git.samba.org - metze/wireshark/wip.git/log

TODO/SPLIT packet-kerberos: add support for decrypting KRB5 FAST messages

Currently this is only available for MIT Kerberos, but it
should be possible to implement the same using
krb5_crypto_fx_cf2() from Heimdal.

Change-Id: Ic3327dfde770f9345485bf97e2ac6045b909b64e
Signed-off-by: Stefan Metzmacher <metze@samba.org>

TODO packet-kerberos: add_new_data_source names

Change-Id: I6c1378f93d32dc31cedc6d901069fa9c30438d61

PAC_DEVICE_INFO...

Change-Id: I81a3d76e445fa59580f0e95e451092dc526f017d

Revert "asn2wrs: add VALS_ATTR section"

This reverts commit 947120ce0b247326862ca1b703ead66647254fb9.

asn2wrs: add VALS_ATTR section

One important thing is the UPPER_CASE_FIRST flag,

INTERGER value string identifiers have to start with a lower case
letter, but UPPER_CASE_FIRST fixes this in the displayed string.

Change-Id: I902ffc7125c4bf0c2e1a9ac7105c10dad348707c
Signed-off-by: Stefan Metzmacher <metze@samba.org>

packet-nmf: TODO more

Change-Id: Id087c6acbde6ba2047e044ca98daf102304afeda

packet-nmf: initial commit

Change-Id: I11bd7b727c77c5c7bd97421b8833c848cf605001

epan/dissectors/packet-xml.c no printf

Change-Id: Idd13e4260270f72439273f7562a1f9409e9bb3ef

epan/dissectors/packet-xml.c try to decrypt data, but the data doesn't look correct yet

Change-Id: I84760941f6da2901eb94a9fc12c76144ef392ad6

more epan/dissectors/packet-xml.c

Change-Id: Ib4e027d79406ed7ac6cdcefb89cc252ad322b0c8

Revert "DEBUG epan/dissectors/packet-xml.c"

This reverts commit 2bd4ee0c27e26834cc6db47e18c6c721abfedf45.

DEBUG epan/dissectors/packet-xml.c

Change-Id: Icfe833203cbcfabd68eb267eabd6659d140cd68f

epan/dissectors/packet-xml.c o:BinarySecurityToken => GSSAPI
http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ

Change-Id: I412268f29c8a342d3fe9f1996f387484478bd85e

Revert "fix old idl"

This reverts commit dfcc43164cbbad389a02af420b8eb79bbad19f95.

Revert "sq h2"

This reverts commit cd2d739ed5463692fb6cf0355c6e8bc2f5bbda22.

sq h2

Change-Id: I79e3f45456ec118c8f4c1db6702e9e4eac041aa1

fix old idl

Change-Id: I713fd87769bfe91acea88007d0804d2a0c0ffd6d

epan/dissectors/pidl/regen.sh

Change-Id: Id72d8ac17893934fe9965ef8608530ac00684af1

prepare-pidl-patch

Change-Id: Ice5d7fe75438cb33bda4cf10059d80ab165a6eb7

epan/dissectors/packet-dcerpc.c dcerpc-hardening part1 & part2

Change-Id: I907663775f5ebfe66cb994266f99fc15bf645fb1

Revert "TODO SMB2 NegotiateContext...."

This reverts commit df732a47f554f3ba5ce004405089d0d7fbbaf586.

TODO SMB2 NegotiateContext....

Change-Id: Iff854f2d3824c8bf9f85ce7f160979bc707df222

Revert "MIT krb5-1.6 HACK patch"

This reverts commit 7154a9fab3e66caf0662ece49fde0568b5c59b2d.

Revert "MIT krb5-1.12 HACK patch: Add a HACK patch for building a patched kerberos library"

This reverts commit 5ba79cfa41b27ed0f433e8e3c32bd8635d976ac1.

MIT krb5-1.12 HACK patch: Add a HACK patch for building a patched kerberos library

Also works with krb5-1.10 and maybe others too.

Change-Id: I115a07b1ddc45c99cb96b90054cb79f944749979
Signed-off-by: Matthieu Patou <mat@matws.net>

MIT krb5-1.6 HACK patch

Apply this patch to krb5-1.6.x and build it
with a special prefix that only wireshark will use!

