diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..2b485dc
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,4 @@
+SOURCES/wireshark-1.10.14.tar.bz2
+SOURCES/wiresharkdoc-256x256.png
+SOURCES/wiresharkdoc-32x32.png
+SOURCES/wiresharkdoc-48x48.png
diff --git a/.wireshark.metadata b/.wireshark.metadata
new file mode 100644
index 0000000..a92f041
--- /dev/null
+++ b/.wireshark.metadata
@@ -0,0 +1,4 @@
+47c359dc1b9791d2091887a26fdba65f4a7ef3b8 SOURCES/wireshark-1.10.14.tar.bz2
+270551daad7666a3203647d3f340cee221976634 SOURCES/wiresharkdoc-256x256.png
+a0c5d9f7540f9f63fbdce7047845bfe667dacb79 SOURCES/wiresharkdoc-32x32.png
+278fb6ed0c8c02c3690ff8b813e9fd32aa79e975 SOURCES/wiresharkdoc-48x48.png
diff --git a/README.md b/README.md
deleted file mode 100644
index 0e7897f..0000000
--- a/README.md
+++ /dev/null
@@ -1,5 +0,0 @@
-The master branch has no content
-
-Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6
-
-If you find this file in a distro specific branch, it means that no content has been checked in yet
diff --git a/SOURCES/config.h b/SOURCES/config.h
new file mode 100644
index 0000000..0c29e39
--- /dev/null
+++ b/SOURCES/config.h
@@ -0,0 +1,35 @@
+/*
+ * Copyright (C) 2013 Red Hat, Inc. All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see .
+ *
+ * Authors: Peter Hatina
+ */
+
+#ifndef __CONFIG_H__
+#define __CONFIG_H__
+
+# include
+
+# if defined(__i386__) || defined(__i486__) || defined(__i586__) || defined(__i686__)
+# include "config-x86.h"
+# elif __WORDSIZE == 32
+# include "config-32.h"
+# elif __WORDSIZE == 64
+# include "config-64.h"
+# else
+# error "Not supported architecture"
+# endif
+
+#endif // __CONFIG_H__
diff --git a/SOURCES/wireshark-1.10.0-CVE-2013-3557.patch b/SOURCES/wireshark-1.10.0-CVE-2013-3557.patch
new file mode 100644
index 0000000..c28067d
--- /dev/null
+++ b/SOURCES/wireshark-1.10.0-CVE-2013-3557.patch
@@ -0,0 +1,25 @@
+diff --git a/epan/dissectors/packet-ber.c b/epan/dissectors/packet-ber.c
+index 7dcfd42..adf01bd 100644
+--- a/epan/dissectors/packet-ber.c
++++ b/epan/dissectors/packet-ber.c
+@@ -3503,6 +3503,10 @@ printf("CHOICE dissect_ber_old_choice(%s) entered len:%d\n", name, tvb_length_re
+ #endif
+ start_offset = offset;
+
++ if (branch_taken) {
++ *branch_taken = -1;
++ }
++
+ if (tvb_length_remaining(tvb, offset) == 0) {
+ item = proto_tree_add_string_format(
+ parent_tree, hf_ber_error, tvb, offset, 0, "empty_choice",
+@@ -3545,9 +3549,6 @@ printf("CHOICE dissect_ber_old_choice(%s) entered len:%d\n", name, tvb_length_re
+ /* loop over all entries until we find the right choice or
+ run out of entries */
+ ch = choice;
+- if (branch_taken) {
+- *branch_taken = -1;
+- }
+ first_pass = TRUE;
+ while (ch->func || first_pass) {
+ if (branch_taken) {
diff --git a/SOURCES/wireshark-1.10.10-CVE-2014-6425.patch b/SOURCES/wireshark-1.10.10-CVE-2014-6425.patch
new file mode 100644
index 0000000..34c37ce
--- /dev/null
+++ b/SOURCES/wireshark-1.10.10-CVE-2014-6425.patch
@@ -0,0 +1,22 @@
+diff --git a/epan/dissectors/packet-cups.c b/epan/dissectors/packet-cups.c
+index 6f60d9f..bcb8e37 100644
+--- a/epan/dissectors/packet-cups.c
++++ b/epan/dissectors/packet-cups.c
+@@ -280,7 +280,7 @@ get_quoted_string(tvbuff_t *tvb, gint offset, gint *next_offset, guint *len)
+ if (o != -1) {
+ offset++;
+ l = o - offset;
+- s = tvb_get_ptr(tvb, offset, l);
++ s = tvb_get_ephemeral_string_enc(tvb, offset, l, ENC_ASCII);
+ offset = o + 1;
+ }
+ }
+@@ -301,7 +301,7 @@ get_unquoted_string(tvbuff_t *tvb, gint offset, gint *next_offset, guint *len)
+ o = tvb_pbrk_guint8(tvb, offset, -1, " \t\r\n", NULL);
+ if (o != -1) {
+ l = o - offset;
+- s = tvb_get_ptr(tvb, offset, l);
++ s = tvb_get_ephemeral_string_enc(tvb, offset, l, ENC_ASCII);
+ offset = o;
+ }
+
diff --git a/SOURCES/wireshark-1.10.10-CVE-2014-6426.patch b/SOURCES/wireshark-1.10.10-CVE-2014-6426.patch
new file mode 100644
index 0000000..df7bd83
--- /dev/null
+++ b/SOURCES/wireshark-1.10.10-CVE-2014-6426.patch
@@ -0,0 +1,13 @@
+diff --git a/epan/dissectors/packet-hip.c b/epan/dissectors/packet-hip.c
+index 7aa6489..463d6b2 100644
+--- a/epan/dissectors/packet-hip.c
++++ b/epan/dissectors/packet-hip.c
+@@ -653,7 +653,7 @@ dissect_hip_tlv(tvbuff_t *tvb, int offset, proto_item *ti, int type, int tlv_len
+ newoffset += (1 + tvb_get_guint8(tvb, newoffset + 2));
+ tlv_len -= (1 + tvb_get_guint8(tvb, newoffset + 2));
+ }
+- if (ti_loc) {
++ if (locator_type <= 2) {
+ ti_loc = proto_item_add_subtree(ti_loc, ett_hip_locator_data);
+ /* Traffic type */
+ proto_tree_add_item(ti_loc, hf_hip_tlv_locator_traffic_type, tvb,
diff --git a/SOURCES/wireshark-1.10.14-CVE-2015-3182.patch b/SOURCES/wireshark-1.10.14-CVE-2015-3182.patch
new file mode 100644
index 0000000..71edb63
--- /dev/null
+++ b/SOURCES/wireshark-1.10.14-CVE-2015-3182.patch
@@ -0,0 +1,12 @@
+diff --git a/epan/dissectors/packet-dec-dnart.c b/epan/dissectors/packet-dec-dnart.c
+index 79a15ca..a9622bb 100644
+--- a/epan/dissectors/packet-dec-dnart.c
++++ b/epan/dissectors/packet-dec-dnart.c
+@@ -52,6 +52,7 @@
+ #include
+ #include
+ #include
++#include
+ #include
+ #include
+
diff --git a/SOURCES/wireshark-1.10.14-CVE-2015-3810.patch b/SOURCES/wireshark-1.10.14-CVE-2015-3810.patch
new file mode 100644
index 0000000..caeedb7
--- /dev/null
+++ b/SOURCES/wireshark-1.10.14-CVE-2015-3810.patch
@@ -0,0 +1,172 @@
+diff --git a/epan/dissectors/packet-http.c b/epan/dissectors/packet-http.c
+index 225a7eb..e3e81f7 100644
+--- a/epan/dissectors/packet-http.c
++++ b/epan/dissectors/packet-http.c
+@@ -2625,6 +2625,10 @@ dissect_http(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+ } else {
+ while (tvb_reported_length_remaining(tvb, offset) != 0) {
+ if (conv_data->upgrade == UPGRADE_WEBSOCKET && pinfo->fd->num >= conv_data->startframe) {
++ /* Websockets is a stream of data, preserve
++ * desegmentation functionality. */
++ if (pinfo->can_desegment > 0)
++ pinfo->can_desegment++;
+ call_dissector_only(websocket_handle, tvb_new_subset_remaining(tvb, offset), pinfo, tree, NULL);
+ break;
+ }
+diff --git a/epan/dissectors/packet-websocket.c b/epan/dissectors/packet-websocket.c
+index e02825d..561e206 100644
+--- a/epan/dissectors/packet-websocket.c
++++ b/epan/dissectors/packet-websocket.c
+@@ -31,6 +31,7 @@
+ #include
+ #include
+
++#include "packet-tcp.h"
+
+ /*
+ * The information used comes from:
+@@ -152,7 +153,7 @@ tvb_unmasked(tvbuff_t *tvb, const guint offset, guint payload_length, const guin
+ }
+
+ static int
+-dissect_websocket_payload(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, proto_tree *ws_tree, guint8 opcode, guint payload_length, guint8 mask, const guint8* masking_key)
++dissect_websocket_payload(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, proto_tree *ws_tree, guint8 opcode, guint payload_length, gboolean mask, const guint8* masking_key)
+ {
+ guint offset = 0;
+ proto_item *ti_unmask, *ti;
+@@ -301,65 +302,35 @@ dissect_websocket_payload(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, p
+ }
+
+
+-static int
+-dissect_websocket(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
++static void
++dissect_websocket_frame(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+ {
+ proto_item *ti, *ti_len;
+- guint8 fin, opcode, mask;
+- guint length, short_length, payload_length, recurse_length;
+- guint payload_offset, mask_offset, recurse_offset;
++ guint8 fin, opcode;
++ gboolean mask;
++ guint short_length, payload_length;
++ guint payload_offset, mask_offset;
+ proto_tree *ws_tree = NULL;
+ const guint8 *masking_key = NULL;
+ tvbuff_t *tvb_payload = NULL;
+
+- length = tvb_length(tvb);
+- if(length<2){
+- pinfo->desegment_len = 2;
+- return 0;
+- }
+-
+ short_length = tvb_get_guint8(tvb, 1) & MASK_WS_PAYLOAD_LEN;
++ mask_offset = 2;
+ if(short_length==126){
+- if(length < 2+2){
+- pinfo->desegment_len = 2+2;
+- return 0;
+- }
+ payload_length = tvb_get_ntohs(tvb, 2);
+- mask_offset = 2+2;
+- }
+- else if(short_length==127){
+- if(length < 2+8){
+- pinfo->desegment_len = 2+8;
+- return 0;
+- }
+- /* warning C4244: '=' : conversion from 'guint64' to 'guint ', possible loss of data */
++ mask_offset += 2;
++ } else if (short_length==127) {
++ /* warning C4244: '=' : conversion from 'guint64' to 'guint ', possible loss of data */
+ payload_length = (guint)tvb_get_ntoh64(tvb, 2);
+- mask_offset = 2+8;
+- }
+- else{
++ mask_offset += 8;
++ } else {
+ payload_length = short_length;
+- mask_offset = 2;
+ }
+
+ /* Mask */
+- mask = (tvb_get_guint8(tvb, 1) & MASK_WS_MASK) >> 4;
++ mask = (tvb_get_guint8(tvb, 1) & MASK_WS_MASK) != 0;
+ payload_offset = mask_offset + (mask ? 4 : 0);
+
+- if (payload_offset + payload_length < payload_length) {
+- /* Integer overflow, which means the packet contains a ridiculous
+- * payload length. Just take what we've got available.
+- * See bug https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8448 */
+- payload_length = tvb_reported_length_remaining(tvb, payload_offset);
+- }
+-
+- if(length < payload_offset + payload_length){
+- /* XXXX Warning desegment_len is 32 bits */
+- pinfo->desegment_len = payload_offset + payload_length - length;
+- return 0;
+- }
+-
+- /* We've got the entire message! */
+-
+ col_set_str(pinfo->cinfo, COL_PROTOCOL, "WebSocket");
+ col_set_str(pinfo->cinfo, COL_INFO, "WebSocket");
+
+@@ -402,18 +373,49 @@ dissect_websocket(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *dat
+
+ tvb_payload = tvb_new_subset_remaining(tvb, payload_offset);
+ dissect_websocket_payload(tvb_payload, pinfo, tree, ws_tree, opcode, payload_length, mask, masking_key);
++}
++
++static guint
++get_websocket_frame_length(packet_info *pinfo _U_, tvbuff_t *tvb, int offset)
++{
++ guint frame_length, payload_length;
++ gboolean mask;
++
++ frame_length = 2; /* flags, opcode and Payload length */
++ mask = tvb_get_guint8(tvb, offset + 1) & MASK_WS_MASK;
++
++ payload_length = tvb_get_guint8(tvb, offset + 1) & MASK_WS_PAYLOAD_LEN;
++ offset += 2; /* Skip flags, opcode and Payload length */
+
+- /* Call this function recursively, to see if we have enough data to parse another websocket message */
++ /* Check for Extended Payload Length. */
++ if (payload_length == 126) {
++ if (tvb_reported_length_remaining(tvb, offset) < 2)
++ return 0; /* Need more data. */
+
+- recurse_offset = payload_offset + payload_length;
+- if(length > recurse_offset){
+- recurse_length = dissect_websocket(tvb_new_subset_remaining(tvb, payload_offset+payload_length), pinfo, tree, data);
+- if(pinfo->desegment_len) pinfo->desegment_offset += recurse_offset;
+- return recurse_offset + recurse_length;
++ payload_length = tvb_get_ntohs(tvb, offset);
++ frame_length += 2; /* Extended payload length */
++ } else if (payload_length == 127) {
++ if (tvb_reported_length_remaining(tvb, offset) < 8)
++ return 0; /* Need more data. */
++
++ payload_length = (guint)tvb_get_ntoh64(tvb, offset);
++ frame_length += 8; /* Extended payload length */
+ }
+- return recurse_offset;
++
++ if (mask)
++ frame_length += 4; /* Masking-key */
++ frame_length += payload_length; /* Payload data */
++ return frame_length;
+ }
+
++static int
++dissect_websocket(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
++{
++ /* Need at least two bytes for flags, opcode and Payload length. */
++ tcp_dissect_pdus(tvb, pinfo, tree, TRUE, 2,
++ get_websocket_frame_length, dissect_websocket_frame);
++ return tvb_length(tvb);
++}
+
+ void
+ proto_register_websocket(void)
diff --git a/SOURCES/wireshark-1.10.14-CVE-2015-3813.patch b/SOURCES/wireshark-1.10.14-CVE-2015-3813.patch
new file mode 100644
index 0000000..13a010b
--- /dev/null
+++ b/SOURCES/wireshark-1.10.14-CVE-2015-3813.patch
@@ -0,0 +1,18 @@
+diff --git a/epan/reassemble.c b/epan/reassemble.c
+index 5ff9dcf..0838cb1 100644
+--- a/epan/reassemble.c
++++ b/epan/reassemble.c
+@@ -1008,9 +1008,11 @@ fragment_add_work(fragment_data *fd_head, tvbuff_t *tvb, const int offset,
+
+ /* If we have reached this point, the packet is not defragmented yet.
+ * Save all payload in a buffer until we can defragment.
+- * XXX - what if we didn't capture the entire fragment due
+- * to a too-short snapshot length?
+ */
++ if (!tvb_bytes_exist(tvb, offset, fd->len)) {
++ g_slice_free(fragment_data, fd);
++ THROW(BoundsError);
++ }
+ fd->data = (unsigned char *)g_malloc(fd->len);
+ tvb_memcpy(tvb, fd->data, offset, fd->len);
+ LINK_FRAG(fd_head,fd);
diff --git a/SOURCES/wireshark-1.10.14-CVE-2015-6243.patch b/SOURCES/wireshark-1.10.14-CVE-2015-6243.patch
new file mode 100644
index 0000000..131cce4
--- /dev/null
+++ b/SOURCES/wireshark-1.10.14-CVE-2015-6243.patch
@@ -0,0 +1,12 @@
+diff --git a/epan/packet.c b/epan/packet.c
+index 1ad0320..179011e 100644
+--- a/epan/packet.c
++++ b/epan/packet.c
+@@ -1266,6 +1266,7 @@ dissector_get_string_handle(dissector_table_t sub_dissectors,
+ {
+ dtbl_entry_t *dtbl_entry;
+
++ if (!string) return 0;
+ dtbl_entry = find_string_dtbl_entry(sub_dissectors, string);
+ if (dtbl_entry != NULL)
+ return dtbl_entry->current;
diff --git a/SOURCES/wireshark-1.10.14-CVE-2015-6244.patch b/SOURCES/wireshark-1.10.14-CVE-2015-6244.patch
new file mode 100644
index 0000000..e3ea1e6
--- /dev/null
+++ b/SOURCES/wireshark-1.10.14-CVE-2015-6244.patch
@@ -0,0 +1,51 @@
+diff --git a/epan/dissectors/packet-zbee-security.c b/epan/dissectors/packet-zbee-security.c
+index 14fdb0a..34bc1a8 100644
+--- a/epan/dissectors/packet-zbee-security.c
++++ b/epan/dissectors/packet-zbee-security.c
+@@ -590,11 +590,9 @@ dissect_zbee_secure(tvbuff_t *tvb, packet_info *pinfo, proto_tree* tree, guint o
+ }
+
+ /* Check for null payload. */
+- if ( !(payload_len = tvb_reported_length_remaining(tvb, offset+mic_len)) ) {
++ payload_len = tvb_captured_length_remaining(tvb, offset+mic_len);
++ if (payload_len == 0)
+ return NULL;
+- } else if ( payload_len < 0 ) {
+- THROW(ReportedBoundsError);
+- }
+
+ /**********************************************
+ * Perform Security Operations on the Frame *
+@@ -606,10 +604,31 @@ dissect_zbee_secure(tvbuff_t *tvb, packet_info *pinfo, proto_tree* tree, guint o
+ (packet.level == ZBEE_SEC_MIC128)) {
+
+ /* Payload is only integrity protected. Just return the sub-tvbuff. */
+- return tvb_new_subset(tvb, offset, payload_len, payload_len);
++ return tvb_new_subset_length(tvb, offset, payload_len);
+ }
+
+ #ifdef HAVE_LIBGCRYPT
++ /* Have we captured all the payload? */
++ if (tvb_length_remaining(tvb, offset+mic_len) < payload_len) {
++ /*
++ * No - don't try to decrypt it.
++ *
++ * XXX - it looks as if the decryption code is assuming we have the
++ * MIC, which won't be the case if the packet was cut short. Is
++ * that in fact that case, or can we still make this work with a
++ * partially-captured packet?
++ */
++ /* Add expert info. */
++ expert_add_info_format(pinfo, sec_tree, PI_UNDECODED, PI_WARN,
++ "Encrypted payload, cut short when capturing - can't decrypt");
++ /* Create a buffer for the undecrypted payload. */
++ payload_tvb = tvb_new_subset_length(tvb, offset, payload_len);
++ /* Dump the payload to the data dissector. */
++ call_dissector(data_handle, payload_tvb, pinfo, tree);
++ /* Couldn't decrypt, so return NULL. */
++ return NULL;
++ }
++
+ /* Allocate memory to decrypt the payload into. */
+ dec_buffer = (guint8 *)g_malloc(payload_len);
+
diff --git a/SOURCES/wireshark-1.10.14-CVE-2015-6245.patch b/SOURCES/wireshark-1.10.14-CVE-2015-6245.patch
new file mode 100644
index 0000000..7f687ef
--- /dev/null
+++ b/SOURCES/wireshark-1.10.14-CVE-2015-6245.patch
@@ -0,0 +1,76 @@
+diff --git a/epan/dissectors/packet-gsm_rlcmac.c b/epan/dissectors/packet-gsm_rlcmac.c
+index e4eac08..7a783ef 100644
+--- a/epan/dissectors/packet-gsm_rlcmac.c
++++ b/epan/dissectors/packet-gsm_rlcmac.c
+@@ -60,7 +60,7 @@
+ /* private typedefs */
+ typedef struct
+ {
+- guint8 offset;
++ gint offset;
+ guint8 li;
+ }length_indicator_t;
+
+@@ -6737,10 +6737,11 @@ static const value_string gsm_rlcmac_t3192_vals[] = {
+ { 0, NULL}
+ };
+
+-static guint8 construct_gprs_data_segment_li_array(tvbuff_t *tvb, proto_tree *tree, packet_info *pinfo, guint8 initial_offset, guint8 *li_count, length_indicator_t *li_array, guint64 *e)
++static gint construct_gprs_data_segment_li_array(tvbuff_t *tvb, proto_tree *tree, packet_info *pinfo, guint8 initial_offset, guint8 *li_count, length_indicator_t *li_array, guint64 *e)
+ {
+- guint8 offset = initial_offset, li_array_size = *li_count;
+- proto_item *item;
++ gint offset = initial_offset;
++ guint8 li_array_size = *li_count;
++ proto_item *item;
+
+ *li_count = 0;
+ while(*e == 0)
+@@ -6763,15 +6764,15 @@ static guint8 construct_gprs_data_segment_li_array(tvbuff_t *tvb, proto_tree *tr
+ return (offset - initial_offset);
+ }
+
+-static guint8 construct_egprs_data_segment_li_array(tvbuff_t *tvb, proto_tree *tree, packet_info *pinfo, guint8 initial_offset, guint8 *li_count, length_indicator_t *li_array, guint64 *e)
++static gint construct_egprs_data_segment_li_array(tvbuff_t *tvb, proto_tree *tree, packet_info *pinfo, guint8 initial_offset, guint8 *li_count, length_indicator_t *li_array, guint64 *e)
+ {
+- guint8 offset = initial_offset, li_array_size = *li_count;
+- proto_item *item;
++ gint offset = initial_offset;
++ guint8 li_array_size = *li_count;
++ proto_item *item;
+
+ *li_count = 0;
+ while(*e == 0)
+ {
+- DISSECTOR_ASSERT(*li_count < li_array_size);
+ item = proto_tree_add_bits_item(tree, hf_li, tvb, offset * 8, 7, ENC_BIG_ENDIAN);
+ proto_tree_add_bits_ret_val(tree, hf_e, tvb, (offset * 8) + 7, 1, e, ENC_BIG_ENDIAN);
+ if(*li_count < li_array_size)
+@@ -7466,7 +7467,7 @@ dissect_ul_gprs_block(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, RlcMa
+ csnStream_t ar;
+ guint8 payload_type = tvb_get_bits8(tvb, 0, 2);
+ guint16 bit_length = tvb_length(tvb) * 8;
+- guint16 bit_offset = 0;
++ gint bit_offset = 0;
+ length_indicator_t li_array[10];
+ guint8 li_count = array_length(li_array);
+
+@@ -7595,7 +7596,7 @@ dissect_egprs_ul_data_block(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
+ {
+ proto_item *ti = NULL;
+ proto_tree *data_tree = NULL;
+- guint8 offset = 0;
++ gint offset = 0;
+ length_indicator_t li_array[20];
+ guint8 li_count = array_length(li_array);
+ guint64 e, tlli_i;
+@@ -7655,7 +7656,8 @@ dissect_egprs_dl_data_block(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
+ {
+ proto_item *ti = NULL;
+ proto_tree *data_tree = NULL;
+- guint16 offset = 0, block_number;
++ gint offset = 0;
++ guint16 block_number;
+ length_indicator_t li_array[20];
+ guint8 li_count = array_length(li_array);
+ guint64 fbi, e;
diff --git a/SOURCES/wireshark-1.10.14-CVE-2015-6246.patch b/SOURCES/wireshark-1.10.14-CVE-2015-6246.patch
new file mode 100644
index 0000000..149fc45
--- /dev/null
+++ b/SOURCES/wireshark-1.10.14-CVE-2015-6246.patch
@@ -0,0 +1,32 @@
+diff --git a/epan/dissectors/packet-waveagent.c b/epan/dissectors/packet-waveagent.c
+index b43cbfb..0d32ae6 100644
+--- a/epan/dissectors/packet-waveagent.c
++++ b/epan/dissectors/packet-waveagent.c
+@@ -528,21 +528,20 @@ static void dissect_wa_payload(guint32 starting_offset, proto_item *parent_tree,
+ tag_len = tvb_get_ntohl(tvb, current_offset + 52);
+
+ if (tag_len != 0) {
+- const guint8 *tag_data_ptr;
+- guint32 isr;
+-
+- tag_data_ptr = tvb_get_ptr (tvb, offset + 36, tag_len);
++ guint32 isr;
++ guint8 isr_value;
+
+ for (isr = 0; isr < tag_len; isr++) {
+- if (tag_data_ptr[isr] == 0xFF){
++ isr_value = tvb_get_guint8(tvb, offset + 36 + isr);
++ if (isr_value == 0xFF){
+ proto_tree_add_string (bss_tree, hf_waveagent_ifwlansupprates, tvb, offset + 36 + isr,
+ 1,
+ "BSS requires support for mandatory features of HT PHY (IEEE 802.11"
+ " - Clause 20)");
+ } else {
+ ep_strbuf_append_printf(sb, "%2.1f%s ",
+- (tag_data_ptr[isr] & 0x7F) * 0.5,
+- (tag_data_ptr[isr] & 0x80) ? "(B)" : "");
++ (isr_value & 0x7F) * 0.5,
++ (isr_value & 0x80) ? "(B)" : "");
+
+ }
+ }
diff --git a/SOURCES/wireshark-1.10.14-CVE-2015-6248.patch b/SOURCES/wireshark-1.10.14-CVE-2015-6248.patch
new file mode 100644
index 0000000..c1321a5
--- /dev/null
+++ b/SOURCES/wireshark-1.10.14-CVE-2015-6248.patch
@@ -0,0 +1,109 @@
+diff --git a/epan/proto.c b/epan/proto.c
+index 004acb0..bf98a27 100644
+--- a/epan/proto.c
++++ b/epan/proto.c
+@@ -1758,6 +1758,31 @@ proto_tree_new_item(field_info *new_fi, proto_tree *tree,
+ return pi;
+ }
+
++
++/*
++ * Validates that field length bytes are available starting from
++ * start (pos/neg). Throws an exception if they aren't.
++ */
++static void
++test_length(header_field_info *hfinfo, tvbuff_t *tvb,
++ gint start, gint length)
++{
++ gint size = length;
++
++ if (!tvb)
++ return;
++
++ if (hfinfo->type == FT_STRINGZ) {
++ /* If we're fetching until the end of the TVB, only validate
++ * that the offset is within range.
++ */
++ if (length == -1)
++ size = 0;
++ }
++
++ tvb_ensure_bytes_exist(tvb, start, size);
++}
++
+ /* Gets data from tvbuff, adds it to proto_tree, increments offset,
+ and returns proto_item* */
+ proto_item *
+@@ -1786,6 +1811,8 @@ ptvcursor_add(ptvcursor_t *ptvc, int hfindex, gint length,
+ ptvc->offset += n;
+ }
+
++ test_length(hfinfo, ptvc->tvb, offset, item_length);
++
+ /* Coast clear. Try and fake it */
+ TRY_TO_FAKE_THIS_ITEM(ptvc->tree, hfindex, hfinfo);
+
+@@ -1795,45 +1822,6 @@ ptvcursor_add(ptvcursor_t *ptvc, int hfindex, gint length,
+ offset, length, encoding);
+ }
+
+-/*
+- * Validates that field length bytes are available starting from
+- * start (pos/neg). Throws an exception if they aren't.
+- */
+-static void
+-test_length(header_field_info *hfinfo, proto_tree *tree, tvbuff_t *tvb,
+- gint start, gint length, const guint encoding)
+-{
+- gint size = length;
+-
+- if (!tvb)
+- return;
+-
+- if (hfinfo->type == FT_UINT_BYTES || hfinfo->type == FT_UINT_STRING) {
+- guint32 n;
+-
+- n = get_uint_value(tree, tvb, start, length, encoding);
+- if (n > size + n) {
+- /* If n > size + n then we have an integer overflow, so
+- * set size to -1, which will force the
+- * tvb_ensure_bytes_exist call below to throw a
+- * ReportedBoundsError
+- */
+- size = -1;
+- }
+- else {
+- size += n;
+- }
+- } else if (hfinfo->type == FT_STRINGZ) {
+- /* If we're fetching until the end of the TVB, only validate
+- * that the offset is within range.
+- */
+- if (length == -1)
+- size = 0;
+- }
+-
+- tvb_ensure_bytes_exist(tvb, start, size);
+-}
+-
+ /* Add an item to a proto_tree, using the text label registered to that item;
+ the item is extracted from the tvbuff handed to it. */
+ proto_item *
+@@ -1845,7 +1833,7 @@ proto_tree_add_item(proto_tree *tree, const int hfindex, tvbuff_t *tvb,
+ gint item_length;
+
+ hfinfo = get_hfi_and_length(hfindex, tvb, start, &length, &item_length);
+- test_length(hfinfo, tree, tvb, start, item_length, encoding);
++ test_length(hfinfo, tvb, start, item_length);
+
+ TRY_TO_FAKE_THIS_ITEM(tree, hfindex, hfinfo);
+
+@@ -7540,7 +7528,7 @@ proto_tree_add_bits_item(proto_tree *tree, const int hf_index, tvbuff_t *tvb,
+
+ octet_length = (no_of_bits + 7) >> 3;
+ octet_offset = bit_offset >> 3;
+- test_length(hfinfo, tree, tvb, octet_offset, octet_length, encoding);
++ test_length(hfinfo, tvb, octet_offset, octet_length);
+
+ /* Yes, we try to fake this item again in proto_tree_add_bits_ret_val()
+ * but only after doing a bunch more work (which we can, in the common
diff --git a/SOURCES/wireshark-1.10.14-af-vsock-support.patch b/SOURCES/wireshark-1.10.14-af-vsock-support.patch
new file mode 100644
index 0000000..3e1364a
--- /dev/null
+++ b/SOURCES/wireshark-1.10.14-af-vsock-support.patch
@@ -0,0 +1,459 @@
+diff -u b/epan/dissectors/packet-vsock.c b/epan/dissectors/packet-vsock.c
+--- b/epan/dissectors/packet-vsock.c
++++ b/epan/dissectors/packet-vsock.c
+@@ -0,0 +1,339 @@
++/* packet-vsock.c
++ * Routines for AF_VSOCK dissection
++ * Copyright 2016, Gerard Garcia
++ *
++ * Header definition:
++ * https://github.com/GerardGarcia/linux/blob/vsockmon/include/uapi/linux/vsockmon.h
++ *
++ * Wireshark - Network traffic analyzer
++ * By Gerald Combs
++ * Copyright 1998 Gerald Combs
++ *
++ * This program is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License as published by
++ * the Free Software Foundation; either version 2 of the License, or
++ * (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License along
++ * with this program; if not, write to the Free Software Foundation, Inc.,
++ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
++ */
++
++/*
++ * The AF_VSOCK socket allows zero-configuration communication between guests
++ * and hypervisors using the standard socket API.
++ */
++
++#include
++#include
++#include
++#include
++#include
++
++void proto_register_vsock(void);
++
++static int proto_vsock = -1;
++static int vsock_address_type = -1;
++
++/* Generic header related fields */
++static int hf_vsock_src_cid = -1;
++static int hf_vsock_src_port = -1;
++static int hf_vsock_dst_cid = -1;
++static int hf_vsock_dst_port = -1;
++static int hf_vsock_op = -1;
++static int hf_vsock_t = -1;
++static int hf_vsock_t_len = -1;
++static int hf_vsock_reserved = -1;
++static int hf_vsock_payload = -1;
++
++/* Virtio related fields */
++static int hf_virtio_src_cid = -1;
++static int hf_virtio_dst_cid = -1;
++static int hf_virtio_src_port = -1;
++static int hf_virtio_dst_port = -1;
++static int hf_virtio_len = -1;
++static int hf_virtio_type = -1;
++static int hf_virtio_op = -1;
++static int hf_virtio_flags = -1;
++static int hf_virtio_buf_alloc = -1;
++static int hf_virtio_fwd_cnt = -1;
++
++static gint ett_vsock = -1;
++static gint ett_virtio = -1;
++
++static const value_string af_vsockmon_op_names[] = {
++ { 0, "Unknown" },
++ { 1, "Connect" },
++ { 2, "Disconnect" },
++ { 3, "Control" },
++ { 4, "Payload" },
++ { 0, NULL }
++};
++
++enum af_vsockmon_t {
++ AF_VSOCK_T_UNKNOWN = 0,
++ AF_VSOCK_T_NO_INFO = 1,
++ AF_VSOCK_T_VIRTIO = 2
++};
++
++static const value_string af_vsockmon_t_names[] = {
++ { 0, "Unknown" },
++ { 1, "No info" },
++ { 2, "Virtio" },
++ { 0 , NULL }
++};
++
++static const value_string virtio_vsock_type_names[] = {
++ { 1, "Stream"},
++ { 0, NULL }
++};
++
++static const value_string virtio_vsock_op_names[] = {
++ { 0, "Invalid" },
++ { 1, "Request" },
++ { 2, "Response" },
++ { 3, "Rst" },
++ { 4, "Shutdown" },
++ { 5, "RW" },
++ { 6, "Credit update" },
++ { 7, "Credit response" },
++ { 0 , NULL }
++};
++
++#define VSOCK_MIN_LENGTH 32
++
++static int vsock_addr_to_str(const address* addr, gchar *buf, int buf_len)
++{
++ const guint8 *addrp = (const guint8 *)addr->data;
++
++ if(pletoh64(&addrp[0])==2){
++ g_strlcpy(buf, "host", buf_len);
++ } else {
++ g_snprintf(buf, buf_len, "%" G_GINT64_MODIFIER "u", pletoh64(&addrp[0]));
++ }
++
++ return (int)(strlen(buf)+1);
++}
++
++static int vsock_addr_str_len(const address* addr _U_)
++{
++ /* 2^64 unsigned int len */
++ return 19;
++}
++
++static int
++dissect_vsock(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
++ void *data _U_)
++{
++ proto_item *ti, *virtio_ti;
++ proto_tree *vsock_tree = NULL, *virtio_tree = NULL;
++
++ guint32 t_len, payload_len, virtio_buf_alloc, op, type,
++ virtio_fwd_cnt, virtio_op, virtio_type;
++ guint16 payload_offset = 0, offset = 0;
++
++ if (tvb_reported_length(tvb) < VSOCK_MIN_LENGTH)
++ return 0;
++ col_set_str(pinfo->cinfo, COL_PROTOCOL, "vSocket");
++ /* Clear column information before start parsing */
++ col_clear(pinfo->cinfo, COL_INFO);
++
++ /* Create top tree */
++ ti = proto_tree_add_item(tree, proto_vsock, tvb, 0, -1, ENC_NA);
++ vsock_tree = proto_item_add_subtree(ti, ett_vsock);
++
++ /* Parse generic header part */
++
++ proto_tree_add_item(vsock_tree, hf_vsock_src_cid, tvb, offset, 8, ENC_LITTLE_ENDIAN);
++ TVB_SET_ADDRESS(&pinfo->src, AT_VSOCK, tvb, offset, 8);
++ offset += 8;
++
++ proto_tree_add_item(vsock_tree, hf_vsock_dst_cid, tvb, offset, 8, ENC_LITTLE_ENDIAN);
++ TVB_SET_ADDRESS(&pinfo->dst, AT_VSOCK, tvb, offset, 8);
++ offset += 8;
++
++ proto_tree_add_item(vsock_tree, hf_vsock_src_port, tvb, offset, 4, ENC_LITTLE_ENDIAN);
++ offset += 4;
++
++ proto_tree_add_item(vsock_tree, hf_vsock_dst_port, tvb, offset, 4, ENC_LITTLE_ENDIAN);
++ offset += 4;
++
++ op = tvb_get_letohs(tvb, offset);
++ proto_tree_add_item(vsock_tree, hf_vsock_op, tvb, offset, 2, ENC_LITTLE_ENDIAN);
++ offset += 2;
++
++ type = tvb_get_letohs(tvb, offset);
++ proto_tree_add_item(vsock_tree, hf_vsock_t, tvb, offset, 2, ENC_LITTLE_ENDIAN);
++ offset += 2;
++
++ t_len = tvb_get_letohs(tvb, offset);
++ proto_tree_add_uint(vsock_tree, hf_vsock_t_len, tvb, offset, 2, t_len);
++ offset += 2;
++
++ proto_tree_add_item(vsock_tree, hf_vsock_reserved, tvb, offset, 2, ENC_NA);
++ offset += 2;
++
++ payload_offset = offset + t_len;
++
++
++ /* Append summary information to top tree */
++ proto_item_append_text(ti, ", Op: %s, Transport: %s",
++ val_to_str(op, af_vsockmon_op_names, "Unknown (%d)"),
++ val_to_str(type, af_vsockmon_t_names, "Unknown (%d)"));
++
++ /* Fill columns */
++ col_add_fstr(pinfo->cinfo, COL_INFO, "[%s] %s",
++ val_to_str(op, af_vsockmon_op_names, "Unknown (%d)"),
++ val_to_str(type, af_vsockmon_t_names, "Unknown (%d)"));
++
++ /* Create subtree if there is transport information */
++ switch (type) {
++ case AF_VSOCK_T_UNKNOWN:
++ case AF_VSOCK_T_NO_INFO:
++ break;
++ case AF_VSOCK_T_VIRTIO:
++
++ virtio_ti = proto_tree_add_text(vsock_tree, tvb, offset, 44, "Virtio transport header");
++ virtio_tree = proto_item_add_subtree(virtio_ti, ett_vsock);
++
++ proto_tree_add_item(virtio_tree, hf_virtio_src_cid, tvb, offset, 8, ENC_LITTLE_ENDIAN);
++ offset += 8;
++ proto_tree_add_item(virtio_tree, hf_virtio_dst_cid, tvb, offset, 8, ENC_LITTLE_ENDIAN);
++ offset += 8;
++ proto_tree_add_item(virtio_tree, hf_virtio_src_port, tvb, offset, 4, ENC_LITTLE_ENDIAN);
++ offset += 4;
++ proto_tree_add_item(virtio_tree, hf_virtio_dst_port, tvb, offset, 4, ENC_LITTLE_ENDIAN);
++ offset += 4;
++ proto_tree_add_item(virtio_tree, hf_virtio_len, tvb, offset, 4, ENC_LITTLE_ENDIAN);
++ offset += 4;
++
++ virtio_type = tvb_get_letohs(tvb, offset);
++ proto_tree_add_item(virtio_tree, hf_virtio_type, tvb, offset, 2, ENC_LITTLE_ENDIAN);
++ offset += 2;
++
++ virtio_op = tvb_get_letohs(tvb, offset);
++ proto_tree_add_item(virtio_tree, hf_virtio_op, tvb, offset, 2, ENC_LITTLE_ENDIAN);
++ offset += 2;
++
++ proto_tree_add_item(virtio_tree, hf_virtio_flags, tvb, offset, 4, ENC_LITTLE_ENDIAN);
++ offset += 4;
++
++ virtio_buf_alloc = tvb_get_letohl(tvb, offset);
++ proto_tree_add_item(virtio_tree, hf_virtio_buf_alloc, tvb, offset, 4, ENC_LITTLE_ENDIAN);
++ offset += 4;
++
++ virtio_fwd_cnt = tvb_get_letohl(tvb, offset);
++ proto_tree_add_item(virtio_tree, hf_virtio_fwd_cnt, tvb, offset, 4, ENC_LITTLE_ENDIAN);
++
++ /* Append virtio information */
++ col_append_fstr(pinfo->cinfo, COL_INFO, ": %s, Op: %s, Buf alloc: %u, Fwd cnt: %u",
++ val_to_str(virtio_type, virtio_vsock_type_names, "Unknown (%d)"),
++ val_to_str(virtio_op, virtio_vsock_op_names, "Unknown (%d)"),
++ virtio_buf_alloc, virtio_fwd_cnt);
++ break;
++ }
++
++
++ /* Append payload */
++ payload_len = tvb_reported_length_remaining(tvb, payload_offset);
++ if (payload_len)
++ proto_tree_add_bytes_format(vsock_tree, hf_vsock_payload, tvb, payload_offset, payload_len,
++ NULL, "Payload (%uB)", payload_len);
++
++ return tvb_reported_length(tvb);
++}
++
++void
++proto_register_vsock(void)
++{
++ static hf_register_info hf[] = {
++ { &hf_vsock_src_cid,
++ {"Source cid", "vsock.src_cid", FT_UINT64, BASE_DEC, NULL,
++ 0x0, NULL, HFILL }},
++ { &hf_vsock_dst_cid,
++ {"Destination cid", "vsock.dst_cid", FT_UINT64, BASE_DEC, NULL,
++ 0x0, NULL, HFILL }},
++ { &hf_vsock_src_port,
++ {"Source port", "vsock.src_port", FT_UINT32, BASE_DEC, NULL,
++ 0x0, NULL, HFILL }},
++ { &hf_vsock_dst_port,
++ {"Destination port", "vsock.dst_port", FT_UINT32, BASE_DEC, NULL,
++ 0x0, NULL, HFILL }},
++ { &hf_vsock_op,
++ {"Operation", "vsock.op", FT_UINT16, BASE_DEC, VALS(af_vsockmon_op_names),
++ 0x0, NULL, HFILL }},
++ { &hf_vsock_t,
++ {"Transport", "vsock.trans", FT_UINT16, BASE_DEC, VALS(af_vsockmon_t_names),
++ 0x0, NULL, HFILL }},
++ { &hf_vsock_reserved,
++ {"Reserved", "vsock.reserved", FT_BYTES, BASE_NONE, NULL,
++ 0x0, NULL, HFILL }},
++ { &hf_vsock_t_len,
++ {"Transport length", "vsock.trans_len", FT_UINT16, BASE_DEC, NULL,
++ 0x0, NULL, HFILL }},
++ { &hf_vsock_payload,
++ { "Payload", "vsock.payload", FT_BYTES, BASE_NONE, NULL,
++ 0x0, NULL, HFILL}},
++ { &hf_virtio_src_cid,
++ {"Source cid", "vsock.virtio.src_cid", FT_UINT64, BASE_DEC, NULL,
++ 0x0, NULL, HFILL }},
++ { &hf_virtio_dst_cid,
++ {"Destination cid", "vsock.virtio.dst_cid", FT_UINT64, BASE_DEC, NULL,
++ 0x0, NULL, HFILL }},
++ { &hf_virtio_src_port,
++ {"Source port", "vsock.virtio.src_prot", FT_UINT32, BASE_DEC, NULL,
++ 0x0, NULL, HFILL }},
++ { &hf_virtio_dst_port,
++ {"Destination port", "vsock.virtio.dst_prot", FT_UINT32, BASE_DEC, NULL,
++ 0x0, NULL, HFILL }},
++ { &hf_virtio_len,
++ {"Length", "vsock.virtio.len", FT_UINT32, BASE_DEC, NULL,
++ 0x0, NULL, HFILL }},
++ { &hf_virtio_type,
++ {"Type", "vsock.virtio.type", FT_UINT16, BASE_DEC, VALS(virtio_vsock_type_names),
++ 0x0, NULL, HFILL }},
++ { &hf_virtio_op,
++ {"Operation", "vsock.virtio.op", FT_UINT16, BASE_DEC, VALS(virtio_vsock_op_names),
++ 0x0, NULL, HFILL }},
++ { &hf_virtio_flags,
++ {"Flags", "vsock.virtio.flags", FT_UINT32, BASE_HEX, NULL,
++ 0x0, NULL, HFILL }},
++ { &hf_virtio_buf_alloc,
++ {"Buf alloc", "vsock.virtio.buf_alloc", FT_UINT32, BASE_DEC, NULL,
++ 0x0, NULL, HFILL }},
++ { &hf_virtio_fwd_cnt,
++ {"Fwd cnt", "vsock.virtio.fwd_cnt", FT_UINT32, BASE_DEC, NULL,
++ 0x0, NULL, HFILL }}
++ };
++ static gint *ett[] = {
++ &ett_vsock,
++ &ett_virtio
++ };
++
++ //vsock_address_type = address_type_dissector_register("AT_VSOCK", "vSocket Address",
++ // vsock_addr_to_str, vsock_addr_str_len, NULL, NULL, NULL, NULL, NULL);
++
++ proto_vsock = proto_register_protocol("vSocket", "vsock", "vsock");
++ proto_register_field_array(proto_vsock, hf, array_length(hf));
++ proto_register_subtree_array(ett, array_length(ett));
++
++ //register_dissector("vsock", dissect_vsock, proto_vsock);
++}
++
++/*
++ * Editor modelines - https://www.wireshark.org/tools/modelines.html
++ *
++ * Local variables:
++ * c-basic-offset: 4
++ * tab-width: 8
++ * indent-tabs-mode: nil
++ * End:
++ *
++ * vi: set shiftwidth=4 tabstop=8 expandtab:
++ * :indentSize=4:tabSize=8:noTabs=true:
++ */
+unchanged:
+--- a/epan/dissectors/Makefile.common
++++ b/epan/dissectors/Makefile.common
+@@ -2700,6 +2700,7 @@ DISSECTOR_SRC = \
+ packet-vrt.c \
+ packet-vssmonitoring.c \
+ packet-vtp.c \
++ packet-vsock.c \
+ packet-vuze-dht.c \
+ packet-vxi11.c \
+ packet-vxlan.c \
+diff --git a/epan/dissectors/packet-vsock.c.old b/epan/dissectors/packet-vsock.c
+index af8ce38..c13dfc0 100644
+--- a/epan/dissectors/packet-vsock.c.old
++++ b/epan/dissectors/packet-vsock.c
+@@ -33,11 +33,14 @@
+ #include
+ #include
+ #include
++#include
+
+ void proto_register_vsock(void);
++void proto_reg_handoff_vsock(void);
+
+ static int proto_vsock = -1;
+ static int vsock_address_type = -1;
++static dissector_handle_t vsock_handle;
+
+ /* Generic header related fields */
+ static int hf_vsock_src_cid = -1;
+@@ -310,6 +313,13 @@ proto_register_vsock(void)
+ //register_dissector("vsock", dissect_vsock, proto_vsock);
+ }
+
++void
++proto_reg_handoff_vsock(void)
++{
++ vsock_handle = create_dissector_handle(dissect_vsock, proto_vsock);
++ dissector_add_uint("wtap_encap", WTAP_ENCAP_VSOCK, vsock_handle);
++}
++
+ /*
+ * Editor modelines - https://www.wireshark.org/tools/modelines.html
+ *
+diff --git a/wiretap/pcap-common.c.old b/wiretap/pcap-common.c
+index 42caadc..87b845d 100644
+--- a/wiretap/pcap-common.c.old
++++ b/wiretap/pcap-common.c
+@@ -397,6 +397,8 @@ static const struct {
+ { 248, WTAP_ENCAP_SCTP},
+ /* USBPcap */
+ { 249, WTAP_ENCAP_USBPCAP},
++ /* Linux vsock */
++ { 271, WTAP_ENCAP_VSOCK },
+
+ /*
+ * To repeat:
+diff --git a/wiretap/wtap.c.old b/wiretap/wtap.c
+index 69803d6..5be2666 100644
+--- a/wiretap/wtap.c.old
++++ b/wiretap/wtap.c
+@@ -608,6 +608,9 @@ static struct encap_type_info encap_table_base[] = {
+
+ /* WTAP_ENCAP_USBPCAP */
+ { "USB packets with USBPcap header", "usb-usbpcap" },
++
++ /* Linux vsock */
++ { "Linux vsock", "vsock" },
+ };
+
+ WS_DLL_LOCAL
+diff --git a/wiretap/wtap.h.old b/wiretap/wtap.h
+index b49c280..c42d49e 100644
+--- a/wiretap/wtap.h.old
++++ b/wiretap/wtap.h
+@@ -244,6 +244,7 @@ extern "C" {
+ #define WTAP_ENCAP_INFINIBAND 151
+ #define WTAP_ENCAP_JUNIPER_SVCS 152
+ #define WTAP_ENCAP_USBPCAP 153
++#define WTAP_ENCAP_VSOCK 154
+
+ #define WTAP_NUM_ENCAP_TYPES wtap_get_num_encap_types()
+
+diff --git a/epan/address.h.old b/epan/address.h
+index 5405075..8471289 100644
+--- a/epan/address.h.old
++++ b/epan/address.h
+@@ -58,8 +58,9 @@ typedef enum {
+ AT_USB, /* USB Device address
+ * (0xffffffff represents the host) */
+ AT_AX25, /* AX.25 */
+- AT_IEEE_802_15_4_SHORT /* IEEE 802.15.4 16-bit short address */
++ AT_IEEE_802_15_4_SHORT,/* IEEE 802.15.4 16-bit short address */
+ /* (the long addresses are EUI-64's */
++ AT_VSOCK /* VSOCK */
+ } address_type;
+
+ typedef struct _address {
+diff --git a/epan/address_to_str.c.old b/epan/address_to_str.c
+index f360017..101d33e 100644
+--- a/epan/address_to_str.c.old
++++ b/epan/address_to_str.c
+@@ -623,6 +623,13 @@ address_to_str_buf(const address *addr, gchar *buf, int buf_len)
+ else
+ g_snprintf(buf, buf_len, "0x%04x", ieee_802_15_4_short_addr);
+ break;
++ case AT_VSOCK:
++ addrdata = (const guint8 *)addr->data;
++ if(pletoh64(&addrdata[0])==2)
++ g_strlcpy(buf, "host", buf_len);
++ else
++ g_snprintf(buf, buf_len, "%" G_GINT64_MODIFIER "u", pletoh64(&addrdata[0]));
++ break;
+ default:
+ g_assert_not_reached();
+ }
diff --git a/SOURCES/wireshark-1.10.14-buffer-size.patch b/SOURCES/wireshark-1.10.14-buffer-size.patch
new file mode 100644
index 0000000..dbdfc2f
--- /dev/null
+++ b/SOURCES/wireshark-1.10.14-buffer-size.patch
@@ -0,0 +1,82 @@
+From 5cbf42acb616a34d5e41f03b881f8552e08855a7 Mon Sep 17 00:00:00 2001
+From: Martin Sehnoutka
+Date: Thu, 4 May 2017 12:31:21 +0200
+Subject: [PATCH] Make the default capture buffer bigger.
