| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Change-Id: If2a2d6af94458a72dc304eae3cacac0a4af2d25a
Reviewed-on: https://code.wireshark.org/review/20092
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Ifbee604f25c27076750f41ada9dfef6157ac7819
Reviewed-on: https://code.wireshark.org/review/20180
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
draft-ietf-idr-aigp -> RFC7311
draft-ietf-idr-ls-distribution -> RFC7752
draft-ietf-idr-large-community -> RFC8092
Change-Id: Ia05809ed88514f3a0c221af2aaea779f24be99e7
Reviewed-on: https://code.wireshark.org/review/20187
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I18f01f8c989a8d25a168761f22b4cf6e2b51bf18
Reviewed-on: https://code.wireshark.org/review/20182
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
I added a few TNS pcaps on the SampleCaptures wiki and tested with all
of them.
With this patch I get an error (malformed packet) on 'Set Protocol'
response. Peter Wu fixed it by this patch:
https://code.wireshark.org/review/#/c/20098/
Change-Id: Ia41ba7d229a5332740c57853b1929764604eda03
Reviewed-on: https://code.wireshark.org/review/20165
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Ib6b7424ac38a08efebc3b86aca4dc6641f6c7585
Reviewed-on: https://code.wireshark.org/review/20178
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
|
|
Update manuf, services enterprise-numbers, translations, and other items.
Change-Id: I2796bfe2a186adfe14adaf09c0fef65e765c474a
Reviewed-on: https://code.wireshark.org/review/20183
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Change-Id: If7a28ba305bed9f63f200f8a8a27a796f2df9c07
Reviewed-on: https://code.wireshark.org/review/20015
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
The fixes involve functions always returning a string that needs to be
freed by the caller. That way the static string pointers within the functions
don't end up leaking at program end.
Change-Id: I35a8dc37536c2927d88f33217887f62efafcc8ca
Reviewed-on: https://code.wireshark.org/review/20175
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Was still using tag type + length when doing offset calculations.
Change-Id: I778f56f28fa1ccec57c5192df4f8e4aa99e45e45
Reviewed-on: https://code.wireshark.org/review/20174
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
In commit 35cf66d8bd2d225ab4dad39f5af5253ab6c8caa9 four existing
objects were renamed for no good reason. Restore original names.
Also remove unnessary Darwin options from packet block options
and remove leftover include.
Change-Id: I9dfa642639af13e73b519438b82b1b2a77546c7c
Reviewed-on: https://code.wireshark.org/review/20171
Petri-Dish: Jim Young <jim.young.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jim Young <jim.young.ws@gmail.com>
|
|
Change-Id: I76ea675625ef2812f51bad0c37f6c58060897f55
Reviewed-on: https://code.wireshark.org/review/20172
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I22d91cad10f925e7634c246ef9d22abe59fd9b51
Reviewed-on: https://code.wireshark.org/review/20170
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
i known... not longer recommanded but i prefer
Change-Id: I0114202a2f1d7045524aa9fe254209c93d510b7d
Reviewed-on: https://code.wireshark.org/review/20169
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Iecd662a60ffc96e5d4900c716766fd376a6b2c14
Reviewed-on: https://code.wireshark.org/review/20168
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
A user reported that the TNS dissector would show "Malformed Packet" in
the Info column in Qt. The actual packet details and Expert Info dialog
however had no trace of the issue.
It turns out that proto_tree_add_item_new_ret_length did not correctly
set the length. Test case (based on pcap from SampleCaptures wiki):
tshark -r TNS_Oracle1.pcap -w 19.pcap -Y frame.number==19
tshark -r 19.pcap -Y tcp
Change-Id: I82cb1ccbc7c3b33d2bcdb22f89a1754c1a4575e7
Fixes: v2.1.0rc0-1394-gc67c6e8f30 ("Add routines to add an item and return the item's real length.")
Reviewed-on: https://code.wireshark.org/review/20098
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Idff606297f72238f8539cb00ea394ee80fcb502c
Reviewed-on: https://code.wireshark.org/review/20074
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I1cf3a4ce3b21b2e10887cbef5576e5e028e55bab
Reviewed-on: https://code.wireshark.org/review/20052
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Iac2805c0130bd2ba6cdb3c9dd997050274d58d99
Reviewed-on: https://code.wireshark.org/review/20020
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I719706e04668aa50ed0eb6184681943718b67f00
Reviewed-on: https://code.wireshark.org/review/20164
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I4881bf8e16c75d34ff3421230b763803c1d2f43b
Reviewed-on: https://code.wireshark.org/review/20055
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
This patch augments the MIME based file-pcapng dissector to allow one to
more easily examine pcapng blocks that contain Darwin Process Information.
