Public Git Hosting - wireshark.git/log

macos-setup.sh: Sparkle setup fixes

- mkdir on macos 10.14.6 doesn't have a -f parameter
- set file ownership on tar extraction

Change-Id: I5d6341aba02b56abe0c1aa48e68c4c1b6af15379
Reviewed-on: https://code.wireshark.org/review/35115
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Jörg Mayer <jmayer@loplof.de>

print: fix ek output with -j option.

Bug: 16207
Change-Id: I95047f76430f5e83083b950a8ed7400e6cdd40ec
Reviewed-on: https://code.wireshark.org/review/35117
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

ssh: add direction generated field.

The direction of the packet is shown in the info column, but it's not
present elsewhere, making it hard to filter/plot graphs etc based on
the direction. Add it as generated field in the main tree.

Change-Id: I75dd37de338d555bdf8b807418b0ade7ab7d65ab
Reviewed-on: https://code.wireshark.org/review/35114
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

ssh: indentation fixes.

Change-Id: Id7915aeca33d358f436681e7154e810a32c8064d
Reviewed-on: https://code.wireshark.org/review/35113
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Qt: Fix dangling delete for sequence diagramm

Change-Id: I452bc718988dbb2f4dfbba037320b7b914efe380
Reviewed-on: https://code.wireshark.org/review/35120
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>

Qt: Drag and drop label text changed

The name was used instead of the filter

Change-Id: Id27d7ac45ecc9487183b33d56bea3f99290ce410
Reviewed-on: https://code.wireshark.org/review/35121
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>

Qt: Correct drag and drop with column header

Drag and Drop used the wrong filter name, fixing by using the correct one
and re-establish the feature

Change-Id: I7b3722c8087b4af7f2ea74f833ea130cbec0d19e
Reviewed-on: https://code.wireshark.org/review/35118
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>

Qt: Cleanup space inside parentheses

Remove randomly used space inside parentheses to make the coding
style uniform. Add space after if, for and while.

Change-Id: I519f5994b6f73d8a57a5004d51ca460276c618fe
Reviewed-on: https://code.wireshark.org/review/35112
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>

ReleaseNotes: Multi-selection of packets

Change-Id: I0003b0785aec17d6cb86f1020836f5caf07c9d08
Reviewed-on: https://code.wireshark.org/review/35089
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>

Qt: Multiselection in PacketList

This implements multi-selection for the PacketList. It
allows multiple lines to be selected, and either drag/drop
them to a text editor or use Ctrl/Cmd+C to copy the content
to a clipboard.

Opening the context menu disables the selection, and it
does not change the underlying currently selection. This is
done on purpose, as multi-selection is a copy-task only
functionality at this point

Export & Print work as expected, exporting just the selected
items. Same goes for the copy menu, which has the additional
entries for copying the list elements

Bug: 14612
Change-Id: I77960aa1ab1d172a21abfa469baac0cd57f9f9d9
Reviewed-on: https://code.wireshark.org/review/35073
Petri-Dish: Roland Knall <rknall@gmail.com>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>

[Automatic update for 2019-11-17]

Update manuf, services enterprise numbers, translations, and other items.

Change-Id: I5a453e0aeb29491152bce579ba11d65d0b05acc8
Reviewed-on: https://code.wireshark.org/review/35108
Reviewed-by: Gerald Combs <gerald@wireshark.org>

ICMP: fix parameter problem parsing

ICMP parameter problem has a pointer field where others have an unused
field. This change excludes the pointer field from the unused field.
Also clear up some comments related to code for RFC 4884.

Change-Id: I91569e096901cf8d59b8319adb1fed1248f93b5e
Reviewed-on: https://code.wireshark.org/review/35102
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Add cirrus-ci config file.

cirrus-ci is the first CI platform supporting free builds for
open source projects. The current cirrus-ci FreeBSD supported
versions are listed here

https://cirrus-ci.org/guide/FreeBSD/

The current FreeBSD maintained versions are listed here:

https://en.wikipedia.org/wiki/FreeBSD_version_history#Version_history

Change-Id: I5ab767efbae2138fd3b9b9cde7f0ef716bae2c5f
Reviewed-on: https://code.wireshark.org/review/35107
Reviewed-by: Anders Broman <a.broman58@gmail.com>

caputils: remove unneeded check.