+
+---
+ capture_opts.h | 2 +-
+ doc/dumpcap.pod | 4 ++--
+ doc/tshark.pod | 4 ++--
+ doc/wireshark.pod.template | 4 ++--
+ 4 files changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/capture_opts.h b/capture_opts.h
+index c2f41d2..29a7132 100644
+--- a/capture_opts.h
++++ b/capture_opts.h
+@@ -243,7 +243,7 @@ extern void
+ collect_ifaces(capture_options *capture_opts);
+
+ /* Default capture buffer size in Mbytes. */
+-#define DEFAULT_CAPTURE_BUFFER_SIZE 2
++#define DEFAULT_CAPTURE_BUFFER_SIZE 4
+
+ #ifdef __cplusplus
+ }
+diff --git a/doc/dumpcap.pod b/doc/dumpcap.pod
+index e1dc293..090cd53 100644
+--- a/doc/dumpcap.pod
++++ b/doc/dumpcap.pod
+@@ -114,11 +114,11 @@ of size one megabyte each.
+
+ =item -B Ecapture buffer sizeE
+
+-Set capture buffer size (in MiB, default is 2 MiB). This is used by
++Set capture buffer size (in MiB, default is 4 MiB). This is used by
+ the capture driver to buffer packet data until that data can be written
+ to disk. If you encounter packet drops while capturing, try to increase
+ this size. Note that, while B attempts to set the buffer size
+-to 2 MiB by default, and can be told to set it to a larger value, the
++to 4 MiB by default, and can be told to set it to a larger value, the
+ system or interface on which you're capturing might silently limit the
+ capture buffer size to a lower value or raise it to a higher value.
+
+diff --git a/doc/tshark.pod b/doc/tshark.pod
+index ba06225..38c43dd 100644
+--- a/doc/tshark.pod
++++ b/doc/tshark.pod
+@@ -214,11 +214,11 @@ of size one megabyte each.
+
+ =item -B Ecapture buffer sizeE
+
+-Set capture buffer size (in MiB, default is 2 MiB). This is used by
++Set capture buffer size (in MiB, default is 4 MiB). This is used by
+ the capture driver to buffer packet data until that data can be written
+ to disk. If you encounter packet drops while capturing, try to increase
+ this size. Note that, while B attempts to set the buffer size
+-to 2 MiB by default, and can be told to set it to a larger value, the
++to 4 MiB by default, and can be told to set it to a larger value, the
+ system or interface on which you're capturing might silently limit the
+ capture buffer size to a lower value or raise it to a higher value.
+
+diff --git a/doc/wireshark.pod.template b/doc/wireshark.pod.template
+index 130e7ef..1e9681f 100644
+--- a/doc/wireshark.pod.template
++++ b/doc/wireshark.pod.template
+@@ -280,11 +280,11 @@ of size one megabyte each.
+
+ =item -B Ecapture buffer sizeE
+
+-Set capture buffer size (in MiB, default is 2 MiB). This is used by
++Set capture buffer size (in MiB, default is 4 MiB). This is used by
+ the capture driver to buffer packet data until that data can be written
+ to disk. If you encounter packet drops while capturing, try to increase
+ this size. Note that, while B attempts to set the buffer size
+-to 2 MiB by default, and can be told to set it to a larger value, the
++to 4 MiB by default, and can be told to set it to a larger value, the
+ system or interface on which you're capturing might silently limit the
+ capture buffer size to a lower value or raise it to a higher value.
+
+--
+2.9.3
+
diff --git a/SOURCES/wireshark-1.10.14-default-snaplen.patch b/SOURCES/wireshark-1.10.14-default-snaplen.patch
new file mode 100644
index 0000000..f1cd233
--- /dev/null
+++ b/SOURCES/wireshark-1.10.14-default-snaplen.patch
@@ -0,0 +1,178 @@
+From 1fb88fef9c8a61be94960e8f4ee0dffc53fc0b67 Mon Sep 17 00:00:00 2001
+From: rpm-build
+Date: Mon, 3 Apr 2017 15:18:41 +0200
+Subject: [PATCH] Reflect new default snaplet in help and man pages
+
+---
+ doc/dumpcap.pod | 2 +-
+ doc/tshark.pod | 2 +-
+ doc/wireshark.pod.template | 4 ++--
+ docbook/wsug_src/WSUG_app_tools.xml | 4 ++--
+ docbook/wsug_src/WSUG_chapter_capture.xml | 4 ++--
+ docbook/wsug_src/WSUG_chapter_customize.xml | 2 +-
+ dumpcap.c | 2 +-
+ tshark.c | 2 +-
+ ui/gtk/main.c | 2 +-
+ ui/qt/main.cpp | 2 +-
+ 10 files changed, 13 insertions(+), 13 deletions(-)
+
+diff --git a/doc/dumpcap.pod b/doc/dumpcap.pod
+index dfd84d8..e1dc293 100644
+--- a/doc/dumpcap.pod
++++ b/doc/dumpcap.pod
+@@ -299,7 +299,7 @@ have to explicitly set it to use it).
+ Set the default snapshot length to use when capturing live data.
+ No more than I bytes of each network packet will be read into
+ memory, or saved to disk. A value of 0 specifies a snapshot length of
+-65535, so that the full packet is captured; this is the default.
++262144, so that the full packet is captured; this is the default.
+
+ This option can occur multiple times. If used before the first
+ occurrence of the B<-i> option, it sets the default snapshot length.
+diff --git a/doc/tshark.pod b/doc/tshark.pod
+index fee8cbc..ba06225 100644
+--- a/doc/tshark.pod
++++ b/doc/tshark.pod
+@@ -638,7 +638,7 @@ is one) will be checked against this filter.
+ Set the default snapshot length to use when capturing live data.
+ No more than I bytes of each network packet will be read into
+ memory, or saved to disk. A value of 0 specifies a snapshot length of
+-65535, so that the full packet is captured; this is the default.
++262144, so that the full packet is captured; this is the default.
+
+ This option can occur multiple times. If used before the first
+ occurrence of the B<-i> option, it sets the default snapshot length.
+diff --git a/doc/wireshark.pod.template b/doc/wireshark.pod.template
+index 0010a47..130e7ef 100644
+--- a/doc/wireshark.pod.template
++++ b/doc/wireshark.pod.template
+@@ -536,7 +536,7 @@ capture file; packets not matching the filter are discarded.
+ Set the default snapshot length to use when capturing live data.
+ No more than I bytes of each network packet will be read into
+ memory, or saved to disk. A value of 0 specifies a snapshot length of
+-65535, so that the full packet is captured; this is the default.
++262144, so that the full packet is captured; this is the default.
+
+ This option can occur multiple times. If used before the first
+ occurrence of the B<-i> option, it sets the default snapshot length.
+@@ -2345,7 +2345,7 @@ capturing.
+
+ The I check box and field lets you
+ specify a maximum number of bytes per packet to capture and save; if the
+-check box is not checked, the limit will be 65535 bytes.
++check box is not checked, the limit will be 262144 bytes.
+
+ The I entry lets you specify the capture filter using a
+ tcpdump-style filter string as described above.
+diff --git a/docbook/wsug_src/WSUG_app_tools.xml b/docbook/wsug_src/WSUG_app_tools.xml
+index 9996e24..bfcec24 100644
+--- a/docbook/wsug_src/WSUG_app_tools.xml
++++ b/docbook/wsug_src/WSUG_app_tools.xml
+@@ -40,7 +40,7 @@ Usage: tshark [options] ...
+ Capture interface:
+ -i <interface> name or idx of interface (def: first non-loopback)
+ -f <capture filter> packet filter in libpcap filter syntax
+- -s <snaplen> packet snapshot length (def: 65535)
++ -s <snaplen> packet snapshot length (def: 262144)
+ -p don't capture in promiscuous mode
+ -I capture in monitor mode, if available
+ -B <buffer size> size of kernel buffer (def: 1MB)
+@@ -190,7 +190,7 @@ Capture interface:
+ rpcap://<host>/<interface>
+ TCP@<host>:<port>
+ -f <capture filter> packet filter in libpcap filter syntax
+- -s <snaplen> packet snapshot length (def: 65535)
++ -s <snaplen> packet snapshot length (def: 262144)
+ -p don't capture in promiscuous mode
+ -I capture in monitor mode, if available
+ -B <buffer size> size of kernel buffer in MB (def: 2MB)
+diff --git a/docbook/wsug_src/WSUG_chapter_capture.xml b/docbook/wsug_src/WSUG_chapter_capture.xml
+index c031da3..140092a 100644
+--- a/docbook/wsug_src/WSUG_chapter_capture.xml
++++ b/docbook/wsug_src/WSUG_chapter_capture.xml
+@@ -310,7 +310,7 @@ wireshark -i eth0 -k
+
+
+ The maximum amount of data that will be captured for each packet.
+- The default value is set to the 65535 bytes.
++ The default value is set to the 262144 bytes.
+
+
+
+@@ -684,7 +684,7 @@ wireshark -i eth0 -k
+ This field allows you to specify the maximum amount of
+ data that will be captured for each packet, and is
+ sometimes referred to as the snaplen. If disabled,
+- the value is set to the maximum 65535, which will be sufficient for most
++ the value is set to the maximum 262144, which will be sufficient for most
+ protocols. Some rules of thumb:
+
+
+diff --git a/docbook/wsug_src/WSUG_chapter_customize.xml b/docbook/wsug_src/WSUG_chapter_customize.xml
+index 9849b43..cc87f73 100644
+--- a/docbook/wsug_src/WSUG_chapter_customize.xml
++++ b/docbook/wsug_src/WSUG_chapter_customize.xml
+@@ -63,7 +63,7 @@ Usage: wireshark [options] ... [ <infile> ]
+ Capture interface:
+ -i <interface> name or idx of interface (def: first non-loopback)
+ -f <capture filter> packet filter in libpcap filter syntax
+- -s <snaplen> packet snapshot length (def: 65535)
++ -s <snaplen> packet snapshot length (def: 262144)
+ -p don't capture in promiscuous mode
+ -k start capturing immediately (def: do nothing)
+ -S update packet display when new packets are captured
+diff --git a/dumpcap.c b/dumpcap.c
+index bae3fbf..066d039 100644
+--- a/dumpcap.c
++++ b/dumpcap.c
+@@ -488,7 +488,7 @@ print_usage(gboolean print_ver)
+ " rpcap:///\n"
+ " TCP@:\n");
+ fprintf(output, " -f packet filter in libpcap filter syntax\n");
+- fprintf(output, " -s packet snapshot length (def: 65535)\n");
++ fprintf(output, " -s packet snapshot length (def: %u)\n", WTAP_MAX_PACKET_SIZE);
+ fprintf(output, " -p don't capture in promiscuous mode\n");
+ #ifdef HAVE_PCAP_CREATE
+ fprintf(output, " -I capture in monitor mode, if available\n");
+diff --git a/tshark.c b/tshark.c
+index 8cc4fae..a84f8e8 100644
+--- a/tshark.c
++++ b/tshark.c
+@@ -257,7 +257,7 @@ print_usage(gboolean print_ver)
+ fprintf(output, "Capture interface:\n");
+ fprintf(output, " -i name or idx of interface (def: first non-loopback)\n");
+ fprintf(output, " -f packet filter in libpcap filter syntax\n");
+- fprintf(output, " -s packet snapshot length (def: 65535)\n");
++ fprintf(output, " -s packet snapshot length (def: %u)\n", WTAP_MAX_PACKET_SIZE);
+ fprintf(output, " -p don't capture in promiscuous mode\n");
+ #ifdef HAVE_PCAP_CREATE
+ fprintf(output, " -I capture in monitor mode, if available\n");
+diff --git a/ui/gtk/main.c b/ui/gtk/main.c
+index 3e22c3e..9839a30 100644
+--- a/ui/gtk/main.c
++++ b/ui/gtk/main.c
+@@ -1157,7 +1157,7 @@ print_usage(gboolean print_ver) {
+ fprintf(output, "Capture interface:\n");
+ fprintf(output, " -i name or idx of interface (def: first non-loopback)\n");
+ fprintf(output, " -f packet filter in libpcap filter syntax\n");
+- fprintf(output, " -s packet snapshot length (def: 65535)\n");
++ fprintf(output, " -s packet snapshot length (def: 262144)\n");
+ fprintf(output, " -p don't capture in promiscuous mode\n");
+ fprintf(output, " -k start capturing immediately (def: do nothing)\n");
+ fprintf(output, " -S update packet display when new packets are captured\n");
+diff --git a/ui/qt/main.cpp b/ui/qt/main.cpp
+index 3193702..eb0a3b6 100644
+--- a/ui/qt/main.cpp
++++ b/ui/qt/main.cpp
+@@ -224,7 +224,7 @@ print_usage(gboolean print_ver) {
+ fprintf(output, "Capture interface:\n");
+ fprintf(output, " -i name or idx of interface (def: first non-loopback)\n");
+ fprintf(output, " -f packet filter in libpcap filter syntax\n");
+- fprintf(output, " -s packet snapshot length (def: 65535)\n");
++ fprintf(output, " -s packet snapshot length (def: 262144)\n");
+ fprintf(output, " -p don't capture in promiscuous mode\n");
+ fprintf(output, " -k start capturing immediately (def: do nothing)\n");
+ fprintf(output, " -Q quit Wireshark after capturing\n");
+--
+2.9.3
+
diff --git a/SOURCES/wireshark-1.10.14-display-data-len.patch b/SOURCES/wireshark-1.10.14-display-data-len.patch
new file mode 100644
index 0000000..0fb004e
--- /dev/null
+++ b/SOURCES/wireshark-1.10.14-display-data-len.patch
@@ -0,0 +1,13 @@
+diff --git a/epan/ftypes/ftype-integer.c b/epan/ftypes/ftype-integer.c
+index 71b045a..1a71a04 100644
+--- a/epan/ftypes/ftype-integer.c
++++ b/epan/ftypes/ftype-integer.c
+@@ -237,6 +237,8 @@ integer_to_repr(fvalue_t *fv, ftrepr_t rtype, char *buf)
+ val = -fv->value.sinteger;
+ } else
+ val = fv->value.sinteger;
++
++ guint32_to_str_buf(val, buf, 11);
+ }
+
+ static int
diff --git a/SOURCES/wireshark-1.10.14-drop-count.patch b/SOURCES/wireshark-1.10.14-drop-count.patch
new file mode 100644
index 0000000..6d3cbd0
--- /dev/null
+++ b/SOURCES/wireshark-1.10.14-drop-count.patch
@@ -0,0 +1,32 @@
+diff -up wireshark-1.10.14/wiretap/pcapng.c.drop_count wireshark-1.10.14/wiretap/pcapng.c
+--- wireshark-1.10.14/wiretap/pcapng.c.drop_count 2017-06-13 10:08:24.297419620 +0200
++++ wireshark-1.10.14/wiretap/pcapng.c 2017-06-13 11:33:46.264786204 +0200
+@@ -3242,6 +3242,10 @@ pcapng_write_enhanced_packet_block(wtap_
+ have_options = TRUE;
+ options_total_length = options_total_length + 8;
+ }
++ if (phdr->presence_flags & WTAP_HAS_DROP_COUNT) {
++ have_options = TRUE;
++ options_total_length = options_total_length + 12;
++ }
+ if (have_options) {
+ /* End-of optios tag */
+ options_total_length += 4;
+@@ -3364,6 +3368,17 @@ pcapng_write_enhanced_packet_block(wtap_
+ wdh->bytes_dumped += 4;
+ pcapng_debug1("pcapng_write_enhanced_packet_block: Wrote Options packet flags: %x", phdr->pack_flags);
+ }
++ if (phdr->presence_flags & WTAP_HAS_DROP_COUNT) {
++ option_hdr.type = OPT_EPB_DROPCOUNT;
++ option_hdr.value_length = 8;
++ if (!wtap_dump_file_write(wdh, &option_hdr, 4, err))
++ return FALSE;
++ wdh->bytes_dumped += 4;
++ if (!wtap_dump_file_write(wdh, &phdr->drop_count, 8, err))
++ return FALSE;
++ wdh->bytes_dumped += 8;
++ pcapng_debug1("pcapng_write_enhanced_packet_block: Wrote Options drop count: %" G_GINT64_MODIFIER "u", phdr->drop_count);
++ }
+ /* Write end of options if we have otions */
+ if (have_options) {
+ if (!wtap_dump_file_write(wdh, &zero_pad, 4, err))
diff --git a/SOURCES/wireshark-1.10.14-gdk-pixbuf-deprecated-segfault.patch b/SOURCES/wireshark-1.10.14-gdk-pixbuf-deprecated-segfault.patch
new file mode 100644
index 0000000..a2f73ae
--- /dev/null
+++ b/SOURCES/wireshark-1.10.14-gdk-pixbuf-deprecated-segfault.patch
@@ -0,0 +1,18 @@
+diff --git a/configure.ac b/configure.ac
+index a17ef31..090923b 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1396,7 +1396,12 @@ else
+ # Don't use GLIB_CFLAGS
+ AM_PATH_GLIB_2_0($GLIB_MIN_VERSION, , AC_MSG_ERROR(GLib $GLIB_MIN_VERSION or later distribution not found.), gthread gmodule)
+
+- CPPFLAGS="-DGDK_PIXBUF_DISABLE_DEPRECATED $CPPFLAGS"
++ # XXX: Disabled to fix Segfault: it worked before the latest gdk-pixbuf
++ # update, because that function is now under a #ifndef
++ # GDK_PIXBUF_DISABLE_DEPRECATED block which makes the declaration
++ # invisible and wireshark's configure sets this CPP directive.
++ #
++ # CPPFLAGS="-DGDK_PIXBUF_DISABLE_DEPRECATED $CPPFLAGS"
+ CPPFLAGS="-DGDK_DISABLE_DEPRECATED $CPPFLAGS"
+ if test \( $gtk_config_major_version -eq 3 -a $gtk_config_minor_version -ge 10 \) ; then
+ ## Allow use of deprecated & disable deprecated warnings if Gtk >= 3.10;
diff --git a/SOURCES/wireshark-1.10.14-read-from-stdin.patch b/SOURCES/wireshark-1.10.14-read-from-stdin.patch
new file mode 100644
index 0000000..e66f4ca
--- /dev/null
+++ b/SOURCES/wireshark-1.10.14-read-from-stdin.patch
@@ -0,0 +1,27 @@
+diff --git a/tshark.c b/tshark.c
+index 8c8de07..8cc4fae 100644
+--- a/tshark.c
++++ b/tshark.c
+@@ -286,7 +286,7 @@ print_usage(gboolean print_ver)
+ #endif
+ /*fprintf(output, "\n");*/
+ fprintf(output, "Input file:\n");
+- fprintf(output, " -r set the filename to read from (no pipes or stdin!)\n");
++ fprintf(output, " -r set the filename to read from (no stdin!)\n");
+
+ fprintf(output, "\n");
+ fprintf(output, "Processing:\n");
+diff --git a/wiretap/file_wrappers.c b/wiretap/file_wrappers.c
+index c670c6e..e359cd7 100644
+--- a/wiretap/file_wrappers.c
++++ b/wiretap/file_wrappers.c
+@@ -1046,7 +1046,8 @@ file_seek(FILE_T file, gint64 offset, int whence, int *err)
+
+ /* if within raw area while reading, just go there */
+ if (file->compression == UNCOMPRESSED && file->pos + offset >= file->raw
+- && (offset < 0 || offset >= file->have) /* seek only when we don't have that offset in buffer */)
++ && (offset < 0 || offset >= file->have) /* seek only when we don't have that offset in buffer */
++ && (file->fast_seek) /* seek only when random access is supported */)
+ {
+ if (ws_lseek64(file->fd, offset - file->have, SEEK_CUR) == -1) {
+ *err = errno;
diff --git a/SOURCES/wireshark-1.10.14-tls-cert-verify-msgs.patch b/SOURCES/wireshark-1.10.14-tls-cert-verify-msgs.patch
new file mode 100644
index 0000000..b1e7e60
--- /dev/null
+++ b/SOURCES/wireshark-1.10.14-tls-cert-verify-msgs.patch
@@ -0,0 +1,107 @@
+diff --git a/epan/dissectors/packet-ssl.c b/epan/dissectors/packet-ssl.c
+index e97e46e..f70919b 100644
+--- a/epan/dissectors/packet-ssl.c
++++ b/epan/dissectors/packet-ssl.c
+@@ -202,6 +202,8 @@ static gint hf_ssl_handshake_server_keyex_named_curve = -1;
+ static gint hf_ssl_handshake_server_keyex_point = -1;
+ static gint hf_ssl_handshake_client_keyex_epms = -1;
+ static gint hf_ssl_handshake_client_keyex_point = -1;
++static gint hf_ssl_handshake_client_vrfy_sig_len = -1;
++static gint hf_ssl_handshake_client_vrfy_sig = -1;
+ static gint hf_ssl_handshake_server_keyex_modulus = -1;
+ static gint hf_ssl_handshake_server_keyex_exponent = -1;
+ static gint hf_ssl_handshake_server_keyex_sig = -1;
+@@ -682,6 +684,10 @@ static gint ssl_looks_like_valid_pct_handshake(tvbuff_t *tvb,
+ static gint dissect_ssl_hash_alg_list(tvbuff_t *tvb, proto_tree *tree,
+ guint32 offset, guint16 len);
+
++static void dissect_ssl3_hnd_cli_cert_verify(tvbuff_t *tvb, proto_tree *tree,
++ guint32 offset,
++ const SslSession *session);
++
+ /*********************************************************************
+ *
+ * Main dissector
+@@ -2070,7 +2076,7 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
+ break;
+
+ case SSL_HND_CERT_VERIFY:
+- /* unimplemented */
++ dissect_ssl3_hnd_cli_cert_verify(tvb, ssl_hand_tree, offset, session);
+ break;
+
+ case SSL_HND_CLIENT_KEY_EXCHG:
+@@ -3174,8 +3180,9 @@ dissect_ssl3_hnd_cert_req(tvbuff_t *tvb,
+ }
+
+ static void
+-dissect_ssl3_hnd_srv_keyex_sig(tvbuff_t *tvb, proto_tree *tree,
+- guint32 offset, SslSession *session)
++dissect_ssl3_digitally_signed(tvbuff_t *tvb, proto_tree *tree, guint32 offset,
++ const SslSession *session, gint hf_sig_len,
++ gint hf_sig)
+ {
+ gint sig_len;
+ proto_item *ti_algo;
+@@ -3202,10 +3209,40 @@ dissect_ssl3_hnd_srv_keyex_sig(tvbuff_t *tvb, proto_tree *tree,
+
+ /* Sig */
+ sig_len = tvb_get_ntohs(tvb, offset);
+- proto_tree_add_item(tree, hf_ssl_handshake_server_keyex_sig_len, tvb,
+- offset, 2, ENC_BIG_ENDIAN);
+- proto_tree_add_item(tree, hf_ssl_handshake_server_keyex_sig, tvb,
+- offset + 2, sig_len, ENC_NA);
++ proto_tree_add_item(tree, hf_sig_len, tvb, offset, 2, ENC_BIG_ENDIAN);
++ proto_tree_add_item(tree, hf_sig, tvb, offset + 2, sig_len, ENC_NA);
++}
++
++static void
++dissect_ssl3_hnd_cli_cert_verify(tvbuff_t *tvb, proto_tree *tree,
++ guint32 offset, const SslSession *session)
++{
++ dissect_ssl3_digitally_signed(tvb, tree, offset, session,
++ hf_ssl_handshake_client_vrfy_sig_len,
++ hf_ssl_handshake_client_vrfy_sig);
++}
++
++static void
++dissect_ssl3_hnd_srv_keyex_sig(tvbuff_t *tvb, proto_tree *tree,
++ guint32 offset, SslSession *session)
++{
++ /*
++ * TLSv1.2 (RFC 5246 sec 7.4.8)
++ * struct {
++ * digitally-signed struct {
++ * opaque handshake_messages[handshake_messages_length];
++ * }
++ * } CertificateVerify;
++ *
++ * TLSv1.0/TLSv1.1 (RFC 5436 sec 7.4.8 and 7.4.3) works essentially the same
++ * as TLSv1.2, but the hash algorithms are not explicit in digitally-signed.
++ *
++ * SSLv3 (RFC 6101 sec 5.6.8) esseentially works the same as TLSv1.0 but it
++ * does more hashing including the master secret and padding.
++ */
++ dissect_ssl3_digitally_signed(tvb, tree, offset, session,
++ hf_ssl_handshake_server_keyex_sig_len,
++ hf_ssl_handshake_server_keyex_sig);
+ }
+
+ static void
+@@ -5410,6 +5447,16 @@ proto_register_ssl(void)
+ FT_BYTES, BASE_NONE, NULL, 0x0,
+ "EC Diffie-Hellman client pubkey", HFILL }
+ },
++ { &hf_ssl_handshake_client_vrfy_sig_len,
++ { "signature length", "ssl.handshake.client_cert_vrfy.sig_len",
++ FT_UINT16, BASE_DEC, NULL, 0x0,
++ "Length of CertificateVerify's signature", HFILL }
++ },
++ { &hf_ssl_handshake_client_vrfy_sig,
++ { "signature", "ssl.handshake.client_cert_vrfy.sig",
++ FT_BYTES, BASE_NONE, NULL, 0x0,
++ "CertificateVerify's signature", HFILL }
++ },
+ { &hf_ssl_handshake_server_keyex_modulus,
+ { "modulus", "ssl.handshake.modulus",
+ FT_BYTES, BASE_NONE, NULL, 0x0,
diff --git a/SOURCES/wireshark-1.10.14-tvbuff.patch b/SOURCES/wireshark-1.10.14-tvbuff.patch
new file mode 100644
index 0000000..9fd049a
--- /dev/null
+++ b/SOURCES/wireshark-1.10.14-tvbuff.patch
@@ -0,0 +1,662 @@
+diff --git a/epan/tvbuff.c b/epan/tvbuff.c
+index 98968a0..db2cfd1 100644
+--- a/epan/tvbuff.c
++++ b/epan/tvbuff.c
+@@ -53,7 +53,7 @@
+
+ static const guint8*
+ ensure_contiguous_no_exception(tvbuff_t *tvb, const gint offset, const gint length,
+- int *exception);
++ int *pexception);
+
+ static const guint8*
+ ensure_contiguous(tvbuff_t *tvb, const gint offset, const gint length);
+@@ -241,45 +241,48 @@ tvb_new_child_real_data(tvbuff_t *parent, const guint8* data, const guint length
+ return tvb;
+ }
+
+-/* Computes the absolute offset and length based on a possibly-negative offset
+- * and a length that is possible -1 (which means "to the end of the data").
+- * Returns TRUE/FALSE indicating whether the offset is in bounds or
+- * not. The integer ptrs are modified with the new offset and length.
+- * No exception is thrown.
++/*
++ * Check whether that offset goes more than one byte past the
++ * end of the buffer.
+ *
+- * XXX - we return TRUE, not FALSE, if the offset is positive and right
+- * after the end of the tvbuff (i.e., equal to the length). We do this
+- * so that a dissector constructing a subset tvbuff for the next protocol
+- * will get a zero-length tvbuff, not an exception, if there's no data
+- * left for the next protocol - we want the next protocol to be the one
+- * that gets an exception, so the error is reported as an error in that
+- * protocol rather than the containing protocol. */
+-static gboolean
+-compute_offset_length(const tvbuff_t *tvb,
+- const gint offset, const gint length_val,
+- guint *offset_ptr, guint *length_ptr, int *exception)
++ * If not, return 0; otherwise, return exception
++ */
++static inline int
++validate_offset(const tvbuff_t *tvb, const guint abs_offset)
+ {
+- DISSECTOR_ASSERT(offset_ptr);
+- DISSECTOR_ASSERT(length_ptr);
++ int exception;
++
++ if (G_LIKELY(abs_offset <= tvb->length))
++ exception = 0;
++ else if (abs_offset <= tvb->reported_length)
++ exception = BoundsError;
++ else {
++ if (tvb->flags & TVBUFF_FRAGMENT)
++ exception = FragmentBoundsError;
++ else
++ exception = ReportedBoundsError;
++ }
++
++ return exception;
++}
++
++static int
++compute_offset(const tvbuff_t *tvb, const gint offset, guint *offset_ptr)
++{
++ int exception;
+
+- /* Compute the offset */
+ if (offset >= 0) {
+ /* Positive offset - relative to the beginning of the packet. */
+ if ((guint) offset > tvb->reported_length) {
+- if (exception) {
+- if (tvb->flags & TVBUFF_FRAGMENT) {
+- *exception = FragmentBoundsError;
+- } else {
+- *exception = ReportedBoundsError;
+- }
++ if (tvb->flags & TVBUFF_FRAGMENT) {
++ exception = FragmentBoundsError;
++ } else {
++ exception = ReportedBoundsError;
+ }
+- return FALSE;
++ return exception;
+ }
+ else if ((guint) offset > tvb->length) {
+- if (exception) {
+- *exception = BoundsError;
+- }
+- return FALSE;
++ return BoundsError;
+ }
+ else {
+ *offset_ptr = offset;
+@@ -288,95 +291,90 @@ compute_offset_length(const tvbuff_t *tvb,
+ else {
+ /* Negative offset - relative to the end of the packet. */
+ if ((guint) -offset > tvb->reported_length) {
+- if (exception) {
+- if (tvb->flags & TVBUFF_FRAGMENT) {
+- *exception = FragmentBoundsError;
+- } else {
+- *exception = ReportedBoundsError;
+- }
++ if (tvb->flags & TVBUFF_FRAGMENT) {
++ exception = FragmentBoundsError;
++ } else {
++ exception = ReportedBoundsError;
+ }
+- return FALSE;
++ return exception;
+ }
+ else if ((guint) -offset > tvb->length) {
+- if (exception) {
+- *exception = BoundsError;
+- }
+- return FALSE;
++ return BoundsError;
+ }
+ else {
+ *offset_ptr = tvb->length + offset;
+ }
+ }
+
+- /* Compute the length */
+- if (length_val < -1) {
+- if (exception) {
+- /* XXX - ReportedBoundsError? */
+- *exception = BoundsError;
+- }
+- return FALSE;
+- }
+- else if (length_val == -1) {
+- *length_ptr = tvb->length - *offset_ptr;
+- }
+- else {
+- *length_ptr = length_val;
+- }
++ return 0;
++}
+
+- return TRUE;
++static int
++compute_offset_and_remaining(const tvbuff_t *tvb, const gint offset, guint *offset_ptr, guint *rem_len)
++{
++ int exception;
++
++ exception = compute_offset(tvb, offset, offset_ptr);
++ if (!exception)
++ *rem_len = tvb->length - *offset_ptr;
++
++ return exception;
+ }
+
+-static gboolean
++/* Computes the absolute offset and length based on a possibly-negative offset
++ * and a length that is possible -1 (which means "to the end of the data").
++ * Returns integer indicating whether the offset is in bounds (0) or
++ * not (exception number). The integer ptrs are modified with the new offset and length.
++ * No exception is thrown.
++ *
++ * XXX - we return success (0), if the offset is positive and right
++ * after the end of the tvbuff (i.e., equal to the length). We do this
++ * so that a dissector constructing a subset tvbuff for the next protocol
++ * will get a zero-length tvbuff, not an exception, if there's no data
++ * left for the next protocol - we want the next protocol to be the one
++ * that gets an exception, so the error is reported as an error in that
++ * protocol rather than the containing protocol. */
++static int
+ check_offset_length_no_exception(const tvbuff_t *tvb,
+ const gint offset, gint const length_val,
+- guint *offset_ptr, guint *length_ptr, int *exception)
++ guint *offset_ptr, guint *length_ptr)
+ {
+- guint end_offset;
++ guint end_offset;
++ int exception;
+
+- if (!compute_offset_length(tvb,
+- offset, length_val, offset_ptr, length_ptr, exception)) {
+- return FALSE;
++ DISSECTOR_ASSERT(offset_ptr);
++ DISSECTOR_ASSERT(length_ptr);
++
++ /* Compute the offset */
++ exception = compute_offset(tvb, offset, offset_ptr);
++ if (exception)
++ return exception;
++
++ if (length_val < -1) {
++ /* XXX - ReportedBoundsError? */
++ return BoundsError;
+ }
+
++ /* Compute the length */
++ if (length_val == -1)
++ *length_ptr = tvb->length - *offset_ptr;
++ else
++ *length_ptr = length_val;
++
+ /*
+ * Compute the offset of the first byte past the length.
+ */
+ end_offset = *offset_ptr + *length_ptr;
+
+ /*
+- * Check for an overflow, and clamp "end_offset" at the maximum
+- * if we got an overflow - that should force us to indicate that
+- * we're past the end of the tvbuff.
++ * Check for an overflow
+ */
+ if (end_offset < *offset_ptr)
+- end_offset = UINT_MAX;
+-
+- /*
+- * Check whether that offset goes more than one byte past the
+- * end of the buffer.
+- *
+- * If not, return TRUE; otherwise, return FALSE and, if "exception"
+- * is non-null, return the appropriate exception through it.
+- */
+- if (end_offset <= tvb->length) {
+- return TRUE;
+- }
+- else {
+- if (exception) {
+- if (end_offset <= tvb->reported_length) {
+- *exception = BoundsError;
+- }
+- else {
+- if (tvb->flags & TVBUFF_FRAGMENT) {
+- *exception = FragmentBoundsError;
+- } else {
+- *exception = ReportedBoundsError;
+- }
+- }
+- }
++ exception = BoundsError;
++ else
++ exception = validate_offset(tvb, end_offset);
+
+- return FALSE;
+- }
++ return exception;
+ }
+
+ /* Checks (+/-) offset and length and throws an exception if
+@@ -387,13 +385,11 @@ check_offset_length(const tvbuff_t *tvb,
+ const gint offset, gint const length_val,
+ guint *offset_ptr, guint *length_ptr)
+ {
+- int exception = 0;
+-
+- if (!check_offset_length_no_exception(tvb,
+- offset, length_val, offset_ptr, length_ptr, &exception)) {
+- DISSECTOR_ASSERT(exception > 0);
++ int exception;
++
++ exception = check_offset_length_no_exception(tvb, offset, length_val, offset_ptr, length_ptr);
++ if (exception)
+ THROW(exception);
+- }
+ }
+
+ static tvbuff_t *
+@@ -538,7 +534,7 @@ tvb_new_octet_aligned(tvbuff_t *tvb, guint32 bit_offset, gint32 no_of_bits)
+ right = 8 - left; /* for right-shifting */
+
+ if (no_of_bits == -1) {
+- datalen = tvb_length_remaining(tvb, byte_offset);
++ datalen = tvb_captured_length_remaining(tvb, byte_offset);
+ remaining_bits = 0;
+ } else {
+ datalen = no_of_bits >> 3;
+@@ -560,7 +556,7 @@ tvb_new_octet_aligned(tvbuff_t *tvb, guint32 bit_offset, gint32 no_of_bits)
+ * if non extra byte is available, the last shifted byte requires
+ * special treatment
+ */
+- if (tvb_length_remaining(tvb, byte_offset) > datalen) {
++ if (tvb_captured_length_remaining(tvb, byte_offset) > datalen) {
+ data = tvb_get_ptr(tvb, byte_offset, datalen + 1);
+
+ /* Do this allocation AFTER tvb_get_ptr() (which could throw an exception) */
+@@ -679,7 +675,7 @@ tvb_composite_finalize(tvbuff_t *tvb)
+
+
+ guint
+-tvb_length(const tvbuff_t *tvb)
++tvb_captured_length(const tvbuff_t *tvb)
+ {
+ DISSECTOR_ASSERT(tvb && tvb->initialized);
+
+@@ -687,32 +683,33 @@ tvb_length(const tvbuff_t *tvb)
+ }
+
+ gint
+-tvb_length_remaining(const tvbuff_t *tvb, const gint offset)
++tvb_captured_length_remaining(const tvbuff_t *tvb, const gint offset)
+ {
+- guint abs_offset, abs_length;
++ guint abs_offset, rem_length;
++ int exception;
+
+ DISSECTOR_ASSERT(tvb && tvb->initialized);
+
+- if (compute_offset_length(tvb, offset, -1, &abs_offset, &abs_length, NULL)) {
+- return abs_length;
+- }
+- else {
+- return -1;
+- }
++ exception = compute_offset_and_remaining(tvb, offset, &abs_offset, &rem_length);
++ if (exception)
++ return 0;
++
++ return rem_length;
+ }
+
+ guint
+-tvb_ensure_length_remaining(const tvbuff_t *tvb, const gint offset)
++tvb_ensure_captured_length_remaining(const tvbuff_t *tvb, const gint offset)
+ {
+- guint abs_offset, abs_length;
++ guint abs_offset, rem_length;
+ int exception;
+
+ DISSECTOR_ASSERT(tvb && tvb->initialized);
+
+- if (!compute_offset_length(tvb, offset, -1, &abs_offset, &abs_length, &exception)) {
++ exception = compute_offset_and_remaining(tvb, offset, &abs_offset, &rem_length);
++ if (exception)
+ THROW(exception);
+- }
+- if (abs_length == 0) {
++
++ if (rem_length == 0) {
+ /*
+ * This routine ensures there's at least one byte available.
