Fix some indentation while we're at it.
Change-Id: I887af6e7507e1cd3c7e2b5bb5124d913aea01f9c
Reviewed-on: https://code.wireshark.org/review/3552
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The HAVE_PCAP_REMOTE definition is in config.h, so the .h files
that depend on the definition must include it so the MOC compiler
will generate the required code.
Change-Id: Ifc17db4fc3f0e3323726792308e303d28d8bcc7f
Reviewed-on: https://code.wireshark.org/review/3516
Reviewed-by: Evan Huus <eapache@gmail.com>
- Remove an incorrect call to conversation_new()
(which messed up TCP sequence number analysis).
- hislip Request/Response analysis must be done during 'pass1'
(i.e. when 'flags.visited == 0');
Not doing so caused various problems including
tshark '1 pass' poor dissection.
- Remove 'if (tree)' around a call to expert_...().
- Don't show "unknown" for Async/Sync when the value is actually known.
- Simplify some code.
- Mark a field as GENERATED.
Change-Id: I286c12f52e5f73377bed3a2792f3ff0003e2785f
Reviewed-on: https://code.wireshark.org/review/3541
Petri-Dish: Bill Meier <wmeier@newsguy.com>
Reviewed-by: Bill Meier <wmeier@newsguy.com>
- tvb_length() --> tvb_reported_length();
- Add an XXX comment re use of 'get_length' for tcp_dissect_pdus();
- Remove a few unneeded initializers;
- Simplify/adjust code in a few places;
- Remove some boilerplate comments;
- Reformat some whitespace and long-lines.
Change-Id: I17b9750cc1bdb5140edc28efbae5bf0f6ec23b6e
Reviewed-on: https://code.wireshark.org/review/3538
Petri-Dish: Bill Meier <wmeier@newsguy.com>
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Other minor cleanup while in the neighborhood.
Change-Id: Ib76f4a9f89b5933425760af0a980c6a549031b8f
Reviewed-on: https://code.wireshark.org/review/3537
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The "Payload" field only makes sense for packets that have unknown
type or are unexpectedly long. For normal traces, it will always be
empty, so hide it.
Note: this length check used to be implicitly performed by
ssh_proto_tree_add_item before 2aa66aa2b2,
so this just restores the former behaviour.
Change-Id: I948935bce660018377a004c661b829a19eb0a53b
Reviewed-on: https://code.wireshark.org/review/3535
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
According to Microsoft documentation, valid values for the Version field are 2 and 3. Newer servers (like Windows 2012 R2) respond with Version=3.
Change-Id: Ifb0c6f52d09c75bbde2b4a46d13366461736b9c0
Reviewed-on: https://code.wireshark.org/review/3527
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
I made a stupid when simplifying the bit-twiddling, and accidentally reversed
two of the bytes which completely broke MAC address name resolution.
Bug: 10344
Change-Id: I0720755fb290423150e4d84da9d45cb0b76341e4
Reviewed-on: https://code.wireshark.org/review/3522
Reviewed-by: Michael Mann <mmann78@netscape.net>
Also put back initial text indentation
Change-Id: I6fe207086018a806a258b1de2888ac0b9310aac6
Reviewed-on: https://code.wireshark.org/review/3524
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
StyleName is not available in Qt < 4.8
Change-Id: Icbfcef7c62b124ce67f1a02ed928a96233ae2d9d
Reviewed-on: https://code.wireshark.org/review/3508
Reviewed-by: Christopher Maynard <Christopher.Maynard@gtech.com>
This mostly involved adding expert info capabilities to many of the dissectors so that they could correctly flag error conditions.
Only remaining proto_tree_add_text calls are in H248.cnf, which has a convoluted way of using hf_ data to make its tree.
Change-Id: I6412150c2ec1977d7fa38f3f0ed416680bdfb141
Reviewed-on: https://code.wireshark.org/review/3500
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add macros to set entries of a vec_t, one for use when you have a
pointer to private data, and one for use when you have data in a tvbuff.
The latter wraps the use of tvb_get_ptr(), so that you're not directly
calling it in a dissector.
Move ip_checksum() to epan/in_cksum.c, and add an ip_checksum_tvb() that
wraps the use of tvb_get_ptr().
In the CARP dissector, give the length variable an unsigned type -
there's no benefit to it being signed, and that requires some casts to
be thrown around.
In the DCCP dissector, check only against the coverage length to see if
we have enough data, combine the "should we check the checksum?" check
with the "*can* we check the checksum?" check in a single if, and throw
a dissector assertion if the source network address type isn't IPv4 or
IPv6.
Get rid of inclues of <epan/in_cksum.h> in dissectors that don't use any
of the Internet checksum routines.
In the HIP dissector, make sure we have the data to calculate the
checksum before doing so.
Change-Id: I2f9674775dbb54c533d33082632809f7d32ec8ae
Reviewed-on: https://code.wireshark.org/review/3517
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Use it in the MBMS synchronisation protocol dissector, rather than
calling tvb_get_ptr() there.
