| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
This new extcap is for testing and educational purpose.
It relies on rankpkt-core functions to generate random packets.
Change-Id: If6890f0673545682995a2079458108edc0913b30
Reviewed-on: https://code.wireshark.org/review/11764
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I32f0549852c2da99c8217ab406a019e441d4beb7
Reviewed-on: https://code.wireshark.org/review/12823
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I14ef5244ddcc34fc0edea159e3e8593da8f50ffe
Reviewed-on: https://code.wireshark.org/review/12819
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
So include <epan/g_int64_hash_routines.h> to fix the build with those
versions.
Change-Id: I4c72ceff934ad0e94376c237130406f582dfce8f
Reviewed-on: https://code.wireshark.org/review/12820
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Kept backwards compatibility with GTK+ capture info dialog by keeping the protocols tracked hardcoded, but Qt should have more freedom.
Change-Id: I497be71ec761d53f312e14858daa7152d01b8c72
Reviewed-on: https://code.wireshark.org/review/12724
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
This dissector was mostly code-reviewed in a previous change:
https://code.wireshark.org/review/#/c/11305
But it had an issue with a pointer using a sequence number (8 Bytes).
This change is meant to correct that, as well as a small formatting
error I found in the text shown.
Change-Id: Ib7e27eb2734c46e970b99161bd04438b5675bde4
Reviewed-on: https://code.wireshark.org/review/12660
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
The col_item->col_custom_fields_ids list does not change between
packet so this can be initialized in build_column_format_array().
Change-Id: I171b583912dbd1568c3d85159fac1ab435dcaa7c
Reviewed-on: https://code.wireshark.org/review/12801
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
We don't know when the capture started or ended (the time stamps of the
first and last packets aren't necessarily the time when the capture
started or ended), we don't know how many packets were dropped in the
capture process, and we don't know how many packets were seen in various
stages before they were received by whatever software dumped them out as
text, so we have no statistics to report.
Change-Id: Ia8bface63a95f925a6ccb19c32d188055809f203
Reviewed-on: https://code.wireshark.org/review/12812
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
It doesn't need to exist after AirPDcapDecryptWPABroadcastKey() returns.
Change-Id: Ifaf08dfb285be3cf54429f7b77d44565962d4450
Reviewed-on: https://code.wireshark.org/review/12808
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
It doesn't need to persist after the function returns.
Change-Id: Ic601a6ef6a0aa0f22f9c8b9a1c586cec95093f27
Reviewed-on: https://code.wireshark.org/review/12805
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: Ifccb111a8139b7c41cf6fec3fa6bc8e201e2e2ea
Reviewed-on: https://code.wireshark.org/review/12800
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Also add expert info "hint" that base64 decoding may be disabled.
Bug: 11853
Change-Id: Ib2138ae0c70e22f311e1369c66816ff9d6fbdb82
Reviewed-on: https://code.wireshark.org/review/12734
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
the left and to the right of the '-' operator found by PVS Studio (V501)
Change-Id: Ib3fb73f6cc3dba549bd3104e9227f4e4a6e3b08c
Reviewed-on: https://code.wireshark.org/review/12310
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I1b4545e132bce437570a1ea3afb2b707e7553f4b
Reviewed-on: https://code.wireshark.org/review/12718
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Improved the custom column prime regex so that all fields must be
separated by "||" or "or" to avoid false positives when having
multi-fields which is valid display filters but not valid for
custom columns (e.g. "udp and tcp").
Change-Id: Iec9942d458d6b265d04e14b5966907f1de43b782
Reviewed-on: https://code.wireshark.org/review/12751
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
[-Wmissing-prototypes]
Change-Id: I4a90d1b2dbd5af4222ca4206f1c701842aa0d424
Reviewed-on: https://code.wireshark.org/review/12774
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: If56dfe7f52d965d0ebffcc36588b0c93234a1309
Reviewed-on: https://code.wireshark.org/review/12773
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I8ab0388511afb3b9dd3bd16ba569a78252b8d52a
Reviewed-on: https://code.wireshark.org/review/12070
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Modify existing MainWindow::testCaptureFileClose() to handle restart scenario.