+ * There aren't any bytes available, so throw the appropriate
+@@ -727,7 +724,7 @@ tvb_ensure_length_remaining(const tvbuff_t *tvb, const gint offset)
+ } else
+ THROW(BoundsError);
+ }
+- return abs_length;
++ return rem_length;
+ }
+
+
+@@ -739,18 +736,15 @@ gboolean
+ tvb_bytes_exist(const tvbuff_t *tvb, const gint offset, const gint length)
+ {
+ guint abs_offset, abs_length;
++ int exception;
+
+ DISSECTOR_ASSERT(tvb && tvb->initialized);
+
+- if (!compute_offset_length(tvb, offset, length, &abs_offset, &abs_length, NULL))
++ exception = check_offset_length_no_exception(tvb, offset, length, &abs_offset, &abs_length);
++ if (exception)
+ return FALSE;
+
+- if (abs_offset + abs_length <= tvb->length) {
+- return TRUE;
+- }
+- else {
+- return FALSE;
+- }
++ return TRUE;
+ }
+
+ /* Validates that 'length' bytes are available starting from
+@@ -781,10 +775,13 @@ tvb_ensure_bytes_exist(const tvbuff_t *tvb, const gint offset, const gint length
+ gboolean
+ tvb_offset_exists(const tvbuff_t *tvb, const gint offset)
+ {
+- guint abs_offset, abs_length;
++ guint abs_offset;
++ int exception;
+
+ DISSECTOR_ASSERT(tvb && tvb->initialized);
+- if (!compute_offset_length(tvb, offset, -1, &abs_offset, &abs_length, NULL))
++
++ exception = compute_offset(tvb, offset, &abs_offset);
++ if (exception)
+ return FALSE;
+
+ if (abs_offset < tvb->length) {
+@@ -806,19 +803,19 @@ tvb_reported_length(const tvbuff_t *tvb)
+ gint
+ tvb_reported_length_remaining(const tvbuff_t *tvb, const gint offset)
+ {
+- guint abs_offset, abs_length;
++ guint abs_offset;
++ int exception;
+
+ DISSECTOR_ASSERT(tvb && tvb->initialized);
+
+- if (compute_offset_length(tvb, offset, -1, &abs_offset, &abs_length, NULL)) {
+- if (tvb->reported_length >= abs_offset)
+- return tvb->reported_length - abs_offset;
+- else
+- return -1;
+- }
+- else {
+- return -1;
+- }
++ exception = compute_offset(tvb, offset, &abs_offset);
++ if (exception)
++ return 0;
++
++ if (tvb->reported_length >= abs_offset)
++ return tvb->reported_length - abs_offset;
++ else
++ return 0;
+ }
+
+ /* Set the reported length of a tvbuff to a given value; used for protocols
+@@ -896,6 +893,7 @@ composite_ensure_contiguous_no_exception(tvbuff_t *tvb, const guint abs_offset,
+ tvbuff_t *member_tvb = NULL;
+ guint member_offset, member_length;
+ GSList *slist;
++ int exception;
+
+ DISSECTOR_ASSERT(tvb->type == TVBUFF_COMPOSITE);
+
+@@ -913,10 +911,11 @@ composite_ensure_contiguous_no_exception(tvbuff_t *tvb, const guint abs_offset,
+ }
+ DISSECTOR_ASSERT(member_tvb);
+
+- if (check_offset_length_no_exception(member_tvb,
++ exception = check_offset_length_no_exception(member_tvb,
+ abs_offset - composite->start_offsets[i],
+- abs_length, &member_offset, &member_length, NULL)) {
++ abs_length, &member_offset, &member_length);
+
++ if (!exception) {
+ /*
+ * The range is, in fact, contiguous within member_tvb.
+ */
+@@ -932,12 +931,15 @@ composite_ensure_contiguous_no_exception(tvbuff_t *tvb, const guint abs_offset,
+ }
+
+ static const guint8*
+-ensure_contiguous_no_exception(tvbuff_t *tvb, const gint offset, const gint length, int *exception)
++ensure_contiguous_no_exception(tvbuff_t *tvb, const gint offset, const gint length, int *pexception)
+ {
+ guint abs_offset, abs_length;
++ int exception;
+
+- if (!check_offset_length_no_exception(tvb, offset, length,
+- &abs_offset, &abs_length, exception)) {
++ exception = check_offset_length_no_exception(tvb, offset, length, &abs_offset, &abs_length);
++ if (exception) {
++ if (pexception)
++ *pexception = exception;
+ return NULL;
+ }
+
+@@ -1046,7 +1048,7 @@ composite_memcpy(tvbuff_t *tvb, guint8* target, guint abs_offset, size_t abs_len
+ tvb_comp_t *composite;
+ tvbuff_t *member_tvb = NULL;
+ guint member_offset, member_length;
+- gboolean retval;
++ int exception;
+ GSList *slist;
+
+ DISSECTOR_ASSERT(tvb->type == TVBUFF_COMPOSITE);
+@@ -1065,9 +1067,10 @@ composite_memcpy(tvbuff_t *tvb, guint8* target, guint abs_offset, size_t abs_len
+ }
+ DISSECTOR_ASSERT(member_tvb);
+
+- if (check_offset_length_no_exception(member_tvb, abs_offset - composite->start_offsets[i],
+- (gint) abs_length, &member_offset, &member_length, NULL)) {
+-
++ exception = check_offset_length_no_exception(member_tvb, abs_offset - composite->start_offsets[i],
++ (gint) abs_length, &member_offset, &member_length);
++
++ if (!exception) {
+ DISSECTOR_ASSERT(!tvb->real_data);
+ return tvb_memcpy(member_tvb, target, member_offset, member_length);
+ }
+@@ -1077,9 +1080,9 @@ composite_memcpy(tvbuff_t *tvb, guint8* target, guint abs_offset, size_t abs_len
+ * then iterate across the other member tvb's, copying their portions
+ * until we have copied all data.
+ */
+- retval = compute_offset_length(member_tvb, abs_offset - composite->start_offsets[i], -1,
+- &member_offset, &member_length, NULL);
+- DISSECTOR_ASSERT(retval);
++ exception = compute_offset_and_remaining(member_tvb, abs_offset - composite->start_offsets[i],
++ &member_offset, &member_length);
++ DISSECTOR_ASSERT(!exception);
+
+ /* composite_memcpy() can't handle a member_length of zero. */
+ DISSECTOR_ASSERT(member_length);
+@@ -1909,6 +1912,21 @@ tvb_get_bits(tvbuff_t *tvb, const guint bit_offset, const gint no_of_bits, const
+ return (guint32)_tvb_get_bits64(tvb, bit_offset, no_of_bits);
+ }
+
++static gint
++tvb_find_guint8_generic(tvbuff_t *tvb, guint abs_offset, guint limit, guint8 needle)
++{
++ const guint8 *ptr;
++ const guint8 *result;
++
++ ptr = tvb_get_ptr(tvb, abs_offset, limit);
++
++ result = (const guint8 *) memchr(ptr, needle, limit);
++ if (!result)
++ return -1;
++
++ return (gint) ((result - ptr) + abs_offset);
++}
++
+ /* Find first occurrence of needle in tvbuff, starting at offset. Searches
+ * at most maxlength number of bytes; if maxlength is -1, searches to
+ * end of tvbuff.
+@@ -1920,16 +1938,15 @@ gint
+ tvb_find_guint8(tvbuff_t *tvb, const gint offset, const gint maxlength, const guint8 needle)
+ {
+ const guint8 *result;
+- guint abs_offset, junk_length;
++ guint abs_offset;
+ guint tvbufflen;
+ guint limit;
+
+ DISSECTOR_ASSERT(tvb && tvb->initialized);
+
+- check_offset_length(tvb, offset, 0, &abs_offset, &junk_length);
++ check_offset_length(tvb, offset, -1, &abs_offset, &tvbufflen);
+
+ /* Only search to end of tvbuff, w/o throwing exception. */
+- tvbufflen = tvb_length_remaining(tvb, abs_offset);
+ if (maxlength == -1) {
+ /* No maximum length specified; search to end of tvbuff. */
+ limit = tvbufflen;
+@@ -1985,16 +2002,15 @@ gint
+ tvb_pbrk_guint8(tvbuff_t *tvb, const gint offset, const gint maxlength, const guint8 *needles, guchar *found_needle)
+ {
+ const guint8 *result;
+- guint abs_offset, junk_length;
++ guint abs_offset;
+ guint tvbufflen;
+ guint limit;
+
+ DISSECTOR_ASSERT(tvb && tvb->initialized);
+
+- check_offset_length(tvb, offset, 0, &abs_offset, &junk_length);
++ check_offset_length(tvb, offset, -1, &abs_offset, &tvbufflen);
+
+ /* Only search to end of tvbuff, w/o throwing exception. */
+- tvbufflen = tvb_length_remaining(tvb, abs_offset);
+ if (maxlength == -1) {
+ /* No maximum length specified; search to end of tvbuff. */
+ limit = tvbufflen;
+@@ -2845,11 +2861,12 @@ static gint
+ _tvb_get_nstringz(tvbuff_t *tvb, const gint offset, const guint bufsize, guint8* buffer, gint *bytes_copied)
+ {
+ gint stringlen;
+- guint abs_offset, junk_length;
++ guint abs_offset;
+ gint limit, len;
+ gboolean decreased_max = FALSE;
+
+- check_offset_length(tvb, offset, 0, &abs_offset, &junk_length);
++ /* Only read to end of tvbuff, w/o throwing exception. */
++ check_offset_length(tvb, offset, -1, &abs_offset, &len);
+
+ /* There must at least be room for the terminating NUL. */
+ DISSECTOR_ASSERT(bufsize != 0);
+@@ -2861,9 +2878,6 @@ _tvb_get_nstringz(tvbuff_t *tvb, const gint offset, const guint bufsize, guint8*
+ return 0;
+ }
+
+- /* Only read to end of tvbuff, w/o throwing exception. */
+- len = tvb_length_remaining(tvb, abs_offset);
+-
+ /* check_offset_length() won't throw an exception if we're
+ * looking at the byte immediately after the end of the tvbuff. */
+ if (len == 0) {
+@@ -2984,7 +2998,7 @@ tvb_find_line_end(tvbuff_t *tvb, const gint offset, int len, gint *next_offset,
+ guchar found_needle = 0;
+
+ if (len == -1)
+- len = tvb_length_remaining(tvb, offset);
++ len = tvb_captured_length_remaining(tvb, offset);
+ /*
+ * XXX - what if "len" is still -1, meaning "offset is past the
+ * end of the tvbuff"?
+@@ -3100,7 +3114,7 @@ tvb_find_line_end_unquoted(tvbuff_t *tvb, const gint offset, int len, gint *next
+ int linelen;
+
+ if (len == -1)
+- len = tvb_length_remaining(tvb, offset);
++ len = tvb_captured_length_remaining(tvb, offset);
+ /*
+ * XXX - what if "len" is still -1, meaning "offset is past the
+ * end of the tvbuff"?
+@@ -3238,7 +3252,7 @@ tvb_skip_wsp(tvbuff_t *tvb, const gint offset, const gint maxlength)
+ guint8 tempchar;
+
+ /* Get the length remaining */
+- tvb_len = tvb_length(tvb);
++ tvb_len = tvb_captured_length(tvb);
+ end = offset + maxlength;
+ if (end >= tvb_len)
+ {
+@@ -3310,7 +3324,7 @@ tvb_bcd_dig_to_ep_str(tvbuff_t *tvb, const gint offset, const gint len, dgt_set_
+ dgt = &Dgt1_9_bcd;
+
+ if (len == -1) {
+- length = tvb_length(tvb);
++ length = tvb_captured_length(tvb);
+ if (length < offset) {
+ return "";
+ }
+diff --git a/epan/tvbuff.h b/epan/tvbuff.h
+index 8950feb..f815c1f 100644
+--- a/epan/tvbuff.h
++++ b/epan/tvbuff.h
+@@ -213,16 +213,28 @@ WS_DLL_PUBLIC tvbuff_t* tvb_new_composite(void);
+ WS_DLL_PUBLIC void tvb_composite_finalize(tvbuff_t* tvb);
+
+
+-/* Get total length of buffer */
+-WS_DLL_PUBLIC guint tvb_length(const tvbuff_t*);
++/* Get amount of captured data in the buffer (which is *NOT* necessarily the
++ * * length of the packet). You probably want tvb_reported_length instead. */
++WS_DLL_PUBLIC guint tvb_captured_length(const tvbuff_t *tvb);
++
++/* DEPRECATED, do not use in new code, call tvb_captured_length directly! */
++#define tvb_length tvb_captured_length
+
+ /** Computes bytes to end of buffer, from offset (which can be negative,
+- * to indicate bytes from end of buffer). Function returns -1 to
+- * indicate that offset is out of bounds. No exception is thrown. */
+-WS_DLL_PUBLIC gint tvb_length_remaining(const tvbuff_t*, const gint offset);
++ * to indicate bytes from end of buffer). Function returns 0 if offset is out
++ * of bounds. No exception is thrown. */
++WS_DLL_PUBLIC gint tvb_captured_length_remaining(const tvbuff_t *tvb, const gint offset);
++
++/* DEPRECATED, do not use in new code, call tvb_captured_length_remaining directly! */
++#define tvb_length_remaining tvb_captured_length_remaining
++
+
+ /** Same as above, but throws an exception if the offset is out of bounds. */
+-WS_DLL_PUBLIC guint tvb_ensure_length_remaining(const tvbuff_t*, const gint offset);
++WS_DLL_PUBLIC guint tvb_ensure_captured_length_remaining(const tvbuff_t *tvb,
++ const gint offset);
++
++/* DEPRECATED, do not use in new code, call tvb_ensure_captured_length_remaining directly! */
++#define tvb_ensure_length_remaining tvb_ensure_captured_length_remaining
+
+ /* Checks (w/o throwing exception) that the bytes referred to by
+ * 'offset'/'length' actually exist in the buffer */
+@@ -240,8 +252,7 @@ WS_DLL_PUBLIC guint tvb_reported_length(const tvbuff_t*);
+
+ /** Computes bytes of reported packet data to end of buffer, from offset
+ * (which can be negative, to indicate bytes from end of buffer). Function
+- * returns -1 to indicate that offset is out of bounds. No exception is
+- * thrown. */
++ * returns 0 if offset is out of bounds. No exception is thrown. */
+ WS_DLL_PUBLIC gint tvb_reported_length_remaining(const tvbuff_t *tvb, const gint offset);
+
+ /** Set the reported length of a tvbuff to a given value; used for protocols
diff --git a/SOURCES/wireshark-1.10.3-dtls-elliptic-curves.patch b/SOURCES/wireshark-1.10.3-dtls-elliptic-curves.patch
new file mode 100644
index 0000000..7024eb1
--- /dev/null
+++ b/SOURCES/wireshark-1.10.3-dtls-elliptic-curves.patch
@@ -0,0 +1,106 @@
+diff --git a/epan/dissectors/packet-dtls.c b/epan/dissectors/packet-dtls.c
+index f0c8a3e..5e287e0 100644
+--- a/epan/dissectors/packet-dtls.c
++++ b/epan/dissectors/packet-dtls.c
+@@ -119,6 +119,9 @@ static gint hf_dtls_handshake_extensions_len = -1;
+ static gint hf_dtls_handshake_extension_type = -1;
+ static gint hf_dtls_handshake_extension_len = -1;
+ static gint hf_dtls_handshake_extension_data = -1;
++static gint hf_ssl_handshake_extension_elliptic_curves_len = -1;
++static gint hf_ssl_handshake_extension_elliptic_curves = -1;
++static gint hf_ssl_handshake_extension_elliptic_curve = -1;
+ static gint hf_dtls_handshake_session_ticket_lifetime_hint = -1;
+ static gint hf_dtls_handshake_session_ticket_len = -1;
+ static gint hf_dtls_handshake_session_ticket = -1;
+@@ -165,6 +168,7 @@ static gint ett_dtls_heartbeat = -1;
+ static gint ett_dtls_cipher_suites = -1;
+ static gint ett_dtls_comp_methods = -1;
+ static gint ett_dtls_extension = -1;
++static gint ett_dtls_extension_curves = -1;
+ static gint ett_dtls_new_ses_ticket = -1;
+ static gint ett_dtls_certs = -1;
+ static gint ett_dtls_cert_types = -1;
+@@ -1654,6 +1658,43 @@ dissect_dtls_hnd_hello_common(tvbuff_t *tvb, proto_tree *tree,
+ }
+
+ static gint
++dissect_dtls_hnd_hello_ext_elliptic_curves(tvbuff_t *tvb,
++ proto_tree *tree, guint32 offset)
++{
++ gint16 curves_length;
++ proto_tree *curves_tree;
++ proto_item *ti;
++
++ curves_length = tvb_get_ntohs(tvb, offset);
++ proto_tree_add_item(tree, hf_ssl_handshake_extension_elliptic_curves_len,
++ tvb, offset, 2, ENC_BIG_ENDIAN);
++
++ offset += 2;
++ tvb_ensure_bytes_exist(tvb, offset, curves_length);
++ ti = proto_tree_add_none_format(tree,
++ hf_ssl_handshake_extension_elliptic_curves,
++ tvb, offset, curves_length,
++ "Elliptic curves (%d curve%s)",
++ curves_length / 2,
++ plurality(curves_length/2, "", "s"));
++
++ /* make this a subtree */
++ curves_tree = proto_item_add_subtree(ti, ett_dtls_extension_curves);
++
++ /* loop over all curves */
++ while (curves_length > 0)
++ {
++ proto_tree_add_item(curves_tree,
++ hf_ssl_handshake_extension_elliptic_curve,
++ tvb, offset, 2, ENC_BIG_ENDIAN);
++ offset += 2;
++ curves_length -= 2;
++ }
++
++ return offset;
++}
++
++static gint
+ dissect_dtls_hnd_hello_ext(tvbuff_t *tvb,
+ proto_tree *tree, guint32 offset, guint32 left)
+ {
+@@ -1700,6 +1741,9 @@ dissect_dtls_hnd_hello_ext(tvbuff_t *tvb,
+ tvb, offset, 1, ENC_BIG_ENDIAN);
+ offset += ext_len;
+ break;
++ case SSL_HND_HELLO_EXT_ELLIPTIC_CURVES:
++ offset = dissect_dtls_hnd_hello_ext_elliptic_curves(tvb, ext_tree, offset);
++ break;
+ default:
+ proto_tree_add_bytes_format(ext_tree, hf_dtls_handshake_extension_data,
+ tvb, offset, ext_len, NULL,
+@@ -2534,6 +2578,21 @@ proto_register_dtls(void)
+ FT_BYTES, BASE_NONE, NULL, 0x0,
+ "Hello Extension data", HFILL }
+ },
++ { &hf_ssl_handshake_extension_elliptic_curves_len,
++ { "Elliptic Curves Length", "dtls.handshake.extensions_elliptic_curves_length",
++ FT_UINT16, BASE_DEC, NULL, 0x0,
++ "Length of elliptic curves field", HFILL }
++ },
++ { &hf_ssl_handshake_extension_elliptic_curves,
++ { "Elliptic Curves List", "dtls.handshake.extensions_elliptic_curves",
++ FT_NONE, BASE_NONE, NULL, 0x0,
++ "List of elliptic curves supported", HFILL }
++ },
++ { &hf_ssl_handshake_extension_elliptic_curve,
++ { "Elliptic curve", "dtls.handshake.extensions_elliptic_curve",
++ FT_UINT16, BASE_HEX, VALS(ssl_extension_curves), 0x0,
++ NULL, HFILL }
++ },
+ { &hf_dtls_handshake_session_ticket_lifetime_hint,
+ { "Session Ticket Lifetime Hint", "dtls.handshake.session_ticket_lifetime_hint",
+ FT_UINT32, BASE_DEC, NULL, 0x0,
+@@ -2707,6 +2766,7 @@ proto_register_dtls(void)
+ &ett_dtls_cipher_suites,
+ &ett_dtls_comp_methods,
+ &ett_dtls_extension,
++ &ett_dtls_extension_curves,
+ &ett_dtls_new_ses_ticket,
+ &ett_dtls_certs,
+ &ett_dtls_cert_types,
diff --git a/SOURCES/wireshark-1.10.3-nanosecond-timestamps.patch b/SOURCES/wireshark-1.10.3-nanosecond-timestamps.patch
new file mode 100644
index 0000000..2809de3
--- /dev/null
+++ b/SOURCES/wireshark-1.10.3-nanosecond-timestamps.patch
@@ -0,0 +1,2476 @@
+diff --git a/acinclude.m4 b/acinclude.m4
+index f962022..719bdbe 100644
+--- a/acinclude.m4
++++ b/acinclude.m4
+@@ -615,7 +615,7 @@ install a newer version of the header file.])
+ AC_CHECK_FUNCS(pcap_datalink_val_to_description)
+ AC_CHECK_FUNCS(pcap_list_datalinks pcap_set_datalink pcap_lib_version)
+ AC_CHECK_FUNCS(pcap_get_selectable_fd pcap_free_datalinks)
+- AC_CHECK_FUNCS(pcap_create bpf_image)
++ AC_CHECK_FUNCS(pcap_create bpf_image pcap_set_tstamp_precision)
+ fi
+ LIBS="$ac_save_LIBS"
+ ])
+diff --git a/cmake/modules/FindPCAP.cmake b/cmake/modules/FindPCAP.cmake
+index 1d3c1b6..bde07d7 100644
+--- a/cmake/modules/FindPCAP.cmake
++++ b/cmake/modules/FindPCAP.cmake
+@@ -121,6 +121,7 @@ CHECK_FUNCTION_EXISTS("pcap_get_selectable_fd" HAVE_PCAP_GET_SELECTABLE_FD)
+ CHECK_FUNCTION_EXISTS("pcap_lib_version" HAVE_PCAP_LIB_VERSION)
+ CHECK_FUNCTION_EXISTS("pcap_list_datalinks" HAVE_PCAP_LIST_DATALINKS)
+ CHECK_FUNCTION_EXISTS("pcap_set_datalink" HAVE_PCAP_SET_DATALINK)
++CHECK_FUNCTION_EXISTS("pcap_set_tstamp_precision" HAVE_PCAP_SET_TSTAMP_PRECISION)
+ # Remote pcap checks
+ CHECK_FUNCTION_EXISTS("pcap_open" H_PCAP_OPEN)
+ CHECK_FUNCTION_EXISTS("pcap_findalldevs_ex" H_FINDALLDEVS_EX)
+diff --git a/cmakeconfig.h.in b/cmakeconfig.h.in
+index 2ef36d1..fee55c5 100644
+--- a/cmakeconfig.h.in
++++ b/cmakeconfig.h.in
+@@ -252,6 +252,9 @@
+ #cmakedefine HAVE_PCAP_REMOTE 1
+ #cmakedefine HAVE_REMOTE 1
+
++/* Define to 1 if you have the `pcap_set_tstamp_precision' function. */
++#cmakedefine HAVE_PCAP_SET_TSTAMP_PRECISION 1
++
+ /* Define to 1 if you have the header file. */
+ #cmakedefine HAVE_PORTAUDIO_H 1
+
+diff --git a/dumpcap.c b/dumpcap.c
+index adba93d..bae3fbf 100644
+--- a/dumpcap.c
++++ b/dumpcap.c
+@@ -641,7 +641,12 @@ relinquish_all_capabilities(void)
+ #endif
+
+ static pcap_t *
+-open_capture_device(interface_options *interface_opts,
++open_capture_device(capture_options *capture_opts
++#ifndef HAVE_PCAP_SET_TSTAMP_PRECISION
++ _U_
++#endif
++ ,
++ interface_options *interface_opts,
+ char (*open_err_str)[PCAP_ERRBUF_SIZE])
+ {
+ pcap_t *pcap_h;
+@@ -714,6 +719,31 @@ open_capture_device(interface_options *interface_opts,
+ pcap_set_promisc(pcap_h, interface_opts->promisc_mode);
+ pcap_set_timeout(pcap_h, CAP_READ_TIMEOUT);
+
++#ifdef HAVE_PCAP_SET_TSTAMP_PRECISION
++ /*
++ * If we're writing pcap-ng files, try to enable
++ * nanosecond-resolution capture; any code that
++ * can read pcap-ng files must be able to handle
++ * nanosecond-resolution time stamps.
++ *
++ * If we're writing pcap files, don't try to enable
++ * nanosecond-resolution capture, as not all code
++ * that reads pcap files recognizes the nanosecond-
++ * resolution pcap file magic number.
++ */
++ if (capture_opts->use_pcapng) {
++ /*
++ * The only errors this is documenting as returning
++ * are PCAP_ERROR_TSTAMP_PRECISION_NOTSUP, which jus
++ * means we can't do nanosecond precision on this adapter,
++ * in which case we just live with whatever resolution
++ * we get by default, and PCAP_ERROR_ACTIVATED, which
++ * can't happen as we haven't activated the pcap_t yet.
++ */
++ pcap_set_tstamp_precision(pcap_h, PCAP_TSTAMP_PRECISION_NANO);
++ }
++#endif
++
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG,
+ "buffersize %d.", interface_opts->buffer_size);
+ if (interface_opts->buffer_size != 0) {
+@@ -913,7 +943,7 @@ show_filter_code(capture_options *capture_opts)
+
+ for (j = 0; j < capture_opts->ifaces->len; j++) {
+ interface_opts = g_array_index(capture_opts->ifaces, interface_options, j);
+- pcap_h = open_capture_device(&interface_opts, &open_err_str);
++ pcap_h = open_capture_device(capture_opts, &interface_opts, &open_err_str);
+ if (pcap_h == NULL) {
+ /* Open failed; get messages */
+ get_capture_device_open_failure_messages(open_err_str,
+@@ -2680,10 +2710,16 @@ capture_loop_open_input(capture_options *capture_opts, loop_data *ld,
+ g_array_append_val(ld->pcaps, pcap_opts);
+
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "capture_loop_open_input : %s", interface_opts.name);
+- pcap_opts->pcap_h = open_capture_device(&interface_opts, &open_err_str);
++ pcap_opts->pcap_h = open_capture_device(capture_opts, &interface_opts, &open_err_str);
+
+ if (pcap_opts->pcap_h != NULL) {
+ /* we've opened "iface" as a network device */
++
++#ifdef HAVE_PCAP_SET_TSTAMP_PRECISION
++ /* Find out if we're getting nanosecond-precision time stamps */
++ pcap_opts->ts_nsec = pcap_get_tstamp_precision(pcap_opts->pcap_h) == PCAP_TSTAMP_PRECISION_NANO;
++#endif
++
+ #ifdef _WIN32
+ /* try to set the capture buffer size */
+ if (interface_opts.buffer_size > 1 &&
+diff --git a/editcap.c b/editcap.c
+index 9ba8245..8caa1bf 100644
+--- a/editcap.c
++++ b/editcap.c
+@@ -125,7 +125,6 @@ fd_hash_t fd_hash[MAX_DUP_DEPTH];
+ int dup_window = DEFAULT_DUP_DEPTH;
+ int cur_dup_entry = 0;
+
+-#define ONE_MILLION 1000000
+ #define ONE_BILLION 1000000000
+
+ /* Weights of different errors we can introduce */
+@@ -143,7 +142,7 @@ int cur_dup_entry = 0;
+
+
+ struct time_adjustment {
+- struct timeval tv;
++ nstime_t tv;
+ int is_negative;
+ };
+
+@@ -368,18 +367,18 @@ set_time_adjustment(char *optarg_str_p)
+ exit(1);
+ }
+ }
+- time_adj.tv.tv_sec = val;
++ time_adj.tv.secs = val;
+
+ /* now collect the partial seconds, if any */
+ if (*frac != '\0') { /* chars left, so get fractional part */
+ val = strtol(&(frac[1]), &end, 10);
+- /* if more than 6 fractional digits truncate to 6 */
+- if((end - &(frac[1])) > 6) {
+- frac[7] = 't'; /* 't' for truncate */
++ /* if more than 9 fractional digits truncate to 9 */
++ if((end - &(frac[1])) > 9) {
++ frac[10] = 't'; /* 't' for truncate */
+ val = strtol(&(frac[1]), &end, 10);
+ }
+ if (*frac != '.' || end == NULL || end == frac
+- || val < 0 || val > ONE_MILLION || val == LONG_MIN || val == LONG_MAX) {
++ || val < 0 || val > ONE_BILLION || val == LONG_MIN || val == LONG_MAX) {
+ fprintf(stderr, "editcap: \"%s\" isn't a valid time adjustment\n",
+ optarg_str_p);
+ exit(1);
+@@ -390,15 +389,15 @@ set_time_adjustment(char *optarg_str_p)
+ }
+
+ /* adjust fractional portion from fractional to numerator
+- * e.g., in "1.5" from 5 to 500000 since .5*10^6 = 500000 */
++ * e.g., in "1.5" from 5 to 500000000 since .5*10^9 = 500000000 */
+ if (frac && end) { /* both are valid */
+ frac_digits = end - frac - 1; /* fractional digit count (remember '.') */
+- while(frac_digits < 6) { /* this is frac of 10^6 */
++ while(frac_digits < 9) { /* this is frac of 10^9 */
+ val *= 10;
+ frac_digits++;
+ }
+ }
+- time_adj.tv.tv_usec = (int)val;
++ time_adj.tv.nsecs = (int) val;
+ }
+
+ static void
+@@ -443,18 +442,18 @@ set_strict_time_adj(char *optarg_str_p)
+ exit(1);
+ }
+ }
+- strict_time_adj.tv.tv_sec = val;
++ strict_time_adj.tv.secs = val;
+
+ /* now collect the partial seconds, if any */
+ if (*frac != '\0') { /* chars left, so get fractional part */
+ val = strtol(&(frac[1]), &end, 10);
+- /* if more than 6 fractional digits truncate to 6 */
+- if((end - &(frac[1])) > 6) {
+- frac[7] = 't'; /* 't' for truncate */
++ /* if more than 9 fractional digits truncate to 9 */
++ if((end - &(frac[1])) > 9) {
++ frac[10] = 't'; /* 't' for truncate */
+ val = strtol(&(frac[1]), &end, 10);
+ }
+ if (*frac != '.' || end == NULL || end == frac
+- || val < 0 || val > ONE_MILLION || val == LONG_MIN || val == LONG_MAX) {
++ || val < 0 || val > ONE_BILLION || val == LONG_MIN || val == LONG_MAX) {
+ fprintf(stderr, "editcap: \"%s\" isn't a valid time adjustment\n",
+ optarg_str_p);
+ exit(1);
+@@ -465,15 +464,15 @@ set_strict_time_adj(char *optarg_str_p)
+ }
+
+ /* adjust fractional portion from fractional to numerator
+- * e.g., in "1.5" from 5 to 500000 since .5*10^6 = 500000 */
++ * e.g., in "1.5" from 5 to 500000000 since .5*10^9 = 500000000 */
+ if (frac && end) { /* both are valid */
+ frac_digits = end - frac - 1; /* fractional digit count (remember '.') */
+- while(frac_digits < 6) { /* this is frac of 10^6 */
++ while(frac_digits < 9) { /* this is frac of 10^9 */
+ val *= 10;
+ frac_digits++;
+ }
+ }
+- strict_time_adj.tv.tv_usec = (int)val;
++ strict_time_adj.tv.nsecs = (int) val;
+ }
+
+ static void
+@@ -1319,14 +1318,14 @@ main(int argc, char *argv[])
+ */
+ /* printf("++out of order, need to adjust this packet!\n"); */
+ snap_phdr = *phdr;
+- snap_phdr.ts.secs = previous_time.secs + strict_time_adj.tv.tv_sec;
++ snap_phdr.ts.secs = previous_time.secs + strict_time_adj.tv.secs;
+ snap_phdr.ts.nsecs = previous_time.nsecs;
+- if (snap_phdr.ts.nsecs + strict_time_adj.tv.tv_usec * 1000 > ONE_MILLION * 1000) {
++ if (snap_phdr.ts.nsecs + strict_time_adj.tv.nsecs > ONE_BILLION) {
+ /* carry */
+ snap_phdr.ts.secs++;
+- snap_phdr.ts.nsecs += (strict_time_adj.tv.tv_usec - ONE_MILLION) * 1000;
++ snap_phdr.ts.nsecs += strict_time_adj.tv.nsecs - ONE_BILLION;
+ } else {
+- snap_phdr.ts.nsecs += strict_time_adj.tv.tv_usec * 1000;
++ snap_phdr.ts.nsecs += strict_time_adj.tv.nsecs;
+ }
+ phdr = &snap_phdr;
+ }
+@@ -1337,14 +1336,14 @@ main(int argc, char *argv[])
+ * packet's timestamp plus delta.
