From 76137e2b71a42cf2a54565ffdfc3b0dbee551ba6 Mon Sep 17 00:00:00 2001
From: Peter Lemenkov <lemenkov@gmail.com>
Date: Aug 21 2015 14:30:03 +0000
Subject: Build with libnl3


- Enable libnl3 (see rhbz#1207386, rhbz#1247566)
- Remove airpcap switch (doesn't have any effect on Linux)
- Backport patch no. 11 from upstream
- Fixed building with F24+

Signed-off-by: Peter Lemenkov <lemenkov@gmail.com>

---

diff --git a/wireshark-0011-Allow-redefining-all-ports-for-RADIUS.patch b/wireshark-0011-Allow-redefining-all-ports-for-RADIUS.patch
new file mode 100644
index 0000000..2872b49
--- /dev/null
+++ b/wireshark-0011-Allow-redefining-all-ports-for-RADIUS.patch
@@ -0,0 +1,171 @@
+From: Peter Lemenkov <lemenkov@gmail.com>
+Date: Thu, 13 Aug 2015 18:13:45 +0300
+Subject: [PATCH] Allow redefining all ports for RADIUS
+
+RADIUS configuration sometimes uses more ports - for example, one for
+authentication, another one for accounting. Sometimes it uses the entire
+port ranges. In case of FreeRADIUS 2.x.x server it might look like this:
+
+...
+listen {
+        type = auth
+        ipaddr = *
+        port = 13812
+}
+listen {
+        type = acct
+        ipaddr = *
+        port = 13813
+}
+...
+
+Unfortunately we allow only one port to be redefined, not more. So it
+forces a person who's analyzing a traffic from such a RADIUS server
+manually select "Decode as" every time for each port.
+
+It was requested at least once to lift this limitation:
+
+* https://ask.wireshark.org/questions/2189/decode-multiple-ports-as-radius
+
+So let's fix it!
+
+With this commit it's possible to set a port ranges for RADIUS dissector
+to handle. An example (default) configuration looks like (see
+~/.wireshark/preferences):
+
+radius.ports: 1645,1646,1700,1812,1813,3799
+
+Old "alternate_port" preference is marked as obsolete. It won't be shown
+to a user but it will still be used if exists (remained from a previous
+installations).
+
+*Ver. 2*:
+Old alternate_port value is copied to the ports range, thus making
+transition even more smooth.
+
+Change-Id: Ibdd6f4f9fa1e0ac186147cec380bbfc62d509b17
+Signed-off-by: Peter Lemenkov <lemenkov@gmail.com>
+Reviewed-on: https://code.wireshark.org/review/10015
+Petri-Dish: Anders Broman <a.broman58@gmail.com>
+Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
+Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
+Reviewed-by: Anders Broman <a.broman58@gmail.com>
+
+Conflicts:
+	epan/dissectors/packet-radius.c
+
+diff --git a/epan/dissectors/packet-radius.c b/epan/dissectors/packet-radius.c
+index 7cc440e..5f9e52e 100644
+--- a/epan/dissectors/packet-radius.c
++++ b/epan/dissectors/packet-radius.c
+@@ -95,12 +95,16 @@ typedef struct {
+ #define RD_HDR_LENGTH		4
+ #define HDR_LENGTH		(RD_HDR_LENGTH + AUTHENTICATOR_LENGTH)
+ 
+-#define UDP_PORT_RADIUS		1645
+-#define UDP_PORT_RADIUS_NEW	1812
+-#define UDP_PORT_RADACCT	1646
+-#define UDP_PORT_RADACCT_NEW	1813
+-#define UDP_PORT_DAE_OLD	1700 /* DAE: pre RFC */
+-#define UDP_PORT_DAE		3799 /* DAE: rfc3576 */
++/*
++ * Default RADIUS ports:
++ * 1645 (Authentication, pre RFC 2865)
++ * 1646 (Accounting, pre RFC 2866)
++ * 1812 (Authentication, RFC 2865)
++ * 1813 (Accounting, RFC 2866)
++ * 1700 (Dynamic Authorization Extensions, pre RFC 3576)
++ * 3799 (Dynamic Authorization Extensions, RFC 3576)
++*/
++#define DEFAULT_RADIUS_PORT_RANGE "1645,1646,1700,1812,1813,3799"
+ 
+ static radius_dictionary_t* dict = NULL;
+ 
+@@ -152,6 +156,7 @@ static dissector_handle_t eap_handle;
+ static const gchar* shared_secret = "";
+ static gboolean show_length = FALSE;
+ static guint alt_port_pref = 0;
++static range_t *global_ports_range;
+ static guint request_ttl = 5;
+ 
+ static guint8 authenticator[AUTHENTICATOR_LENGTH];
+@@ -1938,12 +1943,22 @@ extern void radius_register_avp_dissector(guint32 vendor_id, guint32 attribute_i
+ static void
