From 2304af6862f168683b619ebe8e04aaab2bd10abd Mon Sep 17 00:00:00 2001 From: Peter Hatina Date: Oct 15 2015 06:59:13 +0000 Subject: Ver. 1.12.8 --- diff --git a/.gitignore b/.gitignore index 6b4a524..32d5e58 100644 --- a/.gitignore +++ b/.gitignore @@ -42,3 +42,4 @@ wireshark-1.2.10.tar.bz2 /wireshark-1.12.5.tar.bz2 /wireshark-1.12.6.tar.bz2 /wireshark-1.12.7.tar.bz2 +/wireshark-1.12.8.tar.bz2 diff --git a/sources b/sources index 8238fbd..a718333 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -c8ae53f648b1dcbf6e74495401a0f1ab wireshark-1.12.7.tar.bz2 +988a4595a4a87dafb3c4870ea40e89b5 wireshark-1.12.8.tar.bz2 diff --git a/wireshark-0010-Allow-redefining-all-ports-for-RADIUS.patch b/wireshark-0010-Allow-redefining-all-ports-for-RADIUS.patch new file mode 100644 index 0000000..2872b49 --- /dev/null +++ b/wireshark-0010-Allow-redefining-all-ports-for-RADIUS.patch @@ -0,0 +1,171 @@ +From: Peter Lemenkov +Date: Thu, 13 Aug 2015 18:13:45 +0300 +Subject: [PATCH] Allow redefining all ports for RADIUS + +RADIUS configuration sometimes uses more ports - for example, one for +authentication, another one for accounting. Sometimes it uses the entire +port ranges. In case of FreeRADIUS 2.x.x server it might look like this: + +... +listen { + type = auth + ipaddr = * + port = 13812 +} +listen { + type = acct + ipaddr = * + port = 13813 +} +... + +Unfortunately we allow only one port to be redefined, not more. So it +forces a person who's analyzing a traffic from such a RADIUS server +manually select "Decode as" every time for each port. + +It was requested at least once to lift this limitation: + +* https://ask.wireshark.org/questions/2189/decode-multiple-ports-as-radius + +So let's fix it! + +With this commit it's possible to set a port ranges for RADIUS dissector +to handle. An example (default) configuration looks like (see +~/.wireshark/preferences): + +radius.ports: 1645,1646,1700,1812,1813,3799 + +Old "alternate_port" preference is marked as obsolete. It won't be shown +to a user but it will still be used if exists (remained from a previous +installations). + +*Ver. 2*: +Old alternate_port value is copied to the ports range, thus making +transition even more smooth. + +Change-Id: Ibdd6f4f9fa1e0ac186147cec380bbfc62d509b17 +Signed-off-by: Peter Lemenkov +Reviewed-on: https://code.wireshark.org/review/10015 +Petri-Dish: Anders Broman +Petri-Dish: Pascal Quantin +Tested-by: Petri Dish Buildbot +Reviewed-by: Anders Broman + +Conflicts: + epan/dissectors/packet-radius.c + +diff --git a/epan/dissectors/packet-radius.c b/epan/dissectors/packet-radius.c +index 7cc440e..5f9e52e 100644 +--- a/epan/dissectors/packet-radius.c ++++ b/epan/dissectors/packet-radius.c +@@ -95,12 +95,16 @@ typedef struct { + #define RD_HDR_LENGTH 4 + #define HDR_LENGTH (RD_HDR_LENGTH + AUTHENTICATOR_LENGTH) + +-#define UDP_PORT_RADIUS 1645 +-#define UDP_PORT_RADIUS_NEW 1812 +-#define UDP_PORT_RADACCT 1646 +-#define UDP_PORT_RADACCT_NEW 1813 +-#define UDP_PORT_DAE_OLD 1700 /* DAE: pre RFC */ +-#define UDP_PORT_DAE 3799 /* DAE: rfc3576 */ ++/* ++ * Default RADIUS ports: ++ * 1645 (Authentication, pre RFC 2865) ++ * 1646 (Accounting, pre RFC 2866) ++ * 1812 (Authentication, RFC 2865) ++ * 1813 (Accounting, RFC 2866) ++ * 1700 (Dynamic Authorization Extensions, pre RFC 3576) ++ * 3799 (Dynamic Authorization Extensions, RFC 3576) ++*/ ++#define DEFAULT_RADIUS_PORT_RANGE "1645,1646,1700,1812,1813,3799" + + static radius_dictionary_t* dict = NULL; + +@@ -152,6 +156,7 @@ static dissector_handle_t eap_handle; + static const gchar* shared_secret = ""; + static gboolean show_length = FALSE; + static guint alt_port_pref = 0; ++static range_t *global_ports_range; + static guint request_ttl = 5; + + static guint8 authenticator[AUTHENTICATOR_LENGTH]; +@@ -1938,12 +1943,22 @@ extern void radius_register_avp_dissector(guint32 vendor_id, guint32 attribute_i + static