+ */
+ snap_phdr = *phdr;
+- snap_phdr.ts.secs = previous_time.secs + strict_time_adj.tv.tv_sec;
++ snap_phdr.ts.secs = previous_time.secs + strict_time_adj.tv.secs;
+ snap_phdr.ts.nsecs = previous_time.nsecs;
+- if (snap_phdr.ts.nsecs + strict_time_adj.tv.tv_usec * 1000 > ONE_MILLION * 1000) {
++ if (snap_phdr.ts.nsecs + strict_time_adj.tv.nsecs > ONE_BILLION) {
+ /* carry */
+ snap_phdr.ts.secs++;
+- snap_phdr.ts.nsecs += (strict_time_adj.tv.tv_usec - ONE_MILLION) * 1000;
++ snap_phdr.ts.nsecs += strict_time_adj.tv.nsecs - ONE_BILLION;
+ } else {
+- snap_phdr.ts.nsecs += strict_time_adj.tv.tv_usec * 1000;
++ snap_phdr.ts.nsecs += strict_time_adj.tv.nsecs;
+ }
+ phdr = &snap_phdr;
+ }
+@@ -1355,32 +1354,32 @@ main(int argc, char *argv[])
+
+ /* assume that if the frame's tv_sec is 0, then
+ * the timestamp isn't supported */
+- if (phdr->ts.secs > 0 && time_adj.tv.tv_sec != 0) {
++ if (phdr->ts.secs > 0 && time_adj.tv.secs != 0) {
+ snap_phdr = *phdr;
+ if (time_adj.is_negative)
+- snap_phdr.ts.secs -= time_adj.tv.tv_sec;
++ snap_phdr.ts.secs -= time_adj.tv.secs;
+ else
+- snap_phdr.ts.secs += time_adj.tv.tv_sec;
++ snap_phdr.ts.secs += time_adj.tv.secs;
+ phdr = &snap_phdr;
+ }
+
+ /* assume that if the frame's tv_sec is 0, then
+ * the timestamp isn't supported */
+- if (phdr->ts.secs > 0 && time_adj.tv.tv_usec != 0) {
++ if (phdr->ts.secs > 0 && time_adj.tv.nsecs != 0) {
+ snap_phdr = *phdr;
+ if (time_adj.is_negative) { /* subtract */
+- if (snap_phdr.ts.nsecs/1000 < time_adj.tv.tv_usec) { /* borrow */
++ if (snap_phdr.ts.nsecs < time_adj.tv.nsecs) { /* borrow */
+ snap_phdr.ts.secs--;
+- snap_phdr.ts.nsecs += ONE_MILLION * 1000;
++ snap_phdr.ts.nsecs += ONE_BILLION;
+ }
+- snap_phdr.ts.nsecs -= time_adj.tv.tv_usec * 1000;
++ snap_phdr.ts.nsecs -= time_adj.tv.nsecs;
+ } else { /* add */
+- if (snap_phdr.ts.nsecs + time_adj.tv.tv_usec * 1000 > ONE_MILLION * 1000) {
++ if (snap_phdr.ts.nsecs + time_adj.tv.nsecs > ONE_BILLION) {
+ /* carry */
+ snap_phdr.ts.secs++;
+- snap_phdr.ts.nsecs += (time_adj.tv.tv_usec - ONE_MILLION) * 1000;
++ snap_phdr.ts.nsecs += time_adj.tv.nsecs - ONE_BILLION;
+ } else {
+- snap_phdr.ts.nsecs += time_adj.tv.tv_usec * 1000;
++ snap_phdr.ts.nsecs += time_adj.tv.nsecs;
+ }
+ }
+ phdr = &snap_phdr;
+diff --git a/epan/column-utils.c b/epan/column-utils.c
+index 6ed9f85..8e89409 100644
+--- a/epan/column-utils.c
++++ b/epan/column-utils.c
+@@ -675,6 +675,7 @@ set_abs_date_time(const frame_data *fd, gchar *buf, gboolean local)
+ {
+ struct tm *tmp;
+ time_t then;
++ int tsprecision;
+
+ if (fd->flags.has_ts) {
+ then = fd->abs_ts.secs;
+@@ -685,9 +686,33 @@ set_abs_date_time(const frame_data *fd, gchar *buf, gboolean local)
+ } else
+ tmp = NULL;
+ if (tmp != NULL) {
+- switch(timestamp_get_precision()) {
+- case TS_PREC_FIXED_SEC:
+- case TS_PREC_AUTO_SEC:
++ switch (timestamp_get_precision()) {
++ case TS_PREC_FIXED_SEC:
++ tsprecision = WTAP_TSPREC_SEC;
++ break;
++ case TS_PREC_FIXED_DSEC:
++ tsprecision = WTAP_TSPREC_DSEC;
++ break;
++ case TS_PREC_FIXED_CSEC:
++ tsprecision = WTAP_TSPREC_CSEC;
++ break;
++ case TS_PREC_FIXED_MSEC:
++ tsprecision = WTAP_TSPREC_MSEC;
++ break;
++ case TS_PREC_FIXED_USEC:
++ tsprecision = WTAP_TSPREC_USEC;
++ break;
++ case TS_PREC_FIXED_NSEC:
++ tsprecision = WTAP_TSPREC_NSEC;
++ break;
++ case TS_PREC_AUTO:
++ tsprecision = fd->tsprec;
++ break;
++ default:
++ g_assert_not_reached();
++ }
++ switch(tsprecision) {
++ case WTAP_TSPREC_SEC:
+ g_snprintf(buf, COL_MAX_LEN,"%04d-%02d-%02d %02d:%02d:%02d",
+ tmp->tm_year + 1900,
+ tmp->tm_mon + 1,
+@@ -696,8 +721,7 @@ set_abs_date_time(const frame_data *fd, gchar *buf, gboolean local)
+ tmp->tm_min,
+ tmp->tm_sec);
+ break;
+- case TS_PREC_FIXED_DSEC:
+- case TS_PREC_AUTO_DSEC:
++ case WTAP_TSPREC_DSEC:
+ g_snprintf(buf, COL_MAX_LEN,"%04d-%02d-%02d %02d:%02d:%02d.%01d",
+ tmp->tm_year + 1900,
+ tmp->tm_mon + 1,
+@@ -707,8 +731,7 @@ set_abs_date_time(const frame_data *fd, gchar *buf, gboolean local)
+ tmp->tm_sec,
+ fd->abs_ts.nsecs / 100000000);
+ break;
+- case TS_PREC_FIXED_CSEC:
+- case TS_PREC_AUTO_CSEC:
++ case WTAP_TSPREC_CSEC:
+ g_snprintf(buf, COL_MAX_LEN,"%04d-%02d-%02d %02d:%02d:%02d.%02d",
+ tmp->tm_year + 1900,
+ tmp->tm_mon + 1,
+@@ -718,8 +741,7 @@ set_abs_date_time(const frame_data *fd, gchar *buf, gboolean local)
+ tmp->tm_sec,
+ fd->abs_ts.nsecs / 10000000);
+ break;
+- case TS_PREC_FIXED_MSEC:
+- case TS_PREC_AUTO_MSEC:
++ case WTAP_TSPREC_MSEC:
+ g_snprintf(buf, COL_MAX_LEN, "%04d-%02d-%02d %02d:%02d:%02d.%03d",
+ tmp->tm_year + 1900,
+ tmp->tm_mon + 1,
+@@ -729,8 +751,7 @@ set_abs_date_time(const frame_data *fd, gchar *buf, gboolean local)
+ tmp->tm_sec,
+ fd->abs_ts.nsecs / 1000000);
+ break;
+- case TS_PREC_FIXED_USEC:
+- case TS_PREC_AUTO_USEC:
++ case WTAP_TSPREC_USEC:
+ g_snprintf(buf, COL_MAX_LEN, "%04d-%02d-%02d %02d:%02d:%02d.%06d",
+ tmp->tm_year + 1900,
+ tmp->tm_mon + 1,
+@@ -740,8 +761,7 @@ set_abs_date_time(const frame_data *fd, gchar *buf, gboolean local)
+ tmp->tm_sec,
+ fd->abs_ts.nsecs / 1000);
+ break;
+- case TS_PREC_FIXED_NSEC:
+- case TS_PREC_AUTO_NSEC:
++ case WTAP_TSPREC_NSEC:
+ g_snprintf(buf, COL_MAX_LEN, "%04d-%02d-%02d %02d:%02d:%02d.%09d",
+ tmp->tm_year + 1900,
+ tmp->tm_mon + 1,
+@@ -780,36 +800,57 @@ col_set_utc_date_time(const frame_data *fd, column_info *cinfo, const int col)
+ }
+
+ static void
+-set_time_seconds(const nstime_t *ts, gchar *buf)
++set_time_seconds(const frame_data *fd, const nstime_t *ts, gchar *buf)
+ {
+- switch(timestamp_get_precision()) {
+- case TS_PREC_FIXED_SEC:
+- case TS_PREC_AUTO_SEC:
++ int tsprecision;
++
++ switch (timestamp_get_precision()) {
++ case TS_PREC_FIXED_SEC:
++ tsprecision = WTAP_TSPREC_SEC;
++ break;
++ case TS_PREC_FIXED_DSEC:
++ tsprecision = WTAP_TSPREC_DSEC;
++ break;
++ case TS_PREC_FIXED_CSEC:
++ tsprecision = WTAP_TSPREC_CSEC;
++ break;
++ case TS_PREC_FIXED_MSEC:
++ tsprecision = WTAP_TSPREC_MSEC;
++ break;
++ case TS_PREC_FIXED_USEC:
++ tsprecision = WTAP_TSPREC_USEC;
++ break;
++ case TS_PREC_FIXED_NSEC:
++ tsprecision = WTAP_TSPREC_NSEC;
++ break;
++ case TS_PREC_AUTO:
++ tsprecision = fd->tsprec;
++ break;
++ default:
++ g_assert_not_reached();
++ }
++ switch(tsprecision) {
++ case WTAP_TSPREC_SEC:
+ display_signed_time(buf, COL_MAX_LEN,
+ (gint32) ts->secs, ts->nsecs / 1000000000, TO_STR_TIME_RES_T_SECS);
+ break;
+- case TS_PREC_FIXED_DSEC:
+- case TS_PREC_AUTO_DSEC:
++ case WTAP_TSPREC_DSEC:
+ display_signed_time(buf, COL_MAX_LEN,
+ (gint32) ts->secs, ts->nsecs / 100000000, TO_STR_TIME_RES_T_DSECS);
+ break;
+- case TS_PREC_FIXED_CSEC:
+- case TS_PREC_AUTO_CSEC:
++ case WTAP_TSPREC_CSEC:
+ display_signed_time(buf, COL_MAX_LEN,
+ (gint32) ts->secs, ts->nsecs / 10000000, TO_STR_TIME_RES_T_CSECS);
+ break;
+- case TS_PREC_FIXED_MSEC:
+- case TS_PREC_AUTO_MSEC:
++ case WTAP_TSPREC_MSEC:
+ display_signed_time(buf, COL_MAX_LEN,
+ (gint32) ts->secs, ts->nsecs / 1000000, TO_STR_TIME_RES_T_MSECS);
+ break;
+- case TS_PREC_FIXED_USEC:
+- case TS_PREC_AUTO_USEC:
++ case WTAP_TSPREC_USEC:
+ display_signed_time(buf, COL_MAX_LEN,
+ (gint32) ts->secs, ts->nsecs / 1000, TO_STR_TIME_RES_T_USECS);
+ break;
+- case TS_PREC_FIXED_NSEC:
+- case TS_PREC_AUTO_NSEC:
++ case WTAP_TSPREC_NSEC:
+ display_signed_time(buf, COL_MAX_LEN,
+ (gint32) ts->secs, ts->nsecs, TO_STR_TIME_RES_T_NSECS);
+ break;
+@@ -819,11 +860,12 @@ set_time_seconds(const nstime_t *ts, gchar *buf)
+ }
+
+ static void
+-set_time_hour_min_sec(const nstime_t *ts, gchar *buf)
++set_time_hour_min_sec(const frame_data *fd, const nstime_t *ts, gchar *buf)
+ {
+ time_t secs = ts->secs;
+ long nsecs = (long) ts->nsecs;
+ gboolean negative = FALSE;
++ int tsprecision;
+
+ if (secs < 0) {
+ secs = -secs;
+@@ -834,9 +876,33 @@ set_time_hour_min_sec(const nstime_t *ts, gchar *buf)
+ negative = TRUE;
+ }
+
+- switch(timestamp_get_precision()) {
++ switch (timestamp_get_precision()) {
+ case TS_PREC_FIXED_SEC:
+- case TS_PREC_AUTO_SEC:
++ tsprecision = WTAP_TSPREC_SEC;
++ break;
++ case TS_PREC_FIXED_DSEC:
++ tsprecision = WTAP_TSPREC_DSEC;
++ break;
++ case TS_PREC_FIXED_CSEC:
++ tsprecision = WTAP_TSPREC_CSEC;
++ break;
++ case TS_PREC_FIXED_MSEC:
++ tsprecision = WTAP_TSPREC_MSEC;
++ break;
++ case TS_PREC_FIXED_USEC:
++ tsprecision = WTAP_TSPREC_USEC;
++ break;
++ case TS_PREC_FIXED_NSEC:
++ tsprecision = WTAP_TSPREC_NSEC;
++ break;
++ case TS_PREC_AUTO:
++ tsprecision = fd->tsprec;
++ break;
++ default:
++ g_assert_not_reached();
++ }
++ switch(tsprecision) {
++ case WTAP_TSPREC_SEC:
+ if (secs >= (60*60)) {
+ g_snprintf(buf, COL_MAX_LEN, "%s%dh %2dm %2ds",
+ negative ? "- " : "",
+@@ -854,8 +920,7 @@ set_time_hour_min_sec(const nstime_t *ts, gchar *buf)
+ (gint32) secs);
+ }
+ break;
+- case TS_PREC_FIXED_DSEC:
+- case TS_PREC_AUTO_DSEC:
++ case WTAP_TSPREC_DSEC:
+ if (secs >= (60*60)) {
+ g_snprintf(buf, COL_MAX_LEN, "%s%dh %2dm %2d.%01lds",
+ negative ? "- " : "",
+@@ -876,8 +941,7 @@ set_time_hour_min_sec(const nstime_t *ts, gchar *buf)
+ nsecs / 100000000);
+ }
+ break;
+- case TS_PREC_FIXED_CSEC:
+- case TS_PREC_AUTO_CSEC:
++ case WTAP_TSPREC_CSEC:
+ if (secs >= (60*60)) {
+ g_snprintf(buf, COL_MAX_LEN, "%s%dh %2dm %2d.%02lds",
+ negative ? "- " : "",
+@@ -898,8 +962,7 @@ set_time_hour_min_sec(const nstime_t *ts, gchar *buf)
+ nsecs / 10000000);
+ }
+ break;
+- case TS_PREC_FIXED_MSEC:
+- case TS_PREC_AUTO_MSEC:
++ case WTAP_TSPREC_MSEC:
+ if (secs >= (60*60)) {
+ g_snprintf(buf, COL_MAX_LEN, "%s%dh %2dm %2d.%03lds",
+ negative ? "- " : "",
+@@ -920,8 +983,7 @@ set_time_hour_min_sec(const nstime_t *ts, gchar *buf)
+ nsecs / 1000000);
+ }
+ break;
+- case TS_PREC_FIXED_USEC:
+- case TS_PREC_AUTO_USEC:
++ case WTAP_TSPREC_USEC:
+ if (secs >= (60*60)) {
+ g_snprintf(buf, COL_MAX_LEN, "%s%dh %2dm %2d.%06lds",
+ negative ? "- " : "",
+@@ -942,8 +1004,7 @@ set_time_hour_min_sec(const nstime_t *ts, gchar *buf)
+ nsecs / 1000);
+ }
+ break;
+- case TS_PREC_FIXED_NSEC:
+- case TS_PREC_AUTO_NSEC:
++ case WTAP_TSPREC_NSEC:
+ if (secs >= (60*60)) {
+ g_snprintf(buf, COL_MAX_LEN, "%s%dh %2dm %2d.%09lds",
+ negative ? "- " : "",
+@@ -978,14 +1039,14 @@ col_set_rel_time(const frame_data *fd, column_info *cinfo, const int col)
+ }
+ switch (timestamp_get_seconds_type()) {
+ case TS_SECONDS_DEFAULT:
+- set_time_seconds(&fd->rel_ts, cinfo->col_buf[col]);
++ set_time_seconds(fd, &fd->rel_ts, cinfo->col_buf[col]);
+ cinfo->col_expr.col_expr[col] = "frame.time_relative";
+ g_strlcpy(cinfo->col_expr.col_expr_val[col],cinfo->col_buf[col],COL_MAX_LEN);
+ break;
+ case TS_SECONDS_HOUR_MIN_SEC:
+- set_time_hour_min_sec(&fd->rel_ts, cinfo->col_buf[col]);
++ set_time_hour_min_sec(fd, &fd->rel_ts, cinfo->col_buf[col]);
+ cinfo->col_expr.col_expr[col] = "frame.time_relative";
+- set_time_seconds(&fd->rel_ts, cinfo->col_expr.col_expr_val[col]);
++ set_time_seconds(fd, &fd->rel_ts, cinfo->col_expr.col_expr_val[col]);
+ break;
+ default:
+ g_assert_not_reached();
+@@ -1002,14 +1063,14 @@ col_set_delta_time(const frame_data *fd, column_info *cinfo, const int col)
+
+ switch (timestamp_get_seconds_type()) {
+ case TS_SECONDS_DEFAULT:
+- set_time_seconds(&del_cap_ts, cinfo->col_buf[col]);
++ set_time_seconds(fd, &del_cap_ts, cinfo->col_buf[col]);
+ cinfo->col_expr.col_expr[col] = "frame.time_delta";
+ g_strlcpy(cinfo->col_expr.col_expr_val[col],cinfo->col_buf[col],COL_MAX_LEN);
+ break;
+ case TS_SECONDS_HOUR_MIN_SEC:
+- set_time_hour_min_sec(&del_cap_ts, cinfo->col_buf[col]);
++ set_time_hour_min_sec(fd, &del_cap_ts, cinfo->col_buf[col]);
+ cinfo->col_expr.col_expr[col] = "frame.time_delta";
+- set_time_seconds(&del_cap_ts, cinfo->col_expr.col_expr_val[col]);
++ set_time_seconds(fd, &del_cap_ts, cinfo->col_expr.col_expr_val[col]);
+ break;
+ default:
+ g_assert_not_reached();
+@@ -1032,14 +1093,14 @@ col_set_delta_time_dis(const frame_data *fd, column_info *cinfo, const int col)
+
+ switch (timestamp_get_seconds_type()) {
+ case TS_SECONDS_DEFAULT:
+- set_time_seconds(&del_dis_ts, cinfo->col_buf[col]);
++ set_time_seconds(fd, &del_dis_ts, cinfo->col_buf[col]);
+ cinfo->col_expr.col_expr[col] = "frame.time_delta_displayed";
+ g_strlcpy(cinfo->col_expr.col_expr_val[col],cinfo->col_buf[col],COL_MAX_LEN);
+ break;
+ case TS_SECONDS_HOUR_MIN_SEC:
+- set_time_hour_min_sec(&del_dis_ts, cinfo->col_buf[col]);
++ set_time_hour_min_sec(fd, &del_dis_ts, cinfo->col_buf[col]);
+ cinfo->col_expr.col_expr[col] = "frame.time_delta_displayed";
+- set_time_seconds(&del_dis_ts, cinfo->col_expr.col_expr_val[col]);
++ set_time_seconds(fd, &del_dis_ts, cinfo->col_expr.col_expr_val[col]);
+ break;
+ default:
+ g_assert_not_reached();
+@@ -1053,6 +1114,7 @@ set_abs_time(const frame_data *fd, gchar *buf, gboolean local)
+ {
+ struct tm *tmp;
+ time_t then;
++ int tsprecision;
+
+ if (fd->flags.has_ts) {
+ then = fd->abs_ts.secs;
+@@ -1063,48 +1125,67 @@ set_abs_time(const frame_data *fd, gchar *buf, gboolean local)
+ } else
+ tmp = NULL;
+ if (tmp != NULL) {
+- switch(timestamp_get_precision()) {
++ switch (timestamp_get_precision()) {
+ case TS_PREC_FIXED_SEC:
+- case TS_PREC_AUTO_SEC:
++ tsprecision = WTAP_TSPREC_SEC;
++ break;
++ case TS_PREC_FIXED_DSEC:
++ tsprecision = WTAP_TSPREC_DSEC;
++ break;
++ case TS_PREC_FIXED_CSEC:
++ tsprecision = WTAP_TSPREC_CSEC;
++ break;
++ case TS_PREC_FIXED_MSEC:
++ tsprecision = WTAP_TSPREC_MSEC;
++ break;
++ case TS_PREC_FIXED_USEC:
++ tsprecision = WTAP_TSPREC_USEC;
++ break;
++ case TS_PREC_FIXED_NSEC:
++ tsprecision = WTAP_TSPREC_NSEC;
++ break;
++ case TS_PREC_AUTO:
++ tsprecision = fd->tsprec;
++ break;
++ default:
++ g_assert_not_reached();
++ }
++ switch(tsprecision) {
++ case WTAP_TSPREC_SEC:
+ g_snprintf(buf, COL_MAX_LEN,"%02d:%02d:%02d",
+ tmp->tm_hour,
+ tmp->tm_min,
+ tmp->tm_sec);
+ break;
+- case TS_PREC_FIXED_DSEC:
+- case TS_PREC_AUTO_DSEC:
++ case WTAP_TSPREC_DSEC:
+ g_snprintf(buf, COL_MAX_LEN,"%02d:%02d:%02d.%01d",
+ tmp->tm_hour,
+ tmp->tm_min,
+ tmp->tm_sec,
+ fd->abs_ts.nsecs / 100000000);
+ break;
+- case TS_PREC_FIXED_CSEC:
+- case TS_PREC_AUTO_CSEC:
++ case WTAP_TSPREC_CSEC:
+ g_snprintf(buf, COL_MAX_LEN,"%02d:%02d:%02d.%02d",
+ tmp->tm_hour,
+ tmp->tm_min,
+ tmp->tm_sec,
+ fd->abs_ts.nsecs / 10000000);
+ break;
+- case TS_PREC_FIXED_MSEC:
+- case TS_PREC_AUTO_MSEC:
++ case WTAP_TSPREC_MSEC:
+ g_snprintf(buf, COL_MAX_LEN,"%02d:%02d:%02d.%03d",
+ tmp->tm_hour,
+ tmp->tm_min,
+ tmp->tm_sec,
+ fd->abs_ts.nsecs / 1000000);
+ break;
+- case TS_PREC_FIXED_USEC:
+- case TS_PREC_AUTO_USEC:
++ case WTAP_TSPREC_USEC:
+ g_snprintf(buf, COL_MAX_LEN,"%02d:%02d:%02d.%06d",
+ tmp->tm_hour,
+ tmp->tm_min,
+ tmp->tm_sec,
+ fd->abs_ts.nsecs / 1000);
+ break;
+- case TS_PREC_FIXED_NSEC:
+- case TS_PREC_AUTO_NSEC:
++ case WTAP_TSPREC_NSEC:
+ g_snprintf(buf, COL_MAX_LEN, "%02d:%02d:%02d.%09d",
+ tmp->tm_hour,
+ tmp->tm_min,
+@@ -1143,38 +1224,59 @@ col_set_utc_time(const frame_data *fd, column_info *cinfo, const int col)
+ static gboolean
+ set_epoch_time(const frame_data *fd, gchar *buf)
+ {
++ int tsprecision;
++
+ if (!fd->flags.has_ts) {
+ buf[0] = '\0';
+ return FALSE;
+ }
+- switch(timestamp_get_precision()) {
+- case TS_PREC_FIXED_SEC:
+- case TS_PREC_AUTO_SEC:
++ switch (timestamp_get_precision()) {
++ case TS_PREC_FIXED_SEC:
++ tsprecision = WTAP_TSPREC_SEC;
++ break;
++ case TS_PREC_FIXED_DSEC:
++ tsprecision = WTAP_TSPREC_DSEC;
++ break;
++ case TS_PREC_FIXED_CSEC:
++ tsprecision = WTAP_TSPREC_CSEC;
++ break;
++ case TS_PREC_FIXED_MSEC:
++ tsprecision = WTAP_TSPREC_MSEC;
++ break;
++ case TS_PREC_FIXED_USEC:
++ tsprecision = WTAP_TSPREC_USEC;
++ break;
++ case TS_PREC_FIXED_NSEC:
++ tsprecision = WTAP_TSPREC_NSEC;
++ break;
++ case TS_PREC_AUTO:
++ tsprecision = fd->tsprec;
++ break;
++ default:
++ g_assert_not_reached();
++ }
++ switch(tsprecision) {
++ case WTAP_TSPREC_SEC:
+ display_epoch_time(buf, COL_MAX_LEN,
+ fd->abs_ts.secs, fd->abs_ts.nsecs / 1000000000, TO_STR_TIME_RES_T_SECS);
+ break;
+- case TS_PREC_FIXED_DSEC:
+- case TS_PREC_AUTO_DSEC:
++ case WTAP_TSPREC_DSEC:
+ display_epoch_time(buf, COL_MAX_LEN,
+ fd->abs_ts.secs, fd->abs_ts.nsecs / 100000000, TO_STR_TIME_RES_T_DSECS);
+ break;
+- case TS_PREC_FIXED_CSEC:
+- case TS_PREC_AUTO_CSEC:
++ case WTAP_TSPREC_CSEC:
+ display_epoch_time(buf, COL_MAX_LEN,
+ fd->abs_ts.secs, fd->abs_ts.nsecs / 10000000, TO_STR_TIME_RES_T_CSECS);
+ break;
+- case TS_PREC_FIXED_MSEC:
+- case TS_PREC_AUTO_MSEC:
++ case WTAP_TSPREC_MSEC:
+ display_epoch_time(buf, COL_MAX_LEN,
+ fd->abs_ts.secs, fd->abs_ts.nsecs / 1000000, TO_STR_TIME_RES_T_MSECS);
+ break;
+- case TS_PREC_FIXED_USEC:
+- case TS_PREC_AUTO_USEC:
++ case WTAP_TSPREC_USEC:
+ display_epoch_time(buf, COL_MAX_LEN,
+ fd->abs_ts.secs, fd->abs_ts.nsecs / 1000, TO_STR_TIME_RES_T_USECS);
+ break;
+- case TS_PREC_FIXED_NSEC:
+- case TS_PREC_AUTO_NSEC:
++ case WTAP_TSPREC_NSEC:
+ display_epoch_time(buf, COL_MAX_LEN,
+ fd->abs_ts.secs, fd->abs_ts.nsecs, TO_STR_TIME_RES_T_NSECS);
+ break;
+@@ -1211,10 +1313,10 @@ set_fd_time(frame_data *fd, gchar *buf)
+ if (fd->flags.has_ts) {
+ switch (timestamp_get_seconds_type()) {
+ case TS_SECONDS_DEFAULT:
+- set_time_seconds(&fd->rel_ts, buf);
++ set_time_seconds(fd, &fd->rel_ts, buf);
+ break;
+ case TS_SECONDS_HOUR_MIN_SEC:
+- set_time_seconds(&fd->rel_ts, buf);
++ set_time_seconds(fd, &fd->rel_ts, buf);
+ break;
+ default:
+ g_assert_not_reached();
+@@ -1232,10 +1334,10 @@ set_fd_time(frame_data *fd, gchar *buf)
+
+ switch (timestamp_get_seconds_type()) {
+ case TS_SECONDS_DEFAULT:
+- set_time_seconds(&del_cap_ts, buf);
++ set_time_seconds(fd, &del_cap_ts, buf);
+ break;
+ case TS_SECONDS_HOUR_MIN_SEC:
+- set_time_hour_min_sec(&del_cap_ts, buf);
++ set_time_hour_min_sec(fd, &del_cap_ts, buf);
+ break;
+ default:
+ g_assert_not_reached();
+@@ -1253,10 +1355,10 @@ set_fd_time(frame_data *fd, gchar *buf)
+
+ switch (timestamp_get_seconds_type()) {
+ case TS_SECONDS_DEFAULT:
+- set_time_seconds(&del_dis_ts, buf);
++ set_time_seconds(fd, &del_dis_ts, buf);
+ break;
+ case TS_SECONDS_HOUR_MIN_SEC:
+- set_time_hour_min_sec(&del_dis_ts, buf);
++ set_time_hour_min_sec(fd, &del_dis_ts, buf);
+ break;
+ default:
+ g_assert_not_reached();
+@@ -1400,38 +1502,33 @@ col_set_time(column_info *cinfo, const gint el, const nstime_t *ts, const char *
+ for (col = cinfo->col_first[el]; col <= cinfo->col_last[el]; col++) {
+ if (cinfo->fmt_matx[col][el]) {
+ switch(timestamp_get_precision()) {
+- case TS_PREC_FIXED_SEC:
+- case TS_PREC_AUTO_SEC:
+- display_signed_time(cinfo->col_buf[col], COL_MAX_LEN,
+- (gint32) ts->secs, ts->nsecs / 1000000000, TO_STR_TIME_RES_T_SECS);
+- break;
+- case TS_PREC_FIXED_DSEC:
+- case TS_PREC_AUTO_DSEC:
+- display_signed_time(cinfo->col_buf[col], COL_MAX_LEN,
+- (gint32) ts->secs, ts->nsecs / 100000000, TO_STR_TIME_RES_T_DSECS);
+- break;
+- case TS_PREC_FIXED_CSEC:
+- case TS_PREC_AUTO_CSEC:
+- display_signed_time(cinfo->col_buf[col], COL_MAX_LEN,
+- (gint32) ts->secs, ts->nsecs / 10000000, TO_STR_TIME_RES_T_CSECS);
+- break;
+- case TS_PREC_FIXED_MSEC:
+- case TS_PREC_AUTO_MSEC:
+- display_signed_time(cinfo->col_buf[col], COL_MAX_LEN,
+- (gint32) ts->secs, ts->nsecs / 1000000, TO_STR_TIME_RES_T_MSECS);
+- break;
+- case TS_PREC_FIXED_USEC:
+- case TS_PREC_AUTO_USEC:
+- display_signed_time(cinfo->col_buf[col], COL_MAX_LEN,
+- (gint32) ts->secs, ts->nsecs / 1000, TO_STR_TIME_RES_T_USECS);
+- break;
+- case TS_PREC_FIXED_NSEC:
+- case TS_PREC_AUTO_NSEC:
+- display_signed_time(cinfo->col_buf[col], COL_MAX_LEN,
+- (gint32) ts->secs, ts->nsecs, TO_STR_TIME_RES_T_NSECS);
+- break;
+- default:
+- g_assert_not_reached();
++ case TS_PREC_FIXED_SEC:
++ display_signed_time(cinfo->col_buf[col], COL_MAX_LEN,
++ (gint32) ts->secs, ts->nsecs / 1000000000, TO_STR_TIME_RES_T_SECS);
++ break;
++ case TS_PREC_FIXED_DSEC:
++ display_signed_time(cinfo->col_buf[col], COL_MAX_LEN,
++ (gint32) ts->secs, ts->nsecs / 100000000, TO_STR_TIME_RES_T_DSECS);
++ break;
++ case TS_PREC_FIXED_CSEC:
++ display_signed_time(cinfo->col_buf[col], COL_MAX_LEN,
++ (gint32) ts->secs, ts->nsecs / 10000000, TO_STR_TIME_RES_T_CSECS);
++ break;
++ case TS_PREC_FIXED_MSEC:
++ display_signed_time(cinfo->col_buf[col], COL_MAX_LEN,
++ (gint32) ts->secs, ts->nsecs / 1000000, TO_STR_TIME_RES_T_MSECS);
++ break;
++ case TS_PREC_FIXED_USEC:
++ display_signed_time(cinfo->col_buf[col], COL_MAX_LEN,
++ (gint32) ts->secs, ts->nsecs / 1000, TO_STR_TIME_RES_T_USECS);
++ break;
++ case TS_PREC_FIXED_NSEC:
++ case TS_PREC_AUTO: /* default to maximum */
++ display_signed_time(cinfo->col_buf[col], COL_MAX_LEN,
++ (gint32) ts->secs, ts->nsecs, TO_STR_TIME_RES_T_NSECS);
++ break;
++ default:
++ g_assert_not_reached();
+ }
+ cinfo->col_data[col] = cinfo->col_buf[col];
+ cinfo->col_expr.col_expr[col] = fieldname;
+diff --git a/epan/column.c b/epan/column.c
+index 231f1c5..43da75f 100644
+--- a/epan/column.c
++++ b/epan/column.c
+@@ -254,28 +254,23 @@ get_timestamp_column_longest_string(const gint type, const gint precision)
+ case(TS_ABSOLUTE_WITH_DATE):
+ case(TS_UTC_WITH_DATE):
+ switch(precision) {
+- case(TS_PREC_AUTO_SEC):
+ case(TS_PREC_FIXED_SEC):
+ return "0000-00-00 00:00:00";
+ break;
+- case(TS_PREC_AUTO_DSEC):
+ case(TS_PREC_FIXED_DSEC):
+ return "0000-00-00 00:00:00.0";
+ break;
+- case(TS_PREC_AUTO_CSEC):
+ case(TS_PREC_FIXED_CSEC):
+ return "0000-00-00 00:00:00.00";
+ break;
+- case(TS_PREC_AUTO_MSEC):
+ case(TS_PREC_FIXED_MSEC):
+ return "0000-00-00 00:00:00.000";
+ break;
+- case(TS_PREC_AUTO_USEC):
+ case(TS_PREC_FIXED_USEC):
+ return "0000-00-00 00:00:00.000000";
+ break;
+- case(TS_PREC_AUTO_NSEC):
+ case(TS_PREC_FIXED_NSEC):
++ case(TS_PREC_AUTO): /* Leave enough room for the maximum */
+ return "0000-00-00 00:00:00.000000000";
+ break;
+ default:
+@@ -285,28 +280,23 @@ get_timestamp_column_longest_string(const gint type, const gint precision)
+ case(TS_ABSOLUTE):
+ case(TS_UTC):
+ switch(precision) {
+- case(TS_PREC_AUTO_SEC):
+ case(TS_PREC_FIXED_SEC):
+ return "00:00:00";
+ break;
+- case(TS_PREC_AUTO_DSEC):
+ case(TS_PREC_FIXED_DSEC):
+ return "00:00:00.0";
+ break;
+- case(TS_PREC_AUTO_CSEC):
+ case(TS_PREC_FIXED_CSEC):
+ return "00:00:00.00";
+ break;
+- case(TS_PREC_AUTO_MSEC):
+ case(TS_PREC_FIXED_MSEC):
+ return "00:00:00.000";
+ break;
+- case(TS_PREC_AUTO_USEC):
+ case(TS_PREC_FIXED_USEC):
+ return "00:00:00.000000";
+ break;
+- case(TS_PREC_AUTO_NSEC):
+ case(TS_PREC_FIXED_NSEC):
++ case(TS_PREC_AUTO): /* Leave enough room for the maximum */
+ return "00:00:00.000000000";
+ break;
+ default:
+@@ -317,28 +307,23 @@ get_timestamp_column_longest_string(const gint type, const gint precision)
+ case(TS_DELTA):
+ case(TS_DELTA_DIS):
+ switch(precision) {
+- case(TS_PREC_AUTO_SEC):
+ case(TS_PREC_FIXED_SEC):
+ return "0000";
+ break;
+- case(TS_PREC_AUTO_DSEC):
+ case(TS_PREC_FIXED_DSEC):
+ return "0000.0";
+ break;
+- case(TS_PREC_AUTO_CSEC):
+ case(TS_PREC_FIXED_CSEC):
+ return "0000.00";
+ break;
+- case(TS_PREC_AUTO_MSEC):
+ case(TS_PREC_FIXED_MSEC):
+ return "0000.000";
+ break;
+- case(TS_PREC_AUTO_USEC):
+ case(TS_PREC_FIXED_USEC):
+ return "0000.000000";
+ break;
+- case(TS_PREC_AUTO_NSEC):
+ case(TS_PREC_FIXED_NSEC):
++ case(TS_PREC_AUTO): /* Leave enough room for the maximum */
+ return "0000.000000000";
+ break;
+ default:
+@@ -348,28 +333,23 @@ get_timestamp_column_longest_string(const gint type, const gint precision)
+ case(TS_EPOCH):
+ /* This is enough to represent 2^63 (signed 64-bit integer) + fractions */
+ switch(precision) {
+- case(TS_PREC_AUTO_SEC):
+ case(TS_PREC_FIXED_SEC):
+ return "0000000000000000000";
+ break;
+- case(TS_PREC_AUTO_DSEC):
+ case(TS_PREC_FIXED_DSEC):
+ return "0000000000000000000.0";
+ break;
+- case(TS_PREC_AUTO_CSEC):
+ case(TS_PREC_FIXED_CSEC):
+ return "0000000000000000000.00";
+ break;
+- case(TS_PREC_AUTO_MSEC):
+ case(TS_PREC_FIXED_MSEC):
+ return "0000000000000000000.000";
+ break;
+- case(TS_PREC_AUTO_USEC):
+ case(TS_PREC_FIXED_USEC):
+ return "0000000000000000000.000000";
+ break;
+- case(TS_PREC_AUTO_NSEC):
+ case(TS_PREC_FIXED_NSEC):
++ case(TS_PREC_AUTO): /* Leave enough room for the maximum */
+ return "0000000000000000000.000000000";
+ break;
+ default:
+diff --git a/epan/frame_data.c b/epan/frame_data.c
+index 63d9805..79b435e 100644
+--- a/epan/frame_data.c
++++ b/epan/frame_data.c
+@@ -269,6 +269,7 @@ frame_data_init(frame_data *fdata, guint32 num,
+ fdata->flags.ignored = 0;
+ fdata->flags.has_ts = (phdr->presence_flags & WTAP_HAS_TS) ? 1 : 0;
+ fdata->flags.has_if_id = (phdr->presence_flags & WTAP_HAS_INTERFACE_ID) ? 1 : 0;
++ fdata->tsprec = (guint16)phdr->pkt_tsprec;
+ fdata->flags.has_pack_flags = (phdr->presence_flags & WTAP_HAS_PACK_FLAGS) ? 1 : 0;
+ fdata->color_filter = NULL;
+ fdata->abs_ts.secs = phdr->ts.secs;
+diff --git a/epan/frame_data.h b/epan/frame_data.h
+index 580d238..2a73cdf 100644
+--- a/epan/frame_data.h
++++ b/epan/frame_data.h
+@@ -69,6 +69,7 @@ typedef struct _frame_data {
+ unsigned int has_if_id : 1; /**< 1 = has interface ID, 0 = no interface ID */
+ unsigned int has_pack_flags : 1; /**< 1 = has packet flags, 0 = no packet flags */
+ } flags;
++ gint16 tsprec; /**< Time stamp precision */
+
+ const void *color_filter; /**< Per-packet matching color_filter_t object */
+
+diff --git a/epan/timestamp.c b/epan/timestamp.c
+index 155d8bb..65aa41c 100644
+--- a/epan/timestamp.c
++++ b/epan/timestamp.c
+@@ -30,7 +30,7 @@
+ * and distinguish it from a command line value */
+ static ts_type timestamp_type = TS_NOT_SET;
+
+-static int timestamp_precision = TS_PREC_AUTO_USEC;
++static int timestamp_precision = TS_PREC_AUTO;
+
+ static ts_seconds_type timestamp_seconds_type = TS_SECONDS_NOT_SET;
+
+diff --git a/epan/timestamp.h b/epan/timestamp.h
+index 0992b3e..3881696 100644
+--- a/epan/timestamp.h
++++ b/epan/timestamp.h
+@@ -52,19 +52,13 @@ typedef enum {
+ } ts_type;
+
+ typedef enum {
+- TS_PREC_AUTO, /* recent */
+- TS_PREC_FIXED_SEC, /* recent and internal */
+- TS_PREC_FIXED_DSEC, /* recent and internal */
+- TS_PREC_FIXED_CSEC, /* recent and internal */
+- TS_PREC_FIXED_MSEC, /* recent and internal */
+- TS_PREC_FIXED_USEC, /* recent and internal */
+- TS_PREC_FIXED_NSEC, /* recent and internal */
+- TS_PREC_AUTO_SEC, /* internal */
+- TS_PREC_AUTO_DSEC, /* internal */
+- TS_PREC_AUTO_CSEC, /* internal */
+- TS_PREC_AUTO_MSEC, /* internal */
+- TS_PREC_AUTO_USEC, /* internal */
+- TS_PREC_AUTO_NSEC /* internal */
++ TS_PREC_AUTO,
++ TS_PREC_FIXED_SEC,
++ TS_PREC_FIXED_DSEC,
++ TS_PREC_FIXED_CSEC,
++ TS_PREC_FIXED_MSEC,
++ TS_PREC_FIXED_USEC,
++ TS_PREC_FIXED_NSEC,
+ } ts_precision;
+
+ typedef enum {
+diff --git a/epan/wslua/make-init-lua.pl b/epan/wslua/make-init-lua.pl
+index 878faf5..e9f186d 100755
+--- a/epan/wslua/make-init-lua.pl
++++ b/epan/wslua/make-init-lua.pl
+@@ -33,6 +33,7 @@ my $WSROOT = shift;
+ die "'$WSROOT' is not a directory" unless -d $WSROOT;
+
+ my $wtap_encaps_table = '';
++my $wtap_tsprecs_table = '';
+ my $wtap_filetypes_table = '';
+ my $ft_types_table = '';
+ my $bases_table = '';
+@@ -42,6 +43,7 @@ my $menu_groups = '';
+
+ my %replacements = %{{
+ WTAP_ENCAPS => \$wtap_encaps_table,
++ WTAP_TSPRECS => \$wtap_tsprecs_table,
+ WTAP_FILETYPES => \$wtap_filetypes_table,
+ FT_TYPES => \$ft_types_table,
+ BASES => \$bases_table,
+@@ -69,6 +71,7 @@ close TEMPLATE;
+ #
+
+ $wtap_encaps_table = "-- Wiretap encapsulations XXX\nwtap_encaps = {\n";
++$wtap_tsprecs_table = "-- Wiretap timestamp precision types\nwtap_tsprecs = {\n";
+ $wtap_filetypes_table = "-- Wiretap file types\nwtap_filetypes = {\n";
+
+ open WTAP_H, "< $WSROOT/wiretap/wtap.h" or die "cannot open '$WSROOT/wiretap/wtap.h': $!";
+@@ -81,10 +84,17 @@ while() {
+ if ( /^#define WTAP_FILE_([A-Z0-9_]+)\s+(\d+)/ ) {
+ $wtap_filetypes_table .= "\t[\"$1\"] = $2,\n";
+ }
++
++ if ( /^#define WTAP_TSPREC_([A-Z0-9_]+)\s+(\d+)/ ) {
++ $wtap_tsprecs_table .= "\t[\"$1\"] = $2,\n";
++ # for backwards compatibility we need to add them to the filetypes table too
++ $wtap_filetypes_table .= "\t[\"TSPREC_$1\"] = $2,\n";
++ }
+ }
+
+ $wtap_encaps_table =~ s/,\n$/\n}\nwtap = wtap_encaps -- for bw compatibility\n/msi;
+ $wtap_filetypes_table =~ s/,\n$/\n}\n/msi;
++$wtap_tsprecs_table =~ s/,\n$/\n}\n/msi;
+
+ #
+ # Extract values from epan/ftypes/ftypes.h:
+diff --git a/epan/wslua/template-init.lua b/epan/wslua/template-init.lua
+index 2538c4c..31f298e 100644
+--- a/epan/wslua/template-init.lua
++++ b/epan/wslua/template-init.lua
+@@ -66,6 +66,8 @@ end
+
+ -- %WTAP_ENCAPS%
+
++-- %WTAP_TSPRECS%
++
+ -- %WTAP_FILETYPES%
+
+ -- %FT_TYPES%
+diff --git a/file.c b/file.c
+index 5059e0b..6db3c68 100644
+--- a/file.c
++++ b/file.c
+@@ -222,7 +222,6 @@ void
+ cf_timestamp_auto_precision(capture_file *cf)
+ {
+ int i;
+- int prec = timestamp_get_precision();
+
+
+ /* don't try to get the file's precision if none is opened */
+@@ -230,38 +229,6 @@ cf_timestamp_auto_precision(capture_file *cf)
+ return;
+ }
+
+- /* if we are in auto mode, set precision of current file */
+- if (prec == TS_PREC_AUTO ||
+- prec == TS_PREC_AUTO_SEC ||
+- prec == TS_PREC_AUTO_DSEC ||
+- prec == TS_PREC_AUTO_CSEC ||
+- prec == TS_PREC_AUTO_MSEC ||
+- prec == TS_PREC_AUTO_USEC ||
+- prec == TS_PREC_AUTO_NSEC)
+- {
+- switch(wtap_file_tsprecision(cf->wth)) {
+- case(WTAP_FILE_TSPREC_SEC):
+- timestamp_set_precision(TS_PREC_AUTO_SEC);
+- break;
+- case(WTAP_FILE_TSPREC_DSEC):
+- timestamp_set_precision(TS_PREC_AUTO_DSEC);
+- break;
+- case(WTAP_FILE_TSPREC_CSEC):
+- timestamp_set_precision(TS_PREC_AUTO_CSEC);
+- break;
+- case(WTAP_FILE_TSPREC_MSEC):
+- timestamp_set_precision(TS_PREC_AUTO_MSEC);
+- break;
+- case(WTAP_FILE_TSPREC_USEC):
+- timestamp_set_precision(TS_PREC_AUTO_USEC);
+- break;
+- case(WTAP_FILE_TSPREC_NSEC):
+- timestamp_set_precision(TS_PREC_AUTO_NSEC);
+- break;
+- default:
+- g_assert_not_reached();
+- }
+- }
+ /* Set the column widths of those columns that show the time in
+ "command-line-specified" format. */
+ for (i = 0; i < cf->cinfo.num_cols; i++) {
+diff --git a/rawshark.c b/rawshark.c
+index dbb9f42..1d2ff97 100644
+--- a/rawshark.c
++++ b/rawshark.c
+@@ -832,35 +832,6 @@ main(int argc, char *argv[])
+ }
+ }
+
+- /* Set timestamp precision; there should arguably be a command-line
+- option to let the user set this. */
+-#if 0
+- switch(wtap_file_tsprecision(cfile.wth)) {
+- case(WTAP_FILE_TSPREC_SEC):
+- timestamp_set_precision(TS_PREC_AUTO_SEC);
+- break;
+- case(WTAP_FILE_TSPREC_DSEC):
+- timestamp_set_precision(TS_PREC_AUTO_DSEC);
+- break;
+- case(WTAP_FILE_TSPREC_CSEC):
+- timestamp_set_precision(TS_PREC_AUTO_CSEC);
+- break;
+- case(WTAP_FILE_TSPREC_MSEC):
+- timestamp_set_precision(TS_PREC_AUTO_MSEC);
+- break;
+- case(WTAP_FILE_TSPREC_USEC):
+- timestamp_set_precision(TS_PREC_AUTO_USEC);
+- break;
+- case(WTAP_FILE_TSPREC_NSEC):
+- timestamp_set_precision(TS_PREC_AUTO_NSEC);
+- break;
+- default:
+- g_assert_not_reached();
+- }
+-#else
+- timestamp_set_precision(TS_PREC_AUTO_USEC);
+-#endif
+-
+ /* Process the packets in the file */
