Age | Commit message (Collapse) | Author | Files | Lines |
|
Previously, changing a packet in the packet list would lose the
currently selected field item in the packet tree. After this patch, this
issue no longer occurs because the selected field is focussed again.
The approach is to remember the header field ID on the path from a field
to its root. Limitations of the current simple approach is that multiple
fields/trees under a tree might result in the wrong selection. This is
better than nothing though.
This patch greatly helps analyzing a capture file which has the same
format, except that I need to check a data source for decrypted data.
Previously I would have to scroll down and select the field to see the
data source which also made it impossible to quickly switch between
packets and compare them.
Change-Id: Ic113ca9245fd9faa10f91182794c50cfde8d10f4
Reviewed-on: https://code.wireshark.org/review/14697
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Do not remove byte view on closing a capture file. For this to work, the
tree items must also be remembered.
Change-Id: Ice5cd1006b957e2d1331effc15c4c0a9de89916d
Reviewed-on: https://code.wireshark.org/review/14715
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Use wmem_strdup and wmem_strconcat instead of wmem_strdup_printf.
This shaves a small amount of time off of register_all_protocols on
Windows according to the Visual Studio profiler.
Change-Id: Ib6991e8de5b4fc30e960c513a3028c09dfe6a0a4
Reviewed-on: https://code.wireshark.org/review/14770
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Trying to find interfaces every androiddump run use
a lot of system resources so Wireshark can hang for a while.
Back to old behaviour and register interfaces only when
list them.
Change-Id: Ib63cad05fb47722d3b9de24abf28a86e614417cd
Reviewed-on: https://code.wireshark.org/review/14764
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
For Broadcast address use FT_ETHER with FF:FF:FF:FF:FF:FF address
instead of string address "Broadcast".
Change-Id: I638d3d6a1baa9c965dd0a9f548cedbd81af3ec5b
Reviewed-on: https://code.wireshark.org/review/14767
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Michal Labedzki <michal.labedzki@tieto.com>
|
|
Change-Id: I4a778b816a7675ef9e5ac38f241c5587eeb0c436
Reviewed-on: https://code.wireshark.org/review/14785
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Change-Id: I7e78defaddfff5b45fb21d00f8d7dccaa3df3009
Reviewed-on: https://code.wireshark.org/review/14782
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Change-Id: Ib1d0c3d44d404dba2edca0d330693cde55beff25
Reviewed-on: https://code.wireshark.org/review/14781
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
pcap files and snoop files have different headers, so there's no
IP_OVER_IB encapsulation type, there are separate types for pcap and
snoop.
Change-Id: I00146e478d05bb11c634df0c386329db8de5635d
Reviewed-on: https://code.wireshark.org/review/14774
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I6c4ed55634468b1200c069f1aeaf9200b47e052c
Reviewed-on: https://code.wireshark.org/review/14772
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
According to the Visual Studio 2013 profiler here, we spend about 4% of
our startup time creating the Capture Interfaces dialog. Hold off on
doing that until the user wants to see the dialog. Do the same for the
File Set dialog.
While we're here, make sure MainWindow has fewer children when setupUi
is called. setupUi calls connectSlotsByName, which iterates over all
child objects.
Change-Id: I253e6dc5b7e73a6cb7b7036637e336f449449c4a
Reviewed-on: https://code.wireshark.org/review/14732
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Limit the amount of event processing SplashOverlay does. Let QWidget
take care of painting.
Change-Id: I9176baeba2cc9203e50c02029d85689f8908daba
Reviewed-on: https://code.wireshark.org/review/14771
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
ERF Dissector:
Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers.
Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h.
The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type
field describing what the hash was computed over. The Host ID extension header
contains a 48-bit organizationally unique Host Identifier. Both extension
headers contain the same 8-bit Source ID used for distinguishing records from
multiple sources in the same file and for metadata linking to ERF_TYPE_META
records. Host ID is used to identify the capturing host and can also be used to
distinguish records from multiple hosts in the same file.
ERF_TYPE_META records have a payload consisting of TLV metadata, divided into
sections which define the context of the TLV tag. The dissector registers
a field for each tag for each section type based on a template.
ERF_TYPE_META records generally have a Host ID extension header used to link
metadata to packet records with the same Host ID and Source ID. The associated
Host ID can either be explicit on all records, or implicit where the Host ID
extension header is only present on MetaERF records and other records are
associated using only the Source ID in the Flow ID extension header.
Includes per-record generated Source summary and frame linking. These have the
'correct' Host ID and Source IDs from either extension header, including
applying the Implicit Host ID, and links to the most recent ERF_TYPE_META
record. Relies on Wireshark doing more than one pass to associate the correct
implicit Host ID tree items for records before the first ERF_TYPE_META record.
The metadata is technically not associated at that point anyway.