void + radius_init_protocol(void) + { ++ module_t *radius_module = prefs_find_module("radius"); ++ pref_t *alternate_port; ++ + if (radius_calls != NULL) + { + g_hash_table_destroy(radius_calls); + radius_calls = NULL; + } + ++ if (radius_module) { ++ /* Find alternate_port preference and mark it obsolete (thus hiding it from a user) */ ++ alternate_port = prefs_find_preference(radius_module, "alternate_port"); ++ if (! prefs_get_preference_obsolete(alternate_port)) ++ prefs_set_preference_obsolete(alternate_port); ++ } ++ + radius_calls = g_hash_table_new(radius_call_hash, radius_call_equal); + } + +@@ -2116,6 +2131,10 @@ proto_register_radius(void) + &show_length); + prefs_register_uint_preference(radius_module, "alternate_port","Alternate Port", + "An alternate UDP port to decode as RADIUS", 10, &alt_port_pref); ++ ++ range_convert_str(&global_ports_range, DEFAULT_RADIUS_PORT_RANGE, MAX_UDP_PORT); ++ prefs_register_range_preference(radius_module, "ports","RADIUS ports", ++ "A list of UDP ports to decode as RADIUS", &global_ports_range, MAX_UDP_PORT); + prefs_register_uint_preference(radius_module, "request_ttl", "Request TimeToLive", + "Time to live for a radius request used for matching it with a response", 10, &request_ttl); + radius_tap = register_tap("radius"); +@@ -2134,29 +2153,32 @@ proto_reg_handoff_radius(void) + { + static gboolean initialized = FALSE; + static dissector_handle_t radius_handle; +- static guint alt_port; ++ static range_t *ports_range; + + if (!initialized) { + radius_handle = find_dissector("radius"); +- dissector_add_uint("udp.port", UDP_PORT_RADIUS, radius_handle); +- dissector_add_uint("udp.port", UDP_PORT_RADIUS_NEW, radius_handle); +- dissector_add_uint("udp.port", UDP_PORT_RADACCT, radius_handle); +- dissector_add_uint("udp.port", UDP_PORT_RADACCT_NEW, radius_handle); +- dissector_add_uint("udp.port", UDP_PORT_DAE_OLD, radius_handle); +- dissector_add_uint("udp.port", UDP_PORT_DAE, radius_handle); +- + eap_handle = find_dissector("eap"); + + initialized = TRUE; + } else { +- if (alt_port != 0) +- dissector_delete_uint("udp.port", alt_port, radius_handle); ++ dissector_delete_uint_range("udp.port", ports_range, radius_handle); ++ g_free(ports_range); + } + +- if (alt_port_pref != 0) +- dissector_add_uint("udp.port", alt_port_pref, radius_handle); ++ if (alt_port_pref != 0) { ++ /* Append it to the range of ports but only if necessary */ ++ if (!value_is_in_range(global_ports_range, alt_port_pref)) { ++ global_ports_range = (range_t*)g_realloc(global_ports_range, ++ /* see epan/range.c:range_copy function */ ++ sizeof (range_t) - sizeof (range_admin_t) + (global_ports_range->nranges + 1) * sizeof (range_admin_t)); ++ global_ports_range->ranges[global_ports_range->nranges].low = alt_port_pref; ++ global_ports_range->ranges[global_ports_range->nranges].high = alt_port_pref; ++ global_ports_range->nranges++; ++ } ++ } + +- alt_port = alt_port_pref; ++ ports_range = range_copy(global_ports_range); ++ dissector_add_uint_range("udp.port", ports_range, radius_handle); + } + + /* diff --git a/wireshark-0010-gdk.patch b/wireshark-0010-gdk.patch deleted file mode 100644 index 8ca0329..0000000 --- a/wireshark-0010-gdk.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff --git a/configure.ac b/configure.ac -index 3ee58d9..f9af3af 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -1539,7 +1539,6 @@ fi - if test "$have_gtk" = "yes" ; then - # If we have GTK then add flags for it. - -- CPPFLAGS="-DGDK_PIXBUF_DISABLE_DEPRECATED $CPPFLAGS" - CPPFLAGS="-DGDK_DISABLE_DEPRECATED $CPPFLAGS" - if test \( $gtk_config_major_version -eq 3 -a $gtk_config_minor_version -ge 10 \) ; then - ## Allow use of deprecated & disable deprecated warnings if Gtk >= 3.10; diff --git a/wireshark-0011-Allow-redefining-all-ports-for-RADIUS.patch b/wireshark-0011-Allow-redefining-all-ports-for-RADIUS.patch