| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Includes adding per-conversation data to store whether we are over
DTLS or UDP and registering as a heuristic sub-dissector for DTLS.
Future changes will add more use of the conversation structure.
Also included is a capture of UDT over DTLS in test/captures/udt-dtls.pcapng.gz,
the associated private key for the session in test/keys/udt-dtls.key and a
new test in the decryption suite to check this works.
Change-Id: I76826d3b35768d0b58f5335063884616968e5784
Reviewed-on: https://code.wireshark.org/review/22533
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This commit reassembles data frames to build up the full entity body. It does
this for both client/server request and responses. Additionally, it also
decompresses bodies if they have the correct content-encoding header provided
and are not partial bodies.
Bug: 13543
Change-Id: I1661c9ddd09c1f6cf5a08b2b1921f95103aebb52
Reviewed-on: https://code.wireshark.org/review/20737
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Absolute and Relative time fields could not be converted to seconds
without converting to string and parsing to number.
Fixed conversion in generated code that was subject to precision loss
Usage:
f=Field.new("frame.delta_time")
delta=f().value:tonumber()
Change-Id: I6ef91c6238a6c2ed9adf6cae03f8913f0a09332e
Reviewed-on: https://code.wireshark.org/review/22316
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
crash."
This reverts commit fa3aa6781797dc8d838d1a1311555a3d5c342ed1.
Change-Id: I974606b2c7963d92832b74e05681431442542202
Reviewed-on: https://code.wireshark.org/review/22200
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I867c1f78554fc6fabd2579107fe679a6f6033c0c
Reviewed-on: https://code.wireshark.org/review/22199
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Windows."
This reverts commit 573a4c9cd59d7a14e4ab305284a287c705d6b945.
Change-Id: Ia967e1e7ae617556cb2d0247fa45026f610bafa8
Reviewed-on: https://code.wireshark.org/review/22198
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I837a1e724f58f3e85ae4d7c77715e185a4b1ebeb
Reviewed-on: https://code.wireshark.org/review/22197
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Implements all seven AEAD_CHACHA20_POLY1305 cipher suites from RFC 7905
(for TLS 1.2) and the final missing one for TLS 1.3 (draft -20).
New test captures (created using OpenSSL_1_1_0-pre6-2528-g042597b0a)
also serve as tests for TLS 1.3 decryption support.
Change-Id: Ice6d639c9c7b7bc23a6ff5fb4832d02694abd8c4
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/21902
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
This function returns TRUE/FALSE depending whether the specified ProtoField/Dissector
needs to be dissected. By using this function in conjunction with the TreeItem.visible
attribute, Lua dissectors can be significantly sped up by making less C interop calls
which are relatively slow in terms of dissection especially when using sub-protocols
where the dissection of an entire protocol can be skipped.
Added tests for TreeItem:referenced to protofield.lua
Change-Id: I44feacb91a2a5b0e3c28c0ccd8d6b04cccd67261
Reviewed-on: https://code.wireshark.org/review/21387
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Avoid anachronisms, however; there was no "macOS 10.0" or even "OS X
10.0", for example. It was "Mac OS X" until 10.8 (although 10.7 was
sometimes called "OS X" and sometimes called "Mac OS X"), and it was "OS
X" from 10.8 to 10.11.
Change-Id: Ie4a848997dcc6c45c2245c1fb84ec526032375c3
Reviewed-on: https://code.wireshark.org/review/20933
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Add tests for abbrev and name validation.
Add tests for signed integer base values.
Change-Id: I0bd65c6633b44ae998880f528c22afc22c87529d
Reviewed-on: https://code.wireshark.org/review/20568
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Only perform the protofield with a tree.
Change-Id: I93caeb505d1138a57c846ea6c295e5a44d72023c
Reviewed-on: https://code.wireshark.org/review/20564
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Peter Wu <peter@lekensteyn.nl>
|
|
Add ABSOLUTE_TIME_* defines to the base table in init.lua for use
in ProtoField.absolute_time.
Change-Id: I5c99eafdac97655d71fd4f3374294cd587afaf0a
Reviewed-on: https://code.wireshark.org/review/20543
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Test usage of base.UNIT_STRING.
