Age | Commit message (Collapse) | Author | Files | Lines |
|
Like bug 11447, when wiretap reads a legacy PCAP file it needs to
set the interface description's tsprecision member. And like bug
11447, I'm wondering why we have the field to begin with. But I'm
fixing this so that the Windows buildbots can get going again.
Change-Id: I71d0fe2e999ee7d11f1f5cc424681a99e17b1b1b
Reviewed-on: https://code.wireshark.org/review/10139
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
|
|
Down the rabbit hole we go...
Change-Id: I8371b95b85128209b56960eb6e54648a6babbb84
Reviewed-on: https://code.wireshark.org/review/10137
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
|
|
Change-Id: I1cf5d22e12241ef330319ef8fdf176becdefe300
Reviewed-on: https://code.wireshark.org/review/10131
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Change-Id: I82b2d4e4b0be8179103b827e0d11a0d8b10e1374
Reviewed-on: https://code.wireshark.org/review/10133
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
This change will be undone once the problem is found.
Change-Id: Ica9cfe31b4e30fad2bb9de508af61baa1c455cc1
Reviewed-on: https://code.wireshark.org/review/10136
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
|
|
Change-Id: I58c1cbb242c20737dd16a0477858b0225c0b5d14
Reviewed-on: https://code.wireshark.org/review/10051
Petri-Dish: Balint Reczey <balint@balintreczey.hu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Balint Reczey <balint@balintreczey.hu>
|
|
Change-Id: Id790ee61d3443e2f96a83260514fa3a6d31d09da
Reviewed-on: https://code.wireshark.org/review/10050
Reviewed-by: Balint Reczey <balint@balintreczey.hu>
|
|
Change-Id: I6cd8f98518b21e935b329f5470b706ec059c91eb
Reviewed-on: https://code.wireshark.org/review/10129
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
The tap_sequence_analysis was adapted to store the protocol of each
frame. Therefore a new variable was introduced. In case of an ICMP or
ICMPv6 packet, the ICMP message type and code is retrieved. The adapted
ICMP and ICMPv6 dissector stores both values in packet info (see [1]).
In case of ICMP and ICMPv6 packets, the source and destination port is
not set or 0, respectively. Compared to that, the NetFlow service export
protocol [2] codes the ICMP message type and code into the port numbers.
The source port is zero while the destination is defined as: destination
port = ICMP type * 256 + ICMP code. This definition was implemented for
the ICMP and ICMPv6 packets.
References
[1] https://code.wireshark.org/review/10097
[2] http://www.ietf.org/rfc/rfc3954.txt
Change-Id: I07518e360975682a3f45e80cb24f82f58cfb15f0
Reviewed-on: https://code.wireshark.org/review/10098
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
found by Clang
Found also by Coverity (CID 1316607)
Change-Id: Ib6a4437fd24b51a8aa87d4bcdb5ee2a1dc43dae3
Reviewed-on: https://code.wireshark.org/review/10124
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
|
|
Change-Id: I5048da723ddecde931956ed1af77438f823c1990
Reviewed-on: https://code.wireshark.org/review/10125
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
|
|
Change-Id: I105da06b7161a5b5f0cc2b4ce5303c4d5c989280
Reviewed-on: https://code.wireshark.org/review/10126
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
|
|
When fields have changed the compiled display filter may be invalid
or need a recompile to be valid.
Filters which are not valid after a recompile is set to a filter
matching no packets (frame.number == 0) to indicate that this does
no longer match anything. We should probably have a better filter
matching no packet for this purpose.
Change-Id: Id27efa9f46e77e20df50d7366f26d5cada186f93
Reviewed-on: https://code.wireshark.org/review/10123
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
https://www.iana.org/assignments/ethernet-numbers/ethernet-numbers.xhtml
Change-Id: I997440b7622dae4ea25d94e4041971f89b63fd04
Reviewed-on: https://code.wireshark.org/review/10121
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Change-Id: Iaef41fa2a212577f1fbdf7705eca65a928faa8c3
Reviewed-on: https://code.wireshark.org/review/10122
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Change-Id: I276331070c654e6c57bccb2c26cd0430ac656b26
Reviewed-on: https://code.wireshark.org/review/10069
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Add a test suite for mergecap (and indirectly capinfos I guess).
