Age | Commit message (Collapse) | Author | Files | Lines |
|
TODO
- pull AEAD init/check outside function (for re-use with TLS1.3?)
- fix sequence number for nonce, need to check what is wrong
- more testing (+ extend test suite)? CCM seems to work. GCM auth check
seems still broken.
- test with older libgcrypt versions (currently tested with 1.7.6).
Change-Id: I94dd2fd70e1281d85c954abfe523f7483d9ac68b
|
|
The record sequence number is 64-bit, not 32-bit. This applies to all
SSLv3/TLS/DTLS versions. Without this fix, after about four million
records, the wrong MAC is calculated (for TLS 1.2) or decryption will
fail (for TLS 1.3).
Change-Id: I05e5e8bc4229ac443a1b06c5fe984fb885eab1ca
|
|
This will also avoid invoking ssl_finalize_decryption which will not be
used for TLS 1.3.
Change-Id: I958508276488764ad1a82e6412504bcd72f3b995
Ping-Bug: 12779
|
|
Renegotiated sessions may interleave application data with handshake
records. These handshake records should however not be included in the
flow associated with the application data. This fixes a regression in
the previous patch, now the "1.12 Step: SSL Decryption (renegotiation)"
test passes again.
Also remove duplicate DTLS data sources for decrypted records.
Change-Id: I46d416ffba11a7c25c5a682b3b53f06d10d4ab79
Fixes: v2.3.0rc0-2152-g77404250d5 ("(D)TLS: consolidate and simplify decrypted records handling")
|
|
Initialize decode_as_list = NULL after free to avoid random crashes
in g_list functions after changing profile.
This bug was introduced in g5c7b0b96
Change-Id: Ibc752f245115c5a426989e20e0ab9d0f0faac43d
Reviewed-on: https://code.wireshark.org/review/19821
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
This reverts commit 01ddd93a7296b54a2048de74691984a7e78e4cb9.
Change-Id: I90f19fec52d3f1edc63fd00e614173a0154503d4
Reviewed-on: https://code.wireshark.org/review/19820
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: Ia29d451857995b186c88193c9722ae156eb3f66d
Reviewed-on: https://code.wireshark.org/review/19729
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
relax pw_eth_heuristic and, at the same time, improve
the 1st nibble logic in dissect_mpls in order to disambiguate
between Ethernet pseudo-wire without a control word, with the MAC
address's first nibble being 4/6 and IPv4/6 packet.
Bug: 13301
Change-Id: If4697c2e40271d84e2db11a9f64ee60a8657e164
Signed-off-by: Francesco Fondelli <francesco.fondelli@gmail.com>
Reviewed-on: https://code.wireshark.org/review/19599
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Zero-length octet sequences don't need to show <MISSING> for their contents.
Change-Id: I89662ff8cd29563981ba9e1b34dc82023b6a070e
Reviewed-on: https://code.wireshark.org/review/19755
Reviewed-by: Juan Jose Martin Carrascosa <juanjo@rti.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Bug: 13347
Change-Id: I351c80dea8ac7a9f2540b40782b1cc5c0b8fdaed
Reviewed-on: https://code.wireshark.org/review/19777
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Previously there was a distinction between decrypted handshake
Application Data records ("Decrypted SSL data") and some others (like
Alerts, Handshake and Heartbeat, "Decrypted SSL record"). Remove this
distinction and always decrypt the payload before passing it on and
always display a data sources for decrypted contents ("Decrypted SSL").
This is prepatory work for TLS 1.3 support where the content type is
located in the encrypted record, having the record decryption in one
place makes it easier to adapt.
Change-Id: I92c51c7f9e87e5c93231d28c39a8e896f5afd1ef
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/19789
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Update the recent files list when exporting specified packets to file.
Change-Id: I4e7dd7f943aa99ab9d5f3fd88444d730434970e9
Reviewed-on: https://code.wireshark.org/review/19818
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
Change-Id: I87239a5af8476c1285e68cfbd45e62b89f1440eb
Reviewed-on: https://code.wireshark.org/review/19808
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Change-Id: I4c9eff4248f25c15ef4d525e0a4360bf3bdb480c
Reviewed-on: https://code.wireshark.org/review/19813
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
never read
Change-Id: Ia7e351167edc0ca5c48e284bee0c940bba12c6d7
Reviewed-on: https://code.wireshark.org/review/19812
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
From FreeRADIUS
typo. Fixes https://github.com/FreeRADIUS/freeradius-server/pull/1882
Alan T. DeKok@2017-01-18T18:09:05Z
Files modified:
* share/dictionary.rfc5580
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/f22f1bf53c3a316865cc20cb1b1f27d9706cc472
Change-Id: I7f64d97352a453ff22dac45e9e9737af80fc1b2c
Reviewed-on: https://code.wireshark.org/review/19811
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
The "Go to Packet" frame cannot be used without a capture file so
ensure we hide this when closing a capture file.
