Age | Commit message (Collapse) | Author | Files | Lines |
|
Bug: 11684
Change-Id: Iaaa5958ea6192ef52b669c687082469b8c7c0219
Reviewed-on: https://code.wireshark.org/review/11656
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jim Young <jim.young.ws@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
That's a UI convention, and the GUI shouldn't honor that convention - a
user might get confused if they try to save to "-" and end up with
nothing (and with a ton of crap in a log file if programs launched from
the GUI end up with their standard output and error logged).
While we're at it, make randcap report write and close errors.
Change-Id: I9c450f0ca0320ce4c36d13d209b56d72edb43012
Reviewed-on: https://code.wireshark.org/review/11666
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
DCERPC)
Change-Id: Ie6f28fd749219ddadc53820f94866e91cca297cb
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/11596
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I16280d3fd4023c5a16026e8e10f1d12dfca45641
Reviewed-on: https://code.wireshark.org/review/11657
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I7288cd3660dfd14be95dc42910faed47eca8226b
Reviewed-on: https://code.wireshark.org/review/11661
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
It doesn't actually *close* any handle, so it's best called a "finish"
routine rather than a "close" routine.
In libwiretap modules, don't bother setting the finish routine pointer
to null - it's already initialized to null (it's probably best not to
require modules to set it).
Change-Id: I19554f3fb826db495f17b36600ae36222cbc21b0
Reviewed-on: https://code.wireshark.org/review/11659
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
This fixes a compiler warning on OS X:
extcap/androiddump.c:312:42: warning: implicit
conversion loses integer precision: 'long' to '__darwin_suseconds_t' (aka 'int')
[-Wshorten-64-to-32]
pcap_header.ts.tv_usec = nanoseconds / 1000;
~ ~~~~~~~~~~~~^~~~~~
Change-Id: I6077130fbe4e1cb4f26d82271cfb85d1bf03e35c
Reviewed-on: https://code.wireshark.org/review/11655
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
randpkt.c:556:1: warning: no previous prototype for ‘randpkt_seed’
randpkt.c:610:6: warning: no previous prototype for ‘randpkt_example_init’
randpkt.c:632:6: warning: no previous prototype for ‘randpkt_example_close’
randpkt.c:638:6: warning: no previous prototype for ‘randpkt_loop’
Change-Id: Ieab604a22fa7ebf5c049ab497abd56af0a788d36
Reviewed-on: https://code.wireshark.org/review/11654
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I28ce51f3c06f78b85792bce4a13ef39eb75d7890
Reviewed-on: https://code.wireshark.org/review/11648
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I3c1ee97f68af4539b97d50b75c03ff82147dbc5e
Reviewed-on: https://code.wireshark.org/review/11649
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I93c001e78f9365300d393bac6714535f454c6515
Reviewed-on: https://code.wireshark.org/review/11647
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
[-Wmissing-prototypes]
Change-Id: Ib2be8c4ebbaf8492fe76632fae2b5076a44f74ce
Reviewed-on: https://code.wireshark.org/review/11653
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
- start decoding when we have eapol1+2 packets
Do not insist on a complete captured handshake, decode what we can.
- more robust way to detect eapol #2 packets
At least Win 10 is violating the spec on rekey by setting the secure
bit in #2. Unpatched version shows and handles #2 as #4, breaking
decoding after rekey.
- fixed eapol rekey key handling
Inital patch (see https://code.wireshark.org/review/8268)
is adding redundant keys, since it scans all the time
and not only once.
- ignore tailing garbage after eapol sections in frame
See https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9065#c8
Included testcase to test decode for incomplete handshakes and eapol2
packets with secure bit set on rekey.
Ping-Bug: 9065
Change-Id: Id775088db9b5aaa80da9efdeed6902d024b5c0cd
Reviewed-on: https://code.wireshark.org/review/11484
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
This change should fix some complains from coverity.
Change-Id: Ic46212e12892779b2aa0276e028fea2d9fbb6985
Reviewed-on: https://code.wireshark.org/review/10545
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
In the main toolbar get our initial icon size using the PM_SmallIconSize
pixel metric. On Windows this varies directly with the system text
magnification setting.
Pinging bug 11675 since we still need to adjust the icon sizes in the
filter edits, progress frame, status bar, and likely other places.