ERF Wiretap:
Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support.
Adds read support for displaying some fields of the 'first'
ERF_TYPE_META record in the Capture File Properties screen. Concatenates
and merges some summary fields to provide more useful information and
attempt to combine ERF sources, streams and interfaces into wtap interfaces.
Interface naming gracefully degrades when Host ID and Source ID are not present
and is intended to be parseable for use by DAG software.
Supports Implicit Host ID, but assumes it does not change.
NOTE: Now only ERF interfaces that are present in the file are added.
Only works with native ERF files for now. Written such that it is easily
adapted for use by pcap dissector.
Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records.
Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META
and ft_specific_record_phdr clashes with erf_mc_phdr.
Only when native ERF file (as uses wth->file_type_subtype).
Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF.
Bug: 12303
Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d
Reviewed-on: https://code.wireshark.org/review/14510
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Bug: 12279
Change-Id: Ib6c54f8b86d95c5546bc800749f124cd0dbb8ff0
Reviewed-on: https://code.wireshark.org/review/14585
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Change-Id: I61dfe0b8e47c98d50975ab825ef529899c31f305
Reviewed-on: https://code.wireshark.org/review/14757
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Add some comments as well.
Change-Id: I308aec7af187b917fbaa318712c82e3d9187cf1b
Reviewed-on: https://code.wireshark.org/review/14745
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
AC_ERROR is obsolete.
Change-Id: If4d2a577863923c8a7aa9b6427c217fc9c1fa630
Reviewed-on: https://code.wireshark.org/review/14756
Reviewed-by: João Valverde <j@v6e.pt>
|
|
Bug: 12300
Change-Id: I636c086d2dd9c950c35724d3e6b8dbf712e9e147
Reviewed-on: https://code.wireshark.org/review/14744
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: Id7c62ef18f919ba8a476898bc88c02fd3b6bf5a1
Reviewed-on: https://code.wireshark.org/review/14730
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Iac94349069485207d24ac1b8c1c5c09778c12e03
Reviewed-on: https://code.wireshark.org/review/14729
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
global_capture_opts.ifaces store the interfaces that were added for the
next capture and must always be marked as selected.
Fixes regression from 92a2661.
Bug: 11939
Change-Id: Ib3dcd1b228b7a9681439e172d934e0ce66de6c0f
Reviewed-on: https://code.wireshark.org/review/14725
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
When a conversation starts with SSL (Client Hello) but gets a HTTP
response back, then the first SSL request should be preserved.
Bug: 12132
Change-Id: I3f9b5c8828bc5c6680945d7cf71740584dd463ab
Reviewed-on: https://code.wireshark.org/review/14726
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Restrict the list of possible (sub)elements to avoid deep recursion.
Bug: 11824
Bug: 12187
Change-Id: I12deb9956c6ba9b6113cf45da4ee919e33ff8567
Reviewed-on: https://code.wireshark.org/review/14114
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I307f0185c4a82ba3a15b86c38a2431ba5efd9b28
Reviewed-on: https://code.wireshark.org/review/14738
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I3774e8650557e6ac253fd8c4ad02aead0935326b
Reviewed-on: https://code.wireshark.org/review/14736
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
luaL_error never returns, free memory before.
Change-Id: Ibcdbdb6afea5d2dab7be6a16c4c2536dcf14220a
Reviewed-on: https://code.wireshark.org/review/14734
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Pass the reassembled fragment instead of the current record.
Bug: 11477
Change-Id: Id49fac8fa3f9e1b1904a75ab6c7512306f2071b0
Reviewed-on: https://code.wireshark.org/review/14727
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Change-Id: Ibc7423858906c01023c6b8d0f3da7261747ebf32
Reviewed-on: https://code.wireshark.org/review/14723
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Change-Id: I7c2f6ebdb20f90533ee008e1b4557ef27d4672dc
Reviewed-on: https://code.wireshark.org/review/14708
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
When a packet dialog is being constructed, the layout is apparently not
fixed yet and the byte view is technically not visible. Fix the hidden
byte pane by not hiding it when it is not (yet) visible.
Bug: 11760
Change-Id: I0494fa16a5ed89ff31f934ba682a6bb884cc0e2e
Reviewed-on: https://code.wireshark.org/review/14713
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Using tvb_get_ptr to get a string is always dangerous in the face of
malformed packets. Instead using string functions allow for safe handling
of these.
Bug: 12242
Change-Id: I059c186032492aae9c90a69858ea3fc59e21313f
Reviewed-on: https://code.wireshark.org/review/14714
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Change-Id: I6037a02e6170d0ca8b978135f960213ed22bef97
Reviewed-on: https://code.wireshark.org/review/14710
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
error. (possibly clang only)"
This reverts commit 9f40a75bbb9ea8e205bf0ebf9f0651971417cd6e.