Change-Id: Ie24598ac8f6dde4fe23e7f9ffe8dcf91e593a4cc
Reviewed-on: https://code.wireshark.org/review/35106
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

About Dialog: Add a copy to clipboard button for the version info

Make life a little simpler when asking for the version info on Ask

Change-Id: I51fd8a390398f7e42e3edcc889d9e53dbfd0980c
Reviewed-on: https://code.wireshark.org/review/35104
Petri-Dish: Roland Knall <rknall@gmail.com>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>

WSDG: Remove duplicate paragraph

Change-Id: Ia96444bc463337e0ffb050a05ce4d454dd18986d
Reviewed-on: https://code.wireshark.org/review/35103
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

QUIC: Add DATAGRAM frame type

DATAGRAM 0x30 and 0x31 (with length)

From https://tools.ietf.org/html/draft-pauly-quic-datagram-05

Change-Id: I8706316b81334cf27627d2c0c4a11333dbc2a7ee
Reviewed-on: https://code.wireshark.org/review/35101
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

QUIC: Add max_datagram_frame_size

from https://tools.ietf.org/html/draft-pauly-quic-datagram-05

Change-Id: Ie0433a9f19275be620806122449709410920c902
Reviewed-on: https://code.wireshark.org/review/35100
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Software update: Make our architecture detection more strict.

Change-Id: I1fd0de42aa33f18905b2ed80588c279fb5ae8ead
Reviewed-on: https://code.wireshark.org/review/35098
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>

CMake: Work correctly without Sparkle.

Set or clear SPARKLE_LIBRARIES and SPARKLE_INCLUDE_DIRS in
FindSparkle.cmake, similar to what we do in other modules. Use them
instead of SPARKLE_LIBRARY and SPARKLE_INCLUDE_DIR.

Change-Id: I023c711edd6a44421aadf85413da3207d9b08e64
Reviewed-on: https://code.wireshark.org/review/35097
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>

tools: fix echo in bsd-setup.

Change-Id: I17479e30ea70e7c9d080994330388b205bcf56e8
Reviewed-on: https://code.wireshark.org/review/35099
Reviewed-by: Dario Lombardo <lomato@gmail.com>

Software update: Fix a copy+paste error.

Change-Id: Id122e67df5ba662f0da84f5b412165c92460f223
Reviewed-on: https://code.wireshark.org/review/35096
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>

macOS: Application bundle fixes.

Copy Sparkle.framework correctly. Force signing so that we replace
Sparkle's signature with ours.

In osx-app.sh, don't sign a file or framework if it's already signed.

Fix the osx-dmg.sh usage message while we're here.

Change-Id: I697073d234958e1d8386650935a132237ad88f64
Reviewed-on: https://code.wireshark.org/review/35095
Reviewed-by: Gerald Combs <gerald@wireshark.org>

GTPv2: small fixes

- fix dissection of ULI
- fix a typo in gtpv2.gnodeb_id filter name

Change-Id: I271916fadb76247651ac0325fce8330e3a6f5f13
Reviewed-on: https://code.wireshark.org/review/35094
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>

macOS: Add support for automatic updates using Sparkle.

Add support for automatic updates using the Sparkle framework. Add
FindSparkle.cmake and associated CMake plumbing. Add a public key and
other info to Info.plist.in. Add ui/macosx/sparkle_bridge.{h,m}, which
wraps the Sparkle API. Make code that's specific to WinSparkle
Windows-only.

Add Sparkle installation steps to the macos-setup scripts. Sparkle
prints a warning if your bundle is unsigned (which is the case during
development) so disable installing it by default.

Updating here takes a long time. We might be able to fix that by
shipping our DSYMs separately.

Change-Id: I6cc6671db5657dadc514bda6bf6e1c8bbc9468a5
Reviewed-on: https://code.wireshark.org/review/35090
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>

GTPv2: fix wrong offset in FWRDRELREQ if Target Type is gNB ID

Change-Id: I7c26f5876be04de32244b098f97bf5c2502b0391
Reviewed-on: https://code.wireshark.org/review/35093
Reviewed-by: Pascal Quantin <pascal@wireshark.org>

tools: fix typos in generate-dissector.

Change-Id: Idd41f622aa1d14bc28dea38a7b8075a0934d619b
Reviewed-on: https://code.wireshark.org/review/35092
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Qt: Fix various LGTM.com reported issues

Mostly shadowed variables or similar minor issues

Change-Id: I98a76eb4cac1ba1356a239a0ed7beb550ced0651
Reviewed-on: https://code.wireshark.org/review/35091
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>

GTP: improve LTE/NR PDCP container configuration

- add destination IP address
- allow using * as a wildcard for TEID
- change some default values
To avoid backward compatibility issues with the older UAT configuration files,
we use new configuration files.