This is not exhaustive, but it's a start.
Change-Id: I9442b4c32e31a74b1673961ad6ab50821441de3e
Reviewed-on: https://code.wireshark.org/review/10082
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Add more information about the capture file, and about the interface
descriptions in it. Also remove long-unused g_options code.
Change-Id: I93cbd70fc7b09ec1b8b2fd6c85bb885c7f749543
Reviewed-on: https://code.wireshark.org/review/10073
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Bug: 11340
Change-Id: I04408db376718c7a5392f9521d7d75d0481ec30e
Reviewed-on: https://code.wireshark.org/review/9514
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I1e32f666118e36f48edcc1678d75db3ca3f62776
Reviewed-on: https://code.wireshark.org/review/10075
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
|
|
Change-Id: Ib61ed614c3cfb6885d81a61d82b0974beba786f5
Reviewed-on: https://code.wireshark.org/review/10068
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
|
|
Change-Id: Ic06e50a30330758d6ed0b1b1d9ba0d7f74929a9a
Reviewed-on: https://code.wireshark.org/review/10111
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
|
|
Also use TEST-NET-1 for IPv4 examples.
Replaced note using comma with parentheses
Change-Id: I9855207aec7a335b80986aa63bd235edc4278d3a
Reviewed-on: https://code.wireshark.org/review/10061
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
|
|
Change-Id: I0f6e57b7f16526e7c1b96fb8bd69c003c89b7f42
Reviewed-on: https://code.wireshark.org/review/10119
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
|
|
Add the UDP multicast stream dialog. Abuse TapParameterDialog a bit more
so that we can edit parameters.
Remove some unused struct members and an unused function.
Change-Id: I962c70344e792f0959527e4bcba8a20bd7e8acf9
Reviewed-on: https://code.wireshark.org/review/10084
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Move an include guard to match our conventions (and make it easier
to spot).
Change-Id: I4bad61a0194219f69217713d051e0ff53ff5a76a
Reviewed-on: https://code.wireshark.org/review/10110
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
function declaration [-Wdocumentation]
Change-Id: I69814a05fa6ad65315e36fa75ae60634e934be5c
Reviewed-on: https://code.wireshark.org/review/10117
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: Ife7170c050402ab94d368acc6c233714be764824
Reviewed-on: https://code.wireshark.org/review/10114
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I7179d7918e7958373806fb9627a36554ab4b9ddc
Reviewed-on: https://code.wireshark.org/review/10115
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
Use common code for all time stamps, so it's handled the same for the
Packet Block, Enhanced Packet Block, and Interface Statistics Block.
Show the high and low parts of the time stamp as fields; file dissectors
should show the raw file details. Mark the calculated time stamp as
generated, as it's not the raw file data.
Get the 64-bit time stamp by shifting the high part left 32 bits and
ORing in the low part; no need to play games with unions and byte order
Change-Id: I19b2c3227a3ca1e93ec653f279136aa18687581f
Reviewed-on: https://code.wireshark.org/review/10116
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
"secs" in an nstime_t is a time_t; cast the calculated seconds portion
to time_t.
Change-Id: Ieaad4c18bb21384a5781f50eadd3a537b414a369
Reviewed-on: https://code.wireshark.org/review/10113
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: Iddd2b4a0ceb409db1afb1a412339134634de631c
Reviewed-on: https://code.wireshark.org/review/10104
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Change-Id: I51e14a280ba898a321455168ac8ded1853f55e64
Reviewed-on: https://code.wireshark.org/review/10109
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Widgets using prefs must be closed because the prefs may have
been free'd when reloading Lua plugins.
Change-Id: I4b79b7aff18d7923c77a9eb05acadc29b156edbf
Reviewed-on: https://code.wireshark.org/review/10108
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
Refactor the file merging code by removing the duplicate logic from mergecap.c
and file.c's cf_merge_files(), into a new merge_files() function in merge.c.
Also the following user-visible changes:
* Removed the '-T' encap type option from mergecap, as it's illogical for
mergecap and would complicate common merge code.
* Input files with IDBs of different name, speed, tsprecision, etc., will produce
an output PCAPNG file with separate IDBs, even if their encap types are the same.
