Age | Commit message (Collapse) | Author | Files | Lines |
|
We don't check HAVE_LIBPCAP elsewhere, and we do use GLib functions, but
don't use the GLib dynamic-loading APIs ourselves, and don't appear to
use anything from libpcap or libwiretap, so include only <glib.h> and
include it unconditionally.
Change-Id: I97f06f56b7d87c671c0aaea1a0e60f2df7adfbd1
Reviewed-on: https://code.wireshark.org/review/13067
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Extention -> Extension
Change-Id: I1624721b2e7725ec6129b3ad06327e25c0a6291d
Reviewed-on: https://code.wireshark.org/review/13053
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
VS2010 didn't like the extra ; in the variable declarations (C99 issue?)
Change-Id: Ic0fcd8342cdd3669172985a2d8023eb7b375c0b9
Reviewed-on: https://code.wireshark.org/review/13068
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Ie53b64f7e5b39a50dffb62fc0b886da71e0a3bd2
Reviewed-on: https://code.wireshark.org/review/13066
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: If4bbdfc4f185c3fb33211250d1e4aeff09d72d9c
Reviewed-on: https://code.wireshark.org/review/13065
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
That makes it clearer that they're libwiretap headers.
Change-Id: Ia78a3496913b901073ee59e62bfb72c1677450fa
Reviewed-on: https://code.wireshark.org/review/13064
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: If08fd1481e58f785fed90a7d8c24aa2a1e0f3df7
Reviewed-on: https://code.wireshark.org/review/12958
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I4d54b851e3bd316e10edea29d1d7e311be338c71
Reviewed-on: https://code.wireshark.org/review/13054
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
If we're dissecting heuristically, and we don't have the full fragment,
but it looks like the beginning of an RPC call or reply, ask for more
data rather than rejecting it.
That way, we can recognize handle large calls and replies, such as large
NFS writes, when transported over TCP.
Clean up conversation handling while we're at it.
Bug: 11955
Change-Id: I0237255165a277a051d355810f1500cf4228d7c8
Reviewed-on: https://code.wireshark.org/review/13061
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Disable promiscuous mode, snaplen, buffer size and monitor mode
settings for extcap interfaces.
Bug: 11865
Change-Id: I20c67815ece99b8e742e36c727f415931b87af1f
Reviewed-on: https://code.wireshark.org/review/13023
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
Regular expressions follow the Qt Regex syntax, which is
formulated after the Perl Regex syntax. A more detailed
overview of the possible rules can be found at:
http://doc.qt.io/qt-4.8/qregexp.html
If a required option is present, even the double-click on
the interface will first start the options dialog (Qt only)
Required fields are marked bold and put first in the dialog.
Additionally if validation failes (which it will if a required
field is kept empty, but also if a non-required textfield is
violating the defined regex), the label of the field is marked
with red.
Change-Id: If04a1146d0dfa778332ab2a39122c7a6ee1e93d2
Reviewed-on: https://code.wireshark.org/review/12914
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
Change-Id: I080bcb25edcee0c38984cd1a7f7f36a7fd3ff36c
Reviewed-on: https://code.wireshark.org/review/13055
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
Change some Netscaler ICA fields to display absolute time and
not epoch timestamp seconds.
Change Process ID field to display decimal number
Change-Id: I57eb8883f4699072df90c0ea351e4bce3313dc0e
Reviewed-on: https://code.wireshark.org/review/13049
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Change-Id: Ie91b5a1a06a20c37973e9de228bde01947eab871
Reviewed-on: https://code.wireshark.org/review/13050
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
This makes it possible to use a capture filter on an interface
with user DLTs (147-162).
Bug: 11656
Ping-Bug: 11668
Change-Id: Ie9931b27e8dc8ea239e7e04e26d0ae1cacba50c9
Reviewed-on: https://code.wireshark.org/review/12996
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
Add support for Generic Framing Procedure. Generic Framing Procedure (GFP)
is used to map octet-aligned variable length payloads (e.g. Ethernet, MPLS,
octet-aligned PPP, IP) into octet-synchronous signals such as SONET/SDH
(ITU-T G.707) and OTN (ITU-T G.709). GFP is a telecommunications industry
standard defined in ITU-T G.7041/Y.1303.