Change-Id: If9fe666dabd127334aa8d001ec59f7cc551fb818
Reviewed-on: https://code.wireshark.org/review/35051
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

tools: add automatic C skeleton dissector generator.

Generate a dissector based on doc/packet-PROTOABBREV.c.

Change-Id: I9233c1212acb30f7166ba91e39d98bc3fb123731
Reviewed-on: https://code.wireshark.org/review/35062
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Reviewed-by: Dario Lombardo <lomato@gmail.com>

Qt: Show custom column fields in context menu

Show the custom column field name in the column context menu to
improve usability when show/hide columns. The column title alone
may not be sufficient to separate different columns.

Change-Id: I52f249433b8090249af87725fa97eba302692918
Reviewed-on: https://code.wireshark.org/review/35088
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>

Qt: Fix column alignment check in context menu

Don't indicate "Align Left" when the column has default alignment,
because that may be wrong. Add back support for turning off custom
column alignment.

This is a regression from ge39f2bb5.

Change-Id: Ib9dc24067b02a44ffb2f3cd387f1c1c2a5c780ab
Reviewed-on: https://code.wireshark.org/review/35087
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>

ZigBee: Add APS conversations and extended counter

The APS counter is only 8-bit, which causes trouble for the
reassembly of fragments because packet counters are reused.

With this change the counter is extended to 32-bit to avoid
packet counter clashes.

Inspiration is taken from the RTP dissector.

Bug: 15021
Change-Id: Ibc61f40dd12b7a1bfd69b24ed5200d31229b69cb
Reviewed-on: https://code.wireshark.org/review/35072
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

test/suite_decryption: Add WPA3 SuiteB-192 bit test

Add a test to verify that PTK can be derived for WPA3 SuiteB-192
captures and that encrypted keydata field is decrypted so that
GTK can be dissected.
NOTE: Capture file contains no encrypted data frames as currently
Wireshark does not support decrypting GCMP-256 encrypted data.

Ping-Bug: 16197
Change-Id: I57fbc14a4b4bca58790c4edcee14f1ef73d73fd5
Reviewed-on: https://code.wireshark.org/review/35068
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

dot11decrypt: Fix MIC calc for HMAC-SHA384

The temporary buffer to store calculated mic is too short to keep
the message digest when using HMAC-SHA384 algo. HMAC-SHA384 yields
a message digest of 48 bytes so increase buffer size to make room
for the largest possible value.

Ping-Bug: 16197
Change-Id: I36fd094c39ce77329fb303fa181d286be694ae65
Reviewed-on: https://code.wireshark.org/review/35067
Reviewed-by: Anders Broman <a.broman58@gmail.com>

dot11decrypt: Fix KDF for larger PTK derivation

The key derivation function (Dot11DecryptRsnaKdfX) used for
deriving PTK use some hard coded hash length values making
it fail to generate full / correct PTK for 704 bit long PTK.
Fix by replacing hard coded values with acutal hash length
values.

Ping-Bug: 16197
Change-Id: I48847cdb019672dde76174efb0f17514c58ace51
Reviewed-on: https://code.wireshark.org/review/35066
Reviewed-by: Anders Broman <a.broman58@gmail.com>

dot11decrypt: Support 384 bit long PMK

With AKMS 00-0F-AC:12 a 384 bit long PMK shall be used. To be able
to support key derivation and decryption from this larger sized
PMK the user PSK / PMK key input validation code is updated as well
as the various places where a hard coded PMK size is used.

Ping-Bug: 16197
Change-Id: I39c9337e8a84095246e3db5ef33dc96fb78e5dc3
Reviewed-on: https://code.wireshark.org/review/35065
Reviewed-by: Anders Broman <a.broman58@gmail.com>

dot11decrypt: Dynamic sized TK, KEK, KCK, PTK

Use AKM, cipher suite and group cipher suite from RSNA to determine
key lenghts and offsets. This allows keys of different lengths
for PTK derivation, MIC validation etc.

Ping-Bug: 16197
Change-Id: I9a721fb9811db89357218b50a2a107cf945d3dae
Reviewed-on: https://code.wireshark.org/review/35064
Reviewed-by: Anders Broman <a.broman58@gmail.com>

dot11decrypt: Support dynamic MIC lengths

Not all AKMS use same MIC length. Last part to support both 16 byte
24 byte long MIC is to actually make use of the now known in mic
length in MIC check / validation function. Instead of hardcoded
length use the length in eapol_parsed struct received from
dissector.

