Age | Commit message (Collapse) | Author | Files | Lines |
|
Until now, it is not possible to use the IANA-assigned protocol values in a Wireshark plugin.
This commit exports them for use on Windows machines.
As discussed on http://seclists.org/wireshark/2015/Nov/88
Change-Id: I22adc33accf5d776bd3e5cc0899d3c5b9e9d531c
Reviewed-on: https://code.wireshark.org/review/11874
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
A DTLS capture from Jitsi Videobridge for Windows x64 (v519) using a
(patched?) BouncyCastle 1.51.0 exposed the odd behavior where the
ProtocolVersion from the record layer was always fixed to DTLSv1.2 while
the server agrees to use DTLSv1.0.
This resulted in a Malformed packet dissection of the ServerKeyExchange
message which mistakenly expects a SignatureAndHash field. Fix this
by using the protocol version from the ServerHello. Keep the fallback
in case a capture starts in the middle of a SSL conversation.
(Also display "DTLS" instead of "SSL" when the version is not yet
determined for DTLS packets.)
Bug: 11709
Change-Id: I0719977e3b2208da1960121b01dc109fa76bfcb6
Reviewed-on: https://code.wireshark.org/review/11821
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
The SslSession struct contains a "version" field for displaying
purposes in the protocol column while the SslDecryptSession struct
has a "version_netorder" field for use in TLS hash functions (for
secrets calculations).
As these are strongly associated with each other, remove the
version_netorder field and its associated constants, let the SslSession
version field store this value instead. All SSL_VER_* are renamed to
appropriate *_VERSION macros (via search & replace), SSL_VER_UNKNOWN
is kept though.
The PCT and SSLv2 protocols had no wire value (*_VERSION), so
SSL_VER_PCT and SSL_VER_SSLv2 are assigned with some arbitrary values.
Warning: external plugins using the ssl_set_master_secret function
must now pass the wire version (TLSV1_VERSION) instead of the (now
removed) internal macros (SSL_VER_TLSv1).
Change-Id: Icd8ef15adae9c62eb21eab1c3b812166e451936f
Reviewed-on: https://code.wireshark.org/review/11820
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
This may at least prevent the crash in bug 11702, by not returning
"success" with bogus file handles of -1, if the opens fail due to
leaks chewing up all the available slots. More investigation needs to
be done to see why we're leaking.
Change-Id: I89ecff4b03bca140f05c838e1e2604a03409f803
Ping-Bug: 11702
Reviewed-on: https://code.wireshark.org/review/11881
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Caught by cppcheck. The buffer is 9+1 characters, which means we should specify
9, not 10 to the scanf string since the count does not include the
null-terminator.
Change-Id: I0aae8cce337055b304efa9399cd5d8059928d2d8
Reviewed-on: https://code.wireshark.org/review/11887
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
The merge file dialog box contains a read filter, not a display filter.
Bug: 11713
Change-Id: Iff160e552e0440ea4c626d54d834d32f38dc54c2
Reviewed-on: https://code.wireshark.org/review/11875
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
If we ever change the way file writers work, in a fashion incompatible
with the existing way they work, we'll also rename this member - and get
rid of checks for earlier versions of the Lua interface.
Change-Id: I64065944fa31371f5249cafd930c18f180ad7299
Reviewed-on: https://code.wireshark.org/review/11879
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
This matches what the Windows file open dialog says, and also should
help prevent people thinking that it's a display filter, so that you can
clear it and see all the packets in the file.
I leave translations to native speakers.
Bug: 11708
Change-Id: I060816357bf7958d516429d09708a7ce16d609c5
Reviewed-on: https://code.wireshark.org/review/11877
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Bug: 11703
Change-Id: I34f5c15c41ebbc62877945eabd3604ba90d5cf74
Reviewed-on: https://code.wireshark.org/review/11804
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Bug: 11692
Change-Id: I2d9d17d3474210b5eb73002e131867d936426e36
Reviewed-on: https://code.wireshark.org/review/11837
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
The RPMs use 'alternatives' to determine which GUI is used so it doesn't make
sense to have 2 desktop entries: one for 'wireshark' (Qt or Gtk GUI, depending on
configuration) and one for 'wireshark-gtk' (the Gtk GUI).
(Maybe it makes sense to just not use 'alternatives' and allow the user to pick
which GUI is used via the menu system. But then if they wanted to run the Gtk+
GUI from the command line they'd need to remember to run 'wireshark-gtk' even
if that's the only GUI installed...)
Change-Id: I9d3fe13bb01eab87caad4ad21c6571ef6288b110
Reviewed-on: https://code.wireshark.org/review/11780
Reviewed-by: Balint Reczey <balint@balintreczey.hu>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
|
|
Increment the reference counter each time a flow sequence window is opened.
Free seq_analysis_info_t structure once the last flow sequence / VoIP calls / SIP flow window is closed.