+ err = load_cap_file(&cfile);
+
+diff --git a/tshark.c b/tshark.c
+index 98b95bf..8c8de07 100644
+--- a/tshark.c
++++ b/tshark.c
+@@ -1903,31 +1903,6 @@ main(int argc, char *argv[])
+ return 2;
+ }
+
+- /* Set timestamp precision; there should arguably be a command-line
+- option to let the user set this. */
+- switch(wtap_file_tsprecision(cfile.wth)) {
+- case(WTAP_FILE_TSPREC_SEC):
+- timestamp_set_precision(TS_PREC_AUTO_SEC);
+- break;
+- case(WTAP_FILE_TSPREC_DSEC):
+- timestamp_set_precision(TS_PREC_AUTO_DSEC);
+- break;
+- case(WTAP_FILE_TSPREC_CSEC):
+- timestamp_set_precision(TS_PREC_AUTO_CSEC);
+- break;
+- case(WTAP_FILE_TSPREC_MSEC):
+- timestamp_set_precision(TS_PREC_AUTO_MSEC);
+- break;
+- case(WTAP_FILE_TSPREC_USEC):
+- timestamp_set_precision(TS_PREC_AUTO_USEC);
+- break;
+- case(WTAP_FILE_TSPREC_NSEC):
+- timestamp_set_precision(TS_PREC_AUTO_NSEC);
+- break;
+- default:
+- g_assert_not_reached();
+- }
+-
+ /* Process the packets in the file */
+ TRY {
+ #ifdef HAVE_LIBPCAP
+@@ -2030,9 +2005,6 @@ main(int argc, char *argv[])
+ }
+ }
+
+- /* For now, assume libpcap gives microsecond precision. */
+- timestamp_set_precision(TS_PREC_AUTO_USEC);
+-
+ /*
+ * XXX - this returns FALSE if an error occurred, but it also
+ * returns FALSE if the capture stops because a time limit
+diff --git a/ui/cli/tap-comparestat.c b/ui/cli/tap-comparestat.c
+index 6f55926..d449f32 100644
+--- a/ui/cli/tap-comparestat.c
++++ b/ui/cli/tap-comparestat.c
+@@ -545,8 +545,6 @@ comparestat_init(const char *optarg, void* userdata _U_)
+ cs->zebra_time.secs=0;
+ cs->zebra_time.nsecs=1;
+ cs->nr_tree=se_tree_create(EMEM_TREE_TYPE_RED_BLACK, "nr_tree");
+- /* microsecond precision */
+- timestamp_set_precision(TS_PREC_AUTO_NSEC);
+
+ if(filter){
+ cs->filter=g_strdup(filter);
+diff --git a/ui/gtk/compare_stat.c b/ui/gtk/compare_stat.c
+index e07ee96..b8ad2b2 100644
+--- a/ui/gtk/compare_stat.c
++++ b/ui/gtk/compare_stat.c
+@@ -584,8 +584,6 @@ comparestat_draw(void *arg)
+ second_file_amount=cs->second_file_amount;
+ /* reset after numbering */
+ cs->nr_tree=se_tree_create(EMEM_TREE_TYPE_RED_BLACK, "nr_tree");
+- /* microsecond precision for Info column*/
+- timestamp_set_precision(TS_PREC_AUTO_NSEC);
+ /* reset ordering */
+ nstime_set_unset(&cs->current_time);
+
+@@ -738,8 +736,6 @@ gtk_comparestat_init(const char *opt_arg, void* userdata _U_)
+ cs->zebra_time.secs=0;
+ cs->zebra_time.nsecs=1;
+ cs->nr_tree=se_tree_create(EMEM_TREE_TYPE_RED_BLACK, "nr_tree");
+- /* microsecond precision */
+- timestamp_set_precision(TS_PREC_AUTO_NSEC);
+
+ /* transient_for top_level */
+ cs->win=dlg_window_new("compare-stat");
+diff --git a/ui/gtk/main_menubar.c b/ui/gtk/main_menubar.c
+index 23ceff2..dd83125 100644
+--- a/ui/gtk/main_menubar.c
++++ b/ui/gtk/main_menubar.c
+@@ -635,11 +635,7 @@ timestamp_precision_new_cb (GtkRadioAction *action, GtkRadioAction *current _U_,
+ value = gtk_radio_action_get_current_value (action);
+ if (recent.gui_time_precision != value) {
+ /* the actual precision will be set in packet_list_queue_draw() below */
+- if (value == TS_PREC_AUTO) {
+- timestamp_set_precision(TS_PREC_AUTO_SEC);
+- } else {
+- timestamp_set_precision(value);
+- }
++ timestamp_set_precision(value);
+ recent.gui_time_precision = value;
+ /* This call adjusts column width */
+ cf_timestamp_auto_precision(&cfile);
+@@ -1818,7 +1814,7 @@ static const GtkRadioActionEntry main_menu_bar_radio_view_time_entries [] =
+ static const GtkRadioActionEntry main_menu_bar_radio_view_time_fileformat_prec_entries [] =
+ {
+ /* name, stock id, label, accel, tooltip, value */
+- { "/View/TimeDisplayFormat/FileFormatPrecision-Automatic", NULL, "Automatic (File Format Precision)", NULL, NULL, TS_PREC_AUTO },
++ { "/View/TimeDisplayFormat/FileFormatPrecision-Automatic", NULL, "Automatic (use precision indicated in the file)", NULL, NULL, TS_PREC_AUTO },
+ { "/View/TimeDisplayFormat/FileFormatPrecision-Seconds", NULL, "Seconds: 0", NULL, NULL, TS_PREC_FIXED_SEC },
+ { "/View/TimeDisplayFormat/FileFormatPrecision-Deciseconds", NULL, "Deciseconds: 0.1", NULL, NULL, TS_PREC_FIXED_DSEC },
+ { "/View/TimeDisplayFormat/FileFormatPrecision-Centiseconds", NULL, "Centiseconds: 0.12", NULL, NULL, TS_PREC_FIXED_CSEC },
+@@ -4634,8 +4630,8 @@ menu_recent_read_finished(void)
+ cf_timestamp_auto_precision(&cfile);
+ packet_list_queue_draw();
+ /* the actual precision will be set in packet_list_queue_draw() below */
+- if (recent.gui_time_precision == TS_PREC_AUTO) {
+- timestamp_set_precision(TS_PREC_AUTO_SEC);
++ if (recent.gui_time_precision > TS_PREC_FIXED_NSEC) {
++ timestamp_set_precision(TS_PREC_AUTO);
+ } else {
+ timestamp_set_precision(recent.gui_time_precision);
+ }
+diff --git a/ui/qt/main.cpp b/ui/qt/main.cpp
+index 12b0e81..3193702 100644
+--- a/ui/qt/main.cpp
++++ b/ui/qt/main.cpp
+@@ -856,7 +856,7 @@ int main(int argc, char *argv[])
+
+ g_log(NULL, G_LOG_LEVEL_DEBUG, "FIX: timestamp types should be set elsewhere");
+ timestamp_set_type(TS_RELATIVE);
+- timestamp_set_precision(TS_PREC_AUTO_USEC);
++ timestamp_set_precision(TS_PREC_AUTO);
+ timestamp_set_seconds_type(TS_SECONDS_DEFAULT);
+
+ /////////
+diff --git a/wiretap/5views.c b/wiretap/5views.c
+index e8dd0b8..c7a9078 100644
+--- a/wiretap/5views.c
++++ b/wiretap/5views.c
+@@ -191,7 +191,7 @@ int _5views_open(wtap *wth, int *err, gchar **err_info)
+ wth->subtype_seek_read = _5views_seek_read;
+ wth->file_encap = encap;
+ wth->snapshot_length = 0; /* not available in header */
+- wth->tsprecision = WTAP_FILE_TSPREC_NSEC;
++ wth->file_tsprec = WTAP_TSPREC_NSEC;
+
+ return 1;
+ }
+diff --git a/wiretap/aethra.c b/wiretap/aethra.c
+index d04bf8d..02d1b6c 100644
+--- a/wiretap/aethra.c
++++ b/wiretap/aethra.c
+@@ -178,7 +178,7 @@ int aethra_open(wtap *wth, int *err, gchar **err_info)
+ */
+ wth->file_encap = WTAP_ENCAP_ISDN;
+ wth->snapshot_length = 0; /* not available in header */
+- wth->tsprecision = WTAP_FILE_TSPREC_MSEC;
++ wth->file_tsprec = WTAP_TSPREC_MSEC;
+ return 1;
+ }
+
+diff --git a/wiretap/ascendtext.c b/wiretap/ascendtext.c
+index d0b4e76..a05fe34 100644
+--- a/wiretap/ascendtext.c
++++ b/wiretap/ascendtext.c
+@@ -229,7 +229,7 @@ int ascend_open(wtap *wth, int *err, gchar **err_info)
+ }
+ ascend->inittime = statbuf.st_ctime;
+ ascend->adjusted = 0;
+- wth->tsprecision = WTAP_FILE_TSPREC_USEC;
++ wth->file_tsprec = WTAP_TSPREC_USEC;
+
+ init_parse_ascend();
+
+diff --git a/wiretap/ber.c b/wiretap/ber.c
+index 990db1d..6904367 100644
+--- a/wiretap/ber.c
++++ b/wiretap/ber.c
+@@ -192,7 +192,7 @@ int ber_open(wtap *wth, int *err, gchar **err_info)
+
+ wth->subtype_read = ber_read;
+ wth->subtype_seek_read = ber_seek_read;
+- wth->tsprecision = WTAP_FILE_TSPREC_SEC;
++ wth->file_tsprec = WTAP_TSPREC_SEC;
+
+ return 1;
+ }
+diff --git a/wiretap/btsnoop.c b/wiretap/btsnoop.c
+index 042cc8b..1a2e8ac 100644
+--- a/wiretap/btsnoop.c
++++ b/wiretap/btsnoop.c
+@@ -147,7 +147,7 @@ int btsnoop_open(wtap *wth, int *err, gchar **err_info)
+ wth->subtype_seek_read = btsnoop_seek_read;
+ wth->file_encap = file_encap;
+ wth->snapshot_length = 0; /* not available in header */
+- wth->tsprecision = WTAP_FILE_TSPREC_USEC;
++ wth->file_tsprec = WTAP_TSPREC_USEC;
+ wth->file_type = WTAP_FILE_BTSNOOP;
+ return 1;
+ }
+@@ -443,7 +443,7 @@ gboolean btsnoop_dump_open_h1(wtap_dumper *wdh, int *err)
+ switch (wdh->file_type) {
+
+ case WTAP_FILE_BTSNOOP:
+- wdh->tsprecision = WTAP_FILE_TSPREC_USEC;
++ wdh->tsprecision = WTAP_TSPREC_USEC;
+ break;
+
+ default:
+@@ -485,7 +485,7 @@ gboolean btsnoop_dump_open_h4(wtap_dumper *wdh, int *err)
+ switch (wdh->file_type) {
+
+ case WTAP_FILE_BTSNOOP:
+- wdh->tsprecision = WTAP_FILE_TSPREC_USEC;
++ wdh->tsprecision = WTAP_TSPREC_USEC;
+ break;
+
+ default:
+diff --git a/wiretap/camins.c b/wiretap/camins.c
+index 879b68d..3c7a608 100644
+--- a/wiretap/camins.c
++++ b/wiretap/camins.c
+@@ -372,7 +372,7 @@ int camins_open(wtap *wth, int *err, gchar **err_info _U_)
+
+ wth->file_encap = WTAP_ENCAP_DVBCI;
+ wth->snapshot_length = 0;
+- wth->tsprecision = WTAP_FILE_TSPREC_MSEC;
++ wth->file_tsprec = WTAP_TSPREC_MSEC;
+
+ wth->priv = NULL;
+
+diff --git a/wiretap/catapult_dct2000.c b/wiretap/catapult_dct2000.c
+index a17ab0d..b389d2a 100644
+--- a/wiretap/catapult_dct2000.c
++++ b/wiretap/catapult_dct2000.c
+@@ -262,7 +262,7 @@ catapult_dct2000_open(wtap *wth, int *err, gchar **err_info)
+ wth->subtype_close = catapult_dct2000_close;
+
+ /* Choose microseconds (have 4 decimal places...) */
+- wth->tsprecision = WTAP_FILE_TSPREC_USEC;
++ wth->file_tsprec = WTAP_TSPREC_USEC;
+
+
+ /***************************************************************/
+diff --git a/wiretap/commview.c b/wiretap/commview.c
+index 935d15f..f85b1c8 100644
+--- a/wiretap/commview.c
++++ b/wiretap/commview.c
+@@ -126,7 +126,7 @@ int commview_open(wtap *wth, int *err, gchar **err_info)
+
+ wth->file_type = WTAP_FILE_COMMVIEW;
+ wth->file_encap = WTAP_ENCAP_PER_PACKET;
+- wth->tsprecision = WTAP_FILE_TSPREC_USEC;
++ wth->file_tsprec = WTAP_TSPREC_USEC;
+
+ return 1; /* Our kind of file */
+ }
+diff --git a/wiretap/cosine.c b/wiretap/cosine.c
+index d6db197..76892b2 100644
+--- a/wiretap/cosine.c
++++ b/wiretap/cosine.c
+@@ -282,7 +282,7 @@ int cosine_open(wtap *wth, int *err, gchar **err_info)
+ wth->snapshot_length = 0; /* not known */
+ wth->subtype_read = cosine_read;
+ wth->subtype_seek_read = cosine_seek_read;
+- wth->tsprecision = WTAP_FILE_TSPREC_CSEC;
++ wth->file_tsprec = WTAP_TSPREC_CSEC;
+
+ return 1;
+ }
+diff --git a/wiretap/csids.c b/wiretap/csids.c
+index a60fd11..30702b4 100644
+--- a/wiretap/csids.c
++++ b/wiretap/csids.c
+@@ -139,7 +139,7 @@ int csids_open(wtap *wth, int *err, gchar **err_info)
+ wth->snapshot_length = 0; /* not known */
+ wth->subtype_read = csids_read;
+ wth->subtype_seek_read = csids_seek_read;
+- wth->tsprecision = WTAP_FILE_TSPREC_SEC;
++ wth->file_tsprec = WTAP_TSPREC_SEC;
+
+ return 1;
+ }
+diff --git a/wiretap/daintree-sna.c b/wiretap/daintree-sna.c
+index a9edc71..4c79217 100644
+--- a/wiretap/daintree-sna.c
++++ b/wiretap/daintree-sna.c
+@@ -125,7 +125,7 @@ int daintree_sna_open(wtap *wth, int *err, gchar **err_info)
+ /* set up for file type */
+ wth->file_type = WTAP_FILE_DAINTREE_SNA;
+ wth->file_encap = WTAP_ENCAP_IEEE802_15_4_NOFCS;
+- wth->tsprecision = WTAP_FILE_TSPREC_USEC;
++ wth->file_tsprec = WTAP_TSPREC_USEC;
+ wth->snapshot_length = 0; /* not available in header */
+
+ return 1; /* it's a Daintree file */
+diff --git a/wiretap/dbs-etherwatch.c b/wiretap/dbs-etherwatch.c
+index 11ab38a..cc3d0c3 100644
+--- a/wiretap/dbs-etherwatch.c
++++ b/wiretap/dbs-etherwatch.c
+@@ -192,7 +192,7 @@ int dbs_etherwatch_open(wtap *wth, int *err, gchar **err_info)
+ wth->snapshot_length = 0; /* not known */
+ wth->subtype_read = dbs_etherwatch_read;
+ wth->subtype_seek_read = dbs_etherwatch_seek_read;
+- wth->tsprecision = WTAP_FILE_TSPREC_CSEC;
++ wth->file_tsprec = WTAP_TSPREC_CSEC;
+
+ return 1;
+ }
+diff --git a/wiretap/dct3trace.c b/wiretap/dct3trace.c
+index e2285ec..94e1012 100644
+--- a/wiretap/dct3trace.c
++++ b/wiretap/dct3trace.c
+@@ -181,7 +181,7 @@ int dct3trace_open(wtap *wth, int *err, gchar **err_info)
+ wth->snapshot_length = 0; /* not known */
+ wth->subtype_read = dct3trace_read;
+ wth->subtype_seek_read = dct3trace_seek_read;
+- wth->tsprecision = WTAP_FILE_TSPREC_SEC;
++ wth->file_tsprec = WTAP_TSPREC_SEC;
+
+ return 1;
+ }
+diff --git a/wiretap/erf.c b/wiretap/erf.c
+index 6fe4847..d762745 100644
+--- a/wiretap/erf.c
++++ b/wiretap/erf.c
+@@ -274,7 +274,7 @@ extern int erf_open(wtap *wth, int *err, gchar **err_info)
+
+ wth->subtype_read = erf_read;
+ wth->subtype_seek_read = erf_seek_read;
+- wth->tsprecision = WTAP_FILE_TSPREC_NSEC;
++ wth->file_tsprec = WTAP_TSPREC_NSEC;
+
+ erf_populate_interfaces(wth);
+
+@@ -698,7 +698,7 @@ int erf_dump_open(wtap_dumper *wdh, int *err)
+
+ switch(wdh->file_type){
+ case WTAP_FILE_ERF:
+- wdh->tsprecision = WTAP_FILE_TSPREC_NSEC;
++ wdh->tsprecision = WTAP_TSPREC_NSEC;
+ break;
+ default:
+ *err = WTAP_ERR_UNSUPPORTED_FILE_TYPE;
+diff --git a/wiretap/eyesdn.c b/wiretap/eyesdn.c
+index c32f5b8..5ff55df 100644
+--- a/wiretap/eyesdn.c
++++ b/wiretap/eyesdn.c
+@@ -148,7 +148,7 @@ int eyesdn_open(wtap *wth, int *err, gchar **err_info)
+ wth->snapshot_length = 0; /* not known */
+ wth->subtype_read = eyesdn_read;
+ wth->subtype_seek_read = eyesdn_seek_read;
+- wth->tsprecision = WTAP_FILE_TSPREC_USEC;
++ wth->file_tsprec = WTAP_TSPREC_USEC;
+
+ return 1;
+ }
+diff --git a/wiretap/file_access.c b/wiretap/file_access.c
+index cbea1af..640b867 100644
+--- a/wiretap/file_access.c
++++ b/wiretap/file_access.c
+@@ -357,7 +357,7 @@ wtap* wtap_open_offline(const char *filename, int *err, char **err_info,
+ wth->file_encap = WTAP_ENCAP_UNKNOWN;
+ wth->subtype_sequential_close = NULL;
+ wth->subtype_close = NULL;
+- wth->tsprecision = WTAP_FILE_TSPREC_USEC;
++ wth->file_tsprec = WTAP_TSPREC_USEC;
+ wth->priv = NULL;
+
+ init_open_routines();
+diff --git a/wiretap/hcidump.c b/wiretap/hcidump.c
+index 50c37c1..f7b839f 100644
+--- a/wiretap/hcidump.c
++++ b/wiretap/hcidump.c
+@@ -157,7 +157,7 @@ int hcidump_open(wtap *wth, int *err, gchar **err_info)
+
+ wth->subtype_read = hcidump_read;
+ wth->subtype_seek_read = hcidump_seek_read;
+- wth->tsprecision = WTAP_FILE_TSPREC_USEC;
++ wth->file_tsprec = WTAP_TSPREC_USEC;
+
+ return 1;
+ }
+diff --git a/wiretap/i4btrace.c b/wiretap/i4btrace.c
+index 5cabbfe..e0e4f4a 100644
+--- a/wiretap/i4btrace.c
++++ b/wiretap/i4btrace.c
+@@ -112,7 +112,7 @@ int i4btrace_open(wtap *wth, int *err, gchar **err_info)
+ i4btrace->byte_swapped = byte_swapped;
+
+ wth->file_encap = WTAP_ENCAP_ISDN;
+- wth->tsprecision = WTAP_FILE_TSPREC_USEC;
++ wth->file_tsprec = WTAP_TSPREC_USEC;
+
+ return 1;
+ }
+diff --git a/wiretap/ipfix.c b/wiretap/ipfix.c
+index 9a65680..97d4529 100644
+--- a/wiretap/ipfix.c
++++ b/wiretap/ipfix.c
+@@ -239,7 +239,7 @@ ipfix_open(wtap *wth, int *err, gchar **err_info)
+ /* all's good, this is a IPFIX file */
+ wth->file_encap = WTAP_ENCAP_RAW_IPFIX;
+ wth->snapshot_length = 0;
+- wth->tsprecision = WTAP_FILE_TSPREC_SEC;
++ wth->file_tsprec = WTAP_TSPREC_SEC;
+ wth->subtype_read = ipfix_read;
+ wth->subtype_seek_read = ipfix_seek_read;
+ wth->subtype_close = ipfix_close;
+diff --git a/wiretap/iptrace.c b/wiretap/iptrace.c
+index 152e008..aad4b3c 100644
+--- a/wiretap/iptrace.c
++++ b/wiretap/iptrace.c
+@@ -72,13 +72,13 @@ int iptrace_open(wtap *wth, int *err, gchar **err_info)
+ wth->file_type = WTAP_FILE_IPTRACE_1_0;
+ wth->subtype_read = iptrace_read_1_0;
+ wth->subtype_seek_read = iptrace_seek_read_1_0;
+- wth->tsprecision = WTAP_FILE_TSPREC_SEC;
++ wth->file_tsprec = WTAP_TSPREC_SEC;
+ }
+ else if (strcmp(name, "iptrace 2.0") == 0) {
+ wth->file_type = WTAP_FILE_IPTRACE_2_0;
+ wth->subtype_read = iptrace_read_2_0;
+ wth->subtype_seek_read = iptrace_seek_read_2_0;
+- wth->tsprecision = WTAP_FILE_TSPREC_NSEC;
++ wth->file_tsprec = WTAP_TSPREC_NSEC;
+ }
+ else {
+ return 0;
+diff --git a/wiretap/iseries.c b/wiretap/iseries.c
+index e31d5ec..8d5e111 100644
+--- a/wiretap/iseries.c
++++ b/wiretap/iseries.c
+@@ -250,7 +250,7 @@ iseries_open (wtap * wth, int *err, gchar ** err_info)
+ wth->snapshot_length = 0;
+ wth->subtype_read = iseries_read;
+ wth->subtype_seek_read = iseries_seek_read;
+- wth->tsprecision = WTAP_FILE_TSPREC_USEC;
++ wth->file_tsprec = WTAP_TSPREC_USEC;
+
+ if (file_seek (wth->fh, 0, SEEK_SET, err) == -1)
+ {
+@@ -290,7 +290,7 @@ iseries_open (wtap * wth, int *err, gchar ** err_info)
+ wth->snapshot_length = 0;
+ wth->subtype_read = iseries_read;
+ wth->subtype_seek_read = iseries_seek_read;
+- wth->tsprecision = WTAP_FILE_TSPREC_USEC;
++ wth->file_tsprec = WTAP_TSPREC_USEC;
+
+ if (file_seek (wth->fh, 0, SEEK_SET, err) == -1)
+ {
+diff --git a/wiretap/k12.c b/wiretap/k12.c
+index 85db119..5923eb9 100644
+--- a/wiretap/k12.c
++++ b/wiretap/k12.c
+@@ -832,7 +832,7 @@ int k12_open(wtap *wth, int *err, gchar **err_info) {
+ wth->subtype_seek_read = k12_seek_read;
+ wth->subtype_close = k12_close;
+ wth->priv = (void *)file_data;
+- wth->tsprecision = WTAP_FILE_TSPREC_NSEC;
++ wth->file_tsprec = WTAP_TSPREC_NSEC;
+
+ return 1;
+ }
+diff --git a/wiretap/k12text.l b/wiretap/k12text.l
+index 817eb92..fdfd3a7 100644
+--- a/wiretap/k12text.l
++++ b/wiretap/k12text.l
+@@ -351,7 +351,7 @@ k12text_open(wtap *wth, int *err, gchar **err_info _U_)
+ wth->snapshot_length = 0;
+ wth->subtype_read = k12text_read;
+ wth->subtype_seek_read = k12text_seek_read;
+- wth->tsprecision = WTAP_FILE_TSPREC_NSEC;
++ wth->file_tsprec = WTAP_TSPREC_NSEC;
+
+ return 1;
+ }
+diff --git a/wiretap/lanalyzer.c b/wiretap/lanalyzer.c
+index eb83872..35dad96 100644
+--- a/wiretap/lanalyzer.c
++++ b/wiretap/lanalyzer.c
+@@ -348,7 +348,7 @@ int lanalyzer_open(wtap *wth, int *err, gchar **err_info)
+ wth->subtype_read = lanalyzer_read;
+ wth->subtype_seek_read = lanalyzer_seek_read;
+ wth->snapshot_length = 0;
+- wth->tsprecision = WTAP_FILE_TSPREC_NSEC;
++ wth->file_tsprec = WTAP_TSPREC_NSEC;
+
+ /* Read records until we find the start of packets */
+ while (1) {
+diff --git a/wiretap/libpcap.c b/wiretap/libpcap.c
+index 47dafc7..5477073 100644
+--- a/wiretap/libpcap.c
++++ b/wiretap/libpcap.c
+@@ -107,7 +107,7 @@ int libpcap_open(wtap *wth, int *err, gchar **err_info)
+ a program using either standard or ss990417 libpcap. */
+ byte_swapped = FALSE;
+ modified = FALSE;
+- wth->tsprecision = WTAP_FILE_TSPREC_USEC;
++ wth->file_tsprec = WTAP_TSPREC_USEC;
+ break;
+
+ case PCAP_MODIFIED_MAGIC:
+@@ -115,7 +115,7 @@ int libpcap_open(wtap *wth, int *err, gchar **err_info)
+ a program using either ss990915 or ss991029 libpcap. */
+ byte_swapped = FALSE;
+ modified = TRUE;
+- wth->tsprecision = WTAP_FILE_TSPREC_USEC;
++ wth->file_tsprec = WTAP_TSPREC_USEC;
+ break;
+
+ case PCAP_SWAPPED_MAGIC:
+@@ -124,7 +124,7 @@ int libpcap_open(wtap *wth, int *err, gchar **err_info)
+ ss990417 libpcap. */
+ byte_swapped = TRUE;
+ modified = FALSE;
+- wth->tsprecision = WTAP_FILE_TSPREC_USEC;
++ wth->file_tsprec = WTAP_TSPREC_USEC;
+ break;
+
+ case PCAP_SWAPPED_MODIFIED_MAGIC:
+@@ -133,7 +133,7 @@ int libpcap_open(wtap *wth, int *err, gchar **err_info)
+ or ss991029 libpcap. */
+ byte_swapped = TRUE;
+ modified = TRUE;
+- wth->tsprecision = WTAP_FILE_TSPREC_USEC;
++ wth->file_tsprec = WTAP_TSPREC_USEC;
+ break;
+
+ case PCAP_NSEC_MAGIC:
+@@ -142,7 +142,7 @@ int libpcap_open(wtap *wth, int *err, gchar **err_info)
+ except that the time stamps have nanosecond resolution. */
+ byte_swapped = FALSE;
+ modified = FALSE;
+- wth->tsprecision = WTAP_FILE_TSPREC_NSEC;
++ wth->file_tsprec = WTAP_TSPREC_NSEC;
+ break;
+
+ case PCAP_SWAPPED_NSEC_MAGIC:
+@@ -152,7 +152,7 @@ int libpcap_open(wtap *wth, int *err, gchar **err_info)
+ nanosecond resolution. */
+ byte_swapped = TRUE;
+ modified = FALSE;
+- wth->tsprecision = WTAP_FILE_TSPREC_NSEC;
++ wth->file_tsprec = WTAP_TSPREC_NSEC;
+ break;
+
+ default:
+@@ -311,7 +311,7 @@ int libpcap_open(wtap *wth, int *err, gchar **err_info)
+ * precision to nanosecond precision.
+ */
+ wth->file_type = WTAP_FILE_PCAP_AIX;
+- wth->tsprecision = WTAP_FILE_TSPREC_NSEC;
++ wth->file_tsprec = WTAP_TSPREC_NSEC;
+ return 1;
+ }
+
+@@ -400,7 +400,7 @@ int libpcap_open(wtap *wth, int *err, gchar **err_info)
+ *
+ * Try the standard format first.
+ */
+- if(wth->tsprecision == WTAP_FILE_TSPREC_NSEC) {
++ if(wth->file_tsprec == WTAP_TSPREC_NSEC) {
+ wth->file_type = WTAP_FILE_PCAP_NSEC;
+ } else {
+ wth->file_type = WTAP_FILE_PCAP;
+@@ -662,7 +662,7 @@ static gboolean libpcap_read(wtap *wth, int *err, gchar **err_info,
+ /* Update the Timestamp, if not already done */
+ if (wth->file_encap != WTAP_ENCAP_ERF) {
+ wth->phdr.ts.secs = hdr.hdr.ts_sec;
+- if(wth->tsprecision == WTAP_FILE_TSPREC_NSEC) {
++ if(wth->file_tsprec == WTAP_TSPREC_NSEC) {
+ wth->phdr.ts.nsecs = hdr.hdr.ts_usec;
+ } else {
+ wth->phdr.ts.nsecs = hdr.hdr.ts_usec * 1000;
+@@ -901,18 +901,18 @@ gboolean libpcap_dump_open(wtap_dumper *wdh, int *err)
+ case WTAP_FILE_PCAP_SS990417: /* modified, but with the old magic, sigh */
+ case WTAP_FILE_PCAP_NOKIA: /* Nokia libpcap of some sort */
+ magic = PCAP_MAGIC;
+- wdh->tsprecision = WTAP_FILE_TSPREC_USEC;
++ wdh->tsprecision = WTAP_TSPREC_USEC;
+ break;
+
+ case WTAP_FILE_PCAP_SS990915: /* new magic, extra crap */
+ case WTAP_FILE_PCAP_SS991029:
+ magic = PCAP_MODIFIED_MAGIC;
+- wdh->tsprecision = WTAP_FILE_TSPREC_USEC;
++ wdh->tsprecision = WTAP_TSPREC_USEC;
+ break;
+
+ case WTAP_FILE_PCAP_NSEC: /* same as WTAP_FILE_PCAP, but nsec precision */
+ magic = PCAP_NSEC_MAGIC;
+- wdh->tsprecision = WTAP_FILE_TSPREC_NSEC;
++ wdh->tsprecision = WTAP_TSPREC_NSEC;
+ break;
+
+ default:
+@@ -966,7 +966,7 @@ static gboolean libpcap_dump(wtap_dumper *wdh,
+ phdrsize = pcap_get_phdr_size(wdh->encap, pseudo_header);
+
+ rec_hdr.hdr.ts_sec = (guint32) phdr->ts.secs;
+- if(wdh->tsprecision == WTAP_FILE_TSPREC_NSEC) {
++ if(wdh->tsprecision == WTAP_TSPREC_NSEC) {
+ rec_hdr.hdr.ts_usec = phdr->ts.nsecs;
+ } else {
+ rec_hdr.hdr.ts_usec = phdr->ts.nsecs / 1000;
+diff --git a/wiretap/mime_file.c b/wiretap/mime_file.c
+index 6c64d0e..d0aae88 100644
+--- a/wiretap/mime_file.c
++++ b/wiretap/mime_file.c
+@@ -190,7 +190,7 @@ mime_file_open(wtap *wth, int *err, gchar **err_info)
+
+ wth->file_type = WTAP_FILE_MIME;
+ wth->file_encap = WTAP_ENCAP_MIME;
+- wth->tsprecision = WTAP_FILE_TSPREC_SEC;
++ wth->file_tsprec = WTAP_TSPREC_SEC;
+ wth->subtype_read = mime_read;
+ wth->subtype_seek_read = mime_seek_read;
+ wth->snapshot_length = 0;
+diff --git a/wiretap/mp2t.c b/wiretap/mp2t.c
+index 8496437..de057ba 100644
+--- a/wiretap/mp2t.c
++++ b/wiretap/mp2t.c
+@@ -220,7 +220,7 @@ mp2t_open(wtap *wth, int *err, gchar **err_info)
+
+ wth->file_type = WTAP_FILE_MPEG_2_TS;
+ wth->file_encap = WTAP_ENCAP_MPEG_2_TS;
+- wth->tsprecision = WTAP_FILE_TSPREC_NSEC;
++ wth->file_tsprec = WTAP_TSPREC_NSEC;
+ wth->subtype_read = mp2t_read;
+ wth->subtype_seek_read = mp2t_seek_read;
+ wth->snapshot_length = 0;
+diff --git a/wiretap/mpeg.c b/wiretap/mpeg.c
+index 5c6710f..4545ffb 100644
+--- a/wiretap/mpeg.c
++++ b/wiretap/mpeg.c
+@@ -299,7 +299,7 @@ good_magic:
+
+ wth->file_type = WTAP_FILE_MPEG;
+ wth->file_encap = WTAP_ENCAP_MPEG;
+- wth->tsprecision = WTAP_FILE_TSPREC_NSEC;
++ wth->file_tsprec = WTAP_TSPREC_NSEC;
+ wth->subtype_read = mpeg_read;
+ wth->subtype_seek_read = mpeg_seek_read;
+ wth->snapshot_length = 0;
+diff --git a/wiretap/netmon.c b/wiretap/netmon.c
+index e53bdfc..3b3ed46 100644
+--- a/wiretap/netmon.c
++++ b/wiretap/netmon.c
+@@ -402,7 +402,7 @@ int netmon_open(wtap *wth, int *err, gchar **err_info)
+ * Version 1.x of the file format supports
+ * millisecond precision.
+ */
+- wth->tsprecision = WTAP_FILE_TSPREC_MSEC;
++ wth->file_tsprec = WTAP_TSPREC_MSEC;
+ break;
+
+ case 2:
+@@ -412,7 +412,7 @@ int netmon_open(wtap *wth, int *err, gchar **err_info)
+ * currently support that, so say
+ * "nanosecond precision" for now.
+ */
+- wth->tsprecision = WTAP_FILE_TSPREC_NSEC;
++ wth->file_tsprec = WTAP_TSPREC_NSEC;
+ break;
+ }
+ return 1;
+diff --git a/wiretap/netscaler.c b/wiretap/netscaler.c
+index ba1126c..617b17b 100644
+--- a/wiretap/netscaler.c
++++ b/wiretap/netscaler.c
+@@ -651,7 +651,7 @@ int nstrace_open(wtap *wth, int *err, gchar **err_info)
+ nstrace->nstrace_buf_offset = 0;
+ }
+
+- wth->tsprecision = WTAP_FILE_TSPREC_NSEC;
++ wth->file_tsprec = WTAP_TSPREC_NSEC;
+ wth->phdr.ts.secs = nstrace->nspm_curtime;
+ wth->phdr.ts.nsecs = 0;
+
+diff --git a/wiretap/netscreen.c b/wiretap/netscreen.c
+index ad218af..a029dd6 100644
+--- a/wiretap/netscreen.c
++++ b/wiretap/netscreen.c
+@@ -184,7 +184,7 @@ int netscreen_open(wtap *wth, int *err, gchar **err_info)
+ wth->snapshot_length = 0; /* not known */
+ wth->subtype_read = netscreen_read;
+ wth->subtype_seek_read = netscreen_seek_read;
+- wth->tsprecision = WTAP_FILE_TSPREC_DSEC;
++ wth->file_tsprec = WTAP_TSPREC_DSEC;
+
+ return 1;
+ }
+diff --git a/wiretap/nettl.c b/wiretap/nettl.c
+index 757ddaa..d881eeb 100644
+--- a/wiretap/nettl.c
++++ b/wiretap/nettl.c
+@@ -287,7 +287,7 @@ int nettl_open(wtap *wth, int *err, gchar **err_info)
+ if (file_seek(wth->fh, FILE_HDR_SIZE, SEEK_SET, err) == -1) {
+ return -1;
+ }
+- wth->tsprecision = WTAP_FILE_TSPREC_USEC;
++ wth->file_tsprec = WTAP_TSPREC_USEC;
+
+ return 1;
+ }
+diff --git a/wiretap/network_instruments.c b/wiretap/network_instruments.c
+index 3640d28..9ba7100 100644
+--- a/wiretap/network_instruments.c
++++ b/wiretap/network_instruments.c
+@@ -247,7 +247,7 @@ int network_instruments_open(wtap *wth, int *err, gchar **err_info)
+ wth->subtype_close = NULL;
+ wth->subtype_sequential_close = NULL;
+ wth->snapshot_length = 0; /* not available in header */
+- wth->tsprecision = WTAP_FILE_TSPREC_NSEC;
++ wth->file_tsprec = WTAP_TSPREC_NSEC;
+ wth->file_type = WTAP_FILE_NETWORK_INSTRUMENTS;
+
+ /* reset the pointer to the first packet */
+diff --git a/wiretap/netxray.c b/wiretap/netxray.c
+index c2af737..d4d2710 100644
+--- a/wiretap/netxray.c
++++ b/wiretap/netxray.c
+@@ -495,12 +495,12 @@ int netxray_open(wtap *wth, int *err, gchar **err_info)
+
+ case WTAP_FILE_NETXRAY_OLD:
+ ticks_per_sec = 1000.0;
+- wth->tsprecision = WTAP_FILE_TSPREC_MSEC;
++ wth->file_tsprec = WTAP_TSPREC_MSEC;
+ break;
+
+ case WTAP_FILE_NETXRAY_1_0:
+ ticks_per_sec = 1000.0;
+- wth->tsprecision = WTAP_FILE_TSPREC_MSEC;
++ wth->file_tsprec = WTAP_TSPREC_MSEC;
+ break;
+
+ case WTAP_FILE_NETXRAY_1_1:
+@@ -511,7 +511,7 @@ int netxray_open(wtap *wth, int *err, gchar **err_info)
+ * and older versions of Windows Sniffer.
+ */
+ ticks_per_sec = 1000000.0;
+- wth->tsprecision = WTAP_FILE_TSPREC_USEC;
++ wth->file_tsprec = WTAP_TSPREC_USEC;
+ break;
+
+ case WTAP_FILE_NETXRAY_2_00x:
+@@ -668,9 +668,9 @@ int netxray_open(wtap *wth, int *err, gchar **err_info)
+ * XXX - Seems reasonable to use nanosecs only if TPS >= 10M
+ */
+ if (ticks_per_sec >= 1e7)
+- wth->tsprecision = WTAP_FILE_TSPREC_NSEC;
++ wth->file_tsprec = WTAP_TSPREC_NSEC;
+ else
+- wth->tsprecision = WTAP_FILE_TSPREC_USEC;
++ wth->file_tsprec = WTAP_TSPREC_USEC;
+ break;
+
+ default:
+diff --git a/wiretap/ngsniffer.c b/wiretap/ngsniffer.c
+index f15694f..4ada82d 100644
+--- a/wiretap/ngsniffer.c
++++ b/wiretap/ngsniffer.c
+@@ -799,7 +799,7 @@ ngsniffer_open(wtap *wth, int *err, gchar **err_info)
+ * isn't stored in the capture file.
+ */
+
+- wth->tsprecision = WTAP_FILE_TSPREC_NSEC; /* XXX */
++ wth->file_tsprec = WTAP_TSPREC_NSEC; /* XXX */
+
+ return 1;
+ }
+diff --git a/wiretap/packetlogger.c b/wiretap/packetlogger.c
+index eece1a0..fcaedc9 100644
+--- a/wiretap/packetlogger.c
++++ b/wiretap/packetlogger.c
+@@ -118,7 +118,7 @@ int packetlogger_open(wtap *wth, int *err, gchar **err_info)
+
+ wth->file_type = WTAP_FILE_PACKETLOGGER;
+ wth->file_encap = WTAP_ENCAP_PACKETLOGGER;
+- wth->tsprecision = WTAP_FILE_TSPREC_USEC;
++ wth->file_tsprec = WTAP_TSPREC_USEC;
+
+ return 1; /* Our kind of file */
+ }
+diff --git a/wiretap/pcapng.c b/wiretap/pcapng.c
+index f652057..338be96 100644
+--- a/wiretap/pcapng.c
++++ b/wiretap/pcapng.c
+@@ -371,7 +371,6 @@ typedef struct wtapng_block_s {
+ const union wtap_pseudo_header *pseudo_header;
+ struct wtap_pkthdr *packet_header;
+ const guint8 *frame_buffer;
+- int *file_encap;
+ } wtapng_block_t;
+
+ /* Interface data in private struct */
+@@ -379,6 +378,7 @@ typedef struct interface_data_s {
+ int wtap_encap;
+ guint32 snap_len;
+ guint64 time_units_per_second;
++ int tsprecision;
+ } interface_data_t;
+
+ typedef struct {
+@@ -643,10 +643,12 @@ pcapng_read_section_header_block(FILE_T fh, gboolean first_block,
+
+ /* "Interface Description Block" */
+ static int
+-pcapng_read_if_descr_block(FILE_T fh, pcapng_block_header_t *bh, pcapng_t *pn,
+- wtapng_block_t *wblock, int *err, gchar **err_info)
++pcapng_read_if_descr_block(wtap *wth, FILE_T fh, pcapng_block_header_t *bh,
++ pcapng_t *pn, wtapng_block_t *wblock, int *err,
++ gchar **err_info)
+ {
+- guint64 time_units_per_second = 1000000; /* default */
++ guint64 time_units_per_second = 1000000; /* default = 10^6 */
++ int tsprecision = WTAP_TSPREC_USEC;
+ int bytes_read;
+ int block_read;
+ int to_read, opt_cont_buf_len;
+@@ -690,6 +692,7 @@ pcapng_read_if_descr_block(FILE_T fh, pcapng_block_header_t *bh, pcapng_t *pn,
+
+ wblock->data.if_descr.wtap_encap = wtap_pcap_encap_to_wtap_encap(wblock->data.if_descr.link_type);
+ wblock->data.if_descr.time_units_per_second = time_units_per_second;
++ wblock->data.if_descr.tsprecision = tsprecision;
+
+ pcapng_debug3("pcapng_read_if_descr_block: IDB link_type %u (%s), snap %u",
+ wblock->data.if_descr.link_type,
+@@ -821,7 +824,20 @@ pcapng_read_if_descr_block(FILE_T fh, pcapng_block_header_t *bh, pcapng_t *pn,
+ }
+ wblock->data.if_descr.time_units_per_second = time_units_per_second;
+ wblock->data.if_descr.if_tsresol = if_tsresol;
+- pcapng_debug2("pcapng_read_if_descr_block: if_tsresol %u, units/s %" G_GINT64_MODIFIER "u", wblock->data.if_descr.if_tsresol, wblock->data.if_descr.time_units_per_second);
++ if (time_units_per_second >= 1000000000)
++ tsprecision = WTAP_TSPREC_NSEC;
++ else if (time_units_per_second >= 1000000)
++ tsprecision = WTAP_TSPREC_USEC;
++ else if (time_units_per_second >= 1000)
++ tsprecision = WTAP_TSPREC_MSEC;
++ else if (time_units_per_second >= 100)
++ tsprecision = WTAP_TSPREC_CSEC;
++ else if (time_units_per_second >= 10)
++ tsprecision = WTAP_TSPREC_DSEC;
++ else
++ tsprecision = WTAP_TSPREC_SEC;
++ wblock->data.if_descr.tsprecision = tsprecision;
++ pcapng_debug3("pcapng_read_if_descr_block: if_tsresol %u, units/s %" G_GINT64_MODIFIER "u, tsprecision %d", wblock->data.if_descr.if_tsresol, wblock->data.if_descr.time_units_per_second, tsprecision);
+ } else {
+ pcapng_debug1("pcapng_read_if_descr_block: if_tsresol length %u not 1 as expected", oh.option_length);
+ }
+@@ -883,12 +899,33 @@ pcapng_read_if_descr_block(FILE_T fh, pcapng_block_header_t *bh, pcapng_t *pn,
+
+ g_free(option_content);
+
+- if (*wblock->file_encap == WTAP_ENCAP_UNKNOWN) {
+- *wblock->file_encap = wblock->data.if_descr.wtap_encap;
++ /*
++ * If the per-file encapsulation isn't known, set it to this
++ * interface's encapsulation.
++ *
++ * If it *is* known, and it isn't this interface's encapsulation,
++ * set it to WTAP_ENCAP_PER_PACKET, as this file doesn't
++ * have a single encapsulation for all interfaces in the file,
++ * so it probably doesn't have a single encapsulation for all
++ * packets in the file.
++ */
++ if (wth->file_encap == WTAP_ENCAP_UNKNOWN) {
++ wth->file_encap = wblock->data.if_descr.wtap_encap;
+ } else {
+- if (*wblock->file_encap != wblock->data.if_descr.wtap_encap) {
+- *wblock->file_encap = WTAP_ENCAP_PER_PACKET;
+- }
++ if (wth->file_encap != wblock->data.if_descr.wtap_encap) {
++ wth->file_encap = WTAP_ENCAP_PER_PACKET;
++ }
++ }
++
++ /*
++ * The same applies to the per-file time stamp resolution.