Ping-Bug: 16197
Change-Id: I6585b7a54de4def9e5ff846c19f12059b90ffdf6
Reviewed-on: https://code.wireshark.org/review/35063
Reviewed-by: Anders Broman <a.broman58@gmail.com>

[RFC]ieee80211: Fix function to determine mic length

The ieee80211 dissector reuses the conversation concept to track
each association as one conversation. For this a simple counter
is incremented on each (re)assoc request frame.

There are two already existing hacky tricks for conversation lookup:

1. Each frame is marked with current assoc counter value
2. pinfo srcport and destport is then set to assoc counter value

With the above a conversation can then be looked up using the normal
conversation utility functions.

Though depending on the dissection flow a conflicting conversation can
be created eap dissector making the conversation lookup used for
function determine_mic_len return the one created by EAP dissector
instead with the effect that wrong mic length is returned.

Building further on this hack a way to solve this is to explictly
mark pinfo srcport destport whenever we're either creating or searching
for a "wlan conversation".

Uploading the patch to get some feedback on how this whole "wlan
conversation" thing can be properly solved. This error was discovered
when working on implementing support for bug 16197 where 24 byte long
MICs are used.

Change-Id: I7bd22cdf5d382a6c5f881ee29820f058d581a94e
Reviewed-on: https://code.wireshark.org/review/35050
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

dot11decrypt: Export Dot11DecryptDecryptKeyData function

Simplify the still quite complex Dot11DecryptScanEapolForKeys function
and further reduce frame parsing inside Dot11Decrypt engine. This is
done by breaking out the EAPOL keydata decryption step into a new
function Dot11DecryptDecryptKeyData to be called from dissector.

After this Dot11DecryptScanEapolForKeys can now focus on one
task, to scan for keys in (unencrypted) EAPOL key frames.

With keydata decryption step separated from the broadcast
key parsing step the dissectors' GTK parsing can replace
the Dot11Decrypt internal RSN GTK TAG parsing.

Change-Id: I3b89f40586b8b7dbe2ff74cfc30761010d5b80bc
Reviewed-on: https://code.wireshark.org/review/35022
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

dot11decrypt: Introduce Dot11DecryptGroupHandshake function

Break out the group handshake parsing from Dot11DecryptScanEapolForKeys
to a separate function. With this Dot11DecryptScanEapolForKeys logics
is simplified to either handle 4-way handshake or group handshake
message.

Change-Id: I2714d26623812066c888f7fea4b21eb03f22e510
Reviewed-on: https://code.wireshark.org/review/35021
Reviewed-by: Anders Broman <a.broman58@gmail.com>

dot11decrypt: Let dissector parse eapol frames

To be able to support authentication key management suites that use
different MIC, PMK, PTK lengths the engine would need to be extended
to support parsing EAPOL Key frames with variable field lengts. Though
as the IEEE 802.11 dissector already support this the alternative
(implemented in this patch) is to remove the EAPOL frame parsing inside
the engine and have the dissector feed it with a struct of parsed
fields instead.

For this a new type DOT11DECRYPT_EAPOL_PARSED is exported and
dot11decrypt now expects dissector to fill this struct with parsed
EAPOL fields before calling Dot11DecryptScanEapolForKeys.

Dissection of EAPOL fields is scattered over several functions in the
dissector code so parsed fields are temporarily stored in proto data
and then gathered before fed into dot11decrypt engine.

Change-Id: Ic6aeb4900f373dcde1ea3f1f0f24df2ae827576e
Reviewed-on: https://code.wireshark.org/review/35020
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

travis: add arch name to linux builds.

Change-Id: Ib39b366069fb8e0104368bc23cfe2263553fb9f4
Reviewed-on: https://code.wireshark.org/review/35083
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

travis: change linux distribution to bionic.

Change-Id: I4d0278dbe6ecd8ced3c0edd2afb55f7dedb82d58
Reviewed-on: https://code.wireshark.org/review/35082
Reviewed-by: Anders Broman <a.broman58@gmail.com>

travis: add ppc64le builds.

Change-Id: I4c85084bb4e54c521889d4549718ea5ecf24481b
Reviewed-on: https://code.wireshark.org/review/35081
Reviewed-by: Anders Broman <a.broman58@gmail.com>

bluecom: fix compilation under ppc64le.

Error:
../epan/dissectors/packet-bluecom.c:494:32: error: variable ‘segcode’ might be clobbered by ‘longjmp’ or ‘vfork’ [-Werror=clobbered]
guint cmd, flags, blocknb, segcode=0;
^
cc1: all warnings being treated as errors

Change-Id: I4534d1e95d0fb937ace34a757b7c9d36dd9e53b3
Reviewed-on: https://code.wireshark.org/review/35080
Reviewed-by: Anders Broman <a.broman58@gmail.com>

travis: add s390x builds.