Change-Id: I7ddb3c6b30547826cb5372352c7c483d8a24dc8e
Reviewed-on: https://code.wireshark.org/review/3514
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Use it in the ATM dissector, and use a tvbuff version, so that we don't
do tvb_get_ptr() ourselves.
Change-Id: I0bd3594bc739e0cca447ac06f34a471441cf2e70
Reviewed-on: https://code.wireshark.org/review/3513
Reviewed-by: Guy Harris <guy@alum.mit.edu>
And note that it's the same polynomial for the MPEG-2 CRC.
Change-Id: Ie89e392156ae77a2adeec3eb8e704aa75c0cd0dc
Reviewed-on: https://code.wireshark.org/review/3512
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The length passed to it already has 4 subtracted from it by the caller.
Change-Id: I6e047c6c4c4cd5220be923b4663088b6b275d768
Reviewed-on: https://code.wireshark.org/review/3511
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have the wsutil routine just accumulate the stuff from the buffer handed
to us. Have the IUUP dissector deal with the extra stuff. Add a
update_crc10_by_bytes_tvb() routine, which is passed a tvbuff, offset,
and length, and use that rather than using tvb_get_ptr() in dissectors.
Change-Id: Iadd0823c764080e60d1339abb94d2e19150eabfe
Reviewed-on: https://code.wireshark.org/review/3509
Reviewed-by: Guy Harris <guy@alum.mit.edu>
So just use crc16_x25_ccitt_tvb(), which goes a byte at a time rather
than a bit at a time, and which takes a tvbuff rather than requiring you
to call tvb_get_ptr().
It also doesn't 1's-complement the result, so we can compare it against the
0x1D0F in ETSI TS 102 821 V1.4.1 (2012-10) rather than against a
1's-complement version, 0xE2F0.
Change-Id: Ia513f851f0a8ff1e7853278ddf3618c532fb2aba
Reviewed-on: https://code.wireshark.org/review/3507
Reviewed-by: Guy Harris <guy@alum.mit.edu>
There are routines that take a buffer and a length and that take a
tvbuff, offset, and length; use those routines in the DNP dissector
(which no longer needs its own table and loop), and use the tvbuff
routine instead of calling tvb_get_ptr().
Change-Id: Ic67b0f3b65b94ea47c0fdc2f3d3b6f88df77f9c6
Reviewed-on: https://code.wireshark.org/review/3505
Reviewed-by: Guy Harris <guy@alum.mit.edu>
A little bit of guess work is involved as the group key can use a
different cipher to the pairwise key, and we are trying to do this
purely based on the EAPOL messages with no prior knowledge of the
associate request. We try to guess the cipher based on the lengths.
Bug:8734
Change-Id: I4c456b45939c00a9d1122406891f704fa037349c
Reviewed-on: https://code.wireshark.org/review/3183
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
* fix exporting "beginning of" frame logs into info field
* add missing "Failure" level to regexp in wiretap part
* remove usage of GDateTime from wiretap part
Change-Id: Ibdea730623241cccbbc1694a34daa308e48c0a89
Reviewed-on: https://code.wireshark.org/review/3493
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
capture_interfaces_dialog.cpp: In member function ‘void CaptureInterfacesDialog::updateStatistics()’:
capture_interfaces_dialog.cpp:483:100: error: operation on ‘points’ may be undefined [-Werror=sequence-point]
QList<int> *points = points = ti->data(col_traffic_, Qt::UserRole).value<QList<int> *>();
Change-Id: I63afb0f207142d516403968f6a3e988f8ad61d4d
Reviewed-on: https://code.wireshark.org/review/3491
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
While nominally optional, building without it doesn't work, so just make it
mandatory.
The verify_tools target already passes $(PYTHON) to win-setup.sh --appverify;
we just need to supply a default value for PYTHON, so that $(PYTHON) doesn't
expand to an empty string. It's also convenient for the developer if Python
can be automatically found on the PATH.
Change-Id: I4f54695625b74c5b4c758ef1e3bc9ed4467db514
Reviewed-on: https://code.wireshark.org/review/3391
Petri-Dish: Jörg Mayer <jmayer@loplof.de>
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
Tested-by: Jörg Mayer <jmayer@loplof.de>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Even though Qt's widget naming suggests otherwise, a QTreeWidget is
usually a better choice for tables than QTableWidget. The former gives
you a nice, clean Plain Old Table while the latter gives you something
that looks and acts like a spreadsheet.
In this particular instance using QTreeWidget also gives us the option
of adding sub-items with detailed information. Do so for attached
addresses.
Allow sorting by traffic while we're here. Simplify the column hiding
logic. Make sure the sparkline delegate isn't editable.
Change-Id: Ia36ba2e12c1c0cb86ae5b2154e6afcf6549ae049
Reviewed-on: https://code.wireshark.org/review/3466
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Tested-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>