| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Register the pcap and pcapng file types/subtypes rather than hardwiring
them into the table.
Call the registration routines for them directly, rather than through a
generated table; they're always supposed to be there, as some code in
Wireshark either writes only one of those formats or defaults to writing
one of those formats. Don't run their source code through the
registration-routine-finder script.
Have the file type/subtype codes for them be directly exported to the
libwiretap core, and provide routines to return each of them, to be used
by the aforementioned code.
When reporting errors with cfile_write_failure_message(), use
wtap_dump_file_type_subtype() to get the file type/subtype value for the
wtap_dumper to which we're writing, rather than hardcoding it.
Have the "export PDU" code capable of supporting arbitrary file
types/subtypes, although we currently only use pcapng.
Get rid of declarations of now-static can_write_encap and
dump_open routines in various headers.
|
|
dissect_pkt_line takes an `offset` parameter (passed by reference) to
allow parsing multiple pkt-lines from a single tvbuff. Currently the
only caller passes an offset of 0, so reading from `0` happens to do
the right thing, but that is about to change when [1] adds support for
dissecting multiple pkt-lines in a buffered HTTP request or response.
Part of #17093. Noticed by Joey Salazar and explained by Pascal
Quantin.
[1] https://gitlab.com/wireshark/wireshark/-/merge_requests/1946
|
|
fixed UDP Multicast Streams title and also crossref in WSUG_chapter_use.adoc table
applied SME suggestions
minor fixes
|
|
added SME suggestions
minor fixes
minor fixes
applied SME suggestions
|
|
|
|
|
|
|
|
|
|
These are the very last ones that are not mentioned in header files.
|
|
|
|
MBIM_CID_MS_DEVICE_CAP_V2
MBIM_CID_SUBSCRIBER_READY_STATUS
MBIM_CID_PACKET_SERVICE
MBIM_CID_CONNECT
MBIM_CID_IP_PACKET_FILTERS
MBIM_CID_MS_MODEM_CONFIG
MBIM_CID_MS_REGISTRATION_PARAMS
MBIM_CID_WAKE_REASON
|
|
These will be backported, for the benefit of Lua scripts that want those
specific file types/subtypes (typically in order to write files of those
types); that allows those types to be fetched without having to know the
right string to hand to wslua_wtap_name_to_file_type_subtype().
|
|
|
|
"i" and "j" are too similar, so it's easy to use the wrong one if you're
using both as array indices and not easy enough to notice the mistake.
Use somewhat more meaningful names when we fix the index.
Fixes #17252.
|
|
wtap_modules.c depends on ${WIRETAP_MODULE_FILES} rather than
${WIRETAP_NONGENERATED_FILES}.
|
|
|
|
|
|
|
|
This pull request includes:
* The "Follow DCCP stream" feature.
* Updated docbook documentation for the "Follow DCCP stream" feature.
* Test for the feature.
* Corresponding packet trace for the test.
|
|
|
|
When we're walking the list of fragments to free, if we encounter
FD_VISITED_FREE, we can conclude traversal of this fragment list immediately
(and go to the next hash bucket), since everything subsequent to this point in
the list has already been processed by free_all_reassembled_fragments. This
trims an O(n^2) hash table iteration down to O(n).
Before this change, a very ugly 1.1 GByte TFTP capture (with lots of
out-of-order and retransmitted blocks) takes 4 hours to process with
tftp.defragment=TRUE -- output completes after 1.25 hours, and then about
2.75 hours of time is spent doing repeated list traversals within
free_all_reassembled_fragments...(!) With this change, the same test completes
in 1.25 hours, with the cleanup taking just 71 msec.
Tested also with reassemble_test under Valgrind; No issues/leaks were reported.
|
|
|
|
Instead of a "supports name resolution" Boolean and bitflags for types of
comments supported, provide a list of block types that the file
type/subtype supports, with each block type having a list of options
supported. Indicate whether "supported" means "one instance" or
"multiple instances".
"Supports" doesn't just mean "can be written", it also means "could be
read".
Rename WTAP_BLOCK_IF_DESCRIPTION to WTAP_BLOCK_IF_ID_AND_INFO, to
indicate that it provides, in addition to information about the
interface, an ID (implicitly, in pcapng files, by its ordinal number)
that is associated with every packet in the file. Emphasize that in
comments - just because your capture file format can list the interfaces
on which a capture was done, that doesn't mean it supports this; it
doesn't do so if the file doesn't indicate, for every packet, on which
of those interfaces it was captured (I'm looking at *you*, Microsoft
Network Monitor...).
Use APIs to query that information to do what the "does this file
type/subtype support name resolution information", "does this file
type/subtype support all of these comment types", and "does this file
type/subtype support - and require - interface IDs" APIs did.
Provide backwards compatibility for Lua.
This allows us to eliminate the WTAP_FILE_TYPE_SUBTYPE_ values for IBM's
iptrace; do so.
|
|
Make sure list_capture_types prints to the designated stream so that
tools/update-tools-help.py works correctly for `editcap -F`.
|
|
Use guint64 instead of u_int64_t. GLib might make it easier to use
standard types at some point[1] but they haven't yet. Make our offsets
unsigned.