Then start wireshark with a script like this:

-----
metze@SERNOX:~/devel/wireshark/wireshark.git$ cat ~/bin/mxwrap.wireshark.krb5

export LD_LIBRARY_PATH="/home/metze/prefix/mit-krb5-1-6/lib/:$LD_LIBRARY_PATH"
exec /home/metze/devel/prefix/wireshark/bin/wireshark $@
gdb --args /home/metze/devel/prefix/wireshark/bin/wireshark $@
------

The LD_PRELOAD only works if the krb5 library version your system one,
then you just need to replace "libk5crypto.so", otherwise wireshark
needs to all of the custom libraries.

metze

fix for netmon 3.x captures

metze

Revert "BROKEN: HACK setup decryption keys for kerberos session setups smbclient..."

This reverts commit ba6ef8da4cda1fdb8eacfc9574d1e91963ab1a6a.

BROKEN: HACK setup decryption keys for kerberos session setups smbclient...

Change-Id: I573e44de014ec318998e1bb612c95d877136594f

WAS: 1a12b30350d3b1252a5b3c0cb86f216bef6382f0 in ws-metze/20190425

Revert "reassamble TODO"

This reverts commit 928e5f57d0b4223f9e9460ca0452f64c4887625d.

reassamble TODO

Change-Id: I391cc75a5699d9de36decddf519c583cab78ca8b

wmem: allow wmem_destroy_list to ignore a NULL list.

I think this should not lead to a crash.

Change-Id: Ic9d903d355f925b2cd5239d51b42f441679ed771
Signed-off-by: Stefan Metzmacher <metze@samba.org>

fix no marker pdu fragmentation epan/dissectors/packet-iwarp-mpa.c

Change-Id: Ie0af4110e7395893e17542729c697758b6b21654

epan/dissectors/packet-iwarp-mpa.c tcp_dissect_pdus

Change-Id: Ib9e4dc4790f10bede0732261404507132771b01f

New dissector: Dynamic Link Exchange Protocol

Code based on https://github.com/mit-ll/dlep-wireshark-dissector
authored by Jeffrey Wildman <jeffrey.wildman@ll.mit.edu>

Updated types according to
https://www.iana.org/assignments/dlep-parameters/dlep-parameters.xhtml

Changed:
* removed some tvb_get_*() calls
* updated expert info handling
* changed registering the dissector

Sample capture:
https://wiki.wireshark.org/SampleCaptures#Dynamic_Link_Exchange_Protocol_.28DLEP.29

Change-Id: I13e0c918f46af036c1be4acf34acab838aeaf342
Reviewed-on: https://code.wireshark.org/review/36901
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Clean up the encoding value definitions.

Group them by the data types for which they're used, starting with the
byte-order definitions which (with the inclusion of ENC_NA) are used
with all types.

Put all the ones used for strings together, starting with the character
encodings, with the Zigbee flag and the flags for "this is a string but
we're going to interpret it as a byte array or time stamp".

Make ENC_CHARENCODING_MASK equal to ENC_STR_MASK; no, there's no reason
for ENC_STR_MASK to replace ENC_CHARENCODING_MASK - the opposite should
happen, as ENC_CHARENCODING_MASK at least specifies what the bits set in
it are used for, namely character encodings. If all #defines for
strings should have _STR_ in them, start with the character encoings.

Change-Id: I072420f313086153b4ea4034911fc293453dea00
Reviewed-on: https://code.wireshark.org/review/36962
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>

proto(.h): fix parameter (it is pi not it) like on proto.c

Change-Id: I3cc02538e3a9293e2fd3af7feaee59ef360ca8da
Reviewed-on: https://code.wireshark.org/review/36956
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

RTSP/SDP: Fix parsing error for H264:sprop-parameter-sets

Rework the method verifying if there are more data in packed attribute
New version checks if there are any non-zero bits after the current bit in the
packet. If it sees some non-zero bits - that means there is some data in the
packet. If there are zero bits only - that means there is no more data in the
packet.
Changes affect RTSP/SDP dissector and they are specific for
SDP media attribute (a) fmtp/sprop-parameter-sets for H264 protocol