Bug: 11712
Change-Id: I20fcb922b0516417d4bd74cdf75475dcb31f8b90
Reviewed-on: https://code.wireshark.org/review/11851
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Some compiler flags may not be passed twice (such as -mllvm
-msan-keep-going), so avoid duplicating CMAKE_C(XX)_FLAGS.
When -DCMAKE_BUILD_TYPE=<type> is set, you can override the default
optimization and debug flags with -DCMAKE_C_FLAGS_<type>=....
This reverts commit 15a238a28d0dbfffe908a6451e411a64a34da678.
Change-Id: I4e1cf11c49eaf00ad4a2c430454a127b4be20d9e
Reviewed-on: https://code.wireshark.org/review/11597
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
UCD Type 2 is for TDMA/ATDMA, S-CDMA goes in UCD Type 29.
More info:
Table 8-19 from RFIv2.0-C02 for DOCSIS 2.0
Table 6-25 from MULPIv3.1-I07 for DOCSIS 3.1
The comment was removed because the Burst Descriptors below are
not new anymore, are just Burst Descriptors like all the rest.
Change-Id: I992a84c9bf0b999b9cec5bd44f2e584ef22ce401
Reviewed-on: https://code.wireshark.org/review/11847
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Bug: 11693
Change-Id: I035eaf7ff049e3631714c112daa5adb29bb90470
Reviewed-on: https://code.wireshark.org/review/11858
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Picking off "easy" dissectors that only have one or two exit points at most.
Change-Id: Ie514f126352e7598acc4f7c38db9c61d105d5e48
Reviewed-on: https://code.wireshark.org/review/11850
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Iac003993e820e3ad5ecbe2c9322bce1957a14c25
Reviewed-on: https://code.wireshark.org/review/11855
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
A similar issue was discussed and fixed for IP Flags in d051e79a
(svn revision 33264).
Change-Id: I532f51e813aee707b9573537cb8fbdb823158a61
Reviewed-on: https://code.wireshark.org/review/11817
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
Most probably this was a copy/paste from packet-ucd.c
Type 4 and Type 5 bursts exist only in Type 2 UCD message.
Type 29, 35 and 51 UCD messages have only type 5 bursts.
Change-Id: I016e6b47c28f2cf69befa495848058c038603b46
Reviewed-on: https://code.wireshark.org/review/11841
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Change-Id: I1dba41c9f129d368096dd69a0f40fa2164311124
Reviewed-on: https://code.wireshark.org/review/11852
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
The current version of the fix only adds -fPIC under certain
circumstances; we check whether it was added and, if it was, and those
circumstances are *not* in effect, we remove it.
Bug: 11643
Change-Id: I75d0ff9b4781d7d4cd884a29bbce7d392939315c
Reviewed-on: https://code.wireshark.org/review/11849
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Lua 5.3 could still be used when located at /usr/include/lua.h. Detect
and reject it in that case.
Rename LUA_VERSION to LUA_VERSION_NUM to avoid a conflict with
pkg-config (which uses a different version format). Ensure that the
regex matches a number only.
Bug: 11706
Change-Id: Idb7e3e1a8d9c6e4ab9ab1816c4dedea7de9dde8e
Reviewed-on: https://code.wireshark.org/review/11836
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
|
Added a check for nil valuestring for all ProtoField integer types
to avoid lookup when argument is not set.
Change-Id: Ib4c016b69ee77dbea4bb83ac93c0d9ae9f48f236
Reviewed-on: https://code.wireshark.org/review/11845
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
Change-Id: Ic9b93aee15b015d51d666a1c6f4f358f689e8843
Ping-Bug: 10750
Reviewed-on: https://code.wireshark.org/review/11842
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
Change-Id: I1d4cddd4026f08416005f2b3212536b3984d1a8d
Reviewed-on: https://code.wireshark.org/review/11834
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
A zero checksum is not illegal in IPv6/UDP when in a ICMPv6 packet.
Change-Id: I07acc874d2385992089ef3ebc7a82e853904ecfc
Ping-Bug: 6232
Reviewed-on: https://code.wireshark.org/review/11808
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
Update manuf, services enterprise-numbers, translations, and other items.
Change-Id: I7a2eaecb6f24992cb3023919c8bd8af2c15192c3
Reviewed-on: https://code.wireshark.org/review/11838
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Change-Id: I65a40b1765f8433c47acbc34452d5336d7df84c1
Reviewed-on: https://code.wireshark.org/review/11788
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Annex C.4
Change-Id: Id6ec9776545c79a4f8e21fd212b87ddcd9fd376f
Reviewed-on: https://code.wireshark.org/review/11829
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Picking off "easy" dissectors that only have one or two exit points at most.
Change-Id: Ie98e071a7cb568c13c8958de56b1fc25a4ce2ce9
Reviewed-on: https://code.wireshark.org/review/11831
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Picking off "easy" dissectors that only have one or two exit points at most.
This concludes a "first pass" over the dissector directory.