Ping-Bug: 11675
Change-Id: I53a78627ce850bd6dbd4628da481badee63a1208
Reviewed-on: https://code.wireshark.org/review/11605
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Update manuf, services enterprise-numbers, translations, and other items.
Change-Id: I5da56a10b8c73f804e98124895c513ad4c97a37b
Reviewed-on: https://code.wireshark.org/review/11643
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Change-Id: Id8aad52198905eb33ecccf5ace01287954f31d2e
Reviewed-on: https://code.wireshark.org/review/11526
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Change-Id: If08fa66fbc21fc078f12866c868dd269aa72e319
Reviewed-on: https://code.wireshark.org/review/11640
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
|
|
Change-Id: I622f048581dfcc4b49315a5ef45aa44499c6e096
Reviewed-on: https://code.wireshark.org/review/11639
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
|
|
Change-Id: Icb6d93f2e85180e2a4c24e41114f76bb6c7b5a79
Reviewed-on: https://code.wireshark.org/review/11638
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
|
|
Be more consistent about using the ws_ routines, as we suggest in
README.developer.
In C++ on UN*X, define ws_close as ::close rather than close, so that it
works even in classes with methods or members named "close".
Change-Id: Ide2652229e6b6b4624cbddae0e909a4ea1efa591
Reviewed-on: https://code.wireshark.org/review/11637
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I98a104407feb21d038653e41c547c7ebc27771cb
Reviewed-on: https://code.wireshark.org/review/11636
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
The only file system operations it does are printing of debugging output
to the standard output, so it doesn't need <wsutil/file_util.h>.
Change-Id: Ia5caf62a3aab418f039669aa0b54e163e54d0d21
Reviewed-on: https://code.wireshark.org/review/11635
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
libwiretap no longer uses standard I/O routines to read files; those
includes are left over from when it did.
Change-Id: Ia46c5e24ed25c6bd254cd271746ace539a37e590
Reviewed-on: https://code.wireshark.org/review/11634
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: Id3f5eb3740fbc66202311f1d7d7933193cf4da2d
Reviewed-on: https://code.wireshark.org/review/11633
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I93433fbbec8a78344c2d4e27c1c6fe03583010be
Reviewed-on: https://code.wireshark.org/review/11632
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
(And with #defines of read as _read and write as _write on Windows,
which might make structure members have surprising names if you try to
look at them in a debugger.)
Change-Id: Iaab5622cbde216d5fedd4bc014c83e4eef95f8a0
Reviewed-on: https://code.wireshark.org/review/11631
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Either remove them completely, or put them inside an #ifdef.
Change-Id: Iceff4909e250c17812f38d94e067f7c37ab72e1b
Reviewed-on: https://code.wireshark.org/review/11630
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I8893d7cea5f7e56708c8a428256b7e9d543db887
Reviewed-on: https://code.wireshark.org/review/11629
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I5670b2d87ed13bb0d1091a2308524bf3b7642eb0
Reviewed-on: https://code.wireshark.org/review/11628
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
While we're at it, rename a variable to avoid colliding with the read()
routine.
Change-Id: I6629ec761f48751f34a2e7d04180d7583ad85710
Reviewed-on: https://code.wireshark.org/review/11626
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
That removes the last bit of Wireshark source that explicitly includes
io.h and most if not all of the code that explicitly includes unistd.h
for read()/write()/lseek()/close(). I'll update the documentation to
recommend including <wsutil/file.h> for all file I/O.
Change-Id: I7c8be50447daba0dc6a78c7331e637468710b2d8
Reviewed-on: https://code.wireshark.org/review/11625
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Have wsutil/file_util.h include them on UN*X, just as it includes io.h
on Windows, so we can have a rule of "if you do file operations, include
<wsutil/file_util.h> and use the routines in it".
Remove includes of unistd.h, fcntl.h, and sys/stat.h that aren't
necessary (whether because of the addition of them to wsutil/file_util.h
or because they weren't needed in the first place).
Change-Id: Ie241dd74deff284e39a5f690a297dbb6e1dc485f
Reviewed-on: https://code.wireshark.org/review/11619
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Having a single function call to format source-destination port column info serves the
current (and presently only) use case better by having a single place to manage the
display format.
This commit does not introduce any actual formatting changes.