Change-Id: I9c97b58b3cc6db65713e83609900880e157237f2
Reviewed-on: https://code.wireshark.org/review/19357
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
Change-Id: I8afa246172cd8d5a86513ade2f482566e3f9957a
Reviewed-on: https://code.wireshark.org/review/20272
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
|
|
The "Microsecond pcap-ng via stdin" and "Nanosecond pcap-ng via stdin"
tests work here on macOS and Windows (likely due to g8a141fe), so
enable them.
Change-Id: I148d02f0cc23162d782457e1d8f0e7c2c0dc6932
Reviewed-on: https://code.wireshark.org/review/19877
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
TLS and DTLS share the same code for decryption of AEAD ciphers.
Add tests for all possible AEAD cipher modes (GCM, CCM, CCM_8).
PSK is used to reduce the handshake size (removing certificates).
The decryption suite passes these tests on:
* Libgcrypt 1.6.5 (Ubuntu 14.04)
* Libgcrypt 1.7.6 (Arch Linux)
* Libgcrypt 1.4.5 (CentOS 6). Note that the GnuTLS packages are too old,
so tests that depend on RSA keys fail here (but the new tests pass).
Change-Id: If0dc5b94223fb247062e23960ff66dfdd4f7a902
Reviewed-on: https://code.wireshark.org/review/19850
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
* Added support for 3-byte integers in :int() and :le_int()
* Added support for 5, 6, and 7-byte integers in :int64() and :le_int64()
Change-Id: If9ab4ea806191bc63effe45a081b9c65693c2367
Signed-off-by: Franklin "Snaipe" Mathieu <snaipe@diacritic.io>
Reviewed-on: https://code.wireshark.org/review/18672
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
* Implement Tvb:ipv6()
* Handle FT_IPv6 protofields during insertion in the lua tree
* Implement Address.ipv6(hostname)
Change-Id: I585c392681b3aef02ed8ee956f74051d77fb28d4
Signed-off-by: Franklin "Snaipe" Mathieu <snaipe@diacritic.io>
Reviewed-on: https://code.wireshark.org/review/18442
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
If the "test-programs" target is not built, then it should not try to
invoke the last program (wireshark-gtk in my case).
Change-Id: Ida60a71d1dc47305ef8abe10e6c96c8a1cb8dcbb
Reviewed-on: https://code.wireshark.org/review/18346
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Current Ubuntu buildbot is failing because GTK support was removed.
Tests should not fail if GTK is not available, so make it optional.
Change-Id: I1640c8bcea5208299f6846eb366e105c39a3ebf3
Reviewed-on: https://code.wireshark.org/review/18345
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Test Kerberos decryption using files from krb-816.zip on the
SampleCaptures page.
Change-Id: Ic1360b637ca6a1f6cb86d09a6aebfd7f5ff89419
Reviewed-on: https://code.wireshark.org/review/18275
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Previously the metatables for classes were the same for the class and
its instances. This results in issues like calling __gc on the class
table on exit.
Make it possible to declare separate class methods (functions) and
instance methods. Observe that all attributes apply to the instances
only, so make these just available on the instance.
The attribute/methods lookup method (via __index/__newindex) have been
rewritten to use upvalues, removing the technical need for the
properties __getters/__setters/__methods. The "lua globals" test still
checks for these, but it could be removed in the future.
To fix bug 12968, the __gc method is removed from the class method.
Future patches should remove the WSLUA_REGISTER_CLASS,
WSLUA_REGISTER_META and WSLUA_REGISTER_ATTRIBUTES macros completely and
create split class functions/methods (such that __call for an instance
cannot accidentally be invoked on the class).
Removed duplicate "fragmented" property from Pinfo (which triggered an
error) and replaced exit() by g_error() for debugger friendliness.
Remove lua_shiftstring since checkstring always returns non-NULL.
Bug: 12968
Change-Id: I57f8a93d08bb84c79b0e94cf2c82d8402fc16646
Reviewed-on: https://code.wireshark.org/review/18026
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Balint Reczey <balint@balintreczey.hu>
|
|
- Fix test script to use wlan instead of wlan_mgt
- Remove a now useless test in the dissector
Change-Id: I9a7644947c3002c759a7ae5728a8559682cfd4fd
Reviewed-on: https://code.wireshark.org/review/18215
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
|
|
Update debian, macos (setup / homebrew) download script
Update testsuite (don't try HPACK when build without nghttp2)
Change-Id: I365e5e17bc4fab4acd81b4c39ea7189a5d1ee112
Reviewed-on: https://code.wireshark.org/review/17347
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
It's broken for recent GLib versions and there is no time frame for
a fix.