Change-Id: I4361f1101077643d10a86237e256ba28ed180a66
Reviewed-on: https://code.wireshark.org/review/14721
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
(The check to ensure the delayed field registration had been done was still
wrapped inside an if(tree) but a bunch of proto_add_*()'s had been pulled out
from under if(tree)'s thus causing some hf's to be used before registered.)
Also simplify the code to ensure the fields are registered since we're doing it
potentially many times per frame: do an integer comparison rather than looking
up an hf by name.
Add a note to the docs for proto_register_prefix() to make it clear that the
initializer routine may not be called before the dissector is asked to dissect
something.
Change-Id: I5dc1154638a290c3a94149184d56570c3abb836a
Reviewed-on: https://code.wireshark.org/review/14711
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Length calculations updating "remaining datagram size" for fragmented
6LoWPAN packets with NHC headers were incorrect if there was any elided
option padding.
The current header's unpadded length was subtracted from dgram_size,
when it should have been the padded length - the datagram size is
uncompressed IPv6.
This meant the final nhdr_list entry created to represent the remaining
payload would have its "reported" field too large. Most visible result
of this was that the IPv6 payload length written into the packet by
lowpan_reassemble_ipv6() was too large.
Error probably went unnoticed because the most typical 6LoWPAN options
don't need padding - the RPL option is 6 bytes, and the MPL option is 6
bytes if using 16-bit seeds, making the HbH extension header an aligned
8 bytes.
Bug: 12310
Change-Id: If94e9ca57f88c4ac41f002a689ce1da7097b5bd0
Reviewed-on: https://code.wireshark.org/review/14701
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I2accdb7fe02072853a5ec9cae84403f3224dfada
Reviewed-on: https://code.wireshark.org/review/14718
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Have bin2hex() wmem_allocate the buffer, so it can be used the same way
that tvb_get_string_enc() is used.
Don't bother checking whether NIBBLE_2_ASCHEX() returns an ASCII hex
digit character or not - it returns either a value in the ASCII range of
'0' through '9' or in the range 'A' through 'F', all of which are ASCII
hex digits.
Fix get_bit() to set *length to 0 if the string we're returning is
empty.
Change-Id: Id331cfd0ab34d45892f98d228dc793a1e93d84e5
Reviewed-on: https://code.wireshark.org/review/14717
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
The Snow Leopard versions are too old for current Wireshark.
Change-Id: I25936370164d69d6b0eaca4ac9e3253772e0ac73
Reviewed-on: https://code.wireshark.org/review/14712
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I81a83638c2318ba0d806263dbf692cd19b30ce9b
Reviewed-on: https://code.wireshark.org/review/14707
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Change-Id: I852aa09bff6a37ef03b5f55bdf8933ed181da2d0
Reviewed-on: https://code.wireshark.org/review/14705
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Use tvb_reported_length_remaining in dissect_spoolss_uint16uni. Make
sure our offset always increments in dissect_spoolss_keybuffer.
Change-Id: I7017c9685bb2fa27161d80a03b8fca4ef630e793
Reviewed-on: https://code.wireshark.org/review/14687
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
packet-tcp.c:2155: warning: Value stored to 'relseq' during its initialization is never read
packet-tcp.c:3511: warning: Value stored to 'assignedMetaId' is never read
packet-tcp.c:3514: warning: Value stored to 'assignedMetaId' is never read
Change-Id: I68d8088fc54da5ad52361510d43b893e58bf419f
Reviewed-on: https://code.wireshark.org/review/14695
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Matthieu Coudron <matthieu.coudron@lip6.fr>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
dialog
Bug: 12309
Change-Id: Id67b676bfcb5b4497c48d4cd7ca7c8cc1cbda986
Reviewed-on: https://code.wireshark.org/review/14704
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Arguments.
Change-Id: I7e51e2a2b9fa98cf8ca44fb528f49aeae46d9b7c
Reviewed-on: https://code.wireshark.org/review/14703
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I206c3f8ec860e92dce3f43b05f6695347d15398a
Reviewed-on: https://code.wireshark.org/review/14706
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Change-Id: I7d103c7316ee372b5cdb3aa9033a62eb75cd38b2
Reviewed-on: https://code.wireshark.org/review/14702
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: Idc375b468754ac1287401ebfb88f77a40f747a79
Reviewed-on: https://code.wireshark.org/review/14698
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Change-Id: Ia486209a8eef5bf02b5b3f6d793698c4cc802dc9
Reviewed-on: https://code.wireshark.org/review/14699
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: Ife25c519acb56b58819bc1aabfa069b5fbbc788d
Reviewed-on: https://code.wireshark.org/review/14676
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I51ac8ce56641cf6eeda18c2a3f6d6952d3126415
Reviewed-on: https://code.wireshark.org/review/14693
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|