Bug: 16322
Change-Id: Ic4768c56f16b79cbf2ccac8a9736f8fa15043224
Reviewed-on: https://code.wireshark.org/review/36899
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

ICMPv6: Add PREF64 (RFC8781) Option

Change-Id: I24b6108e6f0e37d3634fa4629cf77bc2446a901d
Reviewed-on: https://code.wireshark.org/review/36957
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Qt: Fix export of dissection

Exporting dissected bytes did not consider the
selection of packets on Windows, if multiple
packets had been selected

Bug: 16516
Change-Id: I9d914fe1fed22f842d73caea397a3f37ffc0d523
Reviewed-on: https://code.wireshark.org/review/36958
Reviewed-by: Roland Knall <rknall@gmail.com>
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>

proto(.h): fix -Wdocumentation

parameter 'ti' not found in the function declaration [-Wdocumentation]

Change-Id: I4080cf118c3a81fd47fd4c32e8809d83256893dd
Reviewed-on: https://code.wireshark.org/review/36955
Reviewed-by: Anders Broman <a.broman58@gmail.com>

dissectors: add ScyllaDB dissector

This commit adds a basic dissector for ScyllaDB RPC protocol.
ScyllaDB (www.scylladb.com) is a No-SQL database serving multiple
client protocols (e.g. CQL). The newly introduced dissector
provides a way to inspect Scylla's internal protocol, used by
the nodes to communicate with each other - share data, gossip
the cluster state, update the schemas, etc.
This dissector implements only a shallow dissection of most packets,
i.e. recognizing the packet type. Two requests with deeper dissection
are MUTATION and READ_DATA, used by I/O operations in the database.

Bug: 16471
Change-Id: Ibba8262bd4e5a637b24b3e7846c42c6534ef811b
Signed-off-by: Piotr Sarna <sarna@scylladb.com>
Reviewed-on: https://code.wireshark.org/review/36633
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>

openflow_v6: OFPMP_FLOW_DESC multipart req rep has an array of ofp_flow_desc.

Change-Id: I0b957d3f5fec22135cd46fd70b6214d421894cb2
Reviewed-on: https://code.wireshark.org/review/36913
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

Add string encoding values for various BCD encodings, and use them.

Add some ENC_ values for various flavors of packed BCD, and use that
instead of explicitly calling tvb_bcd_dig_to_wmem_packet_str() and
adding the result.

Change-Id: I07511d9d09c9231b610c121cd6ffb3b16fb017a9
Reviewed-on: https://code.wireshark.org/review/36952
Reviewed-by: Guy Harris <gharris@sonic.net>

doc: document another character encoding.

Change-Id: Ic997fa586e11a33abc2c2a054c7ccd415372b27a
Reviewed-on: https://code.wireshark.org/review/36954
Reviewed-by: Guy Harris <gharris@sonic.net>

doc: Add some new character encodings.

They were added in the code, but weren't documented.

Change-Id: Iaa12e2d33aa4a4b889c00a7f10b12b4c9b6e8197
Reviewed-on: https://code.wireshark.org/review/36953
Reviewed-by: Guy Harris <gharris@sonic.net>

tls: Add EC J-PAKE Key Exchange Params

Change-Id: Icb70cceb4bc9fc4bd5a5a12f26252b71acaea616
Reviewed-on: https://code.wireshark.org/review/36937
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>

[Automatic update for 2020-04-26]

Update manuf, services enterprise numbers, translations, and other items.

Change-Id: I72292c53dc1f14dbdad01eae3e813edabc2ef565
Reviewed-on: https://code.wireshark.org/review/36943
Reviewed-by: Gerald Combs <gerald@wireshark.org>

nfs: Initialize the fs_cycle element of an nfs_name_snoop_t.

It has to be initialized to false, otherwise you get random misreported
cycles.

Change-Id: I1ffa1f8fae4883960ebf0522e44bc9e1378b2470
Reviewed-on: https://code.wireshark.org/review/36939
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>

WSDG: Expand the zero window description.

Expand the description of the "TCP ZeroWindow" analysis flag.