Ping-Bug: 12997
Change-Id: Ia687af9b0df8fc37121179ba20761c878bf57057
Reviewed-on: https://code.wireshark.org/review/18140
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
A handshake starts a new session, be sure to clear the previous state to
avoid creating a decoder with wrong secrets.
Renegotiations are also kind of transparant to the application layer, so
be sure to re-use an existing SslFlow. This fixes the Follow SSL stream
functionality which would previously ignore everything except for the
first session.
The capture file contains a crafted HTTP request/response over TLS 1.2,
interleaved with renegotiations. The HTTP response contains the Python
script used to generate the traffic. Surprise!
Change-Id: I0110ce76893d4a79330845e53e47e10f1c79e47e
Reviewed-on: https://code.wireshark.org/review/17480
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
This name is displayed in the SSL prototcol tree (Application Data
Protocol: http-over-tls), rename to avoid possible user confusion.
Modify the SSL dissector such that both "http" and "http-over-tls"
invoke the same dissector function.
Change-Id: I2d52890a8ec8fa88b6390b133a11df607a5ec3dc
Reviewed-on: https://code.wireshark.org/review/17481
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Libpcap just backed out the "host-endian" SocketCAN LINKTYPE_ value; we
don't need it any more.
Change-Id: I33a7dc21207a0009e20b4abaefe1119eb649c39a
Reviewed-on: https://code.wireshark.org/review/17327
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
IKEv2:
Fixed bug with AEAD ciphers with 8- and 12-byte length ICVs and
libgcrypt 1.6.x - gcry_cipher_checktag() returned INVALID_LENGTH.
Fixed for merged changeset https://code.wireshark.org/review/17078
Added support for verification of encrypted data with HMAC_MD5_128
[RFC4595] and HMAC_SHA1_160 [RFC4595] integrity algorithms
Added IKEv2 decryption suite for few combinations of encryption and
integrity algorithms: 3DES-CBC/SHA1_160, AES-128-CCM-12, AES-128-CCM-12
(using CTR mode), AES-192-CTR/SHA2-512, AES-256-CBC/SHA2-256,
AES-256-CCM-16, AES-256-GCM-16, AES-256-GCM-8
Change-Id: Ic564b25f1fd41e913c605322b7b8aa030cf90ddf
Reviewed-on: https://code.wireshark.org/review/17213
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Add regression tests for bugs 12610 and 12620
Bug: 12610
Bug: 12620
Change-Id: I6325a3ccb3e27fd4d3be52190e8763737b99fe73
Reviewed-on: https://code.wireshark.org/review/17083
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: Ibbe97f15854163163ad2bdf3b425c63d4cbfed50
Reviewed-on: https://code.wireshark.org/review/17158
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Make it find test programs under the build tree.
Change-Id: Ie7ff547417e8f248bb58f6c96896977ca4e710d1
Reviewed-on: https://code.wireshark.org/review/17048
Reviewed-by: João Valverde <j@v6e.pt>
|
|
TShark, at least when running in one-pass mode, now supports reading
from the standard input if the file format is one that *can* be read
purely sequentially; both pcap and pcapng can be read purely
sequentially (unlike, for example, Microsoft Network Monitor format,
where you have to read the frame table, at the end of the file, before
you can read the frames, meaning you have to seek backwards, which you
can't do on a pipe).
Using -r 1) tests the "read from standard input" path, which we should
do in versions that support it, and 2) means we can check whether, for
the crashes we're seeing on 32-bit Windows 8.1, it's a problem with
reading from the standard input in general, or just a problem with
*capturing* from the standard input.
Change-Id: I67da34de43f47dd8c63fa2f2072be41148cfe5a7
Reviewed-on: https://code.wireshark.org/review/16968
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
This behavior severely limits the usefulness of the test suite. An option
to configure it would still be nice.
