Age | Commit message (Collapse) | Author | Files | Lines |
|
Change-Id: If7cf7ab42ca6a886deb1eab6bc1f391d993e1dad
Reviewed-on: https://code.wireshark.org/review/7677
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Change-Id: I42a06b728d807853d2c9b87a18ed36e1e0321085
Reviewed-on: https://code.wireshark.org/review/7685
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Change-Id: Ifdffdf042908c5b4b25704c56d734e9c942d24f4
Reviewed-on: https://code.wireshark.org/review/7690
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
It prevents using an uninitialized variable if sscanf fails
Bug: 11060
Change-Id: I3866d35ae05e8114263fd13a8ccc5e20c3a0d63a
Reviewed-on: https://code.wireshark.org/review/7683
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Change-Id: Ia77e5cac3d0c79f10d87f21bd4e19bd8187a01ff
Reviewed-on: https://code.wireshark.org/review/7691
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Change-Id: I2721086221c435d228bf27aef62f9dc5f6d9ee10
Reviewed-on: https://code.wireshark.org/review/7684
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Bug: 11051
Change-Id: I04b1f1c852b60182ef7f5405716c0b6733d0f44a
Reviewed-on: https://code.wireshark.org/review/7679
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Ia0cbb36e9962c762648ead8dddd3bb0a794cec74
Reviewed-on: https://code.wireshark.org/review/7678
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Previously DecodeAs neither save its changes nor changes dissector tables.
Do that and redissect packets to refresh view.
Bug: 10553
Change-Id: Icd8453c9650f0265852f6b6b58bc483b35570a15
Reviewed-on: https://code.wireshark.org/review/7676
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
|
|
A1,A2,A3 and A4 in 802.11 MAC header were not correctly
mapped to SA/TA/DA/RA/BSSID
Change-Id: I050cbb544500d8c3bf3d545f85144ca853079dde
Reviewed-on: https://code.wireshark.org/review/7655
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Idb2d9e070c7f65540ad27b011bd4a3dcaa3dd7e4
Reviewed-on: https://code.wireshark.org/review/7667
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Add a "test-programs" target to each toolchain which builds each unit
test executable. "test-programs" must now be built before running
the unit test suite.
Change-Id: I9317a1e305d987f244c4bd8b4a7f05d11fed7090
Reviewed-on: https://code.wireshark.org/review/7673
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Change-Id: I6e13ae8c4e95f5915541bc33d89faa61dade2058
Reviewed-on: https://code.wireshark.org/review/7674
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Change-Id: Ifde4b7c276e8e2163a4a5e77bc036393e9e4493a
Reviewed-on: https://code.wireshark.org/review/7668
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Change-Id: I123c591cb0eb83b561163119a4b00c616bcd0990
Reviewed-on: https://code.wireshark.org/review/7666
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
It allows to have "Follow UDP stream" context menu working again
Bug: 11055
Change-Id: I8eae15bfddb45ea033eb8dd2e3f7ca038057421a
Reviewed-on: https://code.wireshark.org/review/7662
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Also fix up the hf description to make it clearer (to me) that this frame number is pointing *to* the ACK, not *from* it.
Change-Id: Ic60e949e65f3988f9ac34fff39d4addc28a1fdbc
Reviewed-on: https://code.wireshark.org/review/7658
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
equal to 2^b-1
See ITU-T X.691 chapter 30.5 for details
Change-Id: I6ac31494997349c6bff19b196e72859a31634af4
Ping-Bug: 11039
Reviewed-on: https://code.wireshark.org/review/7633
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Add FT_FRAMENUM_ACK and FT_FRAMENUM_DUP_ACK and set them for
tcp.analysis.acks_frame and tcp.analysis.duplicate_ack_frame. Draw a
single or double check mark in the packet list accordingly.
These are probably specific to TCP, but as it happens there are a lot of
TCP packets.
Change-Id: I35416506419159a79ad8cc2e35f8a14485edfb7e
Reviewed-on: https://code.wireshark.org/review/7568
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
To allow future tap interfaces as well as analysis plugins
to use the same definitions the dissector used, all defines
are being separated into a header file
Change-Id: Iec38e361ded46aab6684c2713ba9a047193a6694
Reviewed-on: https://code.wireshark.org/review/7468
Reviewed-by: Roland Knall <rknall@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Process wslua/CMakeLists.txt using add_subdirectory instead of
include. Generate files in the build directory instead of the source
directory.