With this patch one can dissect and inspect, albeit as a MIME object, the
Darwin process information elements contained within an Apple augmented
pcapng file:
$ wireshark -X read_format:'MIME Files Format' -r bug12587.pktap.pcapng
$ tshark -V -X read_format:'MIME Files Format' -r bug12587.pktap.pcapng | egrep '^ Block:|Darwin .* =' | less
Apple's macOS provides an enhanced tcpdump with a pktap interface option
that supports the collection, display and storing of Darwin process and/or
service class information related to each captured packet. Using Apple's
pktap interface during a live capture the process information may be
revealed using Apple's tcpdump -k [metadata] option.
Apple's tcpdump -k option augments tcpdump's standard report with an
additional parenthesized () set of information inserted after the packet
timestamp. If the capture file actually contains Darwin process
information, Apple's tcpdump -k could include the interface name (or
interface id), process id, process name, process_uuid, service, and/or
direction for each packet depending on the value of the -k's [metadata]
argument provided (if any).
If the Apple tcpdump trace is captured to disk, the Darwin based process
and service information is saved in pcapng format augmented with several
new Enhanced Packet Block options (32779, 32780, 32781) along with a new
block type (0x80000001) called here a Darwin Process Event Block (DPEB).
The Darwin Process Event Block is used in a manner similar to a pcapng
IDB in that it contains process event information that is referenced by
later EPB's via the EPB options Darwin DPEB ID (32769) and Darwin EDPEB
ID (32871). EPBs may also include the Darwin Service Class option (32770)
which includes a numeric value that maps to a mnemonic service class.
A PKTAP enhanced pcapng file can later be read back in with Apple's tcpdump
along and the help of its -k option to display the original Darwin Process
Information. Packets collected using Apple's remote virtual interface
(rvictl)[1] from iOS devices can also contain Darwin Process Information.
Note: This is a first step to help determine what will be necessary to
eventually display any available Darwin Process Information within
the Frame tree when an Apple PKTAP enhanced pcapng file is opened
naturally in Wireshark and not as a MIME object.
[1] https://developer.apple.com/library/content/qa/qa1176/_index.html
Ping-Bug: 13096
Ping-Bug: 12587
Change-Id: I180e661dab0b0096a711603b53270105390d05e2
Reviewed-on: https://code.wireshark.org/review/20157
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Bug: 13337
Change-Id: I695530c29b9b0f76eab65503dcba97d19af343fb
Reviewed-on: https://code.wireshark.org/review/19706
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
All is does is lead to memory leaks.
Change-Id: Ia20b95c9a7ae36df5b902cf59b33fbd046c2da56
Reviewed-on: https://code.wireshark.org/review/20076
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
proto_find_finfo doesn't have NULL tree protection, so protect it from
transum dissector.
Bug: 13395
Change-Id: I1037c675cf10b959f116b20b12cc7b388c175cd3
Reviewed-on: https://code.wireshark.org/review/20077
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Format of the data is described by MS-SQOS document -
see https://msdn.microsoft.com/en-us/library/mt226249.aspx
Both v1.0 and v1.1 are handled.
Also few cosmetic fixes for
dissect_smb2_FSCTL_QUERY_SHARED_VIRTUAL_DISK_SUPPORT
Bug: 13417
Change-Id: If7b793042257112d8f16f739d09aafe168443960
Reviewed-on: https://code.wireshark.org/review/20156
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
For SCSI packets tunnelled via RSVD, the logic of
SCSI Payload dissection should be:
-For SCSI IN transfer type (DataIn=1), display SCSI Payload of reply packet only.
-For SCSI OUT transfer type (DataOut=0), display SCSI Payload of request packet only.
-For non-data transfer type (DataIn=2) don't display SCSI payload even if DataBuffer is non-empty.
Minor fix: display RSVD DataBuffer BEFORE SCSI Payload in response packets.
If SCSI dissector failed (malformad packet), binary DataBuffer blob
will be still displayed in SVHDX_TUNNEL_SCSI_RESPONSE subtree.
Bug: 13403
Change-Id: Ia4fec817ae30799b763ae9d96c312fb7771d1618
Reviewed-on: https://code.wireshark.org/review/20089
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Id88fe84189b8baa597eaa69159395cdc4bc56195
Reviewed-on: https://code.wireshark.org/review/19951
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I0275228c3f3e03d817ce886fc949a65426dbc9cf
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Reviewed-on: https://code.wireshark.org/review/19737
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
One GIANT switch statement is a little difficult to maintain, so convert each
case into its own function and add them to a dissector table. Many of the
case statements were already their own function, but signatures needed to
be converted into dissector_handle_t
-1 was uses as the protocol for the dissector handles because there isn't
a need to be associated with a protocol. This also allows third-parties
and plugins to add tagged fields outside of Wireshark using the new
dissector table.
Change-Id: I5e4c705dd6a7d99549a27ae684dbde4c47774123
Reviewed-on: https://code.wireshark.org/review/19670
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Move the search for the libgcc_s_seh and _sjlj DLLs to the GLib directory.