deleted file mode 100644 index 2872b49..0000000 --- a/wireshark-0011-Allow-redefining-all-ports-for-RADIUS.patch +++ /dev/null @@ -1,171 +0,0 @@ -From: Peter Lemenkov -Date: Thu, 13 Aug 2015 18:13:45 +0300 -Subject: [PATCH] Allow redefining all ports for RADIUS - -RADIUS configuration sometimes uses more ports - for example, one for -authentication, another one for accounting. Sometimes it uses the entire -port ranges. In case of FreeRADIUS 2.x.x server it might look like this: - -... -listen { - type = auth - ipaddr = * - port = 13812 -} -listen { - type = acct - ipaddr = * - port = 13813 -} -... - -Unfortunately we allow only one port to be redefined, not more. So it -forces a person who's analyzing a traffic from such a RADIUS server -manually select "Decode as" every time for each port. - -It was requested at least once to lift this limitation: - -* https://ask.wireshark.org/questions/2189/decode-multiple-ports-as-radius - -So let's fix it! - -With this commit it's possible to set a port ranges for RADIUS dissector -to handle. An example (default) configuration looks like (see -~/.wireshark/preferences): - -radius.ports: 1645,1646,1700,1812,1813,3799 - -Old "alternate_port" preference is marked as obsolete. It won't be shown -to a user but it will still be used if exists (remained from a previous -installations). - -*Ver. 2*: -Old alternate_port value is copied to the ports range, thus making -transition even more smooth. - -Change-Id: Ibdd6f4f9fa1e0ac186147cec380bbfc62d509b17 -Signed-off-by: Peter Lemenkov -Reviewed-on: https://code.wireshark.org/review/10015 -Petri-Dish: Anders Broman -Petri-Dish: Pascal Quantin -Tested-by: Petri Dish Buildbot -Reviewed-by: Anders Broman - -Conflicts: - epan/dissectors/packet-radius.c - -diff --git a/epan/dissectors/packet-radius.c b/epan/dissectors/packet-radius.c -index 7cc440e..5f9e52e 100644 ---- a/epan/dissectors/packet-radius.c -+++ b/epan/dissectors/packet-radius.c -@@ -95,12 +95,16 @@ typedef struct { - #define RD_HDR_LENGTH 4 - #define HDR_LENGTH (RD_HDR_LENGTH + AUTHENTICATOR_LENGTH) - --#define UDP_PORT_RADIUS 1645 --#define UDP_PORT_RADIUS_NEW 1812 --#define UDP_PORT_RADACCT 1646 --#define UDP_PORT_RADACCT_NEW 1813 --#define UDP_PORT_DAE_OLD 1700 /* DAE: pre RFC */ --#define UDP_PORT_DAE 3799 /* DAE: rfc3576 */ -+/* -+ * Default RADIUS ports: -+ * 1645 (Authentication, pre RFC 2865) -+ * 1646 (Accounting, pre RFC 2866) -+ * 1812 (Authentication, RFC 2865) -+ * 1813 (Accounting, RFC 2866) -+ * 1700 (Dynamic Authorization Extensions, pre RFC 3576) -+ * 3799 (Dynamic Authorization Extensions, RFC 3576) -+*/ -+#define DEFAULT_RADIUS_PORT_RANGE "1645,1646,1700,1812,1813,3799" - - static radius_dictionary_t* dict = NULL; - -@@ -152,6 +156,7 @@ static dissector_handle_t eap_handle; - static const gchar* shared_secret = ""; - static gboolean show_length = FALSE; - static guint alt_port_pref = 0; -+static range_t *global_ports_range; - static guint request_ttl = 5; - - static guint8 authenticator[AUTHENTICATOR_LENGTH]; -@@ -1938,12 +1943,22 @@ extern void radius_register_avp_dissector(guint32 vendor_id, guint32 attribute_i - static void - radius_init_protocol(void) - { -+ module_t *radius_module = prefs_find_module("radius"); -+ pref_t *alternate_port; -+ - if (radius_calls != NULL) - { - g_hash_table_destroy(radius_calls); - radius_calls = NULL; - } - -+ if (radius_module) { -+ /* Find alternate_port preference and mark it obsolete (thus hiding it from a user) */ -+ alternate_port = prefs_find_preference(radius_module, "alternate_port"); -+ if (! prefs_get_preference_obsolete(alternate_port)) -+ prefs_set_preference_obsolete(alternate_port); -+ } -+ - radius_calls = g_hash_table_new(radius_call_hash, radius_call_equal); - } - -@@ -2116,6 +2131,10 @@ proto_register_radius(void) - &show_length); - prefs_register_uint_preference(radius_module, "alternate_port","Alternate