Change-Id: I1d479d0fd5690d12afb47e538057fdc2dd369ca2
Reviewed-on: https://code.wireshark.org/review/11539
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
between dissectors instead of using packet_info.h
The only remaining explicit user of the packet_info members is the NTLMSSP dissector. However, there may be "hidden" use of it in the spnego dissector passing between ASN.1 functions.
Someone more familiar with the protocols could possibly trim some of the "extra copies" between packet_info and gssapi_encrypt_info_t structure, but I went the "better safe than sorry" route.
Change-Id: I160d2cfccadc5f49b128609223cdff0162c3ca85
Reviewed-on: https://code.wireshark.org/review/11575
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Also allow displaying the IPv6 header (correctly) as exactly 40 bytes long in
the bytes pane.
Ping-Bug: 10705
Change-Id: I1b4ea74202d519e7faf86c1c0f4f3c23403c2b2a
Reviewed-on: https://code.wireshark.org/review/11608
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Otherwise it can lead to a false verdict in after the check for Wireshark uninstall registry entry
Bug: 10867
Change-Id: I213ac8ffadfb3578b05d33b996540bd4330a0ec5
Reviewed-on: https://code.wireshark.org/review/11621
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
See http://tools.ietf.org/html/draft-ietf-dprive-dns-over-tls-01
and https://www.ietf.org/id/draft-ietf-dprive-dnsodtls-02.txt
Bug: 11679
Change-Id: I5ebc43008951ddbb4570f5aeb55093aaf84f3401
Reviewed-on: https://code.wireshark.org/review/11528
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This is intentionally broken off of SSL to avoid confusion when UDP is involved.
Change-Id: Icfd3054be6aed2ebbd850a608efbc24f1a8f3831
Reviewed-on: https://code.wireshark.org/review/11612
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Since ssl_dissector_[add|delete] only take TCP dissectors, remove the parameter and just use it within the "internal" ssl_association_add call.
Change-Id: I0fdf941389934c20cbacf910250e17520614e706
Reviewed-on: https://code.wireshark.org/review/11591
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
SSDP now has its own protocol id to filter on (and use in Decode As), but all other fields are still HTTP as SSDP still doesn't have its own dissector.
Bug: 6190
Change-Id: I43394fb78ac699f0b06b9aa29df11a4e5345e260
Reviewed-on: https://code.wireshark.org/review/11616
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Ia251638186857d6be6a07c25e77bbd7e72a14290
Reviewed-on: https://code.wireshark.org/review/11620
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
In response PDUs we may only get a smb2_fid_info_t
via si->saved->file instead of si->file.
Change-Id: I1e1ecdabec6267f4e4ee9246d020fe6e51a13c1d
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/11598
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Add expert info to the Change Cipher Spec tree when session resumption
is detected. This can be used as hint that decryption using a RSA key
file will not succeed because of missing key material.
The name of this expert info is "ssl.resumed" or "dtls.resumed" and the
expert info message is "This session reuses previously negotiated keys
(Session resumption)".
Change-Id: I4a83edb13417631c97d6cfc4a57e2086bd217878
Reviewed-on: https://code.wireshark.org/review/11583
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
While we're at it, get rid of a commented-out include, and update a
comment to give more information.
Change-Id: I910a26a3d7f4a50f0559abe5f2ab97a93c80357f
Reviewed-on: https://code.wireshark.org/review/11610
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
It's a floating-point operation, so just use 4294967296.0.
Change-Id: I97258c8058821b6d46d740668271c0803617cdc1
Reviewed-on: https://code.wireshark.org/review/11615
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I97168f31925916bad1a8c894f3b5733d8ed8ad55
Reviewed-on: https://code.wireshark.org/review/11614
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Use QDesktopWidget instead of QGuiApplication + QScreen. The former
exists in the Qt 4 API.
Ping-Bug: 11568
Change-Id: Icfbe9f78659b28efbc86061f94d946f70ab6dc41
Reviewed-on: https://code.wireshark.org/review/11604
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Change-Id: I1e4700b505746c49ea518dc401be590740720a57
Reviewed-on: https://code.wireshark.org/review/11600
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
I guess it's not at risk of being clobbered by a longjmp() in a way that
affects the behavior of the code, but the older GCC on that buildbot
doesn't do the dataflow analysis to figure it out.
Change-Id: I770380e2a22d00aeccf5937203bc70968712d37f
Reviewed-on: https://code.wireshark.org/review/11611
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|