(https://www.itu.int/rec/T-REC-G.7041/)
Bug: 11961
Change-Id: Idf5b311e82b051b1ee65bde5149b3de405537b02
Reviewed-on: https://code.wireshark.org/review/13043
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I9e53a0cd2f1b12717498e158d96d800338e01adf
Reviewed-on: https://code.wireshark.org/review/13047
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
If we ever need to look at the value of any field in the packet, we
should do it the way we do in the RTP analysis code, rather than walking
the entire protocol tree.
Get rid of an unnecessary extra level of indirection for the filter
string.
Change-Id: Ie95c0171da79e7f24019a3f67396f6a533959881
Reviewed-on: https://code.wireshark.org/review/13046
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Instead, prime the epan_dissect_t's tree to look for rtp.ssrc, and
extract that value with proto_get_finfo_ptr_array().
Also, have the filter used to check whether the packet is a candidate
for RTP analysis to check for RTPv2 (and add a check for IPv4 or IPv6
back to the Qt version), and get rid of an unnecessary extra level of
indirection for that string.
In the Qt version, if findStreams() set the error string, don't
overwrite it with a "No streams found." indication, and fix error
handling for the "filter didn't compile" case.
Change-Id: I09d0ea37ccd4806d99e3b6394f2a8a376e974705
Reviewed-on: https://code.wireshark.org/review/13045
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Also protect against any badly registered protocol
Bug: 11958
Change-Id: I0c03f50c2c5478a9524ad06e669510ffb5739b21
Reviewed-on: https://code.wireshark.org/review/13041
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Bug: 11959
Change-Id: I594413b26bb33f38099046e26c1d20bba7f649fa
Reviewed-on: https://code.wireshark.org/review/13042
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Change-Id: I9ef842b4ed543cfbd199e49496bc01a09f71404b
Reviewed-on: https://code.wireshark.org/review/13039
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Change-Id: Ic279965ec4fff22825a9cf8e4819fb24f3cf8475
Reviewed-on: https://code.wireshark.org/review/13026
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
The message system includes mode-transition and alarm events by PLC
programmed blocks. The IDs in the mode-transition events are the same as
used in a SZL response, so I used the same decoding function.
Change-Id: If00990c21190ba0bed7933d6c8cfb590c6d8eab2
Reviewed-on: https://code.wireshark.org/review/13032
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Firstly, when building with autogen.sh and configure script, the
wireshark.pc is not generated at all. Then, due to not matching
names some variables are not being replaced as they should be.
Bug: 11069
Change-Id: Iefa7a9b536f3fee7f9ad78803aaacc5bb64a9c8d
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-on: https://code.wireshark.org/review/13005
Reviewed-by: João Valverde <j@v6e.pt>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I23806012fc4f7f3a791e380de0c364b5825f8951
Reviewed-on: https://code.wireshark.org/review/13037
Reviewed-by: David Morsberger <dave@morsberger.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
1. Populate packet number on follow HTTP handler.
2. Remove stream navigation (until its a little less buggy). This follows the convention of SSL which runs on top of a stream protocol (TCP), it's not a stream itself, which seems to be why its buggy.
Change-Id: Idf21be2a00a8fde0fbf16f40ca8c36a2a44b8993
Reviewed-on: https://code.wireshark.org/review/13027
Reviewed-by: David Morsberger <dave@morsberger.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
(Probably inserted by a script.)
Change-Id: Ibf4e4d84c0c036841971df8dad54a916502d6909
Reviewed-on: https://code.wireshark.org/review/13036
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
They're not just addresses, they also include a mask length for IPv4 and
a prefix length for IPv6. Rename them appropriately.
Rename the old ipv4_addr_and_mask() and ipv6_addr_and_mask() to reflect
that 1) they fetch data from a tvbuff and 2) *don't* fetch the mask
length or prefix length, those lengths are passed as arguments to
indicate how many bytes worth of address to fetch.
Change-Id: I4cad5a186ad7bfcb60022a91dbe8bc8479e6471f
Reviewed-on: https://code.wireshark.org/review/13035
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
By analogy to ipv4.h.
Change-Id: I147565b332024b1bb88e9cd15889255773d04524
Reviewed-on: https://code.wireshark.org/review/13034
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Update manuf, services enterprise-numbers, translations, and other items.
Change-Id: Ia31206d914b7e024d71a88edd2c66ed8b3cbf4be
Reviewed-on: https://code.wireshark.org/review/13028
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
get it themselves anyway.