Bug: 9605
Change-Id: Ie57624ca482b050745474f5e1c61343f60292a42
Reviewed-on: https://code.wireshark.org/review/12733
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I34d24b05941f9a56c48273254d84cab3b91a12d5
Reviewed-on: https://code.wireshark.org/review/12780
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Add support for Barracuda NGFirewall Ipfix Audit. Used documentation
found at https://techlib.barracuda.com/NG61/ConfigAuditReportingIPFIX
The configuration allows to switch between little endian and big
endian for a Ipfix collector. This commit expects big endian encoding.
However it seems that there is a bug in NGFirewall 6.1.1 which
interchanges the encoding (little-endian instead of big endian and vice
versa).
Bug: 11902
Change-Id: I84c497188eadedf6781dce309888242b0dc1592f
Reviewed-on: https://code.wireshark.org/review/12703
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Introduced in Iad5e28aa
Bug: 11910
Change-Id: I80be5f156786ddb9f7bbe25460b48dbb4588cb8d
Reviewed-on: https://code.wireshark.org/review/12755
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Change-Id: Iac09b841ff782ea351052ad6b20f5b4ff170e8e8
Reviewed-on: https://code.wireshark.org/review/12752
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
at the moment, AirPDcapDecryptWPABroadcastKey() does not free the buffer
allocated by AES_unwrap() if there's an error while parsing the returned data
this could be fixed by adding more g_free() calls or by using wmem
memory
Change-Id: I332968da2186fbd17cbb7708082fa701dcab668e
Reviewed-on: https://code.wireshark.org/review/12744
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
return an error if our key is shorter than the key type required for the
encryption method we detected
this check prevents an out-of-bounds memory access when the key is copied
Bug: 11826
Change-Id: Ic779b5d87aa97a3b2d2b2c92ce12d0fff4a85adc
Reviewed-on: https://code.wireshark.org/review/12743
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
to make sure that AirPDcapDecryptWPABroadcastKey() does not leak memory
when it returns an error
Change-Id: I01dc8dc0d6cc1e72e9784a262e35e24844e35dbc
Reviewed-on: https://code.wireshark.org/review/12745
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I7340954d9ca2fd11a6db2aa7cd5493d870181e23
Reviewed-on: https://code.wireshark.org/review/12765
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: Iee46c43498f42e19dfab0178e80743d35d843d2d
Reviewed-on: https://code.wireshark.org/review/12762
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
rec_length_remaining is the amount of data we haven't already read from
the record; it starts out as the record length and gets decreased. It
is not the length of data in the packet.
Change-Id: I46cd78e29aee13a686f1f6c8efbe258277e15686
Reviewed-on: https://code.wireshark.org/review/12759
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Before reading the record header of a REC_FRAME{2,4,6} record, make sure
the record length is >= the length of that header.
Whe calling fix_pseudo_header(), pass the actual length of the packet
data, not the remaining length of the record (which may include
padding), so we don't read past the end of the packet data.
Bug: 11827
Change-Id: I1c63a4cb014c4616ffdd202660e68c576f266872
Reviewed-on: https://code.wireshark.org/review/12756
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Set initial value for confirmUnsavedCheckBox.
Change-Id: I7dfebf21e516a9d1be1bd3f543a00834222c9ff7
Reviewed-on: https://code.wireshark.org/review/12739
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
Use this as a common regex to split multi-field custom columns.
Change-Id: I40f76743284c5981c95d2e47d6d1d2a7f357d2ea
Reviewed-on: https://code.wireshark.org/review/12753
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
Update manuf, services enterprise-numbers, translations, and other items.
Change-Id: I888e6e56894ab3226ad32e8f1d5e3d351cfcd8d8
Reviewed-on: https://code.wireshark.org/review/12747
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Change-Id: Ic6c6113e91adb416f19aeea5ed85d5deb61832d4
Reviewed-on: https://code.wireshark.org/review/12746
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
|
|
for cipher_len==56, some bytes of the output array are not written
An alternative approach would be to add a check for cipher_len.
I understand from RFC 3394 that the AES key wrap algorithm works on
multiples of 64bits and has no upper limit, we couldn't easily reject 56
bytes cipher_len.
