messages and therefore see lots
of generic USB control messages that could be dissected further
even if there's no data, a protocol-specific dissector may still set
the columns based on conversation info
Change-Id: If3fc0f0ce3bdec1f91b7e3cadc3affd56b8c8969
Reviewed-on: https://code.wireshark.org/review/7584
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Ensure that we handle when option_len is zero so we don't go into an infinite
loop. Reported by Vlad Tsyrklevich and found by the "joern" tool. Also fix what
appears to be two misplaced "curr_offset" values which would have resulted in a
bad loop anyways.
Bug: 11036
Change-Id: I79e70fcf79015cb0add1744aff695143e11312aa
Reviewed-on: https://code.wireshark.org/review/7593
Reviewed-by: David Ameiss <netshark@ameissnet.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Change-Id: I51035034397aa9bc42ed5b4aadc6c7fca52b2d5d
Reviewed-on: https://code.wireshark.org/review/7638
Reviewed-by: Michael Mann <mmann78@netscape.net>
* Update to the last IANA icmpv6-parameters (2014-01-30)
* Add ICMP Locator Update message (RFC 6743)
* Add RFC 7400 (6LoWPAN-GHC: Generic Header Compression for IPv6 over Low-Power Wireless Personal Area Networks) (Add new ND Option)
Change-Id: I3d6c7f06b6f654e57844046d63c8091e5e33037a
Reviewed-on: https://code.wireshark.org/review/7629
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I6b578bad375687651e06508ea9c532bbad3472c8
Reviewed-on: https://code.wireshark.org/review/7631
Reviewed-by: Michael Mann <mmann78@netscape.net>
It allows to properly handle a use case were several TCP connections would be encapsulated
Note that it is safe to use the same key for struct tcp_analysis and proto_tree as they are not using the same scope (and thus list)
Change-Id: I37423eca225960f2e72817f6faf543f6676cf489
Reviewed-on: https://code.wireshark.org/review/7606
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Most of our sites are now HTTPS-only. Update URLs accordingly. Update
other URLs while we're at it. Remove or comment out dead links.
Change-Id: I7c4f323e6585d22760bb90bf28fc0faa6b893a33
Reviewed-on: https://code.wireshark.org/review/7621
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Remove a dead increment while we are at it
Change-Id: I4a453bbd959e71ff6e85be06d079176abdc33a95
Reviewed-on: https://code.wireshark.org/review/7622
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Fixes a potential infinite loop reported by Vlad Tsyrklevich found via the
"joern" tool. I'm pretty sure the semantics of proto_tree_add_item would have
prevented this, but not 100% and making it explicit doesn't hurt.
Bug: 11037
Change-Id: I92049a95d23ca9c233b3fd830637e6bca19a7434
Reviewed-on: https://code.wireshark.org/review/7592
Petri-Dish: Evan Huus <eapache@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
We need to use rrc, as the checksum is likely to be
rotated before the plaintext payload.
For now we only handle the two common cases
rrc == 0 and rrc == ec...
Ping-Bug: 9398
Change-Id: I548f2f0650716294b6aeb361021be6e44ae8f1b3
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/7271
Reviewed-by: Michael Mann <mmann78@netscape.net>
Ping-Bug: 9398
Change-Id: I163d3dc99562b3388470c58d05e2d4d2e2f6d00c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/7477
Reviewed-by: Michael Mann <mmann78@netscape.net>
Took the original patch from bug 5116 and made the dissector "human readable".
Bug: 5116
Change-Id: Ic5cc35f919865bc84ee8a3d0589f498ef13e8f6f
Signed-off-by: Michael Mann <mmann78@netscape.net>
Signed-off-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-on: https://code.wireshark.org/review/7605
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Don't dereference a null pointer. Remove g_assert()s copied from ui/gtk.
This fixes problems mentioned in bug 11044 but not the bug itself.
Change-Id: Iab75ab5cc6a184c8145a094b1c529a634e3c1c0d
Ping-Bug: 11044
Reviewed-on: https://code.wireshark.org/review/7610
Reviewed-by: Gerald Combs <gerald@wireshark.org>
documentation on the MS website and a capture I have.
Still have to dissect FSCTL_GET_INTEGRITY_INFORMATION.
Change-Id: I17ada4daa479810d8d8512c7e7b8798bcb650081
Signed-off-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-on: https://code.wireshark.org/review/7587
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: Ic4a3750a55523a5cf8ea72002055ffea1f081dd1
Reviewed-on: https://code.wireshark.org/review/7565
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
proto.c:8733:1: warning: no previous prototype for 'proto_tree_add_uint64_bits_format_value' [-Wmissing-prototypes]
proto.c:8812:1: warning: no previous prototype for 'proto_tree_add_int64_bits_format_value' [-Wmissing-prototypes]
proto.c:8861:1: warning: no previous prototype for 'proto_tree_add_boolean_bits_format_value64' [-Wmissing-prototypes]
Change-Id: Ic40ca6f32739b415a423fc978e8677d669a95867
Reviewed-on: https://code.wireshark.org/review/7509
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>