Change-Id: Icf9b5cb60d305150eb13e5d74f4a4d2008fa96e4
Reviewed-on: https://code.wireshark.org/review/36938
Reviewed-by: Anders Broman <a.broman58@gmail.com>

MSRP: Support TCP defragmentation in MSRP

Add support to the MSRP dissector to reassemble messages from multiple
packets.

Bug: 8270
Change-Id: I464c91b2e6e3c4edc242b3e2f52a8febc455e5ae
Reviewed-on: https://code.wireshark.org/review/36894
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

DTLS: try harder to decrypt broken traces with double CCS

A retransmitted ChangeCipherSpec could result in resetting the cipher.
The subsequent Finished message and application data messages would
therefore fail to decrypt. In legitimate TLS sessions, there should not
be a CCS without starting a new handshake, so that remains unaffected.

To ease debugging this issue, log the packet number and add some extra
details to the debug log. Move or remove ssl_packet_from_server calls to
avoid redundant work and to keep the debug log cleaner.

Additionally, try harder to dissect handshake messages if we know for
sure that they are decrypted. This allows inspection of a broken
Finished message that had a too large fragment length.

Tested with a private capture file from Stig Bjørlykke.

Change-Id: If6f15f8b72c467ea9ef15ddcaf2c5ebe980c27c8
Reviewed-on: https://code.wireshark.org/review/36929
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

TCPStreamDialog: prevent access to uninitialized memory

If we launch a TCPStreamDialog in a situation where we can't select a
corresponding tcp stream, we leave the constructor before graph_
is initialized.

Later on, the destructor calls graph_segment_list_free(&graph_).
This requires that graph_ was initialized before.

Make sure that we initialize graph_ in the constructor, regardless
of errors.

(There's other aspects of this issue. We shouldn't be able to
launch a TCPStreamDialog when we have no tcp stream...)

Change-Id: I7b4ddadca8f699d30ec45f0fe6021ae9d36ced53
Reviewed-on: https://code.wireshark.org/review/36935
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

ProfileTreeView: fix a memory leak

In the constructor, we allocate a delegate for the name column and assign
it by calling QAbstractItemView::setItemDelegateForColumn(). This does
not pass ownership of the delegate to QAbstractItemView, it's still
up to us to free the delegate.

ASAN warns about this

Indirect leak of 48 byte(s) in 1 object(s) allocated from:
...
    #1 ... in ProfileTreeView::ProfileTreeView(QWidget*) ui/qt/widgets/profile_tree_view.cpp:46:17
    #2 ... in Ui_ProfileDialog::setupUi(QDialog*) ui/qt/qtui_autogen/include/ui_profile_dialog.h:67:31
    #3 ... in ProfileDialog::ProfileDialog(QWidget*) ui/qt/profile_dialog.cpp:59:13
    #4 ... in MainWindow::on_actionEditConfigurationProfiles_triggered() ui/qt/main_window_slots.cpp:2239:36

Add a destructor for ProfileTreeView and free the delegate there.

Change-Id: I2a76abb7ec174c91ad15bfac91f2b47bea29f511
Reviewed-on: https://code.wireshark.org/review/36934
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

travis: fix macOS build.

Use the toolchain included with Command Line Tools instead of the one
from Xcode.app. This fixes the build on macOS 10.14.6:

    FAILED: epan/crypt/CMakeFiles/crypt.dir/dot11decrypt_tkip.c.o
    /Applications/Xcode-11.3.1.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/cc ...
    ...
    /Library/Developer/CommandLineTools/SDKs/MacOSX10.14.sdk/usr/include/_stdio.h:93:16: error: pointer is missing a nullability type specifier (_Nonnull, _Nullable, or _Null_unspecified) [-Werror,-Wnullability-completeness]
            unsigned char   *_base;

Change-Id: I45d80dce1a0aca7a9f6a945171ebd8789314e924
Link: https://www.wireshark.org/lists/wireshark-dev/202004/msg00065.html
Reviewed-on: https://code.wireshark.org/review/36924
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Dario Lombardo <lomato@gmail.com>

DIS: dissector fix for Articulated Part VP records.