++ */
++ if (wth->file_tsprec == WTAP_TSPREC_UNKNOWN) {
++ wth->file_tsprec = wblock->data.if_descr.tsprecision;
++ } else {
++ if (wth->file_tsprec != wblock->data.if_descr.tsprecision) {
++ wth->file_tsprec = WTAP_TSPREC_PER_PACKET;
++ }
+ }
+
+ return block_read;
+@@ -1065,6 +1102,7 @@ pcapng_read_packet_block(FILE_T fh, pcapng_block_header_t *bh, pcapng_t *pn, wta
+ pcap_get_phdr_size(int_data.wtap_encap, wblock->pseudo_header));
+ wblock->packet_header->interface_id = wblock->data.packet.interface_id;
+ wblock->packet_header->pkt_encap = int_data.wtap_encap;
++ wblock->packet_header->pkt_tsprec = int_data.tsprecision;
+
+ memset((void *)wblock->pseudo_header, 0, sizeof(union wtap_pseudo_header));
+ pseudo_header_len = pcap_process_pseudo_header(fh,
+@@ -1328,6 +1366,7 @@ pcapng_read_simple_packet_block(FILE_T fh, pcapng_block_header_t *bh, pcapng_t *
+ wblock->packet_header->presence_flags = WTAP_HAS_CAP_LEN|WTAP_HAS_INTERFACE_ID;
+ wblock->packet_header->interface_id = 0;
+ wblock->packet_header->pkt_encap = int_data.wtap_encap;
++ wblock->packet_header->pkt_tsprec = int_data.tsprecision;
+ wblock->packet_header->ts.secs = 0;
+ wblock->packet_header->ts.nsecs = 0;
+ wblock->packet_header->interface_id = 0;
+@@ -1905,7 +1944,7 @@ pcapng_read_unknown_block(FILE_T fh, pcapng_block_header_t *bh, pcapng_t *pn _U_
+
+
+ static int
+-pcapng_read_block(FILE_T fh, gboolean first_block, pcapng_t *pn, wtapng_block_t *wblock, int *err, gchar **err_info)
++pcapng_read_block(wtap *wth, FILE_T fh, gboolean first_block, pcapng_t *pn, wtapng_block_t *wblock, int *err, gchar **err_info)
+ {
+ int block_read;
+ int bytes_read;
+@@ -1953,7 +1992,7 @@ pcapng_read_block(FILE_T fh, gboolean first_block, pcapng_t *pn, wtapng_block_t
+ bytes_read = pcapng_read_section_header_block(fh, first_block, &bh, pn, wblock, err, err_info);
+ break;
+ case(BLOCK_TYPE_IDB):
+- bytes_read = pcapng_read_if_descr_block(fh, &bh, pn, wblock, err, err_info);
++ bytes_read = pcapng_read_if_descr_block(wth, fh, &bh, pn, wblock, err, err_info);
+ break;
+ case(BLOCK_TYPE_PB):
+ bytes_read = pcapng_read_packet_block(fh, &bh, pn, wblock, err, err_info, FALSE);
+@@ -2043,6 +2082,7 @@ pcapng_process_idb(wtap *wth, pcapng_t *pcapng, wtapng_block_t *wblock)
+ interface_data.wtap_encap = wblock->data.if_descr.wtap_encap;
+ interface_data.snap_len = wblock->data.if_descr.snap_len;
+ interface_data.time_units_per_second = wblock->data.if_descr.time_units_per_second;
++ interface_data.tsprecision = wblock->data.if_descr.tsprecision;
+
+ g_array_append_val(pcapng->interface_data, interface_data);
+ pcapng->number_of_interfaces++;
+@@ -2072,11 +2112,10 @@ pcapng_open(wtap *wth, int *err, gchar **err_info)
+ wblock.frame_buffer = NULL;
+ wblock.pseudo_header = NULL;
+ wblock.packet_header = NULL;
+- wblock.file_encap = &wth->file_encap;
+
+ pcapng_debug0("pcapng_open: opening file");
+ /* read first block */
+- bytes_read = pcapng_read_block(wth->fh, TRUE, &pn, &wblock, err, err_info);
++ bytes_read = pcapng_read_block(wth, wth->fh, TRUE, &pn, &wblock, err, err_info);
+ if (bytes_read <= 0) {
+ pcapng_debug0("pcapng_open: couldn't read first SHB");
+ *err = file_error(wth->fh, err_info);
+@@ -2110,7 +2149,7 @@ pcapng_open(wtap *wth, int *err, gchar **err_info)
+
+ wth->file_encap = WTAP_ENCAP_UNKNOWN;
+ wth->snapshot_length = 0;
+- wth->tsprecision = WTAP_FILE_TSPREC_NSEC;
++ wth->file_tsprec = WTAP_TSPREC_NSEC;
+ pcapng = (pcapng_t *)g_malloc(sizeof(pcapng_t));
+ wth->priv = (void *)pcapng;
+ *pcapng = pn;
+@@ -2156,7 +2195,7 @@ pcapng_open(wtap *wth, int *err, gchar **err_info)
+ if (bh.block_type != BLOCK_TYPE_IDB) {
+ break; /* No more IDB:s */
+ }
+- bytes_read = pcapng_read_block(wth->fh, FALSE, &pn, &wblock, err, err_info);
++ bytes_read = pcapng_read_block(wth, wth->fh, FALSE, &pn, &wblock, err, err_info);
+ if (bytes_read == 0) {
+ pcapng_debug0("No more IDBs available...");
+ break;
+@@ -2200,14 +2239,13 @@ pcapng_read(wtap *wth, int *err, gchar **err_info, gint64 *data_offset)
+ wblock.frame_buffer = buffer_start_ptr(wth->frame_buffer);
+ wblock.pseudo_header = &wth->phdr.pseudo_header;
+ wblock.packet_header = &wth->phdr;
+- wblock.file_encap = &wth->file_encap;
+
+ pcapng->add_new_ipv4 = wth->add_new_ipv4;
+ pcapng->add_new_ipv6 = wth->add_new_ipv6;
+
+ /* read next block */
+ while (1) {
+- bytes_read = pcapng_read_block(wth->fh, FALSE, pcapng, &wblock, err, err_info);
++ bytes_read = pcapng_read_block(wth, wth->fh, FALSE, pcapng, &wblock, err, err_info);
+ if (bytes_read <= 0) {
+ pcapng_debug1("pcapng_read: data_offset is finally %" G_GINT64_MODIFIER "d", *data_offset);
+ pcapng_debug0("pcapng_read: couldn't read packet block");
+@@ -2219,6 +2257,7 @@ pcapng_read(wtap *wth, int *err, gchar **err_info, gint64 *data_offset)
+ case(BLOCK_TYPE_SHB):
+ /* We don't currently support multi-section files. */
+ wth->phdr.pkt_encap = WTAP_ENCAP_UNKNOWN;
++ wth->phdr.pkt_tsprec = WTAP_TSPREC_UNKNOWN;
+ *err = WTAP_ERR_UNSUPPORTED;
+ *err_info = g_strdup_printf("pcapng: multi-section files not currently supported.");
+ return FALSE;
+@@ -2332,10 +2371,9 @@ pcapng_seek_read(wtap *wth, gint64 seek_off,
+ wblock.frame_buffer = pd;
+ wblock.pseudo_header = pseudo_header;
+ wblock.packet_header = &wth->phdr;
+- wblock.file_encap = &wth->file_encap;
+
+ /* read the block */
+- bytes_read = pcapng_read_block(wth->random_fh, FALSE, pcapng, &wblock, err, err_info);
++ bytes_read = pcapng_read_block(wth, wth->random_fh, FALSE, pcapng, &wblock, err, err_info);
+ if (bytes_read <= 0) {
+ *err = file_error(wth->random_fh, err_info);
+ pcapng_debug3("pcapng_seek_read: couldn't read packet block (err=%d, errno=%d, bytes_read=%d).",
+diff --git a/wiretap/peekclassic.c b/wiretap/peekclassic.c
+index e8b890e..8437d34 100644
+--- a/wiretap/peekclassic.c
++++ b/wiretap/peekclassic.c
+@@ -354,7 +354,7 @@ peekclassic_open(wtap *wth, int *err, gchar **err_info)
+ }
+
+ wth->snapshot_length = 0; /* not available in header */
+- wth->tsprecision = WTAP_FILE_TSPREC_USEC;
++ wth->file_tsprec = WTAP_TSPREC_USEC;
+
+ return 1;
+ }
+diff --git a/wiretap/peektagged.c b/wiretap/peektagged.c
+index 7f178ae..712ea88 100644
+--- a/wiretap/peektagged.c
++++ b/wiretap/peektagged.c
+@@ -338,7 +338,7 @@ int peektagged_open(wtap *wth, int *err, gchar **err_info)
+ wth->file_encap = file_encap;
+ wth->subtype_read = peektagged_read;
+ wth->subtype_seek_read = peektagged_seek_read;
+- wth->tsprecision = WTAP_FILE_TSPREC_NSEC;
++ wth->file_tsprec = WTAP_TSPREC_NSEC;
+
+ peektagged = (peektagged_t *)g_malloc(sizeof(peektagged_t));
+ wth->priv = (void *)peektagged;
+diff --git a/wiretap/pppdump.c b/wiretap/pppdump.c
+index 239f1a8..e3d4165 100644
+--- a/wiretap/pppdump.c
++++ b/wiretap/pppdump.c
+@@ -301,7 +301,7 @@ pppdump_open(wtap *wth, int *err, gchar **err_info)
+ wth->subtype_read = pppdump_read;
+ wth->subtype_seek_read = pppdump_seek_read;
+ wth->subtype_close = pppdump_close;
+- wth->tsprecision = WTAP_FILE_TSPREC_DSEC;
++ wth->file_tsprec = WTAP_TSPREC_DSEC;
+
+ state->seek_state = g_new(pppdump_t,1);
+
+diff --git a/wiretap/radcom.c b/wiretap/radcom.c
+index 8e9b701..719d904 100644
+--- a/wiretap/radcom.c
++++ b/wiretap/radcom.c
+@@ -167,7 +167,7 @@ int radcom_open(wtap *wth, int *err, gchar **err_info)
+ wth->subtype_read = radcom_read;
+ wth->subtype_seek_read = radcom_seek_read;
+ wth->snapshot_length = 0; /* not available in header, only in frame */
+- wth->tsprecision = WTAP_FILE_TSPREC_USEC;
++ wth->file_tsprec = WTAP_TSPREC_USEC;
+
+ #if 0
+ tm.tm_year = pletohs(&start_date.year)-1900;
+diff --git a/wiretap/snoop.c b/wiretap/snoop.c
+index d2f765b..2da076d 100644
+--- a/wiretap/snoop.c
++++ b/wiretap/snoop.c
+@@ -433,7 +433,7 @@ int snoop_open(wtap *wth, int *err, gchar **err_info)
+ wth->subtype_seek_read = snoop_seek_read;
+ wth->file_encap = file_encap;
+ wth->snapshot_length = 0; /* not available in header */
+- wth->tsprecision = WTAP_FILE_TSPREC_USEC;
++ wth->file_tsprec = WTAP_TSPREC_USEC;
+ return 1;
+ }
+
+diff --git a/wiretap/tnef.c b/wiretap/tnef.c
+index 3afd1d4..f352c24 100644
+--- a/wiretap/tnef.c
++++ b/wiretap/tnef.c
+@@ -128,7 +128,7 @@ int tnef_open(wtap *wth, int *err, gchar **err_info)
+
+ wth->subtype_read = tnef_read;
+ wth->subtype_seek_read = tnef_seek_read;
+- wth->tsprecision = WTAP_FILE_TSPREC_SEC;
++ wth->file_tsprec = WTAP_TSPREC_SEC;
+
+ return 1;
+ }
+diff --git a/wiretap/toshiba.c b/wiretap/toshiba.c
+index 07f00eb..f88474d 100644
+--- a/wiretap/toshiba.c
++++ b/wiretap/toshiba.c
+@@ -213,7 +213,7 @@ int toshiba_open(wtap *wth, int *err, gchar **err_info)
+ wth->snapshot_length = 0; /* not known */
+ wth->subtype_read = toshiba_read;
+ wth->subtype_seek_read = toshiba_seek_read;
+- wth->tsprecision = WTAP_FILE_TSPREC_CSEC;
++ wth->file_tsprec = WTAP_TSPREC_CSEC;
+
+ return 1;
+ }
+diff --git a/wiretap/visual.c b/wiretap/visual.c
+index 59400ba..a0f9852 100644
+--- a/wiretap/visual.c
++++ b/wiretap/visual.c
+@@ -267,7 +267,7 @@ int visual_open(wtap *wth, int *err, gchar **err_info)
+ /* Set up the pointers to the handlers for this file type */
+ wth->subtype_read = visual_read;
+ wth->subtype_seek_read = visual_seek_read;
+- wth->tsprecision = WTAP_FILE_TSPREC_MSEC;
++ wth->file_tsprec = WTAP_TSPREC_MSEC;
+
+ /* Add Visual-specific information to the wiretap struct for later use. */
+ visual = (struct visual_read_info *)g_malloc(sizeof(struct visual_read_info));
+diff --git a/wiretap/vms.c b/wiretap/vms.c
+index f5c440b..550a5ac 100644
+--- a/wiretap/vms.c
++++ b/wiretap/vms.c
+@@ -253,7 +253,7 @@ int vms_open(wtap *wth, int *err, gchar **err_info)
+ wth->snapshot_length = 0; /* not known */
+ wth->subtype_read = vms_read;
+ wth->subtype_seek_read = vms_seek_read;
+- wth->tsprecision = WTAP_FILE_TSPREC_CSEC;
++ wth->file_tsprec = WTAP_TSPREC_CSEC;
+
+ return 1;
+ }
+diff --git a/wiretap/vwr.c b/wiretap/vwr.c
+index 0f1dbc3..881ad64 100644
+--- a/wiretap/vwr.c
++++ b/wiretap/vwr.c
+@@ -653,7 +653,7 @@ int vwr_open(wtap *wth, int *err, gchar **err_info)
+ wth->snapshot_length = 0;
+ wth->subtype_read = vwr_read;
+ wth->subtype_seek_read = vwr_seek_read;
+- wth->tsprecision = WTAP_FILE_TSPREC_USEC;
++ wth->file_tsprec = WTAP_TSPREC_USEC;
+
+ if (fpgaVer == vVW510021_W_FPGA) {
+ wth->file_type = WTAP_FILE_VWR_80211;
+diff --git a/wiretap/wtap-int.h b/wiretap/wtap-int.h
+index 1c17a42..15d5102 100644
+--- a/wiretap/wtap-int.h
++++ b/wiretap/wtap-int.h
+@@ -69,11 +69,19 @@ struct wtap {
+ int file_encap; /* per-file, for those
+ * file formats that have
+ * per-file encapsulation
+- * types
+- */
+- int tsprecision; /* timestamp precision of the lower 32bits
+- * e.g. WTAP_FILE_TSPREC_USEC
++ * types rather than per-packet
++ * encapsulation types
+ */
++ int file_tsprec; /* per-file timestamp precision
++ * of the fractional part of
++ * the time stamp, for those
++ * file formats that have
++ * per-file timestamp
++ * precision rather than
++ * per-packet timestamp
++ * precision
++ * e.g. WTAP_TSPREC_USEC
++ */
+ wtap_new_ipv4_callback_t add_new_ipv4;
+ wtap_new_ipv6_callback_t add_new_ipv6;
+ GPtrArray *fast_seek;
+@@ -105,7 +113,7 @@ struct wtap_dumper {
+ subtype_close_func subtype_close;
+
+ int tsprecision; /**< timestamp precision of the lower 32bits
+- * e.g. WTAP_FILE_TSPREC_USEC
++ * e.g. WTAP_TSPREC_USEC
+ */
+ struct addrinfo *addrinfo_list;
+ struct wtapng_section_s *shb_hdr;
+diff --git a/wiretap/wtap.c b/wiretap/wtap.c
+index ee0cbc2..69803d6 100644
+--- a/wiretap/wtap.c
++++ b/wiretap/wtap.c
+@@ -95,9 +95,9 @@ wtap_file_encap(wtap *wth)
+ }
+
+ int
+-wtap_file_tsprecision(wtap *wth)
++wtap_file_tsprec(wtap *wth)
+ {
+- return wth->tsprecision;
++ return wth->file_tsprec;
+ }
+
+ wtapng_section_t *
+@@ -862,6 +862,8 @@ wtap_read(wtap *wth, int *err, gchar **err_info, gint64 *data_offset)
+ * capture file type doesn't have to set it), and if it
+ * *is* WTAP_ENCAP_PER_PACKET, the caller needs to set it
+ * anyway.
++ *
++ * Do the same for the packet time stamp resolution.
+ */
+ wth->phdr.pkt_encap = wth->file_encap;
+
+diff --git a/wiretap/wtap.h b/wiretap/wtap.h
+index 36674e9..b49c280 100644
+--- a/wiretap/wtap.h
++++ b/wiretap/wtap.h
+@@ -319,12 +319,14 @@ extern "C" {
+ #define WTAP_NUM_FILE_TYPES wtap_get_num_file_types()
+
+ /* timestamp precision (currently only these values are supported) */
+-#define WTAP_FILE_TSPREC_SEC 0
+-#define WTAP_FILE_TSPREC_DSEC 1
+-#define WTAP_FILE_TSPREC_CSEC 2
+-#define WTAP_FILE_TSPREC_MSEC 3
+-#define WTAP_FILE_TSPREC_USEC 6
+-#define WTAP_FILE_TSPREC_NSEC 9
++#define WTAP_TSPREC_UNKNOWN -2
++#define WTAP_TSPREC_PER_PACKET -1
++#define WTAP_TSPREC_SEC 0
++#define WTAP_TSPREC_DSEC 1
++#define WTAP_TSPREC_CSEC 2
++#define WTAP_TSPREC_MSEC 3
++#define WTAP_TSPREC_USEC 6
++#define WTAP_TSPREC_NSEC 9
+
+ /*
+ * Maximum packet size we'll support.
+@@ -866,7 +868,8 @@ struct wtap_pkthdr {
+ struct wtap_nstime ts;
+ guint32 caplen; /* data length in the file */
+ guint32 len; /* data length on the wire */
+- int pkt_encap;
++ int pkt_encap; /* WTAP_ENCAP_ value for this packet */
++ int pkt_tsprec; /* WTAP_TSPREC_ value for this packet */
+ /* pcapng variables */
+ guint32 interface_id; /* identifier of the interface. */
+ /* options */
+@@ -1010,6 +1013,7 @@ typedef struct wtapng_iface_descriptions_s {
+ typedef struct wtapng_if_descr_s {
+ int wtap_encap; /**< link_type translated to wtap_encap */
+ guint64 time_units_per_second;
++ int tsprecision; /**< WTAP_TSPREC_ value for this interface */
+
+ /* mandatory */
+ guint16 link_type;
+@@ -1214,7 +1218,7 @@ int wtap_file_type(wtap *wth);
+ WS_DLL_PUBLIC
+ int wtap_file_encap(wtap *wth);
+ WS_DLL_PUBLIC
+-int wtap_file_tsprecision(wtap *wth);
++int wtap_file_tsprec(wtap *wth);
+ WS_DLL_PUBLIC
+ wtapng_section_t* wtap_file_get_shb_info(wtap *wth);
+ WS_DLL_PUBLIC
diff --git a/SOURCES/wireshark-1.10.3-tls-ext-encrypt-then-mac.patch b/SOURCES/wireshark-1.10.3-tls-ext-encrypt-then-mac.patch
new file mode 100644
index 0000000..bf3bcd9
--- /dev/null
+++ b/SOURCES/wireshark-1.10.3-tls-ext-encrypt-then-mac.patch
@@ -0,0 +1,24 @@
+diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c
+index 8f85f11..a58ccfb 100644
+--- a/epan/dissectors/packet-ssl-utils.c
++++ b/epan/dissectors/packet-ssl-utils.c
+@@ -1034,6 +1034,7 @@ const value_string tls_hello_extension_types[] = {
+ { 13, "signature_algorithms" }, /* RFC 5246 */
+ { 14, "use_srtp" },
+ { SSL_HND_HELLO_EXT_HEARTBEAT, "Heartbeat" }, /* RFC 6520 */
++ { SSL_HND_HELLO_EXT_ENCRYPT_THEN_MAC_TYPE, "Encrypt then MAC" }, /* RFC 7366 */
+ { SSL_HND_HELLO_EXT_EXTENDED_MASTER_SECRET_TYPE, "Extended Master Secret" }, /* https://tools.ietf.org/html/draft-ietf-tls-session-hash-01 */
+ { 35, "SessionTicket TLS" }, /* RFC 4507 */
+ { SSL_HND_HELLO_EXT_NPN, "next_protocol_negotiation"}, /* http://technotes.googlecode.com/git/nextprotoneg.html */
+diff --git a/epan/dissectors/packet-ssl-utils.h b/epan/dissectors/packet-ssl-utils.h
+index 5968b8e..82dc39b 100644
+--- a/epan/dissectors/packet-ssl-utils.h
++++ b/epan/dissectors/packet-ssl-utils.h
+@@ -153,6 +153,7 @@
+ #define SSL_HND_HELLO_EXT_EC_POINT_FORMATS 0x000b
+ #define SSL_HND_HELLO_EXT_SIG_HASH_ALGS 0x000d
+ #define SSL_HND_HELLO_EXT_HEARTBEAT 0x000f
++#define SSL_HND_HELLO_EXT_ENCRYPT_THEN_MAC_TYPE 0x0016
+ #define SSL_HND_HELLO_EXT_EXTENDED_MASTER_SECRET_TYPE 0x0017
+ #define SSL_HND_HELLO_EXT_RENEG_INFO 0xff01
+ #define SSL_HND_HELLO_EXT_NPN 0x3374
diff --git a/SOURCES/wireshark-1.10.3-tls-ext-master-secret.patch b/SOURCES/wireshark-1.10.3-tls-ext-master-secret.patch
new file mode 100644
index 0000000..3427382
--- /dev/null
+++ b/SOURCES/wireshark-1.10.3-tls-ext-master-secret.patch
@@ -0,0 +1,127 @@
+diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c
+index efb170a..8f85f11 100644
+--- a/epan/dissectors/packet-ssl-utils.c
++++ b/epan/dissectors/packet-ssl-utils.c
+@@ -1034,6 +1034,7 @@ const value_string tls_hello_extension_types[] = {
+ { 13, "signature_algorithms" }, /* RFC 5246 */
+ { 14, "use_srtp" },
+ { SSL_HND_HELLO_EXT_HEARTBEAT, "Heartbeat" }, /* RFC 6520 */
++ { SSL_HND_HELLO_EXT_EXTENDED_MASTER_SECRET_TYPE, "Extended Master Secret" }, /* https://tools.ietf.org/html/draft-ietf-tls-session-hash-01 */
+ { 35, "SessionTicket TLS" }, /* RFC 4507 */
+ { SSL_HND_HELLO_EXT_NPN, "next_protocol_negotiation"}, /* http://technotes.googlecode.com/git/nextprotoneg.html */
+ { SSL_HND_HELLO_EXT_RENEG_INFO, "renegotiation_info" }, /* RFC 5746 */
+diff --git a/epan/dissectors/packet-ssl-utils.h b/epan/dissectors/packet-ssl-utils.h
+index 1ba1598..5968b8e 100644
+--- a/epan/dissectors/packet-ssl-utils.h
++++ b/epan/dissectors/packet-ssl-utils.h
+@@ -148,14 +148,15 @@
+ #define PCT_ERR_SERVER_AUTH_FAILED 0x05
+ #define PCT_ERR_SPECS_MISMATCH 0x06
+
+-#define SSL_HND_HELLO_EXT_SERVER_NAME 0x0
+-#define SSL_HND_HELLO_EXT_ELLIPTIC_CURVES 0x000a
+-#define SSL_HND_HELLO_EXT_EC_POINT_FORMATS 0x000b
+-#define SSL_HND_HELLO_EXT_SIG_HASH_ALGS 0x000d
+-#define SSL_HND_HELLO_EXT_HEARTBEAT 0x000f
+-#define SSL_HND_HELLO_EXT_RENEG_INFO 0xff01
+-#define SSL_HND_HELLO_EXT_NPN 0x3374
+-#define SSL_HND_CERT_STATUS_TYPE_OCSP 1
++#define SSL_HND_HELLO_EXT_SERVER_NAME 0x0
++#define SSL_HND_HELLO_EXT_ELLIPTIC_CURVES 0x000a
++#define SSL_HND_HELLO_EXT_EC_POINT_FORMATS 0x000b
++#define SSL_HND_HELLO_EXT_SIG_HASH_ALGS 0x000d
++#define SSL_HND_HELLO_EXT_HEARTBEAT 0x000f
++#define SSL_HND_HELLO_EXT_EXTENDED_MASTER_SECRET_TYPE 0x0017
++#define SSL_HND_HELLO_EXT_RENEG_INFO 0xff01
++#define SSL_HND_HELLO_EXT_NPN 0x3374
++#define SSL_HND_CERT_STATUS_TYPE_OCSP 1
+
+ /*
+ * Lookup tables
+@@ -211,13 +212,16 @@ typedef struct _StringInfo {
+ #define DTLSV1DOT0_VERSION_NOT 0x100
+ #define DTLSV1DOT2_VERSION 0xfefd
+
+-#define SSL_CLIENT_RANDOM (1<<0)
+-#define SSL_SERVER_RANDOM (1<<1)
+-#define SSL_CIPHER (1<<2)
+-#define SSL_HAVE_SESSION_KEY (1<<3)
+-#define SSL_VERSION (1<<4)
+-#define SSL_MASTER_SECRET (1<<5)
+-#define SSL_PRE_MASTER_SECRET (1<<6)
++#define SSL_CLIENT_RANDOM (1<<0)
++#define SSL_SERVER_RANDOM (1<<1)
++#define SSL_CIPHER (1<<2)
++#define SSL_HAVE_SESSION_KEY (1<<3)
++#define SSL_VERSION (1<<4)
++#define SSL_MASTER_SECRET (1<<5)
++#define SSL_PRE_MASTER_SECRET (1<<6)
++#define SSL_CLIENT_EXTENDED_MASTER_SECRET (1<<7)
++#define SSL_SERVER_EXTENDED_MASTER_SECRET (1<<8)
++
+
+ #define SSL_CIPHER_MODE_STREAM 0
+ #define SSL_CIPHER_MODE_CBC 1
+diff --git a/epan/dissectors/packet-ssl.c b/epan/dissectors/packet-ssl.c
+index 6f22158..d774929 100644
+--- a/epan/dissectors/packet-ssl.c
++++ b/epan/dissectors/packet-ssl.c
+@@ -2396,7 +2396,8 @@ dissect_ssl3_hnd_hello_common(tvbuff_t *tvb, proto_tree *tree,
+
+ static gint
+ dissect_ssl3_hnd_hello_ext(tvbuff_t *tvb,
+- proto_tree *tree, guint32 offset, guint32 left)
++ proto_tree *tree, guint32 offset, guint32 left,
++ gboolean is_client, SslDecryptSession *ssl)
+ {
+ guint16 extension_length;
+ guint16 ext_type;
+@@ -2459,6 +2460,10 @@ dissect_ssl3_hnd_hello_ext(tvbuff_t *tvb,
+ tvb, offset, 1, ENC_BIG_ENDIAN);
+ offset += ext_len;
+ break;
++ case SSL_HND_HELLO_EXT_EXTENDED_MASTER_SECRET_TYPE:
++ if (ssl)
++ ssl->state |= (is_client ? SSL_CLIENT_EXTENDED_MASTER_SECRET : SSL_SERVER_EXTENDED_MASTER_SECRET);
++ break;
+ default:
+ proto_tree_add_bytes_format(ext_tree, hf_ssl_handshake_extension_data,
+ tvb, offset, ext_len, NULL,
+@@ -2673,7 +2678,7 @@ dissect_ssl3_hnd_hello_ext_ec_point_formats(tvbuff_t *tvb,
+ static void
+ dissect_ssl3_hnd_cli_hello(tvbuff_t *tvb, packet_info *pinfo,
+ proto_tree *tree, guint32 offset, guint32 length,
+- SslDecryptSession*ssl)
++ SslDecryptSession *ssl)
+ {
+ /* struct {
+ * ProtocolVersion client_version;
+@@ -2798,14 +2803,16 @@ dissect_ssl3_hnd_cli_hello(tvbuff_t *tvb, packet_info *pinfo,
+ if (length > offset - start_offset)
+ {
+ dissect_ssl3_hnd_hello_ext(tvb, tree, offset,
+- length - (offset - start_offset));
++ length - (offset - start_offset), TRUE,
++ ssl);
+ }
+ }
+ }
+
+ static void
+ dissect_ssl3_hnd_srv_hello(tvbuff_t *tvb,
+- proto_tree *tree, guint32 offset, guint32 length, SslDecryptSession *ssl)
++ proto_tree *tree, guint32 offset, guint32 length,
++ SslDecryptSession *ssl)
+ {
+ /* struct {
+ * ProtocolVersion server_version;
+@@ -2873,7 +2880,8 @@ no_cipher:
+ if (length > offset - start_offset)
+ {
+ dissect_ssl3_hnd_hello_ext(tvb, tree, offset,
+- length - (offset - start_offset));
++ length - (offset - start_offset), FALSE,
++ ssl);
+ }
+ }
+ }
diff --git a/SOURCES/wireshark-1.10.3-tls-hash-algs.patch b/SOURCES/wireshark-1.10.3-tls-hash-algs.patch
new file mode 100644
index 0000000..6a0422a
--- /dev/null
+++ b/SOURCES/wireshark-1.10.3-tls-hash-algs.patch
@@ -0,0 +1,129 @@
+diff --git a/epan/dissectors/packet-ssl-utils.h b/epan/dissectors/packet-ssl-utils.h
+index aaadbe7..ccac6ae 100644
+--- a/epan/dissectors/packet-ssl-utils.h
++++ b/epan/dissectors/packet-ssl-utils.h
+@@ -151,6 +151,7 @@
+ #define SSL_HND_HELLO_EXT_SERVER_NAME 0x0
+ #define SSL_HND_HELLO_EXT_ELLIPTIC_CURVES 0x000a
+ #define SSL_HND_HELLO_EXT_EC_POINT_FORMATS 0x000b
++#define SSL_HND_HELLO_EXT_SIG_HASH_ALGS 0x000d
+ #define SSL_HND_HELLO_EXT_HEARTBEAT 0x000f
+ #define SSL_HND_HELLO_EXT_RENEG_INFO 0xff01
+ #define SSL_HND_HELLO_EXT_NPN 0x3374
+diff --git a/epan/dissectors/packet-ssl.c b/epan/dissectors/packet-ssl.c
+index d75a3cc..b50ca22 100644
+--- a/epan/dissectors/packet-ssl.c
++++ b/epan/dissectors/packet-ssl.c
+@@ -542,6 +542,9 @@ static gint dissect_ssl3_hnd_hello_ext_elliptic_curves(tvbuff_t *tvb,
+ static gint dissect_ssl3_hnd_hello_ext_ec_point_formats(tvbuff_t *tvb,
+ proto_tree *tree, guint32 offset);
+
++static gint dissect_ssl3_hnd_hello_ext_sig_hash_algs(tvbuff_t *tvb,
++ proto_tree *tree, guint32 offset, guint32 ext_len);
++
+ static gint dissect_ssl3_hnd_hello_ext_npn(tvbuff_t *tvb,
+ proto_tree *tree, guint32 offset, guint32 ext_len);
+
+@@ -674,6 +677,10 @@ static gint ssl_looks_like_valid_v2_handshake(tvbuff_t *tvb,
+ static gint ssl_looks_like_valid_pct_handshake(tvbuff_t *tvb,
+ const guint32 offset,
+ const guint32 record_length);
++
++static gint dissect_ssl_hash_alg_list(tvbuff_t *tvb, proto_tree *tree,
++ guint32 offset, guint16 len);
++
+ /*********************************************************************
+ *
+ * Main dissector
+@@ -2439,6 +2446,9 @@ dissect_ssl3_hnd_hello_ext(tvbuff_t *tvb,
+ case SSL_HND_HELLO_EXT_EC_POINT_FORMATS:
+ offset = dissect_ssl3_hnd_hello_ext_ec_point_formats(tvb, ext_tree, offset);
+ break;
++ case SSL_HND_HELLO_EXT_SIG_HASH_ALGS:
++ offset = dissect_ssl3_hnd_hello_ext_sig_hash_algs(tvb, ext_tree, offset, ext_len);
++ break;
+ case SSL_HND_HELLO_EXT_NPN:
+ offset = dissect_ssl3_hnd_hello_ext_npn(tvb, ext_tree, offset, ext_len);
+ break;
+@@ -2502,6 +2512,29 @@ dissect_ssl3_hnd_hello_ext_npn(tvbuff_t *tvb,
+ }
+
+ static gint
++dissect_ssl3_hnd_hello_ext_sig_hash_algs(tvbuff_t *tvb,
++ proto_tree *tree, guint32 offset, guint32 ext_len)
++{
++ guint16 sh_alg_length;
++ gint ret;
++
++ sh_alg_length = tvb_get_ntohs(tvb, offset);
++ proto_tree_add_uint(tree, hf_ssl_handshake_sig_hash_alg_len,
++ tvb, offset, 2, sh_alg_length);
++ offset += 2;
++ if (ext_len<2 || sh_alg_length!=ext_len-2) {
++ /* ERROR: sh_alg_length must be 2 less than ext_len */
++ return offset;
++ }
++
++ ret = dissect_ssl_hash_alg_list(tvb, tree, offset, sh_alg_length);
++ if (ret >=0)
++ offset += ret;
++
++ return offset;
++}
++
++static gint
+ dissect_ssl3_hnd_hello_ext_reneg_info(tvbuff_t *tvb,
+ proto_tree *tree, guint32 offset, guint32 ext_len)
+ {
+@@ -4957,6 +4990,51 @@ ssl_looks_like_valid_pct_handshake(tvbuff_t *tvb, const guint32 offset,
+ return ret;
+ }
+
++/* dissect a list of hash algorithms, return the number of bytes dissected
++ * this is used for the signature algorithms extension and for the
++ * TLS1.2 certificate request */
++static gint
++dissect_ssl_hash_alg_list(tvbuff_t *tvb, proto_tree *tree,
++ guint32 offset, guint16 len)
++{
++ guint32 offset_start;
++ proto_tree *subtree, *alg_tree;
++ proto_tree *ti;
++
++ offset_start = offset;
++ if (len==0)
++ return 0;
++
++ ti = proto_tree_add_none_format(tree,
++ hf_ssl_handshake_sig_hash_algs,
++ tvb, offset, len,
++ "Signature Hash Algorithms (%u algorithm%s)",
++ len/2,
++ plurality(len/2, "", "s"));
++ subtree = proto_item_add_subtree(ti, ett_ssl_sig_hash_algs);
++
++ if (len % 2) {
++ proto_tree_add_text(tree, tvb, offset, 2,
++ "Invalid Signature Hash Algorithm length: %d", len);
++ return offset-offset_start;
++ }
++
++ while (len > 0) {
++ ti = proto_tree_add_item(subtree, hf_ssl_handshake_sig_hash_alg,
++ tvb, offset, 2, ENC_BIG_ENDIAN);
++ alg_tree = proto_item_add_subtree(ti, ett_ssl_sig_hash_alg);
++
++ proto_tree_add_item(alg_tree, hf_ssl_handshake_sig_hash_hash,
++ tvb, offset, 1, ENC_BIG_ENDIAN);
++ proto_tree_add_item(alg_tree, hf_ssl_handshake_sig_hash_sig,
++ tvb, offset+1, 1, ENC_BIG_ENDIAN);
++
++ offset += 2;
++ len -= 2;
++ }
++ return offset-offset_start;
++}
++
+ /* UAT */
+
+ #ifdef HAVE_LIBGNUTLS
diff --git a/SOURCES/wireshark-1.10.3-tls-key-exchange-msgs.patch b/SOURCES/wireshark-1.10.3-tls-key-exchange-msgs.patch
new file mode 100644
index 0000000..29260dd
--- /dev/null
+++ b/SOURCES/wireshark-1.10.3-tls-key-exchange-msgs.patch
@@ -0,0 +1,1469 @@
+diff --git a/epan/dissectors/packet-dtls.c b/epan/dissectors/packet-dtls.c
+index 5e287e0..c43126d 100644
+--- a/epan/dissectors/packet-dtls.c
++++ b/epan/dissectors/packet-dtls.c
+@@ -307,31 +307,31 @@ dtls_parse_old_keys(void)
+ /* record layer dissector */
+ static gint dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo,
+ proto_tree *tree, guint32 offset,
+- guint *conv_version,
++ SslSession *session,
+ SslDecryptSession *conv_data);
+
+ /* change cipher spec dissector */
+ static void dissect_dtls_change_cipher_spec(tvbuff_t *tvb,
+ proto_tree *tree,
+ guint32 offset,
+- guint *conv_version, guint8 content_type);
++ SslSession *session, guint8 content_type);
+
+ /* alert message dissector */
+ static void dissect_dtls_alert(tvbuff_t *tvb, packet_info *pinfo,
+ proto_tree *tree, guint32 offset,
+- guint *conv_version);
++ SslSession *session);
+
+ /* handshake protocol dissector */
+ static void dissect_dtls_handshake(tvbuff_t *tvb, packet_info *pinfo,
+ proto_tree *tree, guint32 offset,
+ guint32 record_length,
+- guint *conv_version,
++ SslSession *session,
+ SslDecryptSession *conv_data, guint8 content_type);
+
+ /* heartbeat message dissector */
+ static void dissect_dtls_heartbeat(tvbuff_t *tvb, packet_info *pinfo,
+ proto_tree *tree, guint32 offset,
+- guint *conv_version, guint32 record_length);
++ SslSession *session, guint32 record_length);
+
+
+ static void dissect_dtls_hnd_cli_hello(tvbuff_t *tvb,
+@@ -363,7 +363,7 @@ static void dissect_dtls_hnd_cert_req(tvbuff_t *tvb,
+ static void dissect_dtls_hnd_finished(tvbuff_t *tvb,
+ proto_tree *tree,
+ guint32 offset,
+- guint* conv_version);
++ SslSession *session);
+
+ /*
+ * Support Functions
+@@ -395,7 +395,7 @@ dissect_dtls(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+ guint32 offset;
+ gboolean first_record_in_frame;
+ SslDecryptSession *ssl_session;
+- guint* conv_version;
++ SslSession *session;
+ Ssl_private_key_t *private_key;
+
+ ti = NULL;
+@@ -427,7 +427,7 @@ dissect_dtls(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+
+ ssl_session = se_new0(SslDecryptSession);
+ ssl_session_init(ssl_session);
+- ssl_session->version = SSL_VER_UNKNOWN;
++ ssl_session->session.version = SSL_VER_UNKNOWN;
+ conversation_add_proto_data(conversation, proto_dtls, ssl_session);
+
+ /* we need to know witch side of conversation is speaking */
+@@ -454,7 +454,7 @@ dissect_dtls(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+ ssl_session->private_key = private_key->sexp_pkey;
+ }
+ }
+- conv_version= & ssl_session->version;
++ session = &ssl_session->session;
+
+ /* try decryption only the first time we see this packet
+ * (to keep cipher synchronized) */
+@@ -490,15 +490,15 @@ dissect_dtls(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+ /* first try to dispatch off the cached version
+ * known to be associated with the conversation
+ */
+- switch(*conv_version) {
++ switch(session->version) {
+ case SSL_VER_DTLS:
+ offset = dissect_dtls_record(tvb, pinfo, dtls_tree,
+- offset, conv_version,
++ offset, session,
+ ssl_session);
+ break;
+ case SSL_VER_DTLS1DOT2:
+ offset = dissect_dtls_record(tvb, pinfo, dtls_tree,
+- offset, conv_version,
++ offset, session,
+ ssl_session);
+ break;
+
+@@ -510,7 +510,7 @@ dissect_dtls(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+ {
+ /* looks like dtls */
+ offset = dissect_dtls_record(tvb, pinfo, dtls_tree,
+- offset, conv_version,
++ offset, session,
+ ssl_session);
+ }
+ else
+@@ -622,7 +622,7 @@ decrypt_dtls_record(tvbuff_t *tvb, packet_info *pinfo, guint32 offset,
+ decoder = ssl->client;
+ }
+
+- if (!decoder && ssl->cipher != 0x0001 && ssl->cipher != 0x0002) {
++ if (!decoder && ssl->session.cipher != 0x0001 && ssl->session.cipher != 0x0002) {
+ ssl_debug_printf("decrypt_dtls_record: no decoder available\n");
+ return ret;
+ }
+@@ -650,7 +650,7 @@ decrypt_dtls_record(tvbuff_t *tvb, packet_info *pinfo, guint32 offset,
+ &dtls_compressed_data, &dtls_decrypted_data, &dtls_decrypted_data_avail) == 0)
+ ret = 1;
+ }
+- else if (ssl->cipher == 0x0001 || ssl->cipher == 0x0002) {
++ else if (ssl->session.cipher == 0x0001 || ssl->session.cipher == 0x0002) {
+ /* Non-encrypting cipher RSA-NULL-MD5 or RSA-NULL-SHA */
+ memcpy(dtls_decrypted_data.data, tvb_get_ptr(tvb, offset, record_length), record_length);
+ dtls_decrypted_data_avail = dtls_decrypted_data.data_len = record_length;
+@@ -677,7 +677,7 @@ decrypt_dtls_record(tvbuff_t *tvb, packet_info *pinfo, guint32 offset,
+ static gint
+ dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo,
+ proto_tree *tree, guint32 offset,
+- guint *conv_version,
++ SslSession *session,
+ SslDecryptSession* ssl)
+ {
+
+@@ -812,14 +812,14 @@ dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo,
+ * structure and print the column version
+ */
+ next_byte = tvb_get_guint8(tvb, offset);
+- if (*conv_version == SSL_VER_UNKNOWN
++ if (session->version == SSL_VER_UNKNOWN
+ && dtls_is_authoritative_version_message(content_type, next_byte))
+ {
+ if (version == DTLSV1DOT0_VERSION ||
+ version == DTLSV1DOT0_VERSION_NOT)
+ {
+
+- *conv_version = SSL_VER_DTLS;
++ session->version = SSL_VER_DTLS;
+ if (ssl) {
+ ssl->version_netorder = version;
+ ssl->state |= SSL_VERSION;
+@@ -829,7 +829,7 @@ dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo,
+ if (version == DTLSV1DOT2_VERSION)
+ {
+
+- *conv_version = SSL_VER_DTLS1DOT2;
++ session->version = SSL_VER_DTLS1DOT2;
+ if (ssl) {
+ ssl->version_netorder = version;
+ ssl->state |= SSL_VERSION;
+@@ -867,7 +867,7 @@ dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo,
+ case SSL_ID_CHG_CIPHER_SPEC:
+ col_append_str(pinfo->cinfo, COL_INFO, "Change Cipher Spec");
+ dissect_dtls_change_cipher_spec(tvb, dtls_record_tree,
+- offset, conv_version, content_type);
++ offset, session, content_type);
+ if (ssl) ssl_change_cipher(ssl, ssl_packet_from_server(ssl, dtls_associations, pinfo));
+ break;
+ case SSL_ID_ALERT:
+@@ -882,12 +882,10 @@ dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo,
+ /* try to retrieve and use decrypted alert record, if any. */
+ decrypted = ssl_get_record_info(tvb, proto_dtls, pinfo, offset);
+ if (decrypted) {
+- dissect_dtls_alert(decrypted, pinfo, dtls_record_tree, 0,
+- conv_version);
++ dissect_dtls_alert(decrypted, pinfo, dtls_record_tree, 0, session);
+ add_new_data_source(pinfo, decrypted, "Decrypted SSL record");
+ } else {
+- dissect_dtls_alert(tvb, pinfo, dtls_record_tree, offset,
+- conv_version);
++ dissect_dtls_alert(tvb, pinfo, dtls_record_tree, offset, session);
+ }
+ break;
+ }
+@@ -908,11 +906,11 @@ dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo,
+ decrypted = ssl_get_record_info(tvb, proto_dtls, pinfo, offset);
+ if (decrypted) {
+ dissect_dtls_handshake(decrypted, pinfo, dtls_record_tree, 0,
+- tvb_length(decrypted), conv_version, ssl, content_type);
++ tvb_length(decrypted), session, ssl, content_type);
+ add_new_data_source(pinfo, decrypted, "Decrypted SSL record");
+ } else {
+ dissect_dtls_handshake(tvb, pinfo, dtls_record_tree, offset,
+- record_length, conv_version, ssl, content_type);
++ record_length, session, ssl, content_type);
+ }
+ break;
+ }
+@@ -935,7 +933,7 @@ dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo,
+
+ proto_item_set_text(dtls_record_tree,
+ "%s Record Layer: %s Protocol: %s",
+- val_to_str_const(*conv_version, ssl_version_short_names, "SSL"),
++ val_to_str_const(session->version, ssl_version_short_names, "SSL"),
+ val_to_str_const(content_type, ssl_31_content_type, "unknown"),
+ association?association->info:"Application Data");
+
+@@ -988,11 +986,11 @@ dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo,
+ decrypted = ssl_get_record_info(tvb, proto_dtls, pinfo, offset);
+ if (decrypted) {
+ dissect_dtls_heartbeat(decrypted, pinfo, dtls_record_tree, 0,
+- conv_version, record_length);
++ session, record_length);
+ add_new_data_source(pinfo, decrypted, "Decrypted SSL record");
+ } else {
+ dissect_dtls_heartbeat(tvb, pinfo, dtls_record_tree, offset,
+- conv_version, record_length);
++ session, record_length);
+ }
+ break;
+ }
+@@ -1011,7 +1009,7 @@ dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo,
+ static void
+ dissect_dtls_change_cipher_spec(tvbuff_t *tvb,
+ proto_tree *tree, guint32 offset,
+- guint* conv_version, guint8 content_type)
++ SslSession *session, guint8 content_type)
+ {
+ /*
+ * struct {
+@@ -1023,7 +1021,7 @@ dissect_dtls_change_cipher_spec(tvbuff_t *tvb,
+ {
+ proto_item_set_text(tree,
+ "%s Record Layer: %s Protocol: Change Cipher Spec",
+- val_to_str_const(*conv_version, ssl_version_short_names, "SSL"),
++ val_to_str_const(session->version, ssl_version_short_names, "SSL"),
+ val_to_str_const(content_type, ssl_31_content_type, "unknown"));
+ proto_tree_add_item(tree, hf_dtls_change_cipher_spec, tvb,
+ offset, 1, ENC_NA);
+@@ -1034,7 +1032,7 @@ dissect_dtls_change_cipher_spec(tvbuff_t *tvb,
+ static void
+ dissect_dtls_alert(tvbuff_t *tvb, packet_info *pinfo,
+ proto_tree *tree, guint32 offset,
+- guint* conv_version)
++ SslSession *session)
+ {
+ /* struct {
+ * AlertLevel level;
+@@ -1087,7 +1085,7 @@ dissect_dtls_alert(tvbuff_t *tvb, packet_info *pinfo,
+ {
+ proto_item_set_text(tree, "%s Record Layer: Alert "
+ "(Level: %s, Description: %s)",
+- val_to_str_const(*conv_version, ssl_version_short_names, "SSL"),
++ val_to_str_const(session->version, ssl_version_short_names, "SSL"),
+ level, desc);
+ proto_tree_add_item(ssl_alert_tree, hf_dtls_alert_message_level,
+ tvb, offset++, 1, ENC_BIG_ENDIAN);
+@@ -1099,7 +1097,7 @@ dissect_dtls_alert(tvbuff_t *tvb, packet_info *pinfo,
+ {
+ proto_item_set_text(tree,
+ "%s Record Layer: Encrypted Alert",
+- val_to_str_const(*conv_version, ssl_version_short_names, "SSL"));
++ val_to_str_const(session->version, ssl_version_short_names, "SSL"));
+ proto_item_set_text(ssl_alert_tree,
+ "Alert Message: Encrypted Alert");
+ }
+@@ -1111,7 +1109,7 @@ dissect_dtls_alert(tvbuff_t *tvb, packet_info *pinfo,
+ static void
+ dissect_dtls_handshake(tvbuff_t *tvb, packet_info *pinfo,
+ proto_tree *tree, guint32 offset,
+- guint32 record_length, guint *conv_version,
++ guint32 record_length, SslSession *session,
+ SslDecryptSession* ssl, guint8 content_type)
+ {
+ /* struct {
+@@ -1338,7 +1336,7 @@ dissect_dtls_handshake(tvbuff_t *tvb, packet_info *pinfo,
+ if (first_iteration)
+ {
+ proto_item_set_text(tree, "%s Record Layer: %s Protocol: %s%s",
+- val_to_str_const(*conv_version, ssl_version_short_names, "SSL"),
++ val_to_str_const(session->version, ssl_version_short_names, "SSL"),
+ val_to_str_const(content_type, ssl_31_content_type, "unknown"),
+ (msg_type_str!=NULL) ? msg_type_str :
+ "Encrypted Handshake Message",
+@@ -1347,7 +1345,7 @@ dissect_dtls_handshake(tvbuff_t *tvb, packet_info *pinfo,
+ else
+ {
+ proto_item_set_text(tree, "%s Record Layer: %s Protocol: %s%s",
+- val_to_str_const(*conv_version, ssl_version_short_names, "SSL"),
++ val_to_str_const(session->version, ssl_version_short_names, "SSL"),
+ val_to_str_const(content_type, ssl_31_content_type, "unknown"),
+ "Multiple Handshake Messages",
+ (frag_str!=NULL) ? frag_str : "");
+@@ -1489,8 +1487,7 @@ dissect_dtls_handshake(tvbuff_t *tvb, packet_info *pinfo,
+ break;
+
+ case SSL_HND_FINISHED:
+- dissect_dtls_hnd_finished(sub_tvb, ssl_hand_tree,
+- 0, conv_version);
++ dissect_dtls_hnd_finished(sub_tvb, ssl_hand_tree, 0, session);
+ break;
+ }
+
+@@ -1502,7 +1499,7 @@ dissect_dtls_handshake(tvbuff_t *tvb, packet_info *pinfo,
+ static void
+ dissect_dtls_heartbeat(tvbuff_t *tvb, packet_info *pinfo,
+ proto_tree *tree, guint32 offset,
+- guint* conv_version, guint32 record_length)
++ SslSession *session, guint32 record_length)
+ {
+ /* struct {
+ * HeartbeatMessageType type;
+@@ -1549,7 +1546,7 @@ dissect_dtls_heartbeat(tvbuff_t *tvb, packet_info *pinfo,
+ if (type && (payload_length <= record_length - 16 - 3)) {
+ proto_item_set_text(tree, "%s Record Layer: Heartbeat "
+ "%s",
+- val_to_str_const(*conv_version, ssl_version_short_names, "SSL"),
++ val_to_str_const(session->version, ssl_version_short_names, "SSL"),
+ type);
+ proto_tree_add_item(dtls_heartbeat_tree, hf_dtls_heartbeat_message_type,
+ tvb, offset, 1, ENC_BIG_ENDIAN);
+@@ -1571,7 +1568,7 @@ dissect_dtls_heartbeat(tvbuff_t *tvb, packet_info *pinfo,
+ } else {
+ proto_item_set_text(tree,
+ "%s Record Layer: Encrypted Heartbeat",
+- val_to_str_const(*conv_version, ssl_version_short_names, "SSL"));
++ val_to_str_const(session->version, ssl_version_short_names, "SSL"));
+ proto_item_set_text(dtls_heartbeat_tree,
+ "Encrypted Heartbeat Message");
+ }
+@@ -1933,15 +1930,15 @@ dissect_dtls_hnd_srv_hello(tvbuff_t *tvb,
+ /* PAOLO: handle session cipher suite */
+ if (ssl) {
+ /* store selected cipher suite for decryption */
+- ssl->cipher = tvb_get_ntohs(tvb, offset);
+- if (ssl_find_cipher(ssl->cipher,&ssl->cipher_suite) < 0) {
+- ssl_debug_printf("dissect_dtls_hnd_srv_hello can't find cipher suite %X\n", ssl->cipher);
++ ssl->session.cipher = tvb_get_ntohs(tvb, offset);
++ if (ssl_find_cipher(ssl->session.cipher,&ssl->cipher_suite) < 0) {
++ ssl_debug_printf("dissect_dtls_hnd_srv_hello can't find cipher suite %X\n", ssl->session.cipher);
+ goto no_cipher;
+ }
+
+ ssl->state |= SSL_CIPHER;
+ ssl_debug_printf("dissect_dtls_hnd_srv_hello found cipher %X, state %X\n",
+- ssl->cipher, ssl->state);
++ ssl->session.cipher, ssl->state);
+
+ /* if we have restored a session now we can have enough material
+ * to build session key, check it out*/
+@@ -1963,7 +1960,7 @@ dissect_dtls_hnd_srv_hello(tvbuff_t *tvb,
+ no_cipher:
+ if (ssl) {
+ /* store selected compression method for decompression */
+- ssl->compression = tvb_get_guint8(tvb, offset+2);
++ ssl->session.compression = tvb_get_guint8(tvb, offset+2);
+ }
+ if (!tree)
+ return offset;
+@@ -2223,7 +2220,7 @@ dissect_dtls_hnd_cert_req(tvbuff_t *tvb,
+
+ static void
+ dissect_dtls_hnd_finished(tvbuff_t *tvb, proto_tree *tree, guint32 offset,
+- guint* conv_version)
++ SslSession *session)
+ {
+ /*
+ * struct {
+@@ -2237,7 +2234,7 @@ dissect_dtls_hnd_finished(tvbuff_t *tvb, proto_tree *tree, guint32 offset,
+ return;
+ }
+
+- switch(*conv_version) {
++ switch(session->version) {
+ case SSL_VER_DTLS:
+ proto_tree_add_item(tree, hf_dtls_handshake_finished,
+ tvb, offset, 12, ENC_NA);
+diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c
+index 68681f5..efb170a 100644
+--- a/epan/dissectors/packet-ssl-utils.c
++++ b/epan/dissectors/packet-ssl-utils.c
+@@ -2358,13 +2358,13 @@ ssl_generate_keyring_material(SslDecryptSession*ssl_session)
+
+ /* create both client and server ciphers*/
+ ssl_debug_printf("ssl_generate_keyring_material ssl_create_decoder(client)\n");
+- ssl_session->client_new = ssl_create_decoder(&ssl_session->cipher_suite, ssl_session->compression, c_mk, c_wk, c_iv);
++ ssl_session->client_new = ssl_create_decoder(&ssl_session->cipher_suite, ssl_session->session.compression, c_mk, c_wk, c_iv);
+ if (!ssl_session->client_new) {
+ ssl_debug_printf("ssl_generate_keyring_material can't init client decoder\n");
+ goto fail;
+ }
+ ssl_debug_printf("ssl_generate_keyring_material ssl_create_decoder(server)\n");