Copy lua scripts to DATAFILE_DIR instead of DATAFILE_DIR/lua. That's
where init.lua looks for console.lua.
Always set WIRESHARK_RUN_FROM_BUILD_DIRECTORY when testing. We
presumably want to test our source files and not files which may or
may not be in the system path.
When we're running from the build directory look for lua scripts in both
the Autotools and CMake build locations.
Change-Id: Ic15ab8c58ff1b170d000c9b3e0a329af2ec44b7b
Reviewed-on: https://code.wireshark.org/review/7590
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Added dissector for Broadcast call control protocol
(3GPP TS 44.069 version 11.0.0 Release 11)
Change-Id: I179801d30fc2d32d8c4187a92dd0b1c9709711c7
Reviewed-on: https://code.wireshark.org/review/7627
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
data: the invalid frame number will crash Wireshark.
Bug: 10885
Change-Id: I3ae278b77a9449136fbaaac52f2bbaa8a510bf76
Reviewed-on: https://code.wireshark.org/review/7651
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
This allows for exporting the SSL session keys for captures which were
decrypted using a RSA certificate, but where the server does not support
session resumption.
To avoid frequent reallocations, the expected length is used as initial
string size.
Tested against a nginx server with ssl_session_cache off.
Note that all keys loaded via ssl.keylog_file are exported, not just the
displayed ones!
Change-Id: Ie3a93d3692885502f46442953fa53303d16672d7
Reviewed-on: https://code.wireshark.org/review/7175
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Enable the reliable Magic Hello heuristics by default and dissect
further packets as HTTP2 as well. The weak frame heuristics is still
disabled by default.
Change-Id: I783d036fb6c6d867daedf251a5264fdf3b475447
Reviewed-on: https://code.wireshark.org/review/7615
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I78376c5578ee1f1871260db478a9c0d994f5bd38
RFC6594: Use of the SHA-256 Algorithm with RSA, Digital Signature Algorithm (DSA), and Elliptic Curve DSA (ECDSA) in SSHFP Resource Records
RFC7479: Using Ed25519 in SSHFP Resource Records
Reviewed-on: https://code.wireshark.org/review/7654
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Part 2
Change-Id: I4fa4a48fe047b7231f1cf084d8c798ada15372c5
Reviewed-on: https://code.wireshark.org/review/7607
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
TLSv1.2 gained an additional SignatureAndHashAlgorithm field for fields
marked with the digitally-signed attribute. This was already implemented
before for ServerKeyExchange, let's reuse that.
Note that the SignatureAndHashAlgorithm tree and fields (hash algo,
signature algo) are repurposed in a different context, but since the
structure is the same it is kept like this.
By the way, add support for DTLSv1.2 too. RFC 6347 section 4.2.6
suggests that the implementation is the same (as far as the dissector is
concerned).
Also update the comments and remove the additional "Signature with
client's private key" subtree since the CertificateVerify message has no
other items.
Bug: 11045
Change-Id: I025901b85e607f04d60357ff14187cc13db2ae5d
Reviewed-on: https://code.wireshark.org/review/7650
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: If9ecbb6ff77fff8131adf526bfec2bb08aa644aa
Reviewed-on: https://code.wireshark.org/review/7642
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Since commit v1.99.4rc0-70-g0bec885 (Remove use of sprintf for ftype
string formatting), Wireshark aborts with "Null pointer passed to
bytes_to_hexstr_punct()". This happened with a SSL capture where the
ssl.handshake.extensions_padding_data had a zero length.
Fix it by producing a zero-length string instead (as done by the
previous implementation).
Change-Id: I711d786a9ae692eb44c5e49a30d5fea41c5af31e
Reviewed-on: https://code.wireshark.org/review/7649
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I656d6193aad740ab88bf16fb25c202e766e3092a
Reviewed-on: https://code.wireshark.org/review/7616
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
The sha1 function outputs a multiple of 20 bytes while the ptk buffer
has only a size of 64 bytes. Follow the hint in 802.11i-2004, page 164
and use an output buffer of 80 octets.
Noticed when running Wireshark with ASAN, on exit it would try to free a
"next" pointer which was filled with sha1 garbage. It probably got
triggered via 3f8fbb734915aaf74eb006898e8fabb007afbf48 which made
AirPDcap responsible for managing its own memory.