+ radius_init_protocol(void)
+ {
++	module_t *radius_module = prefs_find_module("radius");
++	pref_t *alternate_port;
++
+ 	if (radius_calls != NULL)
+ 	{
+ 		g_hash_table_destroy(radius_calls);
+ 		radius_calls = NULL;
+ 	}
+ 
++	if (radius_module) {
++		/* Find alternate_port preference and mark it obsolete (thus hiding it from a user) */
++		alternate_port = prefs_find_preference(radius_module, "alternate_port");
++		if (! prefs_get_preference_obsolete(alternate_port))
++			prefs_set_preference_obsolete(alternate_port);
++	}
++
+ 	radius_calls = g_hash_table_new(radius_call_hash, radius_call_equal);
+ }
+ 
+@@ -2116,6 +2131,10 @@ proto_register_radius(void)
+ 				       &show_length);
+ 	prefs_register_uint_preference(radius_module, "alternate_port","Alternate Port",
+ 				       "An alternate UDP port to decode as RADIUS", 10, &alt_port_pref);
++
++	range_convert_str(&global_ports_range, DEFAULT_RADIUS_PORT_RANGE, MAX_UDP_PORT);
++	prefs_register_range_preference(radius_module, "ports","RADIUS ports",
++				       "A list of UDP ports to decode as RADIUS", &global_ports_range, MAX_UDP_PORT);
+ 	prefs_register_uint_preference(radius_module, "request_ttl", "Request TimeToLive",
+ 				       "Time to live for a radius request used for matching it with a response", 10, &request_ttl);
+ 	radius_tap = register_tap("radius");
+@@ -2134,29 +2153,32 @@ proto_reg_handoff_radius(void)
+ {
+ 	static gboolean initialized = FALSE;
+ 	static dissector_handle_t radius_handle;
+-	static guint alt_port;
++	static range_t *ports_range;
+ 
+ 	if (!initialized) {
+ 		radius_handle = find_dissector("radius");
+-		dissector_add_uint("udp.port", UDP_PORT_RADIUS, radius_handle);
+-		dissector_add_uint("udp.port", UDP_PORT_RADIUS_NEW, radius_handle);
+-		dissector_add_uint("udp.port", UDP_PORT_RADACCT, radius_handle);
+-		dissector_add_uint("udp.port", UDP_PORT_RADACCT_NEW, radius_handle);
+-		dissector_add_uint("udp.port", UDP_PORT_DAE_OLD, radius_handle);
+-		dissector_add_uint("udp.port", UDP_PORT_DAE, radius_handle);
+-
+ 		eap_handle = find_dissector("eap");
+ 
+ 		initialized = TRUE;
+ 	} else {
+-		if (alt_port != 0)
+-			dissector_delete_uint("udp.port", alt_port, radius_handle);
++		dissector_delete_uint_range("udp.port", ports_range, radius_handle);
++		g_free(ports_range);
+ 	}
+ 
+-	if (alt_port_pref != 0)
+-		dissector_add_uint("udp.port", alt_port_pref, radius_handle);
++	if (alt_port_pref != 0) {
++		/* Append it to the range of ports but only if necessary */
++		if (!value_is_in_range(global_ports_range, alt_port_pref)) {
++			global_ports_range = (range_t*)g_realloc(global_ports_range,
++					/* see epan/range.c:range_copy function */
++					sizeof (range_t) - sizeof (range_admin_t) + (global_ports_range->nranges + 1) * sizeof (range_admin_t));
++			global_ports_range->ranges[global_ports_range->nranges].low = alt_port_pref;
++			global_ports_range->ranges[global_ports_range->nranges].high = alt_port_pref;
++			global_ports_range->nranges++;
++		}
++	}
+ 
+-	alt_port = alt_port_pref;
++	ports_range = range_copy(global_ports_range);
++	dissector_add_uint_range("udp.port", ports_range, radius_handle);
+ }
+ 
+ /*
diff --git a/wireshark.spec b/wireshark.spec
index 657003e..2974eaf 100644
--- a/wireshark.spec
+++ b/wireshark.spec
@@ -21,7 +21,7 @@
 Summary:	Network traffic analyzer
 Name:		wireshark
 Version:	1.12.7
-Release:	1%{?dist}
+Release:	2%{?dist}
 License:	GPL+
 Group:		Applications/Internet
 Source0:	http://wireshark.org/download/src/%{name}-%{version}.tar.bz2
@@ -45,6 +45,8 @@ Patch8:		wireshark-0008-move-default-temporary-directory-to-var-tmp.patch
 # Fedora-specific
 Patch9:		wireshark-0009-Fix-paths-in-a-wireshark.desktop-file.patch
 Patch10:	wireshark-0010-gdk.patch
+# Backported from upstream - https://code.wireshark.org/review/#/c/10015/
+Patch11:	wireshark-0011-Allow-redefining-all-ports-for-RADIUS.patch
 