Change-Id: Ib5460beffd185c5d5126302001701125955b973e
Reviewed-on: https://code.wireshark.org/review/35079
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Babel: fix regression introduced in gdd15b203c7

As specified in https://tools.ietf.org/html/draft-ietf-babel-rfc6126bis-15#section-4.7.1
the PAD1 sub TLV type has no length nor payload.

Change-Id: I0c03c48733ce8d3c85b29e1373391d42b23344c0
Reviewed-on: https://code.wireshark.org/review/35086
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>

SMB2: When we add the timestamp to a previous version also save it.

To make the adding of the timestamp to a name for a previous version
useful we also need to save it for that set of request. Then we get the
correct names printed out for subsequent request for that same file.

Change-Id: I5c554ae235303a7aea075df92827d6d219ccce56
Reviewed-on: https://code.wireshark.org/review/35076
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>

Qt: Fix statusbar messages

Commit 3c8c392 (https://code.wireshark.org/review/c/35071/) introduced
a regression where the messages in the status bar are no longer visible.
This change corrects that.

Change-Id: I23059a5013a65efe73454fc798048630a9e66792
Reviewed-on: https://code.wireshark.org/review/35085
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>

Qt: Fix displayfilteredit pop

Fixing the status message disappearing from the status bar

Change-Id: I16925a5a8ad6ac929e1c4da8e36e3cf8fa29db84
Reviewed-on: https://code.wireshark.org/review/35084
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>

travis: fix clang version name in xcode builds.

Change-Id: I9475fc9889c2a988ed8a7541471bb7912ace1643
Reviewed-on: https://code.wireshark.org/review/35078
Reviewed-by: Dario Lombardo <lomato@gmail.com>

smb2: namepsace => namespace typo

Change-Id: I48b816d0a8d566e91fb5b7b98bd3f4f0764dda43
Reviewed-on: https://code.wireshark.org/review/35077
Reviewed-by: Anders Broman <a.broman58@gmail.com>

TCP: increment nextseq for FIN and SYN packets

For TCP SYN and FIN flags sequence/acknowledgment number increments
by one. Therefore we should also increment the nextseq field.

With this commit we increment nextseq regardless of TCP data.
So far we did this only when there was TCP payload included (e.g. with
TCP Fast Open).

We do this direct for the hf field as the variable nxtseq is also used
for TCP sequence analysis and to dissect the TCP payload.

The in flights bytes are now correctly calculated when SYN or FIN bit
is set.

Furthermore this commit allows reassemble of segmented TCP payload also
with SYN bit set. This works also when payload overlaps (without option
analyzing sequence number enabled. Otherwise it is detected as
retransmission.).

Bug: 15964
Bug: 9882
Change-Id: I0b12f9ec9803e9367d4a8f9a6ceac759f7d56cbd
Reviewed-on: https://code.wireshark.org/review/34273
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Release notes: Add an item about following HTTP/2 and QUIC.

Change-Id: If3078136aa6996fda04eb4f18f36f142f7d18b1f
Reviewed-on: https://code.wireshark.org/review/35075
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Qt: Cleanup push/pop Infos

Currently push pop is propagated by a massive load of signals
which partly are also propagated through parent objects.

This moves the status handling to WiresharkApplication, also
pathlining future moves to move status to different classes or
use additional methods of status information

Change-Id: Ibcb2c98688f1adf40dce1483f336596ef992bb06
Reviewed-on: https://code.wireshark.org/review/35071
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>

cppcheck: Re-ignore asn1.

The asn1 directory was moved to epan/dissectors back in 2016.

Change-Id: Id22c99fa4e0cacf19ab0c5a6055e71abf94f6159
Reviewed-on: https://code.wireshark.org/review/35074
Reviewed-by: Gerald Combs <gerald@wireshark.org>

wsutil: add netinet/in.h to socket.h.

Fix compilation under FreeBSD x86.

Change-Id: Ifad9b21eb299e07e5a91424705e70b18e394eafc
Reviewed-on: https://code.wireshark.org/review/35061
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Qt: Signal empty display filter bar

If a display filter is applied, but the display filter bar
has been cleared by deleting the context (either by setting a
space or backspacing over the filter), it is not clearly indicated
that the filter is still being applied.