Port", - "An alternate UDP port to decode as RADIUS", 10, &alt_port_pref); -+ -+ range_convert_str(&global_ports_range, DEFAULT_RADIUS_PORT_RANGE, MAX_UDP_PORT); -+ prefs_register_range_preference(radius_module, "ports","RADIUS ports", -+ "A list of UDP ports to decode as RADIUS", &global_ports_range, MAX_UDP_PORT); - prefs_register_uint_preference(radius_module, "request_ttl", "Request TimeToLive", - "Time to live for a radius request used for matching it with a response", 10, &request_ttl); - radius_tap = register_tap("radius"); -@@ -2134,29 +2153,32 @@ proto_reg_handoff_radius(void) - { - static gboolean initialized = FALSE; - static dissector_handle_t radius_handle; -- static guint alt_port; -+ static range_t *ports_range; - - if (!initialized) { - radius_handle = find_dissector("radius"); -- dissector_add_uint("udp.port", UDP_PORT_RADIUS, radius_handle); -- dissector_add_uint("udp.port", UDP_PORT_RADIUS_NEW, radius_handle); -- dissector_add_uint("udp.port", UDP_PORT_RADACCT, radius_handle); -- dissector_add_uint("udp.port", UDP_PORT_RADACCT_NEW, radius_handle); -- dissector_add_uint("udp.port", UDP_PORT_DAE_OLD, radius_handle); -- dissector_add_uint("udp.port", UDP_PORT_DAE, radius_handle); -- - eap_handle = find_dissector("eap"); - - initialized = TRUE; - } else { -- if (alt_port != 0) -- dissector_delete_uint("udp.port", alt_port, radius_handle); -+ dissector_delete_uint_range("udp.port", ports_range, radius_handle); -+ g_free(ports_range); - } - -- if (alt_port_pref != 0) -- dissector_add_uint("udp.port", alt_port_pref, radius_handle); -+ if (alt_port_pref != 0) { -+ /* Append it to the range of ports but only if necessary */ -+ if (!value_is_in_range(global_ports_range, alt_port_pref)) { -+ global_ports_range = (range_t*)g_realloc(global_ports_range, -+ /* see epan/range.c:range_copy function */ -+ sizeof (range_t) - sizeof (range_admin_t) + (global_ports_range->nranges + 1) * sizeof (range_admin_t)); -+ global_ports_range->ranges[global_ports_range->nranges].low = alt_port_pref; -+ global_ports_range->ranges[global_ports_range->nranges].high = alt_port_pref; -+ global_ports_range->nranges++; -+ } -+ } - -- alt_port = alt_port_pref; -+ ports_range = range_copy(global_ports_range); -+ dissector_add_uint_range("udp.port", ports_range, radius_handle); - } - - /* diff --git a/wireshark.spec b/wireshark.spec index 2974eaf..d8795eb 100644 --- a/wireshark.spec +++ b/wireshark.spec @@ -20,8 +20,8 @@ Summary: Network traffic analyzer Name: wireshark -Version: 1.12.7 -Release: 2%{?dist} +Version: 1.12.8 +Release: 1%{?dist} License: GPL+ Group: Applications/Internet Source0: http://wireshark.org/download/src/%{name}-%{version}.tar.bz2 @@ -44,9 +44,8 @@ Patch7: wireshark-0007-Install-autoconf-related-file.patch Patch8: wireshark-0008-move-default-temporary-directory-to-var-tmp.patch # Fedora-specific Patch9: wireshark-0009-Fix-paths-in-a-wireshark.desktop-file.patch -Patch10: wireshark-0010-gdk.patch # Backported from upstream - https://code.wireshark.org/review/#/c/10015/ -Patch11: wireshark-0011-Allow-redefining-all-ports-for-RADIUS.patch +Patch10: wireshark-0010-Allow-redefining-all-ports-for-RADIUS.patch Url: http://www.wireshark.org/ BuildRequires: libpcap-devel >= 0.9 @@ -169,8 +168,7 @@ Cflags: -I\${includedir}" > wireshark.pc.in %patch7 -p1 -b .install_autoconf %patch8 -p1 -b .tmp_dir %patch9 -p1 -b .fix_paths -%patch10 -p1 -b .gdk -%patch11 -p1 -b .radius_ports +%patch10 -p1 -b .radius_ports %build %ifarch s390 s390x sparcv9 sparc64 @@ -411,6 +409,10 @@ update-mime-database %{?fedora:-n} %{_datadir}/mime &> /dev/null || : %{_datadir}/aclocal/* %changelog +* Thu Oct 15 2015 Peter Hatina - 1.12.8-1 +- Ver. 1.12.8 +- Dropped patch no. 10 (applied upstream) + * Fri Aug 21 2015 Peter Lemenkov - 1.12.7-2 - Enable libnl3 (see rhbz#1207386, rhbz#1247566) - Remove airpcap switch (doesn't have any effect on Linux)