[1]https://gitlab.gnome.org/GNOME/glib/-/issues/1484
|
|
|
|
|
|
|
|
of port number range.
|
|
|
|
|
|
UDP and DCCP by payload inspection.
|
|
We allocate a QMimeData object at the beginning of PacketList::mouseMoveEvent.
Usually, this object is passed to a QDrag object by calling drag->setMimeData.
In this case, the QDrag object owns the mime data object and frees it when
it's no longer required.
If the mime data object contains no data that can be dragged and dropped, we
reach the end of PacketList::mouseMoveEvent without anyone taking care of
the mime object. We have to free it ourselves in this case.
The problem can be reproduced if you add a custom column for an element that
does not exist in your capture file. Left-click onto the empty column and
drag the empty column entry somewhere. An asan build will then show the
memory leak
Indirect leak of 240 byte(s) in 2 object(s) allocated from:
#0 0x7f351e153d30 in operator new(unsigned long) (...)
#1 0x7f3500b79802 in QMimeData::QMimeData() (...)
Indirect leak of 32 byte(s) in 2 object(s) allocated from:
#0 0x7f351e153d30 in operator new(unsigned long) (...)
#1 0x5635156dfbc7 in PacketList::mouseMoveEvent(QMouseEvent*) ...
#2 0x7f3502eb94d7 in QWidget::event(QEvent*) (...)
|
|
Conversations Statistics suggested the connection initiator was
Address A because of an address/port comparison, when the packet
list says it was Address B. This behavior is changed then the
conversations statistics now suggest the real initiator. Exporting
data from these statistics allow a loyal re-processing.
Closes #16919.
|
|
It has bit-rotted.
Replace a bunch of compile-out "#if 0" with runtime "if (0)", and the "#ifdef
debug" with a static const, both of which should reduce the chance of this
bit-rotting again in future by ensuring that these code paths will at least be
compiled -- even if they are not actively used. The default is kept at FALSE,
so the behavior is unchanged, and toggling it still requires recompilation.
fd->data no longer exists; The nearest equivalent uses (dangerous!) tvb_get_ptr
to dump the address of the first byte of the tvb data, in case that is somehow
useful... I'm guessing it exists for live debugging.
We no longer have access to the structures for the hash keys. For the time
being, let's just #ifdef out the code that tries to print those keys. Maybe we
should move the key structures to an epan/reassemble-int.h so that we can
access them from this test code again...?
And zap an extra comma which snuck into a table... Clearly this code hasn't
been compiled in a while.
Tested with debug=FALSE and debug=TRUE, under Valgrind as well as natively, on
a Linux host.
|
|
Update manuf, services enterprise numbers, translations, and other items.
|
|
The file request and file acknowledge APDUs of the auxiliary file system
resource are exactly the same as in the application mmi resource.
We already have a function that dissects file acknowledge. Move the
dissection of file request into a separate function as well.
Call the two functions for both ami and afs resources.
|
|
For QT >5.11, stringWidth() uses horizontalAdvance, which gives different
(longer) widths than the old boundingRect().width() method.
Other locations use the boundRect().width() method directly, resulting
in underestimating line widths and clipping the last characters in
the byte view window.
Fix by forcing all width calculations to use stringWidth().
Closes #17087.
|
|
Also add more words to dictionary file.
|
|
applied the SME suggestions
implemented the SME suggestions
minor fix
|
|
The minimum required version of Qt is now 5.6, and thus the minimum
required version of macOS is 10.8. Reflect that in macos-setup, and
remove version checks and older packages installed to support
Snow Leopard and Lion.