Change-Id: If5ce5484214be50fe541cba478da1de62e354297
Reviewed-on: https://code.wireshark.org/review/11830
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
A ProtField type FRAMENUM cannot fetch value from a Tvb.
Change-Id: Iff0f6df8b00445855c9030dcfa753daa62262171
Reviewed-on: https://code.wireshark.org/review/11832
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
The memory used for profile item data is accessed in updateWidgets() which
is called when setting the Default profile as selected. Ensure we free
this memory after this has happened.
Bug: 11705
Change-Id: I79e12d918289e1fcf25331c39439e9c6f3b774d5
Reviewed-on: https://code.wireshark.org/review/11827
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
Picking off "easy" dissectors that only have one or two exit points at most.
Change-Id: I25fe6a0aac93980333217d007702799d16946563
Reviewed-on: https://code.wireshark.org/review/11816
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I98d6ef48448b32f57349facb2bbef538319c5da4
Reviewed-on: https://code.wireshark.org/review/11825
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
The ack symbol is for the Address PDU beeing acked.
Also use the DUP_ACK symbol for P_Mul's Ack-Ack.
Change-Id: I3da616e95e9c2cf889b1e4e4c0570ab0c276a2d2
Reviewed-on: https://code.wireshark.org/review/11819
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
The ack symbol is for the Message, Report or Notification beeing acked.
Change-Id: I5ef99b9e7830f437278af18e681f8200fab6c3d4
Reviewed-on: https://code.wireshark.org/review/11818
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
function declaration [-Wdocumentation]
Change-Id: I0d0c1a3dde14d9817aef28352081dfbfbac6c9fb
Reviewed-on: https://code.wireshark.org/review/11774
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I36ecc9830ead2a0f6a470b4e62440fe9555df363
Reviewed-on: https://code.wireshark.org/review/11813
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Picking off "easy" dissectors that only have one or two exit points at most.
Change-Id: I3d5e576b796556ef070bb36d8b55da0b175dcba8
Reviewed-on: https://code.wireshark.org/review/11805
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I164ce634536ec1a3de650d815e23cdd6102e2fde
Reviewed-on: https://code.wireshark.org/review/11809
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
The one from official CMake (3.3.2) does not look for the default 64bits installation path. Let's add it.
Also add a WIRESHARK_CYGWIN_INSTALL_PATH environment variable allowing to force it.
For reference, registry based detection fails to detect a 64bits installation because it gets redirected to the Wow6432 node.
Change-Id: If3172494e3ab232e094389b493e6b67023662ae5
Reviewed-on: https://code.wireshark.org/review/11769
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
|
|
This because cf->edt->pi is pointing to data allocated in
wmem_file_scope and epan_free() will free all data in wmem_file_scope.
In Qt packet_list_clear() we check and use cf->edt, which will give a
heap-use-after-free error.
Change-Id: I97d532ba976b7bc5fe2995a224ca168edf3da38b
Reviewed-on: https://code.wireshark.org/review/11803
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
Added values for diameter AVP codes:
1085 Redirect-Information Grouped
1086 Redirect- Support Enumerated
1087 TDF-Information Grouped
1088 TDF-Application-Identifier OctetString
1089 TDF-Destination-Host DiameterIdentity
1090 TDF-Destination-Realm DiameterIdentity
Change-Id: I8ba7a56a5a51b32a21a602751275e9ab254adbae
Reviewed-on: https://code.wireshark.org/review/11801
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Add "Go→Next Packet in Conversation" and "Go→Previous Packet in
Conversation" menu items. Make sure the shortucts ("Ctrl+." and
"Ctrl+,") don't get switched to "Cmd+." and "Cmd+," on OS X. "Cmd+," is
already taken by the preferences dialog.
Change-Id: Iab9c7f60fdcf55f12c055b4d0948019bf667ebc9
Reviewed-on: https://code.wireshark.org/review/11771
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I084b43fcd8419741c2de007bd03fc04532346813
Reviewed-on: https://code.wireshark.org/review/11797
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
Change-Id: Iade2d06512bacbeff3e7446487a03d4f73dba721
Reviewed-on: https://code.wireshark.org/review/11796
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
CMake's Visual C++ generator creates projects that compile with the
Debug configuration by default, which defines _DEBUG. Fix DEBUG_DUMP's
declaration so that we compile in that case.
While we're here note that the "airpd" prefix isn't limited to AirPcap,
so we might want to change it accordingly.
Change-Id: I5476f28c63020f0f66ee9128731bc4b3dc720765
Reviewed-on: https://code.wireshark.org/review/11787
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: Ieeb79e4e248bdd8ee239c003e41ede0955e1cf86
Reviewed-on: https://code.wireshark.org/review/11766
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
If we encounter the wrong ftype, print its name.
Change-Id: I7405ccdd3e099f533c6a8aaf81b60faf4093741a
Reviewed-on: https://code.wireshark.org/review/11790
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|