Change-Id: I3817d12e473b67e26159e1562a08169e91f51d46
Reviewed-on: https://code.wireshark.org/review/13019
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Adding Follow HTTP Stream justified some refactoring and code removal.
Change-Id: I9b7ace83f8517e880e78193bb97ac32e3fc91114
Reviewed-on: https://code.wireshark.org/review/13015
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This automatically detects and decompresses HTTP along a TCP stream through the use of taps.
Bug: 3528
Change-Id: I8ab832d509700d0da8eabf3c3e514d8511c598d3
Reviewed-on: https://code.wireshark.org/review/13009
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
(That should also keep people from deciding that they don't want to
include <wsutil/nstime.h>, but still want to use Wireshark nanosecond
times, and do so by sticking a private incomplete definition of "struct
nstime_t" into the code.)
Change-Id: I94e863fe7083ebba254c3a718b85088a89fb6b7d
Reviewed-on: https://code.wireshark.org/review/13022
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Don't just define struct nstime_t yourself.
Change-Id: I275f53c6c9f34813898e7ffe4493583017fbf7f0
Reviewed-on: https://code.wireshark.org/review/13021
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Don't just define it yourself.
(And especially don't define it yourself if you're already including
epan/ipv6-utils.h.)
Change-Id: I9970d0edecef0c820b2a7fdce34509b54e7b3106
Reviewed-on: https://code.wireshark.org/review/13020
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
The TLV length includes the T and the V, so it must be at least 4; fail
if it's not.
If the IPv4 or IPv6 prefix length isn't valid, don't bother trying to
parse the rest of the addresses, just give up.
Don't bother returning offset values that aren't used.
Rename some routines to indicate that they process more than one item.
Add some comments while we're at it.
Change-Id: I6825216f0e7218e230d8d60d958b3c2453a3bb62
Reviewed-on: https://code.wireshark.org/review/13016
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: Ia799910f72674702c98f146525171d29f1b35432
Reviewed-on: https://code.wireshark.org/review/13006
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Reported by Fredrik Lönnman
Bug:11953
Change-Id: Icaff04122e8ed94751ea8aeb4069be2fc2dda52c
Reviewed-on: https://code.wireshark.org/review/13007
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I309764e9cd0784c674a3cd91050eb697404561c6
Reviewed-on: https://code.wireshark.org/review/13012
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I111558df3d36436ddf5e2728f113b022cc48a713
Reviewed-on: https://code.wireshark.org/review/13013
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I15bfda76256e5d1084ad7c64006f93afaf071a9e
Reviewed-on: https://code.wireshark.org/review/13010
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
git can be installed (or the path manually set) so that the msys
unix utilities supplied with git (expecially bash) are on the path
and then picked up by CMake. These utilities are not compatible with
the build and will fail.
This change checks the output of the --version option to the found
executable and ensures "cygwin" is found in the result. If not found
a FATAL_ERROR message is issued and the CMake generation is stopped.
Change-Id: I0eca014ae194862abbc8dee56d347526691e72cb
Reviewed-on: https://code.wireshark.org/review/13008
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
|
|
Change-Id: I83b96f8cdabbb3ae67172659492f5992c95fbe73
Reviewed-on: https://code.wireshark.org/review/13004
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Instead of an array of pointers to preference values, have an array
of preference values.
Clean up some white space while we're at it.
Change-Id: Iaa2cf6bcc2a271a5c2645ddbb2dbddba311b413d
Reviewed-on: https://code.wireshark.org/review/13002
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I496782308e2f2e9605f2256d7a482d50b086e49c
Reviewed-on: https://code.wireshark.org/review/13001
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
At least with Qt5.5.1 there is no duplicate clang_64 in the qt path.
Change-Id: I2ac66f246b3c9dbe2155ee8394d31e7d560faaf9
Reviewed-on: https://code.wireshark.org/review/13000
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
|
|
Change-Id: Idf4f1e461d3bc6e85f2760488ad566a4cd70c5ea
Reviewed-on: https://code.wireshark.org/review/12999
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Cleaned up handling of the qualifier field. Sub-parts are now
identified as the prefix and range rather than index and code.
This has changed the field names;
dnp3.al.objq.index -> dnp3.al.objq.prefix
dnp3.al.objq.code -> dnp3.al.objq.range
and the associated packet tree details text strings.
Change-Id: I42d51b71233303eaf8b37982dd15b5090918630b
Reviewed-on: https://code.wireshark.org/review/12998
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
|