Change-Id: I2bc96a043cc4ec76f334a3bfe48967703ef1be5e
Reviewed-on: https://code.wireshark.org/review/16890
Reviewed-by: João Valverde <j@v6e.pt>
|
|
I'd just copied and pasted the copyright notice from test/test.sh; Ulf
wrote test/test.sh, but didn't write test/run_and_catch_crashes - I did,
but, hey, might as well give the copyright to Gerald. Fix the date as
well.
Change-Id: Id307f354289ca72931dd83f472d879d733618e3c
Reviewed-on: https://code.wireshark.org/review/16910
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I397e5483baa79b5bf043d746aabab6c54499fabc
Reviewed-on: https://code.wireshark.org/review/16903
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Add an ESP decryption test using the capture+keys from bug 12671.
Change-Id: I5f7ce477ec74d59c1043345728a1444842912b96
Ping-Bug: 12671
Reviewed-on: https://code.wireshark.org/review/16733
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Tested-by: Gerald Combs <gerald@wireshark.org>
|
|
The way you say "this interface's name is unknown" is by not giving it
an if_name option, not by giving it an if_name option that says "this
isn't known". Remove the if_name option from the interfaces in this
capture file.
Change-Id: Ie3569c81bd065e48278cfa83b82b06ea6b5258af
Reviewed-on: https://code.wireshark.org/review/16455
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
The whole point of using mktemp is to get a temporary directory outside
the source tree. Commit v2.1.0rc0-1027-ge01f8fb tried to fix the
invocation for *BSD (including OS X), but by adding a template it
dropped the implicit --tmpdir option for GNU mktemp on Linux..
Use the GNU mktemp invocation and if it fails (for example, because a
template is expected for BSD/OS X), provide a template.
Change-Id: I77bbc7dc2045e4fa756e102afa080860b0857713
Reviewed-on: https://code.wireshark.org/review/16178
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Change-Id: I3bd474f3cda9667dec66426b5729449953df3e61
Reviewed-on: https://code.wireshark.org/review/15777
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
Reviewed-by: Balint Reczey <balint@balintreczey.hu>
|
|
Revert "Test: Make capture_step_stdin more verbose." and "Test: more
suite-capture debugging." Tests on the Windows 8.1 builder have been
passing since recommended OS updates were installed on the 24th.
This reverts commits 7f710ef2b54d9eeb06c35ab1bd834f2df0696024 and
f52c3c468a508e1e770c32d479cdd761cb412af8.
Change-Id: I7cf10a38ba001426baea5fc76a34610c3a26ced2
Reviewed-on: https://code.wireshark.org/review/15590
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
In capture_step_stdin, print information about our test capture if we
fail.
Change-Id: I046f9d22b1bb2d52d96926f50379ab51e6279eb3
Reviewed-on: https://code.wireshark.org/review/15125
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Change-Id: I94967aeabdf2786868c3f7fce9e95633332d4948
Reviewed-on: https://code.wireshark.org/review/15123
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Add some verbosity to the stdin capture test. Hopefully this will shed
some light on the Windows 8 builder failures.
Change-Id: Ife2bbbaeed7a1e4a7ddd1c1f86322ba25d154f4c
Reviewed-on: https://code.wireshark.org/review/15122
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
The "http" dissector is what's used for protocols other than TCP, SCTP,
and SSL/TLS.
Change-Id: Ib5138d3a082f1017b7ef190e5128a21eb9a49e92
Reviewed-on: https://code.wireshark.org/review/14947
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
pcap files and snoop files have different headers, so there's no
IP_OVER_IB encapsulation type, there are separate types for pcap and
snoop.
Change-Id: I00146e478d05bb11c634df0c386329db8de5635d
Reviewed-on: https://code.wireshark.org/review/14774
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Error out if it can't be created.
Change-Id: I1a087f0e0cc064be7a417b9a2e66cf3c940e02fa
Reviewed-on: https://code.wireshark.org/review/14565
Reviewed-by: João Valverde <j@v6e.pt>
|
|
When the tests are run in the buildbot, messages such as
Error during test execution: see {pathname}
aren't very useful.
Change-Id: I4509ea58c162c264c316358019a1cbc01cd93e31
Reviewed-on: https://code.wireshark.org/review/14135
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
(There's also work needed in libpcap; that's also in progress.)
Change-Id: Iff5a34c139a000865e2d78cc17a4af5ff24fb44b
Reviewed-on: https://code.wireshark.org/review/14025
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