|
|
|
|
In file included from ../sharkd_daemon.c:31:
../wsutil/wsgetopt.h:38:21: warning: redundant redeclaration of ‘optarg’ [-Wredundant-decls]
38 | WS_DLL_PUBLIC char *optarg;
| ^~~~~~
In file included from /usr/include/bits/getopt_posix.h:27,
from /usr/include/unistd.h:883,
from ../wsutil/socket.h:33,
from ../sharkd_daemon.c:28:
/usr/include/bits/getopt_core.h:36:14: note: previous declaration of ‘optarg’ was here
36 | extern char *optarg;
| ^~~~~~
In file included from ../sharkd_daemon.c:31:
../wsutil/wsgetopt.h:52:19: warning: redundant redeclaration of ‘optind’ [-Wredundant-decls]
52 | WS_DLL_PUBLIC int optind;
| ^~~~~~
In file included from /usr/include/bits/getopt_posix.h:27,
from /usr/include/unistd.h:883,
from ../wsutil/socket.h:33,
from ../sharkd_daemon.c:28:
/usr/include/bits/getopt_core.h:50:12: note: previous declaration of ‘optind’ was here
50 | extern int optind;
| ^~~~~~
In file included from ../sharkd_daemon.c:31:
../wsutil/wsgetopt.h:57:19: warning: redundant redeclaration of ‘opterr’ [-Wredundant-decls]
57 | WS_DLL_PUBLIC int opterr;
| ^~~~~~
In file included from /usr/include/bits/getopt_posix.h:27,
from /usr/include/unistd.h:883,
from ../wsutil/socket.h:33,
from ../sharkd_daemon.c:28:
/usr/include/bits/getopt_core.h:55:12: note: previous declaration of ‘opterr’ was here
55 | extern int opterr;
| ^~~~~~
In file included from ../sharkd_daemon.c:31:
../wsutil/wsgetopt.h:61:19: warning: redundant redeclaration of ‘optopt’ [-Wredundant-decls]
61 | WS_DLL_PUBLIC int optopt;
| ^~~~~~
In file included from /usr/include/bits/getopt_posix.h:27,
from /usr/include/unistd.h:883,
from ../wsutil/socket.h:33,
from ../sharkd_daemon.c:28:
/usr/include/bits/getopt_core.h:59:12: note: previous declaration of ‘optopt’ was here
59 | extern int optopt;
| ^~~~~~
In file included from ../sharkd_daemon.c:31:
../wsutil/wsgetopt.h:131:19: warning: redundant redeclaration of ‘getopt’ [-Wredundant-decls]
131 | WS_DLL_PUBLIC int getopt (int ___argc, char *const *___argv, const char *__shortopts)
| ^~~~~~
In file included from /usr/include/bits/getopt_posix.h:27,
from /usr/include/unistd.h:883,
from ../wsutil/socket.h:33,
from ../sharkd_daemon.c:28:
/usr/include/bits/getopt_core.h:91:12: note: previous declaration of ‘getopt’ was here
91 | extern int getopt (int ___argc, char *const *___argv, const char *__shortopts)
| ^~~~~~
|
|
Commit 69df23fc40951556d2f9f303944f943547c31ac0 refactored sharkd_loop()
making the use of argv[] dependent on the #define _WIN32. Add _U_ for
the #ifndef _WIN32 case.
Suppresses:
> [2005/2398] Building C object CMakeFiles/sharkd.dir/sharkd_daemon.c.o
> /projects/wireshark/sharkd_daemon.c:357:33: warning: unused parameter 'argv' [-Wunused-parameter]
> sharkd_loop(int argc _U_, char* argv[])
> ^
> 1 warning generated.
|
|
Fedora and RHEL/CentOS put libsofthsm2.so in a different location
than Debian/Ubuntu, so look there too. This causes test_tls_pkcs11
to pass instead of being skipped (if softhsm2 and the other
prerequisites are installed.)
|
|
Save a copy of the pathname used to open a file in the wtap structure.
This allows the BER file reader to put a pointer to it in the
pseudo-header; it also would allow file readers to attempt to read
"associated" files that have the same name as the file, but with a
different extension.
Instead of having cf_open() special-case BER files, and calling a
routine in the BER dissector to specify the file name to the dissector,
have separate dissectors for "dissect packet payload as BER" and
"dissect a file as BER", and have the latter get the pathname of the
file from the pseudo-header and determine the ASN.1 syntax from that.
(Side-effect - this means that you can now dissect a BER file, and have
the syntax be determined by the file extension, in TShark as well; the
above cf_open() special-casing was *not* done in TShark, so it didn't
work before. Now the application code doesn't need to do any of that,
so it works in TShark as well as Wireshark.)
|
|
Eliminate WTAP_FILE_TYPE_SUBTYPE_ERF and
WTAP_FILE_TYPE_SUBTYPE_SYSTEMD_JOURNAL - instead, fetch the values by
name, using wtap_name_to_file_type_subtype().
This requires that wtap_init() be called before epan_init(); that's
currently the case, but put in comments to indicate why it must continue
to be the case.
|
|
Increase the minimum required version of Qt from 5.3 to 5.6. The various
Linux distribution versions that shipped with earlier Qt versions (RHEL
6, Fedora 23, openSUSE 13.2, Debian jessie, Ubuntu 16.04) have either
reached end of support or will do so soon.
The official Qt 5.6 releases for macOS require 10.8, so make that the
minimum macOS version.
Remove a bunch of no-longer-needed version checks.
|
|
Make sure we add expert items to a valid tree. Fixes
** (process:11088): WARNING **: 17:45:42.159: Dissector bug, protocol VJC, in packet 12: "Text item" - "text" tfi->tree_type: -1 invalid (../epan/proto.c:5885)
|
|
When handling uncompressed packets:
* Add bounds checks before allocating or reading memory.
* Limit amount of memory allocated to the size of the IP header plus the
maximum needed size of the TCP header, not entire packet contents.
* Check for IPv4 before processing.
* Use more constant macros for easier reading and review.
When handling compressed packets:
* Add bounds checks when calculating size of compression header.
General:
* Add extra comments.
* Use reported length instead of captured length for calculating
syn+ack values (since that's what the sender would use).
|