The IEEE 1278.1-2012 spec for DIS (Distributed Interactive Simulation)
specifies the format of Articulated Part VP record as:
8bits  Record Type         enum
8bits  Change Indicator    unsigned integer
16bits ID                  unsigned integer
32bits Parameter Type      enum
32bits Parameter Value     floating point
32bits Padding             unused

(Section 6.2.94.2)

The dissector was interpreting the last 64bits as one value, this patch
fixes it to interpret it as 32bit float and 32bit padding.

Change-Id: Id509715f02daeecf12e3094fc1ed63e81705852b
Reviewed-on: https://code.wireshark.org/review/36922
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>

Fix display of header length and timestamps in UFTP4

The headers for UFTP version 4 contain a header length field which gives
the length of the header in 4 byte words. Currently, only the raw value
is displayed, not the actual byte count (for example 4 instead of 16).

Several headers contain a timestamp field composed of 4 byte seconds and
4 byte microseconds since the UNIX epoch. These are currently being
interpreted incorrectly as nanoseconds instead of microseconds.

The FILEINFO header contains a file timestamp field composed of 4 bytes
seconds since the epoch that is currently displayed as a raw value
instead of as a timestamp.

Change-Id: I936eb5317ca6802a094d8c1e01ae8ae78bb5cb7c
Reviewed-on: https://code.wireshark.org/review/36910
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>

Docs: Switch from [float] to [discrete].

According to

https://asciidoctor.org/docs/asciidoc-asciidoctor-diffs/

[discrete] is preferred over [float] for discrete headings.

Change-Id: I4d67a72c19a8cf75ad8cf37c55e6f5abddb14d04
Reviewed-on: https://code.wireshark.org/review/36925
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

WSUG: Name resolution updates.

Update the name resolution section of the User's Guide. Use title case
in the rest of the chapter and switch [float]s to [discrete]s.

Change-Id: I7093de72592466c32e130b952f9979f1b47fa280
Reviewed-on: https://code.wireshark.org/review/36923
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Docs+help: Remove "-m".

Support for the -m (monospace font) flag was removed from Wireshark in
2.3/2.4 in g37252634c4. Remove it from the man page and help output.

Change-Id: Idaafeb6cd30d7deea6086a065168c91affd6f0ad
Reviewed-on: https://code.wireshark.org/review/36926
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>

WSUG: Describe the advanced preferences.

Add an illustration of the advanced preferences along with some examples
from https://wiki.wireshark.org/Preferences/Layout.

Change-Id: I5dd6afe06bef9a0f5e1862f13fb716d63032cd96
Reviewed-on: https://code.wireshark.org/review/36927
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>

UDPCP: Use g_direct_hash() and g_direct_equal() for reassembly

Change-Id: Ie3543b36b5f279647a489f75868a4acf82b895a9
Reviewed-on: https://code.wireshark.org/review/36932
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>

Add a routine to get the representation of a protocol tree item and use it.

Add proto_item_get_display_repr(), which returns a string, allocated
with a specified wmem scope, containing the display representation of
the value of a proto_item.

Use it in the LLDP dissector, to append that string to the parent
protocol tree item; use packet scope, so it doesn't hang around forever
(the previous code used the NULL scope, meaning explicit freeing was
required, but it wasn't explicitly freeing the value, so it was
leaking).

Change-Id: I146380118833b1daef9dea8bd9463001e5b9325f
Reviewed-on: https://code.wireshark.org/review/36931
Petri-Dish: Guy Harris <gharris@sonic.net>
Reviewed-by: Guy Harris <gharris@sonic.net>

Introduce tfs_get_string helper

true_false_strings have no helper function to properly retrieve the
string representing the true or false value, much like unit_strings,
even though this is not uncommon in dissectors.
This change introduces the helper function and modifies the dissectors,
so that they use this helper i.s.o. their own expressions.

Change-Id: I477ed2d90a9a529fc5dcfef7e3ea42ec180d27ae
Reviewed-on: https://code.wireshark.org/review/36920
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

isakmp: clean up EMERGENCY_CALL_NUMBER dissection.

Don't use hf_text_only. For the protocol tree items that are just
subtrees, use proto_tree_add_subtree(); for the emergency call numbers,
give them real FT_STRING fields, using tvb_bcd_dig_to_wmem_packet_str().