Bug: 12438
Change-Id: Ibd4c48b094467182ed51e9859e0d5fad770000c7
Reviewed-on: https://code.wireshark.org/review/35070
Petri-Dish: Roland Knall <rknall@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>

Reassemble: Fix typo

Change-Id: I63472001a825febed6b2fe88bca61bc2ea896ed3
Reviewed-on: https://code.wireshark.org/review/35069
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Revert "ieee80211: fix dissection of HE Phy Capabilities Information"

This reverts commit 39bbb90e783e8ab6b5bc435927e8f05ec809194e.

If you check 9.4.2.242.3 HE PHY Capabilities Information field, you will see the "Supported Channel Width" field starts from B1 of the "HE PHY Capabilities Information field", not B0.
The Table 9-231 Subfields of the HE PHY Capabilities Information fiel applies only for the Channel Width Support Field. So B1 of the PHY cap should be used as B0 of the channel width.

Bug: 16190
Change-Id: Iff5beaf93f57d535b70ffab4b51e4a163aaf3a6d
Reviewed-on: https://code.wireshark.org/review/35038
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

SMB2: Add @timestamp to the info column if we see a timewarp ECP.

When viewing the summary pane it is useful to know if the request is
for a previous version of a file. This is signalled by the existence of
TWRP Extra Create Parameter. If we see one, add the time string to
the info column.

Change-Id: I3564c2c38a1dd3aa13484bcb329577088025ca70
Reviewed-on: https://code.wireshark.org/review/35058
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Fix display of pino protocols in display filter dropdown

Qt GUI uses proto_get_first_protocol() to find the list of protocols
and build the autocompletion list. As pinfo protocols are stored in
another list, they are kept aside.
Let's add them in the same list as normal protocols.

Bug: 16130
Change-Id: I9ff67ea4198a8cc6baf3ded584c48eadfb097092
Reviewed-on: https://code.wireshark.org/review/34778
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>

Fix name of the "remove Wireshark from PATH" package.

Bug: 16200
Change-Id: I0e9ab373eb3f7f533fe1ae9bf0448b66b4cdf522
Reviewed-on: https://code.wireshark.org/review/35056
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>

test: add ek + raw test to outputformats.

Ping-Bug: 16187
Change-Id: Ie8d6dd1a8ff203bd6270dcfcbbeda953d57733f3
Reviewed-on: https://code.wireshark.org/review/35046
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>

Don't report EPIPE errors writing out packet information.

EPIPE almost certainly means "the next program after us in the pipeline
exited before we were finished writing", so this isn't a real error, it
just means we're done. (We don't get SIGPIPE because libwireshark
ignores SIGPIPE to avoid getting killed if writing to the MaxMind
process gets SIGPIPE because that process died.)

Presumably either that program exited deliberately (for example, "head
-N" read N lines and printed them), in which case there's no error to
report, or it terminated due to an error or a signal, in which case
*that's* the error and that error has been reported.

(We don't do that for EINVAL, as that's presumably a real error. It
shows up on Windows in bug 16192, but what we probably want to do there
is to, on Windows, use _doserrno, check for the equivalent Windows
errors, and, for the default case, convert _doserrno to the appropriate
string, using Windows APIs, and report *that* string; the MS C library
converts a whole bunch of Windows errors to EINVAL, thus losing
information and making it harder to determine what the real error is.

Therefore, I'm just marking this with Ping-Bug, as it's only fixing the
problem on UN*Xes.)

Change-Id: I94c392f478561e29501facd657487716a5882295
Ping-Bug: 16192
Reviewed-on: https://code.wireshark.org/review/35053
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Include <string.h>.

strchr() is declared in <string.h>, and we now use strchr(), so we must
include <string.h>.

Change-Id: Ie80763c10c4ad1ef85d4a83d8eacc3ea236bea56
Reviewed-on: https://code.wireshark.org/review/35052
Reviewed-by: Guy Harris <guy@alum.mit.edu>

dumpcap: Add support for TCP@IPv6 socket captures

Bug: 15820
Change-Id: Id32f376190c115b0808ba72e5b63e019e2a70274
Reviewed-on: https://code.wireshark.org/review/35030
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>

SNMP: fix out of bounds access to snmp_PDUs_vals array

Bug: 16196
Change-Id: I5bf9a405f1d0c026ac5a29f10f4cf655d3d1441e
Reviewed-on: https://code.wireshark.org/review/35049
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>

Documentation: update (long) cmd line options.

Documentation of the Wireshark command line options between help text,
manual page and user's guide diverged over time. One aspect of this is
the implementation of more long options. This change tries to update
all documentation to be complete and in sync again.