+- ssl_session->server_new = ssl_create_decoder(&ssl_session->cipher_suite, ssl_session->compression, s_mk, s_wk, s_iv);
++ ssl_session->server_new = ssl_create_decoder(&ssl_session->cipher_suite, ssl_session->session.compression, s_mk, s_wk, s_iv);
+ if (!ssl_session->server_new) {
+ ssl_debug_printf("ssl_generate_keyring_material can't init client decoder\n");
+ goto fail;
+diff --git a/epan/dissectors/packet-ssl-utils.h b/epan/dissectors/packet-ssl-utils.h
+index ccac6ae..1ba1598 100644
+--- a/epan/dissectors/packet-ssl-utils.h
++++ b/epan/dissectors/packet-ssl-utils.h
+@@ -304,6 +304,12 @@ typedef struct {
+ SslRecordInfo* handshake_data;
+ } SslPacketInfo;
+
++typedef struct _SslSession {
++ gint cipher;
++ gint compression;
++ guint32 version;
++} SslSession;
++
+ typedef struct _SslDecryptSession {
+ guchar _master_secret[48];
+ guchar _session_id[256];
+@@ -320,8 +326,6 @@ typedef struct _SslDecryptSession {
+ guchar _client_data_for_iv[24];
+ StringInfo client_data_for_iv;
+
+- gint cipher;
+- gint compression;
+ gint state;
+ SslCipherSuite cipher_suite;
+ SslDecoder *server;
+@@ -330,9 +334,9 @@ typedef struct _SslDecryptSession {
+ SslDecoder *client_new;
+ SSL_PRIVATE_KEY* private_key;
+ SSL_PSK_KEY* psk;
+- guint32 version;
+ guint16 version_netorder;
+ StringInfo app_data_segment;
++ SslSession session;
+
+ address srv_addr;
+ port_type srv_ptype;
+diff --git a/epan/dissectors/packet-ssl.c b/epan/dissectors/packet-ssl.c
+index b50ca22..6f22158 100644
+--- a/epan/dissectors/packet-ssl.c
++++ b/epan/dissectors/packet-ssl.c
+@@ -507,7 +507,7 @@ ssl_association_info(void)
+ /* record layer dissector */
+ static gint dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
+ proto_tree *tree, guint32 offset,
+- guint *conv_version, guint conv_cipher,
++ SslSession *session,
+ gboolean *need_desegmentation,
+ SslDecryptSession *conv_data,
+ const gboolean first_record_in_frame);
+@@ -516,24 +516,23 @@ static gint dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
+ static void dissect_ssl3_change_cipher_spec(tvbuff_t *tvb,
+ proto_tree *tree,
+ guint32 offset,
+- guint *conv_version, const guint8 content_type);
++ SslSession *session, const guint8 content_type);
+
+ /* alert message dissector */
+ static void dissect_ssl3_alert(tvbuff_t *tvb, packet_info *pinfo,
+ proto_tree *tree, guint32 offset,
+- guint *conv_version);
++ SslSession *session);
+
+ /* handshake protocol dissector */
+ static void dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
+ proto_tree *tree, guint32 offset,
+- guint32 record_length,
+- guint *conv_version, guint conv_cipher,
++ guint32 record_length, SslSession *session,
+ SslDecryptSession *conv_data, const guint8 content_type);
+
+ /* heartbeat message dissector */
+ static void dissect_ssl3_heartbeat(tvbuff_t *tvb, packet_info *pinfo,
+ proto_tree *tree, guint32 offset,
+- guint *conv_version, guint32 record_length);
++ SslSession *session, guint32 record_length);
+
+ /* hello extension dissector */
+ static gint dissect_ssl3_hnd_hello_ext_elliptic_curves(tvbuff_t *tvb,
+@@ -574,20 +573,22 @@ static void dissect_ssl3_hnd_cert(tvbuff_t *tvb,
+ static void dissect_ssl3_hnd_cert_req(tvbuff_t *tvb,
+ proto_tree *tree,
+ guint32 offset, packet_info *pinfo,
+- const guint *conv_version);
++ SslSession *session);
+
+ static void dissect_ssl3_hnd_srv_keyex_ecdh(tvbuff_t *tvb,
+- proto_tree *tree,
+- guint32 offset, guint32 length);
+-
++ proto_tree *tree,
++ guint32 offset, guint32 length,
++ SslSession *session);
+
+-static void dissect_ssl3_hnd_srv_keyex_dh(tvbuff_t *tvb,
+- proto_tree *tree,
+- guint32 offset, guint32 length);
++static void dissect_ssl3_hnd_srv_keyex_dhe(tvbuff_t *tvb,
++ proto_tree *tree,
++ guint32 offset, guint32 length,
++ SslSession *session);
+
+ static void dissect_ssl3_hnd_srv_keyex_rsa(tvbuff_t *tvb,
+ proto_tree *tree,
+- guint32 offset, guint32 length);
++ guint32 offset, guint32 length,
++ SslSession *session);
+
+ static void dissect_ssl3_hnd_cli_keyex_ecdh(tvbuff_t *tvb,
+ proto_tree *tree,
+@@ -605,7 +606,7 @@ static void dissect_ssl3_hnd_cli_keyex_rsa(tvbuff_t *tvb,
+ static void dissect_ssl3_hnd_finished(tvbuff_t *tvb,
+ proto_tree *tree,
+ const guint32 offset,
+- const guint *conv_version);
++ SslSession *session);
+
+ static void dissect_ssl3_hnd_cert_status(tvbuff_t *tvb,
+ proto_tree *tree,
+@@ -620,7 +621,7 @@ static void dissect_ssl3_hnd_cert_status(tvbuff_t *tvb,
+ /* record layer dissector */
+ static gint dissect_ssl2_record(tvbuff_t *tvb, packet_info *pinfo,
+ proto_tree *tree, guint32 offset,
+- guint *conv_version,
++ SslSession *session,
+ gboolean *need_desegmentation,
+ SslDecryptSession *ssl, gboolean first_record_in_frame);
+
+@@ -701,8 +702,7 @@ dissect_ssl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+ gboolean first_record_in_frame;
+ gboolean need_desegmentation;
+ SslDecryptSession *ssl_session;
+- guint *conv_version;
+- guint conv_cipher;
++ SslSession *session;
+
+ ti = NULL;
+ ssl_tree = NULL;
+@@ -736,11 +736,10 @@ dissect_ssl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+ else {
+ ssl_session = (SslDecryptSession *)se_alloc0(sizeof(SslDecryptSession));
+ ssl_session_init(ssl_session);
+- ssl_session->version = SSL_VER_UNKNOWN;
++ ssl_session->session.version = SSL_VER_UNKNOWN;
+ conversation_add_proto_data(conversation, proto_ssl, ssl_session);
+ }
+- conv_version =& ssl_session->version;
+- conv_cipher = ssl_session->cipher;
++ session = &ssl_session->session;
+
+ /* try decryption only the first time we see this packet
+ * (to keep cipher synchronized) */
+@@ -789,11 +788,11 @@ dissect_ssl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+ /* first try to dispatch off the cached version
+ * known to be associated with the conversation
+ */
+- switch (*conv_version) {
++ switch (session->version) {
+ case SSL_VER_SSLv2:
+ case SSL_VER_PCT:
+ offset = dissect_ssl2_record(tvb, pinfo, ssl_tree,
+- offset, conv_version,
++ offset, session,
+ &need_desegmentation,
+ ssl_session,
+ first_record_in_frame);
+@@ -810,7 +809,7 @@ dissect_ssl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+ if (ssl_is_v2_client_hello(tvb, offset))
+ {
+ offset = dissect_ssl2_record(tvb, pinfo, ssl_tree,
+- offset, conv_version,
++ offset, session,
+ &need_desegmentation,
+ ssl_session,
+ first_record_in_frame);
+@@ -818,8 +817,7 @@ dissect_ssl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+ else
+ {
+ offset = dissect_ssl3_record(tvb, pinfo, ssl_tree,
+- offset, conv_version,
+- conv_cipher,
++ offset, session,
+ &need_desegmentation,
+ ssl_session,
+ first_record_in_frame);
+@@ -834,7 +832,7 @@ dissect_ssl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+ {
+ /* looks like sslv2 or pct client hello */
+ offset = dissect_ssl2_record(tvb, pinfo, ssl_tree,
+- offset, conv_version,
++ offset, session,
+ &need_desegmentation,
+ ssl_session,
+ first_record_in_frame);
+@@ -843,8 +841,7 @@ dissect_ssl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+ {
+ /* looks like sslv3 or tls */
+ offset = dissect_ssl3_record(tvb, pinfo, ssl_tree,
+- offset, conv_version,
+- conv_cipher,
++ offset, session,
+ &need_desegmentation,
+ ssl_session,
+ first_record_in_frame);
+@@ -867,7 +864,7 @@ dissect_ssl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+
+ /* Set the protocol column */
+ col_set_str(pinfo->cinfo, COL_PROTOCOL,
+- val_to_str_const(*conv_version, ssl_version_short_names, "SSL"));
++ val_to_str_const(session->version, ssl_version_short_names, "SSL"));
+ }
+ break;
+ }
+@@ -1434,8 +1431,7 @@ dissect_ssl_payload(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *t
+ *********************************************************************/
+ static gint
+ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
+- proto_tree *tree, guint32 offset,
+- guint *conv_version, guint conv_cipher,
++ proto_tree *tree, guint32 offset, SslSession *session,
+ gboolean *need_desegmentation,
+ SslDecryptSession *ssl, const gboolean first_record_in_frame)
+ {
+@@ -1473,7 +1469,7 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
+ available_bytes = tvb_length_remaining(tvb, offset);
+
+ /* TLS 1.0/1.1 just ignores unknown records - RFC 2246 chapter 6. The TLS Record Protocol */
+- if ((*conv_version==SSL_VER_TLS || *conv_version==SSL_VER_TLSv1DOT1 || *conv_version==SSL_VER_TLSv1DOT2) &&
++ if ((session->version==SSL_VER_TLS || session->version==SSL_VER_TLSv1DOT1 || session->version==SSL_VER_TLSv1DOT2) &&
+ (available_bytes >=1 ) && !ssl_is_valid_content_type(tvb_get_guint8(tvb, offset))) {
+ proto_tree_add_text(tree, tvb, offset, available_bytes, "Ignored Unknown Record");
+ /* on second and subsequent records per frame
+@@ -1483,7 +1479,7 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
+ col_append_str(pinfo->cinfo, COL_INFO, ", ");
+ }
+ col_append_str(pinfo->cinfo, COL_INFO, "Ignored Unknown Record");
+- col_set_str(pinfo->cinfo, COL_PROTOCOL, val_to_str_const(*conv_version, ssl_version_short_names, "SSL"));
++ col_set_str(pinfo->cinfo, COL_PROTOCOL, val_to_str_const(session->version, ssl_version_short_names, "SSL"));
+ return offset + available_bytes;
+ }
+
+@@ -1568,7 +1564,7 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
+
+ /* Set the protocol column */
+ col_set_str(pinfo->cinfo, COL_PROTOCOL,
+- val_to_str_const(*conv_version, ssl_version_short_names, "SSL"));
++ val_to_str_const(session->version, ssl_version_short_names, "SSL"));
+
+ return offset + 5 + record_length;
+ }
+@@ -1614,51 +1610,51 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
+ * structure and print the column version
+ */
+ next_byte = tvb_get_guint8(tvb, offset);
+- if (*conv_version == SSL_VER_UNKNOWN
++ if (session->version == SSL_VER_UNKNOWN
+ && ssl_is_authoritative_version_message(content_type, next_byte))
+ {
+ if (version == SSLV3_VERSION)
+ {
+- *conv_version = SSL_VER_SSLv3;
++ session->version = SSL_VER_SSLv3;
+ if (ssl) {
+ ssl->version_netorder = version;
+ ssl->state |= SSL_VERSION;
+ ssl_debug_printf("dissect_ssl3_record found version 0x%04X -> state 0x%02X\n", ssl->version_netorder, ssl->state);
+ }
+- /*ssl_set_conv_version(pinfo, ssl->version);*/
++ /*ssl_set_conv_version(pinfo, ssl->session.version);*/
+ }
+ else if (version == TLSV1_VERSION)
+ {
+
+- *conv_version = SSL_VER_TLS;
++ session->version = SSL_VER_TLS;
+ if (ssl) {
+ ssl->version_netorder = version;
+ ssl->state |= SSL_VERSION;
+ ssl_debug_printf("dissect_ssl3_record found version 0x%04X(TLS 1.0) -> state 0x%02X\n", ssl->version_netorder, ssl->state);
+ }
+- /*ssl_set_conv_version(pinfo, ssl->version);*/
++ /*ssl_set_conv_version(pinfo, ssl->session.version);*/
+ }
+ else if (version == TLSV1DOT1_VERSION)
+ {
+
+- *conv_version = SSL_VER_TLSv1DOT1;
++ session->version = SSL_VER_TLSv1DOT1;
+ if (ssl) {
+ ssl->version_netorder = version;
+ ssl->state |= SSL_VERSION;
+ ssl_debug_printf("dissect_ssl3_record found version 0x%04X(TLS 1.1) -> state 0x%02X\n", ssl->version_netorder, ssl->state);
+ }
+- /*ssl_set_conv_version(pinfo, ssl->version);*/
++ /*ssl_set_conv_version(pinfo, ssl->session.version);*/
+ }
+ else if (version == TLSV1DOT2_VERSION)
+ {
+
+- *conv_version = SSL_VER_TLSv1DOT2;
++ session->version = SSL_VER_TLSv1DOT2;
+ if (ssl) {
+ ssl->version_netorder = version;
+ ssl->state |= SSL_VERSION;
+ ssl_debug_printf("dissect_ssl3_record found version 0x%04X(TLS 1.2) -> state 0x%02X\n", ssl->version_netorder, ssl->state);
+ }
+- /*ssl_set_conv_version(pinfo, ssl->version);*/
++ /*ssl_set_conv_version(pinfo, ssl->session.version);*/
+ }
+ }
+
+@@ -1670,7 +1666,7 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
+ }
+
+ col_set_str(pinfo->cinfo, COL_PROTOCOL,
+- val_to_str_const(*conv_version, ssl_version_short_names, "SSL"));
++ val_to_str_const(session->version, ssl_version_short_names, "SSL"));
+
+ /*
+ * now dissect the next layer
+@@ -1685,7 +1681,7 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
+ ssl_debug_printf("dissect_ssl3_change_cipher_spec\n");
+ col_append_str(pinfo->cinfo, COL_INFO, "Change Cipher Spec");
+ dissect_ssl3_change_cipher_spec(tvb, ssl_record_tree,
+- offset, conv_version, content_type);
++ offset, session, content_type);
+ if (ssl) ssl_change_cipher(ssl, ssl_packet_from_server(ssl, ssl_associations, pinfo));
+ break;
+ case SSL_ID_ALERT:
+@@ -1701,9 +1697,9 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
+ decrypted = ssl_get_record_info(tvb, proto_ssl, pinfo, offset);
+ if (decrypted) {
+ add_new_data_source(pinfo, decrypted, "Decrypted SSL record");
+- dissect_ssl3_alert(decrypted, pinfo, ssl_record_tree, 0, conv_version);
++ dissect_ssl3_alert(decrypted, pinfo, ssl_record_tree, 0, session);
+ } else {
+- dissect_ssl3_alert(tvb, pinfo, ssl_record_tree, offset, conv_version);
++ dissect_ssl3_alert(tvb, pinfo, ssl_record_tree, offset, session);
+ }
+ break;
+ }
+@@ -1726,10 +1722,11 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
+ /* add desegmented data to the data source list */
+ add_new_data_source(pinfo, decrypted, "Decrypted SSL record");
+ dissect_ssl3_handshake(decrypted, pinfo, ssl_record_tree, 0,
+- tvb_length(decrypted), conv_version, conv_cipher, ssl, content_type);
++ tvb_length(decrypted), session,
++ ssl, content_type);
+ } else {
+ dissect_ssl3_handshake(tvb, pinfo, ssl_record_tree, offset,
+- record_length, conv_version, conv_cipher, ssl, content_type);
++ record_length, session, ssl, content_type);
+ }
+ break;
+ }
+@@ -1755,7 +1752,7 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
+
+ proto_item_set_text(ssl_record_tree,
+ "%s Record Layer: %s Protocol: %s",
+- val_to_str_const(*conv_version, ssl_version_short_names, "SSL"),
++ val_to_str_const(session->version, ssl_version_short_names, "SSL"),
+ val_to_str_const(content_type, ssl_31_content_type, "unknown"),
+ association?association->info:"Application Data");
+
+@@ -1778,9 +1775,9 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
+ decrypted = ssl_get_record_info(tvb, proto_ssl, pinfo, offset);
+ if (decrypted) {
+ add_new_data_source(pinfo, decrypted, "Decrypted SSL record");
+- dissect_ssl3_heartbeat(decrypted, pinfo, ssl_record_tree, 0, conv_version, record_length);
++ dissect_ssl3_heartbeat(decrypted, pinfo, ssl_record_tree, 0, session, record_length);
+ } else {
+- dissect_ssl3_heartbeat(tvb, pinfo, ssl_record_tree, offset, conv_version, record_length);
++ dissect_ssl3_heartbeat(tvb, pinfo, ssl_record_tree, offset, session, record_length);
+ }
+ break;
+ }
+@@ -1799,7 +1796,7 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
+ static void
+ dissect_ssl3_change_cipher_spec(tvbuff_t *tvb,
+ proto_tree *tree, guint32 offset,
+- guint *conv_version, const guint8 content_type)
++ SslSession *session, const guint8 content_type)
+ {
+ /*
+ * struct {
+@@ -1811,7 +1808,7 @@ dissect_ssl3_change_cipher_spec(tvbuff_t *tvb,
+ {
+ proto_item_set_text(tree,
+ "%s Record Layer: %s Protocol: Change Cipher Spec",
+- val_to_str_const(*conv_version, ssl_version_short_names, "SSL"),
++ val_to_str_const(session->version, ssl_version_short_names, "SSL"),
+ val_to_str_const(content_type, ssl_31_content_type, "unknown"));
+ proto_tree_add_item(tree, hf_ssl_change_cipher_spec, tvb,
+ offset++, 1, ENC_NA);
+@@ -1822,7 +1819,7 @@ dissect_ssl3_change_cipher_spec(tvbuff_t *tvb,
+ static void
+ dissect_ssl3_alert(tvbuff_t *tvb, packet_info *pinfo,
+ proto_tree *tree, guint32 offset,
+- guint *conv_version)
++ SslSession *session)
+ {
+ /* struct {
+ * AlertLevel level;
+@@ -1872,7 +1869,7 @@ dissect_ssl3_alert(tvbuff_t *tvb, packet_info *pinfo,
+ {
+ proto_item_set_text(tree, "%s Record Layer: Alert "
+ "(Level: %s, Description: %s)",
+- val_to_str_const(*conv_version, ssl_version_short_names, "SSL"),
++ val_to_str_const(session->version, ssl_version_short_names, "SSL"),
+ level, desc);
+ proto_tree_add_item(ssl_alert_tree, hf_ssl_alert_message_level,
+ tvb, offset++, 1, ENC_BIG_ENDIAN);
+@@ -1884,7 +1881,7 @@ dissect_ssl3_alert(tvbuff_t *tvb, packet_info *pinfo,
+ {
+ proto_item_set_text(tree,
+ "%s Record Layer: Encrypted Alert",
+- val_to_str_const(*conv_version, ssl_version_short_names, "SSL"));
++ val_to_str_const(session->version, ssl_version_short_names, "SSL"));
+ proto_item_set_text(ssl_alert_tree,
+ "Alert Message: Encrypted Alert");
+ }
+@@ -1896,7 +1893,7 @@ dissect_ssl3_alert(tvbuff_t *tvb, packet_info *pinfo,
+ static void
+ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
+ proto_tree *tree, guint32 offset,
+- guint32 record_length, guint *conv_version, guint conv_cipher,
++ guint32 record_length, SslSession *session,
+ SslDecryptSession *ssl, const guint8 content_type)
+ {
+ /* struct {
+@@ -1981,7 +1978,7 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
+ if (first_iteration)
+ {
+ proto_item_set_text(tree, "%s Record Layer: %s Protocol: %s",
+- val_to_str_const(*conv_version, ssl_version_short_names, "SSL"),
++ val_to_str_const(session->version, ssl_version_short_names, "SSL"),
+ val_to_str_const(content_type, ssl_31_content_type, "unknown"),
+ (msg_type_str!=NULL) ? msg_type_str :
+ "Encrypted Handshake Message");
+@@ -1989,7 +1986,7 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
+ else
+ {
+ proto_item_set_text(tree, "%s Record Layer: %s Protocol: %s",
+- val_to_str_const(*conv_version, ssl_version_short_names, "SSL"),
++ val_to_str_const(session->version, ssl_version_short_names, "SSL"),
+ val_to_str_const(content_type, ssl_31_content_type, "unknown"),
+ "Multiple Handshake Messages");
+ }
+@@ -2048,15 +2045,15 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
+ break;
+
+ case SSL_HND_SERVER_KEY_EXCHG: {
+- switch (ssl_get_keyex_alg(conv_cipher)) {
++ switch (ssl_get_keyex_alg(session->cipher)) {
+ case KEX_DH:
+- dissect_ssl3_hnd_srv_keyex_dh(tvb, ssl_hand_tree, offset, length);
++ dissect_ssl3_hnd_srv_keyex_dhe(tvb, ssl_hand_tree, offset, length, session);
+ break;
+ case KEX_RSA:
+- dissect_ssl3_hnd_srv_keyex_rsa(tvb, ssl_hand_tree, offset, length);
++ dissect_ssl3_hnd_srv_keyex_rsa(tvb, ssl_hand_tree, offset, length, session);
+ break;
+ case KEX_ECDH:
+- dissect_ssl3_hnd_srv_keyex_ecdh(tvb, ssl_hand_tree, offset, length);
++ dissect_ssl3_hnd_srv_keyex_ecdh(tvb, ssl_hand_tree, offset, length, session);
+ break;
+ default:
+ break;
+@@ -2065,7 +2062,7 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
+ break;
+
+ case SSL_HND_CERT_REQUEST:
+- dissect_ssl3_hnd_cert_req(tvb, ssl_hand_tree, offset, pinfo, conv_version);
++ dissect_ssl3_hnd_cert_req(tvb, ssl_hand_tree, offset, pinfo, session);
+ break;
+
+ case SSL_HND_SVR_HELLO_DONE:
+@@ -2077,7 +2074,7 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
+ break;
+
+ case SSL_HND_CLIENT_KEY_EXCHG:
+- switch (ssl_get_keyex_alg(conv_cipher)) {
++ switch (ssl_get_keyex_alg(session->cipher)) {
+ case KEX_DH:
+ dissect_ssl3_hnd_cli_keyex_dh(tvb, ssl_hand_tree, offset, length);
+ break;
+@@ -2098,7 +2095,7 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
+ if (!ssl)
+ break;
+
+- cipher_num = ssl->cipher;
++ cipher_num = ssl->session.cipher;
+
+ if (cipher_num == 0x8a || cipher_num == 0x8b || cipher_num == 0x8c || cipher_num == 0x8d)
+ {
+@@ -2174,7 +2171,7 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
+ * (it's the encrypted len and should be equal to record len - 2)
+ * in case of rsa1024 that would be 128 + 2 = 130; for psk not necessary
+ */
+- if (ssl->cipher_suite.kex==KEX_RSA && (ssl->version == SSL_VER_TLS||ssl->version == SSL_VER_TLSv1DOT1||ssl->version == SSL_VER_TLSv1DOT2))
++ if (ssl->cipher_suite.kex==KEX_RSA && (ssl->session.version == SSL_VER_TLS||ssl->session.version == SSL_VER_TLSv1DOT1||ssl->session.version == SSL_VER_TLSv1DOT2))
+ {
+ encrlen = tvb_get_ntohs(tvb, offset);
+ skip = 2;
+@@ -2214,8 +2211,7 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
+ break;
+
+ case SSL_HND_FINISHED:
+- dissect_ssl3_hnd_finished(tvb, ssl_hand_tree,
+- offset, conv_version);
++ dissect_ssl3_hnd_finished(tvb, ssl_hand_tree, offset, session);
+ break;
+
+ case SSL_HND_CERT_STATUS:
+@@ -2236,7 +2232,7 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
+ static void
+ dissect_ssl3_heartbeat(tvbuff_t *tvb, packet_info *pinfo,
+ proto_tree *tree, guint32 offset,
+- guint *conv_version, guint32 record_length)
++ SslSession *session, guint32 record_length)
+ {
+ /* struct {
+ * HeartbeatMessageType type;
+@@ -2283,7 +2279,7 @@ dissect_ssl3_heartbeat(tvbuff_t *tvb, packet_info *pinfo,
+ if (type && (payload_length <= record_length - 16 - 3)) {
+ proto_item_set_text(tree, "%s Record Layer: Heartbeat "
+ "%s",
+- val_to_str_const(*conv_version, ssl_version_short_names, "SSL"),
++ val_to_str_const(session->version, ssl_version_short_names, "SSL"),
+ type);
+ proto_tree_add_item(tls_heartbeat_tree, hf_ssl_heartbeat_message_type,
+ tvb, offset, 1, ENC_BIG_ENDIAN);
+@@ -2305,7 +2301,7 @@ dissect_ssl3_heartbeat(tvbuff_t *tvb, packet_info *pinfo,
+ } else {
+ proto_item_set_text(tree,
+ "%s Record Layer: Encrypted Heartbeat",
+- val_to_str_const(*conv_version, ssl_version_short_names, "SSL"));
++ val_to_str_const(session->version, ssl_version_short_names, "SSL"));
+ proto_item_set_text(tls_heartbeat_tree,
+ "Encrypted Heartbeat Message");
+ }
+@@ -2840,15 +2836,15 @@ dissect_ssl3_hnd_srv_hello(tvbuff_t *tvb,
+ /* PAOLO: handle session cipher suite */
+ if (ssl) {
+ /* store selected cipher suite for decryption */
+- ssl->cipher = tvb_get_ntohs(tvb, offset);
+- if (ssl_find_cipher(ssl->cipher,&ssl->cipher_suite) < 0) {
+- ssl_debug_printf("dissect_ssl3_hnd_srv_hello can't find cipher suite 0x%X\n", ssl->cipher);
++ ssl->session.cipher = tvb_get_ntohs(tvb, offset);
++ if (ssl_find_cipher(ssl->session.cipher,&ssl->cipher_suite) < 0) {
++ ssl_debug_printf("dissect_ssl3_hnd_srv_hello can't find cipher suite 0x%X\n", ssl->session.cipher);
+ goto no_cipher;
+ }
+
+ ssl->state |= SSL_CIPHER;
+ ssl_debug_printf("dissect_ssl3_hnd_srv_hello found CIPHER 0x%04X -> state 0x%02X\n",
+- ssl->cipher, ssl->state);
++ ssl->session.cipher, ssl->state);
+
+ /* if we have restored a session now we can have enough material
+ * to build session key, check it out*/
+@@ -2867,7 +2863,7 @@ no_cipher:
+
+ if (ssl) {
+ /* store selected compression method for decryption */
+- ssl->compression = tvb_get_guint8(tvb, offset);
++ ssl->session.compression = tvb_get_guint8(tvb, offset);
+ }
+ /* and the server-selected compression method */
+ proto_tree_add_item(tree, hf_ssl_handshake_comp_method,
+@@ -2975,7 +2971,7 @@ dissect_ssl3_hnd_cert(tvbuff_t *tvb,
+ static void
+ dissect_ssl3_hnd_cert_req(tvbuff_t *tvb,
+ proto_tree *tree, guint32 offset, packet_info *pinfo,
+- const guint *conv_version)
++ SslSession *session)
+ {
+ /*
+ * enum {
+@@ -3066,7 +3062,7 @@ dissect_ssl3_hnd_cert_req(tvbuff_t *tvb,
+ }
+ }
+
+- switch (*conv_version) {
++ switch (session->version) {
+ case SSL_VER_TLSv1DOT2:
+ sh_alg_length = tvb_get_ntohs(tvb, offset);
+ proto_tree_add_uint(tree, hf_ssl_handshake_sig_hash_alg_len,
+@@ -3170,74 +3166,77 @@ dissect_ssl3_hnd_cert_req(tvbuff_t *tvb,
+ }
+
+ static void
++dissect_ssl3_hnd_srv_keyex_sig(tvbuff_t *tvb, proto_tree *tree,
++ guint32 offset, SslSession *session)
++{
++ gint sig_len;
++ proto_item *ti_algo;
++ proto_tree *ssl_algo_tree;
++
++ switch (session->version) {
++ case SSL_VER_TLSv1DOT2:
++ case SSL_VER_DTLS1DOT2:
++ ti_algo = proto_tree_add_item(tree, hf_ssl_handshake_sig_hash_alg, tvb,
++ offset, 2, ENC_BIG_ENDIAN);
++ ssl_algo_tree = proto_item_add_subtree(ti_algo, ett_ssl_sig_hash_alg);
++
++ /* SignatureAndHashAlgorithm { hash, signature } */
++ proto_tree_add_item(ssl_algo_tree, hf_ssl_handshake_sig_hash_hash, tvb,
++ offset, 1, ENC_BIG_ENDIAN);
++ proto_tree_add_item(ssl_algo_tree, hf_ssl_handshake_sig_hash_sig, tvb,
++ offset + 1, 1, ENC_BIG_ENDIAN);
++ offset += 2;
++ break;
++
++ default:
++ break;
++ }
++
++ /* Sig */
++ sig_len = tvb_get_ntohs(tvb, offset);
++ proto_tree_add_item(tree, hf_ssl_handshake_server_keyex_sig_len, tvb,
++ offset, 2, ENC_BIG_ENDIAN);
++ proto_tree_add_item(tree, hf_ssl_handshake_server_keyex_sig, tvb,
++ offset + 2, sig_len, ENC_NA);
++}
++
++static void
+ dissect_ssl3_hnd_srv_keyex_ecdh(tvbuff_t *tvb, proto_tree *tree,
+- guint32 offset, guint32 length)
++ guint32 offset, guint32 length,
++ SslSession *session)
+ {
+- gint curve_type, curve_type_offset;
+- gint named_curve, named_curve_offset;
+- gint point_len, point_len_offset;
+- gint sig_len, sig_len_offset;
++ gint curve_type;
++ gint point_len;
+ proto_item *ti_ecdh;
+ proto_tree *ssl_ecdh_tree;
+- guint32 orig_offset;
+
+- orig_offset = offset;
++ ti_ecdh = proto_tree_add_text(tree, tvb, offset, length,
++ "EC Diffie-Hellman Server Params");
++ ssl_ecdh_tree = proto_item_add_subtree(ti_ecdh, ett_ssl_keyex_params);
+
+- curve_type_offset = offset;
++ /* curve_type */
+ curve_type = tvb_get_guint8(tvb, offset);
++ proto_tree_add_item(ssl_ecdh_tree, hf_ssl_handshake_server_keyex_curve_type, tvb,
++ offset, 1, ENC_BIG_ENDIAN);
++ offset++;
+ if (curve_type != 3)
+ return; /* only named_curves are supported */
+- offset += 1;
+- if ((offset - orig_offset) > length) {
+- return;
+- }
+
+- named_curve_offset = offset;
+- named_curve = tvb_get_ntohs(tvb, offset);
++ /* case curve_type == named_curve; namedcurve */
++ proto_tree_add_item(ssl_ecdh_tree, hf_ssl_handshake_server_keyex_named_curve, tvb,
++ offset, 2, ENC_BIG_ENDIAN);
+ offset += 2;
+- if ((offset - orig_offset) > length) {
+- return;
+- }
+
+- point_len_offset = offset;
++ /* point */
+ point_len = tvb_get_guint8(tvb, offset);
+- if ((offset + point_len - orig_offset) > length) {
+- return;
+- }
++ proto_tree_add_item(ssl_ecdh_tree, hf_ssl_handshake_server_keyex_point_len, tvb,
++ offset, 1, ENC_BIG_ENDIAN);
++ proto_tree_add_item(ssl_ecdh_tree, hf_ssl_handshake_server_keyex_point, tvb,
++ offset + 1, point_len, ENC_NA);
+ offset += 1 + point_len;
+
+- sig_len_offset = offset;
+- sig_len = tvb_get_ntohs(tvb, offset);
+- offset += 2 + sig_len;
+- if ((offset - orig_offset) != length) {
+- /* Lengths don't line up (wasn't what we expected?) */
+- return;
+- }
+-
+- ti_ecdh = proto_tree_add_text(tree, tvb, orig_offset,
+- (offset - orig_offset), "EC Diffie-Hellman Server Params");
+- ssl_ecdh_tree = proto_item_add_subtree(ti_ecdh, ett_ssl_keyex_params);
+-
+- /* curve_type */
+- proto_tree_add_uint(ssl_ecdh_tree, hf_ssl_handshake_server_keyex_curve_type,
+- tvb, curve_type_offset, 1, curve_type);
+-
+- /* named_curve */
+- proto_tree_add_uint(ssl_ecdh_tree, hf_ssl_handshake_server_keyex_named_curve,
+- tvb, named_curve_offset, 2, named_curve);
+-
+- /* point */
+- proto_tree_add_uint(ssl_ecdh_tree, hf_ssl_handshake_server_keyex_point_len,
+- tvb, point_len_offset, 1, point_len);
+- proto_tree_add_item(ssl_ecdh_tree, hf_ssl_handshake_server_keyex_point,
+- tvb, point_len_offset+1, point_len, ENC_NA);
+-
+- /* Sig */
+- proto_tree_add_uint(ssl_ecdh_tree, hf_ssl_handshake_server_keyex_sig_len,
+- tvb, sig_len_offset, 2, sig_len);
+- proto_tree_add_item(ssl_ecdh_tree, hf_ssl_handshake_server_keyex_sig,
+- tvb, sig_len_offset + 2, sig_len, ENC_NA);
+-
++ /* signature */
++ dissect_ssl3_hnd_srv_keyex_sig(tvb, ssl_ecdh_tree, offset, session);
+ }
+
+ static void
+@@ -3271,139 +3270,80 @@ dissect_ssl3_hnd_cli_keyex_ecdh(tvbuff_t *tvb, proto_tree *tree,
+ }
+
+ static void
+-dissect_ssl3_hnd_srv_keyex_dh(tvbuff_t *tvb, proto_tree *tree,
+- guint32 offset, guint32 length)
++dissect_ssl3_hnd_srv_keyex_dhe(tvbuff_t *tvb, proto_tree *tree,
++ guint32 offset, guint32 length,
++ SslSession *session)
+ {
+- gint p_len, p_len_offset;
+- gint g_len, g_len_offset;
+- gint ys_len, ys_len_offset;
+- gint sig_len, sig_len_offset;
++ gint p_len, g_len, ys_len;
+ proto_item *ti_dh;
+ proto_tree *ssl_dh_tree;
+- guint32 orig_offset;
+
+- orig_offset = offset;
++ ti_dh = proto_tree_add_text(tree, tvb, offset, length,
++ "Diffie-Hellman Server Params");
++ ssl_dh_tree = proto_item_add_subtree(ti_dh, ett_ssl_keyex_params);
+
+- p_len_offset = offset;
++ /* p */
+ p_len = tvb_get_ntohs(tvb, offset);
++ proto_tree_add_item(ssl_dh_tree, hf_ssl_handshake_server_keyex_p_len, tvb,
++ offset, 2, ENC_BIG_ENDIAN);
++ proto_tree_add_item(ssl_dh_tree, hf_ssl_handshake_server_keyex_p, tvb,
++ offset + 2, p_len, ENC_NA);
+ offset += 2 + p_len;
+- if ((offset - orig_offset) > length) {
+- return;
+- }
+
+- g_len_offset = offset;
++ /* g */
+ g_len = tvb_get_ntohs(tvb, offset);
++ proto_tree_add_item(ssl_dh_tree, hf_ssl_handshake_server_keyex_g_len, tvb,
++ offset, 2, ENC_BIG_ENDIAN);
++ proto_tree_add_item(ssl_dh_tree, hf_ssl_handshake_server_keyex_g, tvb,
++ offset + 2, g_len, ENC_NA);
+ offset += 2 + g_len;
+- if ((offset - orig_offset) > length) {
+- return;
+- }
+
+- ys_len_offset = offset;
++ /* Ys */
+ ys_len = tvb_get_ntohs(tvb, offset);
++ proto_tree_add_uint(ssl_dh_tree, hf_ssl_handshake_server_keyex_ys_len, tvb,
++ offset, 2, ys_len);
++ proto_tree_add_item(ssl_dh_tree, hf_ssl_handshake_server_keyex_ys, tvb,
++ offset + 2, ys_len, ENC_NA);
+ offset += 2 + ys_len;
+- if ((offset - orig_offset) > length) {
+- return;
+- }
+-
+- sig_len_offset = offset;
+- sig_len = tvb_get_ntohs(tvb, offset);
+- offset += 2 + sig_len;
+- if ((offset - orig_offset) != length) {
+- /* Lengths don't line up (wasn't what we expected?) */
+- return;
+- }
+-
+- ti_dh = proto_tree_add_text(tree, tvb, orig_offset,
+- (offset - orig_offset), "Diffie-Hellman Server Params");
+- ssl_dh_tree = proto_item_add_subtree(ti_dh, ett_ssl_keyex_params);
+-
+- /* p */
+- proto_tree_add_uint(ssl_dh_tree, hf_ssl_handshake_server_keyex_p_len,
+- tvb, p_len_offset, 2, p_len);
+- proto_tree_add_item(ssl_dh_tree, hf_ssl_handshake_server_keyex_p,
+- tvb, p_len_offset + 2, p_len, ENC_NA);
+-
+- /* g */
+- proto_tree_add_uint(ssl_dh_tree, hf_ssl_handshake_server_keyex_g_len,
+- tvb, g_len_offset, 2, g_len);
+- proto_tree_add_item(ssl_dh_tree, hf_ssl_handshake_server_keyex_g,
+- tvb, g_len_offset + 2, g_len, ENC_NA);
+-
+- /* Ys */
+- proto_tree_add_uint(ssl_dh_tree, hf_ssl_handshake_server_keyex_ys_len,
+- tvb, ys_len_offset, 2, ys_len);
+- proto_tree_add_item(ssl_dh_tree, hf_ssl_handshake_server_keyex_ys,
+- tvb, ys_len_offset + 2, ys_len, ENC_NA);
+-
+- /* Sig */
+- proto_tree_add_uint(ssl_dh_tree, hf_ssl_handshake_server_keyex_sig_len,
+- tvb, sig_len_offset, 2, sig_len);
+- proto_tree_add_item(ssl_dh_tree, hf_ssl_handshake_server_keyex_sig,
+- tvb, sig_len_offset + 2, sig_len, ENC_NA);
+
++ /* signature */
++ dissect_ssl3_hnd_srv_keyex_sig(tvb, ssl_dh_tree, offset, session);
+ }
+
+ /* Only used in RSA-EXPORT cipher suites */
+ static void
+ dissect_ssl3_hnd_srv_keyex_rsa(tvbuff_t *tvb, proto_tree *tree,
+- guint32 offset, guint32 length)
++ guint32 offset, guint32 length,
++ SslSession *session)
+ {
+- gint modulus_len, modulus_len_offset;
+- gint exponent_len, exponent_len_offset;
+- gint sig_len, sig_len_offset;
++ gint modulus_len, exponent_len;
+ proto_item *ti_rsa;
+ proto_tree *ssl_rsa_tree;
+- guint32 orig_offset;
+-
+- orig_offset = offset;
+-
+- modulus_len_offset = offset;
+- modulus_len = tvb_get_ntohs(tvb, offset);
+- offset += 2 + modulus_len;
+- if ((offset - orig_offset) > length) {
+- return;
+- }
+-
+- exponent_len_offset = offset;
+- exponent_len = tvb_get_ntohs(tvb, offset);
+- offset += 2 + exponent_len;
+- if ((offset - orig_offset) > length) {
+- return;
+- }
+-
+- sig_len_offset = offset;
+- sig_len = tvb_get_ntohs(tvb, offset);
+- offset += 2 + sig_len;
+- if ((offset - orig_offset) != length) {
+- /* Lengths don't line up (wasn't what we expected?) */
+- return;
+- }
+
+- ti_rsa = proto_tree_add_text(tree, tvb, orig_offset,
+- (offset - orig_offset), "RSA-EXPORT Server Params");
++ ti_rsa = proto_tree_add_text(tree, tvb, offset, length,
++ "RSA_EXPORT Server Params");
+ ssl_rsa_tree = proto_item_add_subtree(ti_rsa, ett_ssl_keyex_params);
+
+ /* modulus */
+- proto_tree_add_uint(ssl_rsa_tree, hf_ssl_handshake_server_keyex_modulus_len,
+- tvb, modulus_len_offset, 2, modulus_len);
++ modulus_len = tvb_get_ntohs(tvb, offset);
++ proto_tree_add_item(ssl_rsa_tree, hf_ssl_handshake_server_keyex_modulus_len,
++ tvb, offset, 2, ENC_BIG_ENDIAN);
+ proto_tree_add_item(ssl_rsa_tree, hf_ssl_handshake_server_keyex_modulus,
+- tvb, modulus_len_offset + 2, modulus_len, ENC_NA);
++ tvb, offset + 2, modulus_len, ENC_NA);
++ offset += 2 + modulus_len;
+
+ /* exponent */
+- proto_tree_add_uint(ssl_rsa_tree, hf_ssl_handshake_server_keyex_exponent_len,
+- tvb, exponent_len_offset, 2, exponent_len);
++ exponent_len = tvb_get_ntohs(tvb, offset);
++ proto_tree_add_item(ssl_rsa_tree, hf_ssl_handshake_server_keyex_exponent_len,
++ tvb, offset, 2, ENC_BIG_ENDIAN);
+ proto_tree_add_item(ssl_rsa_tree, hf_ssl_handshake_server_keyex_exponent,
+- tvb, exponent_len_offset + 2, exponent_len, ENC_NA);
+-
+- /* Sig */
+- proto_tree_add_uint(ssl_rsa_tree, hf_ssl_handshake_server_keyex_sig_len,
+- tvb, sig_len_offset, 2, sig_len);
+- proto_tree_add_item(ssl_rsa_tree, hf_ssl_handshake_server_keyex_sig,
+- tvb, sig_len_offset + 2, sig_len, ENC_NA);
++ tvb, offset + 2, exponent_len, ENC_NA);
++ offset += 2 + exponent_len;
+
++ /* signature */
++ dissect_ssl3_hnd_srv_keyex_sig(tvb, ssl_rsa_tree, offset, session);
+ }
+
+-
+ static void
+ dissect_ssl3_hnd_cli_keyex_dh(tvbuff_t *tvb, proto_tree *tree,
+ guint32 offset, guint32 length)
+@@ -3468,7 +3408,7 @@ dissect_ssl3_hnd_cli_keyex_rsa(tvbuff_t *tvb, proto_tree *tree,
+ static void
+ dissect_ssl3_hnd_finished(tvbuff_t *tvb,
+ proto_tree *tree, const guint32 offset,
+- const guint *conv_version)
++ SslSession *session)
+ {
+ /* For TLS:
+ * struct {
+@@ -3488,7 +3428,7 @@ dissect_ssl3_hnd_finished(tvbuff_t *tvb,
+ return;
+ }
+
+- switch (*conv_version) {
++ switch (session->version) {
+ case SSL_VER_TLS:
+ case SSL_VER_TLSv1DOT1:
+ case SSL_VER_TLSv1DOT2:
+@@ -3568,7 +3508,7 @@ dissect_ssl3_hnd_cert_status(tvbuff_t *tvb, proto_tree *tree,
+ /* record layer dissector */
+ static gint
+ dissect_ssl2_record(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
+- guint32 offset, guint *conv_version,
++ guint32 offset, SslSession *session,
+ gboolean *need_desegmentation,
+ SslDecryptSession *ssl, gboolean first_record_in_frame)
+ {
+@@ -3684,19 +3624,19 @@ dissect_ssl2_record(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
+ /* if we get a server_hello or later handshake in v2, then set
+ * this to sslv2
+ */
+- if (*conv_version == SSL_VER_UNKNOWN)
++ if (session->version == SSL_VER_UNKNOWN)
+ {
+ if (ssl_looks_like_valid_pct_handshake(tvb,
+ (initial_offset +
+ record_length_length),
+ record_length)) {
+- *conv_version = SSL_VER_PCT;
+- /*ssl_set_conv_version(pinfo, ssl->version);*/
++ session->version = SSL_VER_PCT;
++ /*ssl_set_conv_version(pinfo, ssl->session.version);*/
+ }
+ else if (msg_type >= 2 && msg_type <= 8)
+ {
+- *conv_version = SSL_VER_SSLv2;
+- /*ssl_set_conv_version(pinfo, ssl->version);*/
++ session->version = SSL_VER_SSLv2;
++ /*ssl_set_conv_version(pinfo, ssl->session.version);*/
+ }
+ }
+
+@@ -3705,20 +3645,20 @@ dissect_ssl2_record(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
+ * (e.g., on a client hello)
+ */
+ col_set_str(pinfo->cinfo, COL_PROTOCOL,
+- (*conv_version == SSL_VER_PCT) ? "PCT" : "SSLv2");
++ (session->version == SSL_VER_PCT) ? "PCT" : "SSLv2");
+
+ /* see if the msg_type is valid; if not the payload is
+ * probably encrypted, so note that fact and bail
+ */
+ msg_type_str = try_val_to_str(msg_type,
+- (*conv_version == SSL_VER_PCT)
++ (session->version == SSL_VER_PCT)
+ ? pct_msg_types : ssl_20_msg_types);
+ if (!msg_type_str
+- || ((*conv_version != SSL_VER_PCT) &&
++ || ((session->version != SSL_VER_PCT) &&
+ !ssl_looks_like_valid_v2_handshake(tvb, initial_offset
+ + record_length_length,
+ record_length))
+- || ((*conv_version == SSL_VER_PCT) &&
++ || ((session->version == SSL_VER_PCT) &&
+ !ssl_looks_like_valid_pct_handshake(tvb, initial_offset
+ + record_length_length,
+ record_length)))
+@@ -3726,7 +3666,7 @@ dissect_ssl2_record(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
+ if (ssl_record_tree)
+ {
+ proto_item_set_text(ssl_record_tree, "%s Record Layer: %s",
+- (*conv_version == SSL_VER_PCT)
++ (session->version == SSL_VER_PCT)
+ ? "PCT" : "SSLv2",
+ "Encrypted Data");
+
+@@ -3751,7 +3691,7 @@ dissect_ssl2_record(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
+ if (ssl_record_tree)
+ {
+ proto_item_set_text(ssl_record_tree, "%s Record Layer: %s",
+- (*conv_version == SSL_VER_PCT)
++ (session->version == SSL_VER_PCT)
+ ? "PCT" : "SSLv2",
+ msg_type_str);
+ }
+@@ -3804,13 +3744,13 @@ dissect_ssl2_record(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
+ if (ssl_record_tree)
+ {
+ proto_tree_add_item(ssl_record_tree,
+- (*conv_version == SSL_VER_PCT)
++ (session->version == SSL_VER_PCT)
+ ? hf_pct_msg_type : hf_ssl2_msg_type,
+ tvb, offset, 1, ENC_BIG_ENDIAN);
+ }
+ offset += 1; /* move past msg_type byte */
+
+- if (*conv_version != SSL_VER_PCT)
++ if (session->version != SSL_VER_PCT)
+ {
+ /* dissect the message (only handle client hello right now) */
+ switch (msg_type) {
+@@ -4580,7 +4520,7 @@ void ssl_set_master_secret(guint32 frame_num, address *addr_srv, address *addr_c
+ } else {
+ ssl = (SslDecryptSession *)se_alloc0(sizeof(SslDecryptSession));
+ ssl_session_init(ssl);
+- ssl->version = SSL_VER_UNKNOWN;
++ ssl->session.version = SSL_VER_UNKNOWN;
+ conversation_add_proto_data(conversation, proto_ssl, ssl);
+ }
+
+@@ -4589,31 +4529,31 @@ void ssl_set_master_secret(guint32 frame_num, address *addr_srv, address *addr_c
+ ssl_set_server(ssl, addr_srv, ptype, port_srv);
+
+ /* version */
+- if ((ssl->version==SSL_VER_UNKNOWN) && (version!=SSL_VER_UNKNOWN)) {
++ if ((ssl->session.version==SSL_VER_UNKNOWN) && (version!=SSL_VER_UNKNOWN)) {
+ switch (version) {
+ case SSL_VER_SSLv3:
+- ssl->version = SSL_VER_SSLv3;
++ ssl->session.version = SSL_VER_SSLv3;
+ ssl->version_netorder = SSLV3_VERSION;
+ ssl->state |= SSL_VERSION;
+ ssl_debug_printf("ssl_set_master_secret set version 0x%04X -> state 0x%02X\n", ssl->version_netorder, ssl->state);
+ break;
+
+ case SSL_VER_TLS:
+- ssl->version = SSL_VER_TLS;
++ ssl->session.version = SSL_VER_TLS;
+ ssl->version_netorder = TLSV1_VERSION;
+ ssl->state |= SSL_VERSION;
+ ssl_debug_printf("ssl_set_master_secret set version 0x%04X -> state 0x%02X\n", ssl->version_netorder, ssl->state);
+ break;
+
+ case SSL_VER_TLSv1DOT1:
+- ssl->version = SSL_VER_TLSv1DOT1;
++ ssl->session.version = SSL_VER_TLSv1DOT1;
+ ssl->version_netorder = TLSV1DOT1_VERSION;
+ ssl->state |= SSL_VERSION;
+ ssl_debug_printf("ssl_set_master_secret set version 0x%04X -> state 0x%02X\n", ssl->version_netorder, ssl->state);
+ break;
+
+ case SSL_VER_TLSv1DOT2:
+- ssl->version = SSL_VER_TLSv1DOT2;
++ ssl->session.version = SSL_VER_TLSv1DOT2;
+ ssl->version_netorder = TLSV1DOT2_VERSION;
+ ssl->state |= SSL_VERSION;
+ ssl_debug_printf("ssl_set_master_secret set version 0x%04X -> state 0x%02X\n", ssl->version_netorder, ssl->state);
+@@ -4623,12 +4563,12 @@ void ssl_set_master_secret(guint32 frame_num, address *addr_srv, address *addr_c
+
+ /* cipher */
+ if (cipher > 0) {
+- ssl->cipher = cipher;
+- if (ssl_find_cipher(ssl->cipher,&ssl->cipher_suite) < 0) {
+- ssl_debug_printf("ssl_set_master_secret can't find cipher suite 0x%X\n", ssl->cipher);
++ ssl->session.cipher = cipher;
++ if (ssl_find_cipher(ssl->session.cipher,&ssl->cipher_suite) < 0) {
++ ssl_debug_printf("ssl_set_master_secret can't find cipher suite 0x%X\n", ssl->session.cipher);
+ } else {
+ ssl->state |= SSL_CIPHER;
+- ssl_debug_printf("ssl_set_master_secret set CIPHER 0x%04X -> state 0x%02X\n", ssl->cipher, ssl->state);
++ ssl_debug_printf("ssl_set_master_secret set CIPHER 0x%04X -> state 0x%02X\n", ssl->session.cipher, ssl->state);
+ }
+ }
+
diff --git a/SOURCES/wireshark-1.10.x-disable-warning-dialog.patch b/SOURCES/wireshark-1.10.x-disable-warning-dialog.patch
new file mode 100644
index 0000000..6d1c0cc
--- /dev/null
+++ b/SOURCES/wireshark-1.10.x-disable-warning-dialog.patch
@@ -0,0 +1,95 @@
+diff --git a/ui/gtk/main.c b/ui/gtk/main.c
+index 82cff80..0137c3b 100644
+--- a/ui/gtk/main.c
++++ b/ui/gtk/main.c
+@@ -2043,50 +2043,6 @@ read_configuration_files(char **gdp_path, char **dp_path)
+ return prefs_p;
+ }
+
+-/* Check if there's something important to tell the user during startup.