Change-Id: I721271e26502abce8d8ce2375fc0916c0de586e6
Reviewed-on: https://code.wireshark.org/review/36928
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>

Check the validator in ExtArgText::isValid().

The validator doesn't prevent the input focus from being transferred out
of the QLineEdit, and it merely prevents the user from entering a value
that's considered "invalid" rather than "not valid but "intermediate"".

For QIntValidator(), values that have more digits than the maximum value
are "invalid", but values that have the same number of digits but that
are larger are just "intermediate".

This means the user will be able to send such a value to the extcap
module.

So we explicitly check the validator in ExtArgText::isValid(), so that
1) we provide visual feedback (at least to people who can detect a red
background) for out-of-range values that don't have too many digits and
2) prevent them from being treated as valid and passed to the extcap
module.

Bug: 16510
Change-Id: Ie5b90cf5dbb57c91744f6a28a71674b65ef21bb6
Reviewed-on: https://code.wireshark.org/review/36914
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Reviewed-by: Roland Knall <rknall@gmail.com>

unit_strings.c: Prepend space before dB related unit strings

Otherwise values look confusing since at first glance they look like hex
values, for instance "-22cB".

Change-Id: I8ce3c108876f5acd65c5d6418c18ce43f618eb25
Reviewed-on: https://code.wireshark.org/review/36907
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

OsmoTRX: Fix unused ei entry ei_otrxc_unknown_dir

Fix following git hook:
Unused ei entry: epan/dissectors/packet-osmo_trx.c: ei_otrxc_unknown_dir

Change-Id: Id8ecd0bb5b1003720d5d4f0ce792b96caa978ddd
Reviewed-on: https://code.wireshark.org/review/36906
Reviewed-by: Vadim Yanitskiy <axilirator@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

OsmoTRX: use unit_name_string_get_value() to print unit string

Change-Id: Ie00e15a41aff400735b240a5c8381e5e03ac974b
Reviewed-on: https://code.wireshark.org/review/36905
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Add a comment explaining why we treat OUI_HP_2 specially.

Change-Id: If5c7cd0bb673767b95db8981018e2e67135fef63
Reviewed-on: https://code.wireshark.org/review/36912
Reviewed-by: Guy Harris <gharris@sonic.net>

OsmoTRX: Use units from unit_strings.{c,h}

Change-Id: I79dd406fe34b623678bd8a13b2ec75930f886fe8
Reviewed-on: https://code.wireshark.org/review/36904
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

PFCP: Fix encoding of PFD Contents IE

* Add missing Spare octet between Flags and next field.
* Fix invalid offsetting in Flow Description field.

Change-Id: I68df17005e22f2d0b53072d52c6296724bc0c86a
Signed-off-by: Yoshiyuki Kurauchi <ahochauwaaaaa@gmail.com>
Reviewed-on: https://code.wireshark.org/review/36909
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Qt: update import via GUI to match import features using text2pcap

Update "Import From Hex Dump" via GUI to allow the same timestamp format as
supported by the command line tool text2pcap. Added support for:
%F Equivalent to %Y-%m-%d (the ISO 8601 date format).
%s The number of seconds since the Epoch, 1970-01-01 00:00:00 +0000 (UTC).

While at it changed the following:
- Subsecond timestamp dot format (.) is now shown in the timestamp Example Label.
- A timestamp format without any format (%) now disables Import button.

The field "Timestamp format" in the GUI now accepts exactly the same formatting
as the text2pcap's -t time format option.

Change-Id: Ie48362f86ed3214288635767d1fc4161599d1907
Reviewed-on: https://code.wireshark.org/review/36417
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

LISP: add support for Distinguished Name AFI

Distinguished Name (AFI 17) is not a widely used address family, but
there is ongoing work in the LISP IETF working group to standardize its
use within the LISP control plane protocol. The encoding is quite
simple, it's just a zero-terminated ASCII string. Details can be found
in the following IETF draft:

https://tools.ietf.org/html/draft-farinacci-lisp-name-encoding

Change-Id: I701f54d0c5e95b14ad48030935eb059bd68c9a0e
Reviewed-on: https://code.wireshark.org/review/36892
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

PFCP: Fix lengths of fields in Remote GTP-U Peer

Fix the field length of "Length of Destination Interface
field" and "Length of Network Instance field" which should
be two-octet long but only one in the current codes.