Change-Id: I339bc90b87181a8361e9f0bf27dfdf26d2f05333
Reviewed-on: https://code.wireshark.org/review/19783
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
When saving preferences the strings in string lists must not be
escaped with g_strescape() because this will destroy UTF-8 characters.
Because this strings only should use printable characters we manually
escape quote and backslash, and skip non-printable.
Bug: 13342
Change-Id: I57e492dff746a5ecc0aee809f946a615ad110b4d
Reviewed-on: https://code.wireshark.org/review/19738
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Use correct disconnect() signature to ensure everything is disconnected
before connecting new signals. Without this all previous connects() are
still active. This leads to gradually more and more syntax checks being
called for each change, and possibility of a wrong syntax check
(especially for strings which has no syntax check).
Use the textEdited() signal to trigger a syntax check at startup.
This gives consistency.
Do not clear preferenceLineEdit when done because it looks weird when
the preference text disappears while the widget is hiding. The entry
is cleared before next show anyway.
Change-Id: I21c6fd8ec6bb0ecff1b2c0b66fe97dc3eaecf9b3
Reviewed-on: https://code.wireshark.org/review/19788
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Implemented by BoringSSL, an older description can be found at:
https://github.com/google/boringssl/commit/e776cc29568e520aaabc83188cc7db7991f0b776
Implementation pending at OpenSSL:
https://github.com/openssl/openssl/pull/2287
NSS bug (still open):
https://bugzilla.mozilla.org/show_bug.cgi?id=1287711
Proposal for PicoTLS:
https://github.com/h2o/picotls/issues/6
Change-Id: Ib597f48e296d286d8f6d30873ca03e7d6324a3c4
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/19801
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
The interval parameter is user-supplied and is used as divisor.
Change-Id: I9cbbecb71da3991c1712cb87e93de072cc950224
Reviewed-on: https://code.wireshark.org/review/19787
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jakub Zawadzki <darkjames-ws@darkjames.pl>
|
|
Change-Id: I2855c83c6b5e9add3f34d72a2f2ed3394bf79b78
Reviewed-on: https://code.wireshark.org/review/19761
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
That field parsed as Big Endian, while all data in ZigBee is Little Endian.
Not change to LE.
Change-Id: I782ba5d17ca9f2208dc4e2f08ca2c731f4d683e4
Reviewed-on: https://code.wireshark.org/review/19800
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Adds a signal, which emits the number of active captures
Change-Id: I637106294e331e7fc7607f6fd7704492e22fa7ac
Reviewed-on: https://code.wireshark.org/review/19799
Reviewed-by: Roland Knall <rknall@gmail.com>
|
|
Add the 'in' operator to the list of available operators, where 'eq'
operator would be present also. Setup the curly bracket expression in
the filter and allow for multiple enums to be selected.
Ping-Bug: 12808
Change-Id: Ibeef52ba9d41549d0684b0069270ff09f5a93e81
Reviewed-on: https://code.wireshark.org/review/19767
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
|
|
That should squelch some warnings on Windows.
Change-Id: I55b394be12203e14af023fdcc5d46564d0fcfa34
Reviewed-on: https://code.wireshark.org/review/19797
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Have a wsutil/socket.h file, for inclusion by everything that uses
sockets, that contains the UN*X-vs-Windows #includes and #defines to
hide some UN*X-sockets vs. Winsock API differences. That stuff mostly
comes from from extcap/extcap-base.h; have that file just include
wsutil/socket.h rather than defining that stuff itself.
Include it in sharkd_daemon.c. Use socklen_t for the size of things to
pass to bind() as the last argument; wsutil/socket.h defines it as int
on Windows.
Ignore sharkd in Git.
Change-Id: I3f2171b7aa613717f52305f62bfd7d43e0172dc6
Reviewed-on: https://code.wireshark.org/review/19796
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Assume that the relative milliseconds could be 64-bit, and make the
indices calculated from it 64-bit as well.