Bug: 16168
Change-Id: Id833fbeb14fdb7b3dbc1564504a25d96f4367c91
Reviewed-on: https://code.wireshark.org/review/35047
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

Qt: Make clearing display filter behave more logical

If the display filter is cleared, because it is emptied, the
new display filter ("") is not yet applied. This is not signaled
properly, as the user get's the expression, that no filter is applied,
although the old one still is. Visible is this by displaying
the placeholder text and removing the clear button

With this patch, in such a case, the placeholder text is empty
and the clear button still visible, until really an empty filter
is being applied.

Bug: 12438
Change-Id: I45128ebf2bc1854da5a4055d3980d913d0139a28
Reviewed-on: https://code.wireshark.org/review/35045
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>

BMP: Add support of draft-ietf-grow-bmp-local-rib-06

Support for Local RIB in BGP Monitoring Protocol (BMP)

Add new peer type (3/Loc-RIB Instance), Peer Flags (F), Peer UP (VRF/Table Name) and Peer Down (Local system Closed)

Change-Id: I8de0e782d6eadfaa6fe9eff4de66a4295f173c40
Reviewed-on: https://code.wireshark.org/review/35041
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Protobuf: Enhancements about error message during loading .proto files

When printing an error message about (1) imported file does not exist
or (2) type is defined duplicated, the loaded .proto filename and line
number are included to ease fixing the errors of .proto file.

Change-Id: I2efc7a200dd86016450bba2bc960f53773bfc2e8
Reviewed-on: https://code.wireshark.org/review/35032
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

knxip: Fix Dead Store

Fix dead store (Dead assignement/Dead increment) Warning found by Clang

Change-Id: Ie9f9909c7ae0fad0df8c964f75d5f08a15926927
Reviewed-on: https://code.wireshark.org/review/35039
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

nvme: Dissect NVMe Identify Namespace list (CNS 0x2) data response

On NVMe specification, calling NVMe "Identify Namespace list" command
(Identify with CNS 0x2) is responded with 4K data structure which
holds a list of all namespace's IDs (NSID) related to this NVMe
storage controller (padded with zeroes).

This commits dissects this NSID list.

Change-Id: I78d80eee117218ab1bc45bef834ccc0b1303d4dd
Signed-off-by: Nitzan Carmi <nitzanc@mellanox.com>
Reviewed-on: https://code.wireshark.org/review/34933
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

nvme: Dissect NVMe Identify Namespace (CNS 0x0) data response

On NVMe specification, calling NVMe "Identify Namespace" command
(Identify with CNS 0x0) is responded with 4K data structure which
holds all namespace's capabilities/attributes.

This commits dissects the main fields in this data structure.

Change-Id: Ibba48ea0e6ecc24b0138e017094fa9d09ec13350
Signed-off-by: Nitzan Carmi <nitzanc@mellanox.com>
Reviewed-on: https://code.wireshark.org/review/34932
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

MPLS Echo: update dissector with RFC6829 3.1

Add FEC 128 Pseudowire IPv6 for LSP ping.

Change-Id: I5453a7ea4adec1560401f5a1d401fae50a17d55b
Ping-Bug: 9574
Reviewed-on: https://code.wireshark.org/review/34670
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Update ieee multicast addresses

Change-Id: Idf163a6b4bc0f22804e854f09a5e1b67897493a1
Reviewed-on: https://code.wireshark.org/review/35044
Reviewed-by: Jörg Mayer <jmayer@loplof.de>

[Automatic update for 2019-11-10]

Update manuf, services enterprise numbers, translations, and other items.

Change-Id: Ia72b63b2fca34056e2c18d828526ff896295a9bd
Reviewed-on: https://code.wireshark.org/review/35040
Reviewed-by: Gerald Combs <gerald@wireshark.org>

lsd: Add cookie field (optional)

Bug: 15971
Change-Id: I6d55ffebcdc2e417d922731bddae407474c47505
Reviewed-on: https://code.wireshark.org/review/34210
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

ieee80211: avoid duplicate wlan keys for managements frames with parameters

Bug: 16081
Change-Id: I3d2a9ac8058be1a7e7a686c96b8feb8883085c75
Reviewed-on: https://code.wireshark.org/review/34661
Tested-by: Petri Dish Buildbot
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

lldp: add mandatory items chassis and port to info column

Change-Id: Id01d85147adb5d9194e97bde31ca76d3de2fb7c1
Reviewed-on: https://code.wireshark.org/review/35036
Reviewed-by: Jörg Mayer <jmayer@loplof.de>

Clean up description of the "DNS Servers" preference.