Change-Id: Id303b92812bb2551ec570ec807d602d0fb44f27a
Signed-off-by: Yoshiyuki Kurauchi <ahochauwaaaaa@gmail.com>
Reviewed-on: https://code.wireshark.org/review/36908
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

http2: Replace deprecated function.

Change-Id: I98ef5756f970b95471500f9fd655b2e6294e8274
Reviewed-on: https://code.wireshark.org/review/36903
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

WSDG: Edits to 'How Wireshark Works'

Change-Id: Ib685631310c91ff85fc06b460ef8d011a704516d
Reviewed-on: https://code.wireshark.org/review/36722
Reviewed-by: Anders Broman <a.broman58@gmail.com>

JDWP dissector for TCP transport

Bug: 16479
Change-Id: I2618bb4b664c1dd7b4663c368b6ca99ec0533dd5
Reviewed-on: https://code.wireshark.org/review/36636
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

synphasor: refactor style and add some improvements

Add more tabs and fix some type mismatch
Add some expert info for wide used flag
Add dissection of FRACSEC in milliseconds if it possible

Change-Id: Ic681a69e0659c6b6e33f77a8016e14708a7dca08
Reviewed-on: https://code.wireshark.org/review/36888
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

IEC104: Add dissection of reset process command C_RP_NA_1

Change-Id: I76ca1be70c362d62c24164c7fedc5a5b24024065
Reviewed-on: https://code.wireshark.org/review/36893
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

NFS: fix dissecting of READ_PLUS contents

Fixing two issues:
1. Dissecting each item in the content list is off by 4 bytes,
   so the content type, the offset and the length are all
   incorrect.
2. When the content item is a HOLE the length should be 8 bytes
   not 4.

Also, simplifying the dissect_nfs4_read_plus_content function
to dissect only the contents of each item instead of the whole
list and then use dissect_rpc_array function to dissect the
array of content items.

Bug: 16499
Change-Id: Ia5c9929366cb35ab5d1646219c9b56f6051c4ff5
Reviewed-on: https://code.wireshark.org/review/36861
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Qt: Fix compilation error

and also remove unnecessary method

Change-Id: If6dfc5ae2f5ddab97926beeaa611372cd487b98a
Reviewed-on: https://code.wireshark.org/review/36900
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>

Qt: Allow folders for filter buttons

Filter buttons can be sorted into folders, by separating
different depths by the parent separator "&&". Context
menu for filter buttons work also in submenus, and the
depth of submenus is only limited by the character limit
for the label

Bug: 16498
Change-Id: I9c784a36e8c46eede11f679a4c1ac830213de7ce
Reviewed-on: https://code.wireshark.org/review/36885
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>

mac-lte: fix no previous prototype for function

packet-mac-lte.c:4370:7: warning: no previous prototype for function 'get_dual_conn_phr_num_c_bytes' [-Wmissing-prototypes]

Change-Id: Ifb585026610b4b2f100f60e4b20278d986775d3a
Reviewed-on: https://code.wireshark.org/review/36896
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>

lwm2m: fix no previous prototype for function

packet-lwm2mtlv.c:476:6: warning: no previous prototype for ‘lwm2m_allocate_fields’ [-Wmissing-prototypes]
packet-lwm2mtlv.c:518:25: warning: no previous prototype for ‘lwm2m_search_float_resources’ [-Wmissing-prototypes]
packet-lwm2mtlv.c:535:25: warning: no previous prototype for ‘lwm2m_search_fields’ [-Wmissing-prototypes]
packet-lwm2mtlv.c:558:6: warning: no previous prototype for ‘lwm2m_free_fields’ [-Wmissing-prototypes]

Change-Id: Ib62ed48b68c6eb28e1372466ceef6a2a118ebe1c
Reviewed-on: https://code.wireshark.org/review/36897
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Add a newline at the end of the file.