Change-Id: Ie1248c9440172b85ffbb05461ef1ee07c371fc3c
Reviewed-on: https://code.wireshark.org/review/19795
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I8c614189159f1263d9452d495cee34d1a2c1bfcb
Reviewed-on: https://code.wireshark.org/review/19790
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Bug: 13346
Change-Id: I83175fefeef5035039e378dd68ffdcd0787970b8
Reviewed-on: https://code.wireshark.org/review/19775
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I22b64a10ab3d0dcaccbea775b03ef3f82797697f
Reviewed-on: https://code.wireshark.org/review/19784
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
After converting port preferences to use Decode As entries the preference
editor was no longer used when changing port number pereferences from the
Packet Details popup menu.
Change-Id: Ifeff3b88bfd96a122b6a58d8917304eb69cf0c38
Reviewed-on: https://code.wireshark.org/review/19781
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
sharkd does not perform any capturing, so do not include related
libraries and files. This fixes the CMake build too.
Change-Id: Ie002b09dbf60070e34dacc8ae7dadee6690d4db8
Reviewed-on: https://code.wireshark.org/review/19786
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Change-Id: I4f961061f67aab86270f03c8f320245cf80ab70e
Reviewed-on: https://code.wireshark.org/review/19782
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
|
|
Bug: 13348
Change-Id: I64abc79475087f1c971419629b5c86e646123f3f
Reviewed-on: https://code.wireshark.org/review/19776
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I0e831a5448fc6247ccca033ae512a3fa74351c63
Reviewed-on: https://code.wireshark.org/review/19779
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
sharkd listens on UNIX socket and allows external clients
to run commands like: loading file, analysing frames or running TAP(s).
Change-Id: I443b2865e4adfd1c11f4f57d09ff7fce6b1e8766
Reviewed-on: https://code.wireshark.org/review/18208
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Jakub Zawadzki <darkjames-ws@darkjames.pl>
|
|
Do the NLRI length checks in the switch cases for each route type, and
do them for *all* route types, rather than throwing a random check in
for one particular route type.
There is no need to fail up front for unknown route types; at least
dissect the type and length, and fail in the switch statement.
Dissect the route descriptor in each of the switch cases, after the
length check, rather than doing it up front.
Add a comment noting where the prefix route type comes from.
Change-Id: Iae26ecd467d4b36dbcf52e7998bd2881405281aa
Reviewed-on: https://code.wireshark.org/review/19774
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I6e4fc624e6b4270a1db2b680e4d449c504bd56ee
Reviewed-on: https://code.wireshark.org/review/19773
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I547dd12479b9634d8176eca9fd2ae6c9e1f87981
Reviewed-on: https://code.wireshark.org/review/19772
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: Ided8496b1d57a7906c805bca4ed848903d553721
Reviewed-on: https://code.wireshark.org/review/19771
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I30812657e3fa5dc21e64ed2fb7605e5f2a36ab03
Reviewed-on: https://code.wireshark.org/review/19770
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Adds support for IndigoCare nursecall protocols
Bug: 13241
Change-Id: I83098c15d467ea42da8301c6b6a5568d9892fc60
Reviewed-on: https://code.wireshark.org/review/19224
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: Ida9d2e6d632104ec3c6594f5ec500fec49a971a4
Reviewed-on: https://code.wireshark.org/review/19754
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I17a8b51dbcb502624a83177135b31fdbe72fa118
Reviewed-on: https://code.wireshark.org/review/19753
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: Ibb6494e1f180ec8187d260245731d33ac16085eb
Reviewed-on: https://code.wireshark.org/review/19745
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I3f950ce227818b6dae11ac89e4a8ec636294a6ec
Reviewed-on: https://code.wireshark.org/review/19740
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Dario Lombardo <lomato@gmail.com>
|
|
Point to the FreeRADIUS man page for the dictionary file format, and
mention features we don't support - including features *not* documented
in the man page.
Change-Id: I08085062a6abcafb9dd0abe5b1edee53187ea23f
Reviewed-on: https://code.wireshark.org/review/19762
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Added examples for the matches, contains and bitwise_and operators.
Most of the text and the examples have been taken from the wiki and the
wireshark-filter manpage.
Bug: 13320
Change-Id: Icd9a325c05ecd4ecd1cbde8162a4c88cae335d1d
Reviewed-on: https://code.wireshark.org/review/19758
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Capinfos might return 1 *or* 2 for an invalid capture.
Change-Id: I1ff2ed2a5b252a77a894ad3fe10c983e9a2a1bc0
Reviewed-on: https://code.wireshark.org/review/19752
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|