 Url:		http://www.wireshark.org/
 BuildRequires:	libpcap-devel >= 0.9
@@ -59,8 +61,10 @@ BuildRequires:	desktop-file-utils
 BuildRequires:	xdg-utils
 BuildRequires:	flex, bison
 BuildRequires:	libcap-devel
+BuildRequires:	libnl3-devel
 %if 0%{?fedora} > 18
-BuildRequires:	perl-podlators
+BuildRequires:	perl(Pod::Html)
+BuildRequires:	perl(Pod::Man)
 %endif
 BuildRequires:	libgcrypt-devel
 %if %{with_GeoIP}
@@ -166,6 +170,7 @@ Cflags: -I\${includedir}" > wireshark.pc.in
 %patch8 -p1 -b .tmp_dir
 %patch9 -p1 -b .fix_paths
 %patch10 -p1 -b .gdk
+%patch11 -p1 -b .radius_ports
 
 %build
 %ifarch s390 s390x sparcv9 sparc64
@@ -216,7 +221,7 @@ autoreconf -ivf
    --with-ssl \
    --disable-warnings-as-errors \
    --with-plugins=%{_libdir}/%{name}/plugins \
-   --enable-airpcap
+   --with-libnl
 
 #remove rpath
 sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
@@ -406,6 +411,12 @@ update-mime-database %{?fedora:-n} %{_datadir}/mime &> /dev/null || :
 %{_datadir}/aclocal/*
 
 %changelog
+* Fri Aug 21 2015 Peter Lemenkov <lemenkov@gmail.com> - 1.12.7-2
+- Enable libnl3 (see rhbz#1207386, rhbz#1247566)
+- Remove airpcap switch (doesn't have any effect on Linux)
+- Backport patch no. 11
+- Fixed building with F24+
+
 * Tue Aug 18 2015 Peter Lemenkov <lemenkov@gmail.com> - 1.12.7-1
 - Ver. 1.12.7
 - Dropped patch no. 11 (applied upstream)