I don't think it's an actual issue, but the new compiler on the mac buildbots
isn't smart enough to tell that.
Change-Id: I759e1afe9c4011d5612be0d15282076be6f5a331
Reviewed-on: https://code.wireshark.org/review/3355
Reviewed-by: Evan Huus <eapache@gmail.com>
In particular, epan/wslua/lrexlib.c has its own buffer_ routines,
causing some linker warnings on some platforms, as reported in bug
10332.
(Not to be backported to 1.12, as that would change the API and ABI of
libwsutil and libwiretap. We should also make the buffer_ routines in
epan/wslua/lrexlib.c static, which should also address this problem, but
the name change avoids other potential namespace collisions.)
Change-Id: I1d42c7d1778c7e4c019deb2608d476c52001ce28
Reviewed-on: https://code.wireshark.org/review/3351
Reviewed-by: Guy Harris <guy@alum.mit.edu>
What mystical new compiler upgrade is this?
Change-Id: I89b3bfb53b9a19bbfb1cc8339d38cdc4a4652c62
Reviewed-on: https://code.wireshark.org/review/3347
Reviewed-by: Evan Huus <eapache@gmail.com>
make-taps.pl needs to know where to find the source files otherwise none of
the tap data gets built correctly.
This makes the wslua test suite run in out-of-source-tree builds too.
Change-Id: I059474d90d59e87bd57dba18530a66a927a014cf
Reviewed-on: https://code.wireshark.org/review/3337
Reviewed-by: Evan Huus <eapache@gmail.com>
Before, several managment packets were dissected incorrectly as
EPHandleDeleteReq's. Now they are dissected with the generic managment
packet dissector.
Change-Id: Id2f0951b91b99ba2340ff77c6285f382436788ef
Reviewed-on: https://code.wireshark.org/review/3328
Reviewed-by: Evan Huus <eapache@gmail.com>
According to RFC 1323, the window scale shift value must not exceed 14.
Detect this and cap at 14 to prevent undefined behavior (shifting by a
too large value).
Caught by `clang -fsanitize=undefined`.
Change-Id: I1acad252b86c7f23e497575b48d9496346327e00
Reviewed-on: https://code.wireshark.org/review/3312
Reviewed-by: Michael Mann <mmann78@netscape.net>
As clang pointed out we end up storing a reference to it in a global and (more
relevantly) pushing that global to a tap which would run after the current frame
has returned.
Thanks to Alexis for bringing this to my attention.
Change-Id: I3aac43a806d217b0dc8a973f6bb2fa48cdd041bb
Reviewed-on: https://code.wireshark.org/review/3289
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ic7755a7756589167b4fea5cf42a21419f59ecdae
Reviewed-on: https://code.wireshark.org/review/3301
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: Iffd5d81dde15eba12511dc89664d7ea06a70436f
Reviewed-on: https://code.wireshark.org/review/3300
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
transfer type in the endpoint descriptor
Change-Id: I9e23d9825efb30311cd3e04d01548c03b163c276
Reviewed-on: https://code.wireshark.org/review/3299
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
... As would be the case if proto_tree_add_text() + proto_item_add_subtree()
were used. (This initialization value is only used when TRY_TO_FAKE_THIS_ITEM()
shortcuts us out.)
As reported/discussed on -dev:
https://www.wireshark.org/lists/wireshark-dev/201407/msg00031.html
Change-Id: I4af63e3cf0a70607d58b4641597b2ce7907fbb8b
Reviewed-on: https://code.wireshark.org/review/3271
Reviewed-by: Michael Mann <mmann78@netscape.net>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Reviewed-by: Evan Huus <eapache@gmail.com>
Patch "ssl,dtls: simplify keyfile handling" did not account for the use
case where packets are captured and decrypted on the fly using
SSLKEYLOGFILE.
This patch restores that functionality by reading additional lines from
the keylog file when needed (to preserve the benefit of not having to
read the full file) and by watching the open file for deletions.
"Deletion" is detected by comparing st_dev and st_ino. Since these may
be useless on Windows, the size is also checked.
Change-Id: Ieadaef1426a9270587293db28f4dda33b3d17334
Reviewed-on: https://code.wireshark.org/review/3190
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Evan Huus <eapache@gmail.com>
Petri-Dish: Evan Huus <eapache@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Previously, the keylog file would be fully parsed when an encrypted
pre-master secret is encountered or in the ChangeCipherSpec stage. There
was also a lot of duplication in the key logfile parsing.
This patch simplifies the key logfile parsing by using regular
expressions. Rather than scanning the key logfile for a specific key,
do this scan once at ssl init and save the results to a hashtable. The
map for session ID/tickets to master keys already existed, another one
for client random to master key and encrypted pre-master to pre-master
was added. This could later also be wired to the "Export SSL Keys"
menu item for improved reliability (when no session ID or tickets are
available, the client random could be used).