Bug: 10849
Change-Id: I10c1b9c2e224e5571d746c01fc389f86d25994a1
Reviewed-on: https://code.wireshark.org/review/7645
Reviewed-by: Evan Huus <eapache@gmail.com>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
at the moment, we don't forward such messages and therefore see lots
of generic USB control messages that could be dissected further
even if there's no data, a protocol-specific dissector may still set
the columns based on conversation info
Change-Id: If3fc0f0ce3bdec1f91b7e3cadc3affd56b8c8969
Reviewed-on: https://code.wireshark.org/review/7584
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
|
|
Ensure that we handle when option_len is zero so we don't go into an infinite
loop. Reported by Vlad Tsyrklevich and found by the "joern" tool. Also fix what
appears to be two misplaced "curr_offset" values which would have resulted in a
bad loop anyways.
Bug: 11036
Change-Id: I79e70fcf79015cb0add1744aff695143e11312aa
Reviewed-on: https://code.wireshark.org/review/7593
Reviewed-by: David Ameiss <netshark@ameissnet.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
Change-Id: I51035034397aa9bc42ed5b4aadc6c7fca52b2d5d
Reviewed-on: https://code.wireshark.org/review/7638
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Bug: 11048
Change-Id: I7921f19ad378d6d0b6707251a546c84405b8dcf4
Reviewed-on: https://code.wireshark.org/review/7623
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Change-Id: I74d0751b9efc3eac99b6bbadf3fe19207e2086db
Reviewed-on: https://code.wireshark.org/review/7609
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: Iad5e28aab54a6f22148aa1e81f2dc87fbaf7ccea
Reviewed-on: https://code.wireshark.org/review/7016
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
* Update to the last IANA icmpv6-parameters (2014-01-30)
* Add ICMP Locator Update message (RFC 6743)
* Add RFC 7400 (6LoWPAN-GHC: Generic Header Compression for IPv6 over Low-Power Wireless Personal Area Networks) (Add new ND Option)
Change-Id: I3d6c7f06b6f654e57844046d63c8091e5e33037a
Reviewed-on: https://code.wireshark.org/review/7629
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I6b578bad375687651e06508ea9c532bbad3472c8
Reviewed-on: https://code.wireshark.org/review/7631
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
(*)(gchar *, guint32)' converts between void pointer and function pointer [-Wpedantic]
Change-Id: Idb7f075f67402d4ca02934a22ad0fd1127c89369
Reviewed-on: https://code.wireshark.org/review/7632
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I6f6ac0bcb7b1ddc124f161b5cacd046aeef5043f
Reviewed-on: https://code.wireshark.org/review/7630
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
It allows to properly handle a use case were several TCP connections would be encapsulated
Note that it is safe to use the same key for struct tcp_analysis and proto_tree as they are not using the same scope (and thus list)
Change-Id: I37423eca225960f2e72817f6faf543f6676cf489
Reviewed-on: https://code.wireshark.org/review/7606
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Most of our sites are now HTTPS-only. Update URLs accordingly. Update
other URLs while we're at it. Remove or comment out dead links.
Change-Id: I7c4f323e6585d22760bb90bf28fc0faa6b893a33
Reviewed-on: https://code.wireshark.org/review/7621
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Remove a dead increment while we are at it
Change-Id: I4a453bbd959e71ff6e85be06d079176abdc33a95
Reviewed-on: https://code.wireshark.org/review/7622
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Change-Id: I10e243bfa33f2e2415c937dcb12fca0578bcb7a9
Reviewed-on: https://code.wireshark.org/review/7620
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Bug: 11007
Change-Id: I902d07f6492bffe5d44f6687be9db53b11b0acd3
Reviewed-on: https://code.wireshark.org/review/7602
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Fixes a potential infinite loop reported by Vlad Tsyrklevich found via the
"joern" tool. I'm pretty sure the semantics of proto_tree_add_item would have
prevented this, but not 100% and making it explicit doesn't hurt.
Bug: 11037
Change-Id: I92049a95d23ca9c233b3fd830637e6bca19a7434
Reviewed-on: https://code.wireshark.org/review/7592
Petri-Dish: Evan Huus <eapache@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
We need to use rrc, as the checksum is likely to be
rotated before the plaintext payload.
For now we only handle the two common cases
rrc == 0 and rrc == ec...
Ping-Bug: 9398
Change-Id: I548f2f0650716294b6aeb361021be6e44ae8f1b3
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/7271
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Ping-Bug: 9398
Change-Id: I163d3dc99562b3388470c58d05e2d4d2e2f6d00c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/7477
Reviewed-by: Michael Mann <mmann78@netscape.net>
|