Change-Id: I9791aeba7891200f550400b317ced1b9e85200fd
Reviewed-on: https://code.wireshark.org/review/35035
Reviewed-by: Guy Harris <guy@alum.mit.edu>

cemi: Fix Dead Store

Fix dead store (Dead assignement/Dead increment) Warning found by Clang

Change-Id: I4524d104b4f2c59694c59d2061ba0763659e1f0f
Reviewed-on: https://code.wireshark.org/review/35034
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>

CID: Fix 1455321 null-reference

Fix a null dereference in DisplayFilterEdit

Change-Id: I407e3d667ec8684312ba8fbcb0cc49130b9417df
Reviewed-on: https://code.wireshark.org/review/35025
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
Reviewed-on: https://code.wireshark.org/review/35033
Petri-Dish: Roland Knall <rknall@gmail.com>
Reviewed-by: Roland Knall <rknall@gmail.com>

mptcp: add support for sha256 hashing.

MPTCP v1 switches the default/only hash function from sha1 to sha256.
Hash consistently according to the MP_CAPABLE version.

Additionally update MP_CAPABLE flag handling to show the correct
hash function name when dissecting v1 options.

Change-Id: I632c68541d8b1fba83864b4a478ad8b411dbf0fb
Reviewed-on: https://code.wireshark.org/review/35026
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>

CMake+docbook: Fixup our .chm titles.

Some parts of HTML Help have issues displaying curly quotes. Add a
title argument to the XML2HHP macro so that we can set one with a
straight quote. Set the title using the htmlhelp.title XSL parameter
instead of relying on HTML Help to derive it for us. This seems to keep
"???TITLE???" from being mysteriously appended to the title.

Try setting htmlhelp.window.geometry while we're here.

Bug: 16183
Change-Id: I0bf2dbeeb811dc65010ab5223725d6b5cdc96966
Reviewed-on: https://code.wireshark.org/review/35031
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>

travis: bump xcode versions.

Build with 10.3 and 11.2.
Clang versions found here: https://trac.macports.org/wiki/XcodeVersionInfo

Change-Id: I3d339e92d1859be3b28e1bbf91a65c2e4c743efa
Reviewed-on: https://code.wireshark.org/review/35016
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Kerberos: rework dissecting for PA-PW-SALT

PA-PW-SALT is not defined according to RFC 4120 sec 5.2.7.3.
Therefore we should not expect that this is a Microsoft implementation
where we also only know the first 4 bytes. Furthermore not all values
of nt_status which appears in wild are defined.

Bug: 6234
Change-Id: I870070cfacfe63ef03d67c234bba88b8b5cf3608
Reviewed-on: https://code.wireshark.org/review/35028
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

SNMP: do not modify the ASN.1 source for request/response tracking

Follow-up of g14d398fe67

Change-Id: Ic6c4966d8a9a1a53c8d7daeeda7fd71779f9b07d
Reviewed-on: https://code.wireshark.org/review/35025
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>

Fix problems regarding SRT calculation in SNMP dissector

Change-Id: I904bfda538e157518e0eabf3705bf0f8816daa29
Reviewed-on: https://code.wireshark.org/review/35019
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>

Qt: Fix loading of FilterExpression Dialog

Fix the loading of the FilterExpression Dialog

Change-Id: I553707df01932f06c50a3326e422fa0a3787de01
Reviewed-on: https://code.wireshark.org/review/35023
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>

lldp: Add aggregation status bits to LACP TLV

Change-Id: Ia83c64dfc4a99e6e13ff807f2c0bfdb09d83a94e
Reviewed-on: https://code.wireshark.org/review/35027
Reviewed-by: Jörg Mayer <jmayer@loplof.de>

epan: Make proto_tree_add_oid* usable from DLLs.

Prefix proto_tree_add_oid, proto_tree_add_oid_format_value, and
proto_tree_add_oid_format with WS_DLL_PUBLIC.

Change-Id: Ia3fa8fb762869bb1afa1c1f57a3a5f02aa126a3f
Reviewed-on: https://code.wireshark.org/review/35018
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>

mptcp: correctly parse v1 MP_CAPABLE handshake

RFC 6824 bis introduces MPTCP v1, with extends the MP_CAPABLE
handshake with additional opt layout. This change add code
to parse the newly introduce MP_CAPABLE ack + data.

Additionally it factors-out the DSS analyze code, in a new helper,
as both DSS and MP_CAPABLE use it.

Change-Id: I80be54bbfa500bb04b5357f09de17ce8ded5c756
Reviewed-on: https://code.wireshark.org/review/34896
Reviewed-by: Craig Jackson <cejackson51@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>