The ssl_{save,restore}_session{,_ticket} functions have been converted
to a single function that looks up a key (sid / client random / encr.
pre-master) to a (pre-)master secret.
Other minor changes: return booleans for some functions that can only
fail/pass. Remove some functions from the ssl-utils header that have
become private a few commits ago. Remove some outstanding issues
from the comments in packet-ssl as they are already done, add myself
to the ssl-utils header.
These changes pass the test suite and the sample Session Ticket-enabled
capture from https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5963
On-the-fly decryption are broken with this patch since keylog files are
read once at the start of a capture. This will be solved in a future
patch.
Change-Id: Idb343abe161950b5f3ff61bee093d0f4ef9655bd
Reviewed-on: https://code.wireshark.org/review/3057
Reviewed-by: Evan Huus <eapache@gmail.com>
Petri-Dish: Evan Huus <eapache@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Also make dissector "new style" using it's already built in basic heuristics.
Change-Id: I8b9b02d1f32cec96a1104c99647795d6fbda4804
Reviewed-on: https://code.wireshark.org/review/3275
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
ssl_print_string uses out->data_len to determine the length of the
printed data, but this was not set. Use ssl_data_set for that and add an
additional DISSECTOR_ASSERT just in case we change something here.
Reported by Alexis La Goutte, found by Clang static analyzer.
Change-Id: I630a9193ff1ece86a0a46924dd86591fedf5c595
Reviewed-on: https://code.wireshark.org/review/3261
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
I intentionally left the fields displayed alone (so they don't exactly match Wireshark GUI), because as Guy points out in bug 6310, not sure its A Bug or A Feature. But at least all types of conversations allowed are in sync with Wireshark GUI.
Bug:6310
Change-Id: I722837df510a39dadc1f9a07a99275509516698c
Reviewed-on: https://code.wireshark.org/review/3212
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I81e43fac5176fdd0805001636991efb7f588a3c0
Reviewed-on: https://code.wireshark.org/review/3252
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: Icefbaf632e888e84bcb2cc20ae3a6c4744b82fae
Reviewed-on: https://code.wireshark.org/review/3251
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I64bb64787c83ffe712ffd348cceb5449690dd6d0
Reviewed-on: https://code.wireshark.org/review/3247
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
There are two cases:
1. btl2cap -> btrfcomm -> btobex
2. btl2cap -> btobex
Case 2 is rare, so according to its name and to avoid confusion
I based on it.
Bug:10316
Change-Id: Ibeabeaf2f8376425460c56bad8fb980b460dd940
Reviewed-on: https://code.wireshark.org/review/3225
Reviewed-by: Evan Huus <eapache@gmail.com>
There is still some const-incorrect usage of them but those can be ironed
out after this change has been made.
Change-Id: Iba0631c804bdab34d7c0232b49967130e3370488
Reviewed-on: https://code.wireshark.org/review/3199
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
packet as far as possible, called from both dissect_dnp3_tcp and dissect_dnp3_udp.
Bug: 10287
Change-Id: Iaa988258b3614cb1b408dec41a987fbd61c9727c
Reviewed-on: https://code.wireshark.org/review/3096
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
I thought I'd found all of these but I guess I hadn't; good thing the fuzz-bot
kept looking.
Bug:10314
Change-Id: I2cc209a6c87781d10cae28f2cb91400d759f5091
Reviewed-on: https://code.wireshark.org/review/3205
Reviewed-by: Evan Huus <eapache@gmail.com>
Refactor (non-GUI) conversation table functionality from gtk/Qt to epan. Also refactor "common GUI" conversation table functionality.
The idea is to not have to modify the GUI when a dissector adds a new "conversation type"
Change-Id: I11f08d0d7edd631218663ba4b902c4a4c849acda
Reviewed-on: https://code.wireshark.org/review/3113
Reviewed-by: Gerald Combs <gerald@wireshark.org>
UAT was the easiest way to do this and I like the "file format" of the data, but the presentation doesn't seem that great.
Bug:10180
Change-Id: I7e6bc9e148bc47585a0a7eb8f96900a5c374e673
Reviewed-on: https://code.wireshark.org/review/3082
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I6e0109bc1d1acf200fd0c1a9f8ddd3a3d98f5908
Reviewed-on: https://code.wireshark.org/review/3189
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I589a6ced098d1d224e86386f028c92fc0797164e
Reviewed-on: https://code.wireshark.org/review/3188
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: Ibeaf5ba5d104e7f9bc9291e83923f8675abf0099
Reviewed-on: https://code.wireshark.org/review/3187
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I342f283bbab3052337e00502769150cf3f4a8800
Reviewed-on: https://code.wireshark.org/review/3186
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I467bfae2db7d3a119b58505b43b3d9bb59615ee9
Reviewed-on: https://code.wireshark.org/review/3185
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>