Bug: 11527
Change-Id: Ie82357bbe5512de391813dd55098df7a16bda9ae
Reviewed-on: https://code.wireshark.org/review/12741
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
|
|
The kernel sets the URBs status to -EXDEV in this case. Don't require
status == OK in this case.
Set pinfo->p2p_dir for USB packets. Sent/received is from the
perspective of the host.
Bug: 11868
Change-Id: I2be2348507bef47272d3d8786019ec90457141ac
Reviewed-on: https://code.wireshark.org/review/12731
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
|
|
This allows a 64bit 7-Zip installation to be located even though
win-setup.ps1 is run by a 32-bit process.
This applies to 64bit Windows (7, 10, Server 2008 R2, Server 2012).
Tested on 2012.
Ref:
https://msdn.microsoft.com/en-us/library/windows/desktop/aa384274%28v=vs.85%29.aspx
Change-Id: I6f4f3226b25c890cd674bf4c4d9ea73ddfc8ece0
Reviewed-on: https://code.wireshark.org/review/12740
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
GTK already has it, but Qt forgot about it, so multi-field custom column
works ok if previously saved in GTK-shark. Invalid validation prevent from
modifying and saving multi-field custom column in Qt version.
While at it, rename "custom field" to "custom fields" to ensure
we think about multi-field custom column.
Change-Id: I99588150ccb38be11b75f5dd5b0f6443e7055ebb
Reviewed-on: https://code.wireshark.org/review/12685
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I37602d0e2148150b55b2812855bccf2f181d31b8
Reviewed-on: https://code.wireshark.org/review/12737
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
them.
Change-Id: Ie7b8964fcbb5e0a7c6b4296ee2b63e168dcc55fa
Reviewed-on: https://code.wireshark.org/review/12738
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Ie828a38ea0da14224ccf38ae5c703038bddcc835
Reviewed-on: https://code.wireshark.org/review/12736
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I127f55f4ed26a99facea4d1ecc29786ab4898a75
Reviewed-on: https://code.wireshark.org/review/12735
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
The working directory for g_spawn_sync should not be escaped, it is
simply passed to chdir. The escaping was needed for the command, so do
so (hmm... maybe the argv arguments should be escaped too for Windows).
Also remove an unnecessary NULL command argument for extcap_foreach.
Note: there is still a memleak when exiting because the ifaces table is
not cleared after querying the list.
Change-Id: I1251d623b954a81848044b6d1faf8dcec8ce465b
Reviewed-on: https://code.wireshark.org/review/12530
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Qt already has a menu item for this in Statistics -> Capture File Properties
Bug: 9628
Change-Id: I85dd6f85d43fbfb60c2f4db82d9a02d91866127c
Reviewed-on: https://code.wireshark.org/review/12725
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
It's always TRUE.
Clean up indentation while we're at it.
Change-Id: I11f5b849274b68bbda4fa32a8d909d6d5e71cbb1
Reviewed-on: https://code.wireshark.org/review/12732
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Add the TYPE_COLOR_HASH_POS and TYPE_COLOR_HASH_ETH types, note that
type 26 has no #define, mention that types 28 through 31 are reserved
for future record types.
Change-Id: Ic828254599599c6bd7399d4682f9a3d4bff1f0f7
Reviewed-on: https://code.wireshark.org/review/12728
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Update erf_open heuristic to not break when ERF_TYPE_META records are present.
Remove check for maximum non-pad ERF type and add defines for reserved types.
No dissection in this commit beyond record type name, this will come later.
Change-Id: Ib64e450e26b2878b5519fb6afeafa2ce9477ac85
Reviewed-on: https://code.wireshark.org/review/12708
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Unsigned type value is always >= 0
min_secs is always set to 0
Change-Id: I62e3a5b71b423ae9ae15be1206bd1deeb9962760
Reviewed-on: https://code.wireshark.org/review/12400
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I5b43c02a75ae2ade1d389d01f352b1500417779d
Reviewed-on: https://code.wireshark.org/review/12696
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
ring buffer.
This matches the Gtk UI.
(Note that the Qt UI's upper limit for this option (1k) is much lower than
the Gtk UI's (100k).)
Change-Id: Ie5b5b7b4bdb9205594ed7fcc38630a6268cc3acf
Reviewed-on: https://code.wireshark.org/review/12711
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