* Added a '-I' IDB merge mode option for mergecap, to control how IDBs are merged.
* Changed Wireshark's drag-and-drop merging to use PCAPNG instead of PCAP.
Bug: 8795
Bug: 7381
Change-Id: Icc30d217e093d6f40114422204afd2e332834f71
Reviewed-on: https://code.wireshark.org/review/10058
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I8aa4695f1f8dfdfc5bfcd4fb4f36e1b332581d5a
Reviewed-on: https://code.wireshark.org/review/10106
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Found compiling with gcc version 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04).
Change-Id: I21bd3a5ab3365f0065c919aba7d6bd00b878d041
Reviewed-on: https://code.wireshark.org/review/10105
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
|
|
Typo:
file.pcapng.c -> file-pcapng.c
Change-Id: I72c40fd086f1b68b69e950c065877b2733279a04
Reviewed-on: https://code.wireshark.org/review/10102
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Show next layers of each packet.
Change-Id: I8c56eab969fef9a0a712b479dc2cdef6cc1578ae
Reviewed-on: https://code.wireshark.org/review/221
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
They have educational values and can be used to debugging some issues.
Now Wireshark can open three files (BTSNOOP, PCAP, PCAPNG)
in two modes: Capture (Traditional) and File-Format.
Change-Id: I833b2464d11864f170923dc989a1925d3d217943
Reviewed-on: https://code.wireshark.org/review/10089
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
It works similar to tcp_dissect_pdus, but only works on a single packet. Intended for protocols that go over TCP and UDP so that they can have a common dissection function.
Will of course, also work on UDP-only protocols with a fixed length header and size.
Used DNP3 as a guinea pig since "multiple PDU support" over UDP was just added.
Change-Id: Ib7af8eaf7102c96b4f8b5c1b891ae2d8f0886f9d
Reviewed-on: https://code.wireshark.org/review/10083
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
+18 ATT attributes to be implemented (IPS 1.0 - 19 May 2015, etc.)
Change-Id: Ib30ea20fe9b32a4be842f01ad5b8e8ee081a14ff
Reviewed-on: https://code.wireshark.org/review/10095
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Add 14 attributes (not as easy as the previous),
there are still 19 + 3 (no idea for now [Valid Range, Report, IEEE 11073-20601
Regulatory Certification Data List]) attributes to be implemented (soon).
Change-Id: Iee5cde4673b62f93084923a592b11824c0683605
Reviewed-on: https://code.wireshark.org/review/10094
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
QString.toUtf8() returns a QByteArray object and .constData() returns
a pointer inside that object. It is not safe to store this pointer as
it will become invalid after the statement.
Change-Id: I8f54ede75577719008835038934e935cd5feba3f
Reviewed-on: https://code.wireshark.org/review/10067
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
see https://code.wireshark.org/review/#/c/9976/
Change-Id: Ic301db4deea1a02b9e08c123b3e21e70817a2c85
Reviewed-on: https://code.wireshark.org/review/10097
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Fix build error:
ui/qt/packet_list_model.cpp:270:5: error: 'sort' is not a member of 'std'
std::sort(visible_rows_.begin(), visible_rows_.end(), recordLessThan);
Change-Id: I3a577a268f6c12e8fd97b7b6fd2429989c28e2f5
Reviewed-on: https://code.wireshark.org/review/10092
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
I hope it is quite right solution.
Change-Id: Ia9c883a832ddd03985eda37a9b344c4d7c8135e2
Reviewed-on: https://code.wireshark.org/review/10091
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Change-Id: I8516d0c561ed0b63e49a3594027c9c15bb789258
Reviewed-on: https://code.wireshark.org/review/9726
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
* use the offset variable to keep track of where we are,
remove the position variable
(previously, offset remained 0 all the time...)
* use proto_tree_add_item()
* highlight the correct bytes for each field
* define a block type and block length instead of
naming these fields differently for each block
* indent by 4 spaces
Change-Id: Ie0995e5fe6364605fd30020f171e51458844fa59
Reviewed-on: https://code.wireshark.org/review/10080
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
|
|
Change-Id: I32fdf085ef484d147d9f0b27c56efba41bb827bf
Reviewed-on: https://code.wireshark.org/review/10086
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|