Change-Id: I0917dee336d52fad6bdfeaefa24620021270a6b0
Reviewed-on: https://code.wireshark.org/review/36898
Reviewed-by: Guy Harris <gharris@sonic.net>

eth: require padding to be zeros by default

Ethernet frame padding for short frames _should_ be zeros. Replace
the assume_padding preference with the padding preference that by default
will only consider consecutive zeros long enough to reach the minimum
ethernet length to be padding. The old behaviors are preserved.
Never (old FALSE) and Any (old TRUE - old default)

The old behavior broke some trailer dissectors when the trailer was
added before the determination of needing padding was made. Thus the
ethernet dissector would consume some of the trailer as padding.

Bug: 16481
Change-Id: I6b9e1d26d07d84cb768eece5e44412e23dfe37ca
Reviewed-on: https://code.wireshark.org/review/36691
Reviewed-by: Jason Cohen <kryojenik2@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

wireshark_zip_helper(Qt): fix no previous prototype for function

wireshark_zip_helper.cpp:153:15: warning: no previous prototype for function 'qDateToDosDate' [-Wmissing-prototypes]

Change-Id: Ic9ffb4219321347c077e08931d6fe51bc1702a29
Reviewed-on: https://code.wireshark.org/review/36889
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>

http2: Use proto_tree_add_bitmask_with_flags_ret_uint64() to dis flags.

Change-Id: Ie40568120c8a96e584dc7073fd0578574218f02b
Reviewed-on: https://code.wireshark.org/review/36891
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

http2: Introduce decode as for streams without content-type.

If the packet containing the content type header is missing the stream
can be dissected by using decode as.

Change-Id: I40c57e34971c9eee3d694975262dd7b3c7b3ef89
Reviewed-on: https://code.wireshark.org/review/36852
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

travis: remove Windows support

The Windows builds have been stuck for a while because the Qt project
changed their installers which prevented the installers from finishing.
Remove support because 1) the Qt installer will most likely continue to
break over time as it did in the past, several times, 2) Travis CI uses
Bash which is a non-standard environment on Windows, and 3) other CI
platforms such as GitHub Actions started providing Windows support.

Remove Windows from the Travis CI builds and all related supporting
files as well. They can be restored once the Qt automation is fixed.

Bug: 16501
Change-Id: I911491587a23f339aa6d6ffcfb6faffe234e5e91
Reviewed-on: https://code.wireshark.org/review/36887
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Dario Lombardo <lomato@gmail.com>

ACDR: Fix DTLS dissection

It has header_added, but the header is UDP, not IP.

Change-Id: I1a4e6f0bf655f0764abdd8c45582dd9dcbc7686c
Reviewed-on: https://code.wireshark.org/review/36880
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Qt: Fix filling bluetooth device address

When filling bd_addr from tap_device->bd_addr[], only the first
octet was used

Change-Id: I3cb281d96126d77e5e6862e44704c7f9ab34cb78
Reviewed-on: https://code.wireshark.org/review/36152
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

ColumnPreferencesFrame: fix memory leaks

Delete model and proxy model in the destructor.

QAbstractItemView::setItemDelegate() does not take ownership of the delegate
that is passed to it. We have to store it ourselves and free it.

Change-Id: I5d08d16e94a162d2a25450aec05ef672d4eaf528
Reviewed-on: https://code.wireshark.org/review/36878
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

dvb-ci: register the dissector by name

Register the DVB-CI dissector by name in addition to linking it to
the DVB-CI DLT.

This makes it easier for fuzzshark to find the dissector.

Change-Id: Ieda150a9ad573a59e2dfcce97a4a1b17a0d66d93
Reviewed-on: https://code.wireshark.org/review/36886
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

[Automatic update for 2020-04-19]

Update manuf, services enterprise numbers, translations, and other items.

Change-Id: If24a5f418d53424553a303957eea0133b9d718b2
Reviewed-on: https://code.wireshark.org/review/36881
Reviewed-by: Gerald Combs <gerald@wireshark.org>

SMB2: fix gcrypt version check to match between def and usage.

Change-Id: Ia7c19e895216ab3320b51ab30cda7bec7de86b4a
Reviewed-on: https://code.wireshark.org/review/36879
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>