That's the only place it currently exists on the 64-bit builder.
Change-Id: Icf55dacf061d9423e78cabeaf16aa539ccb619bb
Reviewed-on: https://code.wireshark.org/review/20162
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
The MSDN documentation for _read says
"If fd is invalid, the file is not open for reading, or the file is
locked, the invalid parameter handler is invoked, as described in
Parameter Validation."
This means that on Windows, if our parent has closed stdin when we call
_read we'll crash. Add a check to bail out early if that's happened.
Fix a sign cast while we're here.
Change-Id: I8afb75f6e56c6a6c2b62103ba7e2fb635dc85702
Reviewed-on: https://code.wireshark.org/review/20153
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
iBeacon is manufacturer specific (Apple) data in advertising packets.
Based on: https://developer.apple.com/ibeacon/Getting-Started-with-iBeacon.pdf
Use DecodeAs on advertise packet using field "BT EIR/AD Manufacturer Company ID"
then select this dissector "Apple iBeacon".
Change-Id: Ie3e50a391914054f33144d99734cf59fbda9683e
Reviewed-on: https://code.wireshark.org/review/19970
Petri-Dish: Michal Labedzki <michal.tomasz.labedzki@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I4f9ce7f65da0349b962f6be317635c5acb2daf73
Reviewed-on: https://code.wireshark.org/review/20148
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
If a pane is not used in the layout it should not be possible to show
and hide this from the menu, as this may give unexpected results.
Change-Id: I335168e66e1dffc89992cad480dd7daaea7e9d59
Reviewed-on: https://code.wireshark.org/review/20140
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
Preserve pane sizes when rearranging layout content in the
preferences dialog.
Change-Id: I2af2a60424a7bf94f1f92e7c63e6a1823985b60d
Reviewed-on: https://code.wireshark.org/review/20145
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
Change-Id: I795fc3a3cf4ca93483f870d229668d7f747bb799
Reviewed-on: https://code.wireshark.org/review/20147
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
At startup, dig through the registry looking for shell extensions. If
any of them match known Dell Backup and Recovery DLL names and the DLL
version matches 1.8.*.*, show the user a warning dialog.
This is a bit extreme but I'm not sure what else to do. Dell is a popular
computer manufacturer and bug reports keep trickling in.
Change-Id: I6d1bd6c56850279356570154d231b07facb30cff
Bug: 12036
Ping-bug: 12701
Ping-bug: 13414
Reviewed-on: https://code.wireshark.org/review/16861
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Change-Id: Icb2198e4f32ad7e6993bd80c2bf38ed323fb9ba0
Reviewed-on: https://code.wireshark.org/review/20144
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
This patch presents Keep alive time out value in decimal as its ready to
read time in decimal.
Its adds (msec) string as its unit is in millisecond.
Change-Id: Ia7a1fc6e9cdbba86f8dae14d5fbb07a509d6b30f
Tested-by: paravpandit@yahoo.com
Reviewed-on: https://code.wireshark.org/review/20087
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I491bdfd3c206971244f26dfc2cfd8172347313c6
Reviewed-on: https://code.wireshark.org/review/20146
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I86292b3d736bb08b21c034bb45f1dcac19196740
Reviewed-on: https://code.wireshark.org/review/20142
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: Ia7c74a834d2384642cac7f9a2899313b9bac7c26
Reviewed-on: https://code.wireshark.org/review/20141
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Split panes in exactly equal sizes.
Change-Id: I4b984931e860160791497a299011489aa26ad4ef
Reviewed-on: https://code.wireshark.org/review/20139
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
Change-Id: Ib25ab0ba5b9d613d55fc54c0f3ef84cb7698754f
Reviewed-on: https://code.wireshark.org/review/20136
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
The packet length field gives the length of the *entire* packet, so, by
definition, it must not be zero. Make sure it's at least big enough for
the packet header itself plus one segment header.
Bug: 13416
Change-Id: I625bd5c0ce75ab1200b3becf12fc1c819fefcd63
Reviewed-on: https://code.wireshark.org/review/20133
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
This is what the GUI is expecting.
Change-Id: Ia51800fc7df2f978cf727dc326254b28d01ac9a2
Reviewed-on: https://code.wireshark.org/review/20126
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Change-Id: Ia8b68a718b6cee77b479594be09542fd7133ebe1
Reviewed-on: https://code.wireshark.org/review/20131
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
All we care about is whether the bit in question is set or not, so just
test whether (value & BIT) != 0.
Change-Id: I6a1eb6b09a7e64d4da9cf92423a44be17625310f
Reviewed-on: https://code.wireshark.org/review/20129
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Reset pane sizes when layout type has changed in the preferences
dialog to avoid “random” sizes.
Change-Id: I9ca830572e3d21cb4227de3d5d05449b759aec7e
Reviewed-on: https://code.wireshark.org/review/20122
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