+- * We want to do this *after* showing the main window so that any windows
+- * we pop up will be above the main window.
+- */
+-static void
+-#ifdef _WIN32
+-check_and_warn_user_startup(gchar *cf_name)
+-#else
+-check_and_warn_user_startup(gchar *cf_name _U_)
+-#endif
+-{
+- gchar *cur_user, *cur_group;
+- gpointer priv_warning_dialog;
+-
+- /* Tell the user not to run as root. */
+- if (running_with_special_privs() && recent.privs_warn_if_elevated) {
+- cur_user = get_cur_username();
+- cur_group = get_cur_groupname();
+- priv_warning_dialog = simple_dialog(ESD_TYPE_WARN, ESD_BTN_OK,
+- "Running as user \"%s\" and group \"%s\".\n"
+- "This could be dangerous.\n\n"
+- "If you're running Wireshark this way in order to perform live capture, "
+- "you may want to be aware that there is a better way documented at\n"
+- "http://wiki.wireshark.org/CaptureSetup/CapturePrivileges", cur_user, cur_group);
+- g_free(cur_user);
+- g_free(cur_group);
+- simple_dialog_check_set(priv_warning_dialog, "Don't show this message again.");
+- simple_dialog_set_cb(priv_warning_dialog, priv_warning_dialog_cb, NULL);
+- }
+-
+-#ifdef _WIN32
+- /* Warn the user if npf.sys isn't loaded. */
+- if (!get_stdin_capture() && !cf_name && !npf_sys_is_running() && recent.privs_warn_if_no_npf && get_os_major_version() >= 6) {
+- priv_warning_dialog = simple_dialog(ESD_TYPE_WARN, ESD_BTN_OK,
+- "The NPF driver isn't running. You may have trouble\n"
+- "capturing or listing interfaces.");
+- simple_dialog_check_set(priv_warning_dialog, "Don't show this message again.");
+- simple_dialog_set_cb(priv_warning_dialog, npf_warning_dialog_cb, NULL);
+- }
+-#endif
+-
+-}
+-
+-
+ /* And now our feature presentation... [ fade to music ] */
+ int
+ main(int argc, char *argv[])
+@@ -3039,7 +2995,6 @@ main(int argc, char *argv[])
+ up on top of us. */
+ if (cf_name) {
+ show_main_window(TRUE);
+- check_and_warn_user_startup(cf_name);
+ if (rfilter != NULL) {
+ if (!dfilter_compile(rfilter, &rfcode)) {
+ bad_dfilter_alert_box(top_level, rfilter);
+@@ -3117,7 +3072,6 @@ main(int argc, char *argv[])
+ dfilter_free(rfcode);
+ cfile.rfcode = NULL;
+ show_main_window(FALSE);
+- /* Don't call check_and_warn_user_startup(): we did it above */
+ main_set_for_capture_in_progress(FALSE);
+ set_capture_if_dialog_for_capture_in_progress(FALSE);
+ }
+@@ -3134,7 +3088,6 @@ main(int argc, char *argv[])
+ }
+ /* "-k" was specified; start a capture. */
+ show_main_window(FALSE);
+- check_and_warn_user_startup(cf_name);
+
+ /* If no user interfaces were specified on the command line,
+ copy the list of selected interfaces to the set of interfaces
+@@ -3152,7 +3105,6 @@ main(int argc, char *argv[])
+ }
+ } else {
+ show_main_window(FALSE);
+- check_and_warn_user_startup(cf_name);
+ main_set_for_capture_in_progress(FALSE);
+ set_capture_if_dialog_for_capture_in_progress(FALSE);
+ }
+@@ -3163,7 +3115,6 @@ main(int argc, char *argv[])
+ }
+ #else /* HAVE_LIBPCAP */
+ show_main_window(FALSE);
+- check_and_warn_user_startup(cf_name);
+ main_set_for_capture_in_progress(FALSE);
+ set_capture_if_dialog_for_capture_in_progress(FALSE);
+ #endif /* HAVE_LIBPCAP */
diff --git a/SOURCES/wireshark-1.10.x-ftbfs-glib2.patch b/SOURCES/wireshark-1.10.x-ftbfs-glib2.patch
new file mode 100644
index 0000000..5fa4f75
--- /dev/null
+++ b/SOURCES/wireshark-1.10.x-ftbfs-glib2.patch
@@ -0,0 +1,31 @@
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index e6b8e46..f308c12 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -183,7 +183,6 @@ if(ENABLE_EXTRA_GCC_CHECKS) # This overrides -Werror
+ endif()
+
+ add_definitions(
+- -DG_DISABLE_DEPRECATED
+ -DG_DISABLE_SINGLE_INCLUDES
+ )
+
+diff --git a/configure.ac b/configure.ac
+index cf593db..4e2f0d2 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1474,14 +1474,6 @@ then
+ fi
+ AC_SUBST(MOC)
+
+-# Error out if a glib header other than a "top level" header
+-# (glib.h, glib-object.h, gio.h) or certain other headers( e.g.,gmodule.h)
+-# is used.
+-CPPFLAGS="-DG_DISABLE_SINGLE_INCLUDES $CPPFLAGS"
+-
+-# Error out on the usage of deprecated glib functions
+-CPPFLAGS="-DG_DISABLE_DEPRECATED $CPPFLAGS"
+-
+ #
+ # Check whether GLib modules are supported, to determine whether we
+ # can support plugins.
diff --git a/SOURCES/wireshark-1.10.x-remove-last-data-source.patch b/SOURCES/wireshark-1.10.x-remove-last-data-source.patch
new file mode 100644
index 0000000..e7533fd
--- /dev/null
+++ b/SOURCES/wireshark-1.10.x-remove-last-data-source.patch
@@ -0,0 +1,54 @@
+diff --git a/epan/dissectors/packet-tcp.c b/epan/dissectors/packet-tcp.c
+index e9af5f8..d994233 100644
+--- a/epan/dissectors/packet-tcp.c
++++ b/epan/dissectors/packet-tcp.c
+@@ -1924,6 +1924,7 @@ again:
+ * being a new higher-level PDU that also
+ * needs desegmentation).
+ */
++ remove_last_data_source(pinfo);
+ fragment_set_partial_reassembly(&tcp_reassembly_table,
+ pinfo, msp->first_frame, NULL);
+
+diff --git a/epan/packet.c b/epan/packet.c
+index 44b953f..509fb22 100644
+--- a/epan/packet.c
++++ b/epan/packet.c
+@@ -237,9 +237,24 @@ add_new_data_source(packet_info *pinfo, tvbuff_t *tvb, const char *name)
+ src = (struct data_source *)g_malloc(sizeof(struct data_source));
+ src->tvb = tvb;
+ src->name = g_strdup(name);
++ /* This could end up slow, but we should never have that many data
++ * sources so it probably doesn't matter */
+ pinfo->data_src = g_slist_append(pinfo->data_src, src);
+ }
+
++void
++remove_last_data_source(packet_info *pinfo)
++{
++ struct data_source *src;
++ GSList *last;
++
++ last = g_slist_last(pinfo->data_src);
++ src = (struct data_source *)last->data;
++ pinfo->data_src = g_slist_delete_link(pinfo->data_src, last);
++ g_free(src->name);
++ g_slice_free(struct data_source, src);
++}
++
+ const char*
+ get_data_source_name(const struct data_source *src)
+ {
+diff --git a/epan/packet.h b/epan/packet.h
+index e1a195b..f90199d 100644
+--- a/epan/packet.h
++++ b/epan/packet.h
+@@ -408,6 +408,8 @@ final_registration_all_protocols(void);
+ */
+ WS_DLL_PUBLIC void add_new_data_source(packet_info *pinfo, tvbuff_t *tvb,
+ const char *name);
++/* Removes the last-added data source, if it turns out it wasn't needed */
++WS_DLL_PUBLIC void remove_last_data_source(packet_info *pinfo);
+
+
+ /*
diff --git a/SOURCES/wireshark-1.10.x-resolv-error-string.patch b/SOURCES/wireshark-1.10.x-resolv-error-string.patch
new file mode 100644
index 0000000..8246302
--- /dev/null
+++ b/SOURCES/wireshark-1.10.x-resolv-error-string.patch
@@ -0,0 +1,22 @@
+diff --git a/tshark.c b/tshark.c
+index f930f9d..e3ac6c6 100644
+--- a/tshark.c
++++ b/tshark.c
+@@ -294,7 +294,7 @@ print_usage(gboolean print_ver)
+ fprintf(output, " -R packet Read filter in Wireshark display filter syntax\n");
+ fprintf(output, " -Y packet displaY filter in Wireshark display filter syntax\n");
+ fprintf(output, " -n disable all name resolutions (def: all enabled)\n");
+- fprintf(output, " -N enable specific name resolution(s): \"mntC\"\n");
++ fprintf(output, " -N enable specific name resolution(s): \"mnNtC\"\n");
+ fprintf(output, " -d %s ...\n", decode_as_arg_template);
+ fprintf(output, " \"Decode As\", see the man page for details\n");
+ fprintf(output, " Example: tcp.port==8888,http\n");
+@@ -1357,7 +1357,7 @@ main(int argc, char *argv[])
+ if (badopt != '\0') {
+ cmdarg_err("-N specifies unknown resolving option '%c';",
+ badopt);
+- cmdarg_err_cont( " Valid options are 'm', 'n', 't', and 'C'");
++ cmdarg_err_cont( " Valid options are 'm', 'n', 'N', 't', and 'C'");
+ return 1;
+ }
+ break;
diff --git a/SOURCES/wireshark-1.2.4-enable_lua.patch b/SOURCES/wireshark-1.2.4-enable_lua.patch
new file mode 100644
index 0000000..e3f7448
--- /dev/null
+++ b/SOURCES/wireshark-1.2.4-enable_lua.patch
@@ -0,0 +1,13 @@
+diff --git a/epan/wslua/template-init.lua b/epan/wslua/template-init.lua
+index eda33ca..008e875 100644
+--- a/epan/wslua/template-init.lua
++++ b/epan/wslua/template-init.lua
+@@ -43,7 +43,7 @@ if running_superuser then
+ local disabled_lib = {}
+ setmetatable(disabled_lib,{ __index = function() error("this package ".. hint) end } );
+
+- dofile = function() error("dofile " .. hint) end
++-- dofile = function() error("dofile " .. hint) end
+ loadfile = function() error("loadfile " .. hint) end
+ loadlib = function() error("loadlib " .. hint) end
+ require = function() error("require " .. hint) end
diff --git a/SOURCES/wireshark-1.6.0-soname.patch b/SOURCES/wireshark-1.6.0-soname.patch
new file mode 100644
index 0000000..6b266bd
--- /dev/null
+++ b/SOURCES/wireshark-1.6.0-soname.patch
@@ -0,0 +1,17 @@
+Load correct shared object name in python.
+This fixes following error message shown by wireshark/tshark when wireshark-devel
+was not installed:
+ libwireshark.so: cannot open shared object file: No such file or directory
+
+diff -up wireshark-1.6.0/epan/wspython/wspy_libws.py.soname wireshark-1.6.0/epan/wspython/wspy_libws.py
+--- wireshark-1.6.0/epan/wspython/wspy_libws.py.soname 2011-06-09 14:40:04.562726728 +0200
++++ wireshark-1.6.0/epan/wspython/wspy_libws.py 2011-06-09 14:40:09.775467946 +0200
+@@ -35,7 +35,7 @@ def get_libws_libname():
+ elif system == "Windows":
+ return 'libwireshark.dll'
+ else:
+- return 'libwireshark.so'
++ return 'libwireshark.so.2'
+
+ def get_libws_handle():
+ global __libwireshark
diff --git a/SOURCES/wireshark-1.6.1-group-msg.patch b/SOURCES/wireshark-1.6.1-group-msg.patch
new file mode 100644
index 0000000..d24e7df
--- /dev/null
+++ b/SOURCES/wireshark-1.6.1-group-msg.patch
@@ -0,0 +1,51 @@
+Customize 'permission denied' error.
+
+Add Fedora-specific message to error output when dumpcap cannot be started
+because of permissions.
+
+diff --git a/capture_sync.c b/capture_sync.c
+index 8c49ed2..65e242d 100644
+--- a/capture_sync.c
++++ b/capture_sync.c
+@@ -369,6 +369,7 @@ sync_pipe_start(capture_options *capture_opts, capture_session *cap_session)
+ gchar *signal_pipe_name;
+ #else
+ char errmsg[1024+1];
++ const char *securitymsg = "";
+ int sync_pipe[2]; /* pipe used to send messages from child to parent */
+ enum PIPES { PIPE_READ, PIPE_WRITE }; /* Constants 0 and 1 for PIPE_READ and PIPE_WRITE */
+ #endif
+@@ -639,8 +640,10 @@ sync_pipe_start(capture_options *capture_opts, capture_session *cap_session)
+ dup2(sync_pipe[PIPE_WRITE], 2);
+ ws_close(sync_pipe[PIPE_READ]);
+ execv(argv[0], argv);
+- g_snprintf(errmsg, sizeof errmsg, "Couldn't run %s in child process: %s",
+- argv[0], g_strerror(errno));
++ if (errno == EPERM || errno == EACCES)
++ securitymsg = "\nAre you a member of the 'wireshark' group? Try running\n'usermod -a -G wireshark _your_username_' as root.";
++ g_snprintf(errmsg, sizeof errmsg, "Couldn't run %s in child process: %s%s",
++ argv[0], g_strerror(errno), securitymsg);
+ sync_pipe_errmsg_to_parent(2, errmsg, "");
+
+ /* Exit with "_exit()", so that we don't close the connection
+@@ -732,6 +735,7 @@ sync_pipe_open_command(char** argv, int *data_read_fd,
+ PROCESS_INFORMATION pi;
+ #else
+ char errmsg[1024+1];
++ const char *securitymsg = "";
+ int sync_pipe[2]; /* pipe used to send messages from child to parent */
+ int data_pipe[2]; /* pipe used to send data from child to parent */
+ #endif
+@@ -866,8 +870,10 @@ sync_pipe_open_command(char** argv, int *data_read_fd,
+ ws_close(sync_pipe[PIPE_READ]);
+ ws_close(sync_pipe[PIPE_WRITE]);
+ execv(argv[0], argv);
+- g_snprintf(errmsg, sizeof errmsg, "Couldn't run %s in child process: %s",
+- argv[0], g_strerror(errno));
++ if (errno == EPERM || errno == EACCES)
++ securitymsg = "\nAre you a member of the 'wireshark' group? Try running\n'usermod -a -G wireshark _your_username_' as root.";
++ g_snprintf(errmsg, sizeof errmsg, "Couldn't run %s in child process: %s%s",
++ argv[0], g_strerror(errno), securitymsg);
+ sync_pipe_errmsg_to_parent(2, errmsg, "");
+
+ /* Exit with "_exit()", so that we don't close the connection
diff --git a/SOURCES/wireshark-1.8.10-segfault-cve-2013-4075.patch b/SOURCES/wireshark-1.8.10-segfault-cve-2013-4075.patch
new file mode 100644
index 0000000..3dcf631
--- /dev/null
+++ b/SOURCES/wireshark-1.8.10-segfault-cve-2013-4075.patch
@@ -0,0 +1,32 @@
+From 85441817e9068de1267e945cfee1f8080c402fa7 Mon Sep 17 00:00:00 2001
+From: Martin Sehnoutka
+Date: Mon, 13 Mar 2017 10:38:54 +0100
+Subject: [PATCH] Backport dissect_gmr1_bcch modifications from upstream.
+
+---
+ epan/dissectors/packet-gmr1_bcch.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/epan/dissectors/packet-gmr1_bcch.c b/epan/dissectors/packet-gmr1_bcch.c
+index f522bd2..6e9a6ed 100644
+--- a/epan/dissectors/packet-gmr1_bcch.c
++++ b/epan/dissectors/packet-gmr1_bcch.c
+@@ -1048,6 +1048,7 @@ dissect_gmr1_bcch(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+ if (is_si1) {
+ SystemInformation1_t *data;
+ data = ep_new(SystemInformation1_t);
++ data->SegmentType = array_length(SI1_SegmentChoice) - 1;
+ csnStreamDissector(bcch_tree, &ar, CSNDESCR(SystemInformation1_t), tvb, data, ett_gmr1_bcch);
+ col_append_fstr(
+ pinfo->cinfo, COL_INFO,
+@@ -1057,6 +1058,7 @@ dissect_gmr1_bcch(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+ } else {
+ SystemInformation2_t *data;
+ data = ep_new(SystemInformation2_t);
++ data->SegmentType = array_length(SI2_SegmentChoice) - 1;
+ csnStreamDissector(bcch_tree, &ar, CSNDESCR(SystemInformation2_t), tvb, data, ett_gmr1_bcch);
+ col_append_fstr(
+ pinfo->cinfo, COL_INFO,
+--
+2.9.3
+
diff --git a/SOURCES/wireshark-1.8.x-dcom-string-overrun.patch b/SOURCES/wireshark-1.8.x-dcom-string-overrun.patch
new file mode 100644
index 0000000..37ba79f
--- /dev/null
+++ b/SOURCES/wireshark-1.8.x-dcom-string-overrun.patch
@@ -0,0 +1,13 @@
+diff --git a/plugins/profinet/packet-dcom-cba.c b/plugins/profinet/packet-dcom-cba.c
+index 967b8e6..cbb628c 100644
+--- a/plugins/profinet/packet-dcom-cba.c
++++ b/plugins/profinet/packet-dcom-cba.c
+@@ -553,7 +553,7 @@ dissect_ICBAPhysicalDevice_get_LogicalDevice_rqst(tvbuff_t *tvb, int offset,
+ packet_info *pinfo, proto_tree *tree, guint8 *drep)
+ {
+ guint32 u32Pointer;
+- gchar szStr[1000];
++ gchar szStr[1000] = "";
+ guint32 u32MaxStr = sizeof(szStr);
+ dcerpc_info *info = (dcerpc_info *) pinfo->private_data;
+ gchar *call;
diff --git a/SOURCES/wireshark-autoconf.m4 b/SOURCES/wireshark-autoconf.m4
new file mode 100644
index 0000000..d8015d8
--- /dev/null
+++ b/SOURCES/wireshark-autoconf.m4
@@ -0,0 +1,101 @@
+dnl AM_PATH_WIRESHARK([MINIMUM-VERSION, [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND]]])
+dnl Test for wireshark development files, and define WIRESHARK_CFLAGS,
+dnl WIRESHARK_LIBS and WIRESHARK_VERSION.
+dnl
+AC_DEFUN([AM_PATH_WIRESHARK],[
+ AC_ARG_WITH(wireshark-prefix,
+ [ --with-wireshark-prefix=PFX Prefix where wireshark libraries are installed (optional)],
+ wireshark_config_prefix="$withval", wireshark_config_prefix="")
+
+ wireshark_found=no
+ if test "$wireshark_config_prefix" != "" ; then
+ AM_PATH_GLIB_2_0(,,,[gmodule])
+ WIRESHARK_CFLAGS="-DWS_VAR_IMPORT=extern -DWS_MSVC_NORETURN= -I$wireshark_config_prefix/include/wireshark -I$wireshark_config_prefix/include/wireshark/epan -I/usr/include/wireshark -I/usr/include/wireshark/epan $GLIB_CFLAGS"
+ WIRESHARK_LIBS="-L$wireshark_config_prefix/lib -lwireshark -lwiretap $GLIB_LIBS"
+ wireshark_found=yes
+ else
+ PKG_PROG_PKG_CONFIG()
+ PKG_CHECK_MODULES(WIRESHARK, wireshark, wireshark_found=yes)
+ fi
+
+ ac_save_CFLAGS="$CFLAGS"
+ ac_save_CLIBS="$LIBS"
+ CFLAGS="$CFLAGS $WIRESHARK_CFLAGS"
+ LIBS="$WIRESHARK_LIBS $LIBS"
+ min_wireshark_version=ifelse([$1], ,0.0.0,[$1])
+ if test $wireshark_found = yes; then
+ AC_MSG_CHECKING(for wireshark version >= $min_wireshark_version)
+ wireshark_found=no
+ AC_TRY_RUN([
+#include
+#include
+#include
+#include
+#include
+#include
+
+int
+main()
+
+{
+ int ws_major_version, ws_minor_version, ws_micro_version;
+ int major, minor, micro;
+ char **tmp_version;
+
+ tmp_version = (char *) strdup("$min_wireshark_version");
+ major = 0;
+ minor = 0;
+ micro = 0;
+ sscanf(tmp_version, "%d.%d.%d", &major, &minor, µ);
+ free(tmp_version);
+ tmp_version = (char *) epan_get_version();
+ sscanf(tmp_version, "%d.%d.%d",
+ &ws_major_version, &ws_minor_version, &ws_micro_version);
+
+ if (ws_major_version > major ||
+ (ws_major_version == major && ws_minor_version > minor) ||
+ (ws_major_version == major && ws_minor_version == minor &&
+ ws_micro_version >= micro))
+ return 0;
+
+ printf("\n*** An old version of wireshark (%d.%d.%d) was found.\n",
+ ws_major_version, ws_minor_version, ws_micro_version);
+ printf("*** You need a version of wireshark not older than %d.%d.%d. ",
+ major, minor, micro);
+ return 1;
+}
+ ], wireshark_found=yes)
+ fi
+
+ if test "$wireshark_found" != no; then
+ AC_LANG_PUSH(C)
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([
+#include
+#include
+#include
+#include
+#include
+#include
+], [puts(epan_get_version());])], [WIRESHARK_VERSION=`./conftest$ac_exeext`],
+wireshark_found=no)
+
+ AC_LANG_POP
+ fi
+
+ CFLAGS="$ac_save_CFLAGS"
+ LIBS="$ac_save_LIBS"
+
+ if test "$wireshark_found" != no; then
+ AC_MSG_RESULT(yes)
+ ifelse([$2],, :, [$2])
+ else
+ AC_MSG_RESULT(no)
+ WIRESHARK_CFLAGS=""
+ WIRESHARK_LIBS=""
+ WIRESHARK_VERSION=""
+ ifelse([$3], , :, [$3])
+ fi
+ AC_SUBST(WIRESHARK_CFLAGS)
+ AC_SUBST(WIRESHARK_LIBS)
+ AC_SUBST(WIRESHARK_VERSION)
+])
diff --git a/SOURCES/wireshark-libtool-pie.patch b/SOURCES/wireshark-libtool-pie.patch
new file mode 100644
index 0000000..95cc088
--- /dev/null
+++ b/SOURCES/wireshark-libtool-pie.patch
@@ -0,0 +1,11 @@
+diff -up wireshark-1.6.8/ltmain.sh.pie wireshark-1.6.8/ltmain.sh
+--- wireshark-1.6.8/ltmain.sh.pie 2012-05-23 10:05:07.900326513 +0200
++++ wireshark-1.6.8/ltmain.sh 2012-05-23 10:05:11.786312666 +0200
+@@ -3488,7 +3488,6 @@ static const void *lt_preloaded_setup()
+ symtab_cflags=
+ for arg in $LTCFLAGS; do
+ case $arg in
+- -pie | -fpie | -fPIE) ;;
+ *) func_append symtab_cflags " $arg" ;;
+ esac
+ done
diff --git a/SOURCES/wireshark-mime-package.xml b/SOURCES/wireshark-mime-package.xml
new file mode 100644
index 0000000..c78ba48
--- /dev/null
+++ b/SOURCES/wireshark-mime-package.xml
@@ -0,0 +1,9 @@
+
+
+
+ Packet Capture
+
+
+
+
+
diff --git a/SOURCES/wireshark.console b/SOURCES/wireshark.console
new file mode 100644
index 0000000..2a976f5
--- /dev/null
+++ b/SOURCES/wireshark.console
@@ -0,0 +1,4 @@
+USER=root
+PROGRAM=/usr/sbin/wireshark
+SESSION=true
+FALLBACK=true
diff --git a/SOURCES/wireshark.desktop b/SOURCES/wireshark.desktop
new file mode 100644
index 0000000..caf2793
--- /dev/null
+++ b/SOURCES/wireshark.desktop
@@ -0,0 +1,14 @@
+[Desktop Entry]
+Name=Wireshark Network Analyzer
+Name[fi]=Wireshark
+Name[sv]=Wireshark
+Comment=Wireshark traffic and network analyzer
+Comment[fi]=Verkkoanalysaattori
+Comment[sv]=Nätverkstrafikanalysator
+TryExec=wireshark
+Exec=wireshark %f
+Icon=wireshark
+Terminal=false
+Type=Application
+Categories=X-Red-Hat-Extra;Network;GTK;
+MimeType=application/x-pcap;
diff --git a/SOURCES/wiresharkdoc-16x16.png b/SOURCES/wiresharkdoc-16x16.png
new file mode 100644
index 0000000..50acd67
Binary files /dev/null and b/SOURCES/wiresharkdoc-16x16.png differ
diff --git a/SPECS/wireshark.spec b/SPECS/wireshark.spec
new file mode 100644
index 0000000..3536930
--- /dev/null
+++ b/SPECS/wireshark.spec
@@ -0,0 +1,1128 @@
+%global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib(1))")
+
+%global with_adns 0
+%global with_lua 1
+%global with_gtk2 1
+
+%if 0%{?rhel} != 0
+#RHEL:
+ %global with_portaudio 0
+ %global with_GeoIP 0
+ %if 0%{?rhel} <= 6
+ # RHEL6: use GTK2
+ %global with_gtk2 1
+ %endif
+%else
+ %global with_portaudio 1
+ %global with_GeoIP 1
+%endif
+
+
+Summary: Network traffic analyzer
+Name: wireshark
+Version: 1.10.14
+Release: 16%{?dist}
+License: GPL+
+Group: Applications/Internet
+Source0: http://wireshark.org/download/src/%{name}-%{version}.tar.bz2
+Source2: wireshark.console
+Source3: wireshark.desktop
+Source4: wireshark-autoconf.m4
+Source5: wireshark-mime-package.xml
+Source6: wiresharkdoc-16x16.png
+Source7: wiresharkdoc-32x32.png
+Source8: wiresharkdoc-48x48.png
+Source9: wiresharkdoc-256x256.png
+Source10: config.h
+
+Patch1: wireshark-1.2.4-enable_lua.patch
+Patch2: wireshark-libtool-pie.patch
+Patch3: wireshark-1.6.1-group-msg.patch
+Patch4: wireshark-1.6.0-soname.patch
+Patch5: wireshark-1.8.x-dcom-string-overrun.patch
+Patch6: wireshark-1.10.0-CVE-2013-3557.patch
+Patch7: wireshark-1.10.x-disable-warning-dialog.patch
+Patch8: wireshark-1.10.x-resolv-error-string.patch
+Patch9: wireshark-1.10.x-remove-last-data-source.patch
+Patch10: wireshark-1.10.x-ftbfs-glib2.patch
+Patch11: wireshark-1.10.10-CVE-2014-6425.patch
+Patch12: wireshark-1.10.10-CVE-2014-6426.patch
+Patch13: wireshark-1.10.3-nanosecond-timestamps.patch
+Patch14: wireshark-1.10.3-dtls-elliptic-curves.patch
+Patch15: wireshark-1.10.3-tls-hash-algs.patch
+Patch16: wireshark-1.10.3-tls-key-exchange-msgs.patch
+Patch17: wireshark-1.10.3-tls-ext-master-secret.patch
+Patch18: wireshark-1.10.3-tls-ext-encrypt-then-mac.patch
+Patch19: wireshark-1.10.14-tls-cert-verify-msgs.patch
+Patch20: wireshark-1.10.14-CVE-2015-3810.patch
+Patch21: wireshark-1.10.14-CVE-2015-3813.patch
+Patch22: wireshark-1.10.14-CVE-2015-6243.patch
+Patch23: wireshark-1.10.14-tvbuff.patch
+# Depends on Patch23
+Patch24: wireshark-1.10.14-CVE-2015-6244.patch
+Patch25: wireshark-1.10.14-CVE-2015-6245.patch
+Patch26: wireshark-1.10.14-CVE-2015-6246.patch
+Patch27: wireshark-1.10.14-CVE-2015-6248.patch
+Patch28: wireshark-1.10.14-gdk-pixbuf-deprecated-segfault.patch
+Patch29: wireshark-1.10.14-CVE-2015-3182.patch
+Patch30: wireshark-1.10.14-display-data-len.patch
+Patch31: wireshark-1.10.14-read-from-stdin.patch
+Patch32: wireshark-1.8.10-segfault-cve-2013-4075.patch
+Patch33: wireshark-1.10.14-default-snaplen.patch
+Patch34: wireshark-1.10.14-buffer-size.patch
+Patch35: wireshark-1.10.14-drop-count.patch
+Patch36: wireshark-1.10.14-af-vsock-support.patch
+
+Url: http://www.wireshark.org/
+BuildRequires: libpcap-devel >= 0.9
+BuildRequires: libsmi-devel
+BuildRequires: zlib-devel, bzip2-devel
+BuildRequires: openssl-devel
+BuildRequires: glib2-devel
+BuildRequires: elfutils-devel, krb5-devel
+BuildRequires: python, pcre-devel, libselinux
+BuildRequires: gnutls-devel
+BuildRequires: desktop-file-utils
+BuildRequires: xdg-utils
+BuildRequires: flex, bison, python, python-devel
+BuildRequires: libcap-devel
+BuildRequires: perl-podlators
+BuildRequires: libgcrypt-devel
+%if %{with_GeoIP}
+BuildRequires: GeoIP-devel
+%endif
+%if %{with_adns}
+BuildRequires: adns-devel
+%else
+BuildRequires: c-ares-devel
+%endif
+%if %{with_portaudio}
+BuildRequires: portaudio-devel
+%endif
+%if %{with_lua}
+BuildRequires: lua-devel
+%endif
+%if %{with_gtk2}
+BuildRequires: gtk2-devel
+%else
+BuildRequires: gtk3-devel
+%endif
+
+# Temporary hack - wireshark-1.8.0 is not compilable with upstream
+# Makefile.in / configure, they need to be regenerated
+BuildRequires: libtool, automake, autoconf
+
+Requires(pre): shadow-utils
+%if %{with_adns}
+Requires: adns
+%endif
+
+%package gnome
+Summary: Gnome desktop integration for wireshark
+Group: Applications/Internet
+Requires: wireshark = %{version}-%{release}
+Requires: xdg-utils
+Requires: hicolor-icon-theme
+%if %{with_gtk2}
+Requires: gtk2
+%else
+Requires: gtk3
+%endif
+%if %{with_portaudio}
+Requires: portaudio
+%endif
+%if %{with_GeoIP}
+Requires: GeoIP
+%endif
+
+%package devel
+Summary: Development headers and libraries for wireshark
+Group: Development/Libraries
+Requires: %{name} = %{version}-%{release} glibc-devel glib2-devel
+
+
+%description
+Wireshark is a network traffic analyzer for Unix-ish operating systems.
+
+This package lays base for libpcap, a packet capture and filtering
+library, contains command-line utilities, contains plugins and
+documentation for wireshark. A graphical user interface is packaged
+separately to GTK+ package.
+
+%description gnome
+Contains wireshark for Gnome 3 and desktop integration file
+
+%description devel
+The wireshark-devel package contains the header files, developer
+documentation, and libraries required for development of wireshark scripts
+and plugins.
+
+
+%prep
+%setup -q -n %{name}-%{version}
+
+%if %{with_lua}
+%patch1 -p1 -b .enable_lua
+%endif
+
+%patch2 -p1 -b .v4cleanup
+%patch3 -p1 -b .group-msg
+%patch4 -p1 -b .soname
+%patch5 -p1 -b .dcom-overrun
+%patch6 -p1 -b .cve-2013-3557
+%patch7 -p1 -b .disable-warning-dialog
+%patch8 -p1 -b .resolv-error-string
+%patch9 -p1 -b .remove-last-data-source
+%patch10 -p1 -b .ftbfs-glib2
+%patch11 -p1 -b .cve.2014-6425
+%patch12 -p1 -b .cve.2014-6426
+%patch13 -p1 -b .nanosecond-timestamps
+%patch14 -p1 -b .dtls-elliptic-curves
+%patch15 -p1 -b .tls-hash-algs
+%patch16 -p1 -b .tls-key-exchange-msgs
+%patch17 -p1 -b .tls-master-secret
+%patch18 -p1 -b .tls-encrypt-then-mac
+%patch19 -p1 -b .tls-cert-verify-msgs
+%patch20 -p1 -b .cve-2015-3810
+%patch21 -p1 -b .cve-2015-3813
+%patch22 -p1 -b .cve-2015-6243
+%patch23 -p1 -b .tvbuff
+%patch24 -p1 -b .cve-2015-6244
+%patch25 -p1 -b .cve-2015-6245
+%patch26 -p1 -b .cve-2015-6246
+%patch27 -p1 -b .cve-2015-6248
+%patch28 -p1 -b .gdk-deprecated
+%patch29 -p1 -b .cve-2015-3182
+%patch30 -p1 -b .display-data-len
+%patch31 -p1 -b .read-from-stdin
+%patch32 -p1 -b .segfault-cve-2013-4075
+%patch33 -p1 -b .default-snaplen
+%patch34 -p1 -b .buffer-size
+%patch35 -p1 -b .drop-count
+%patch36 -p1 -b .af-vsock
+
+%build
+%ifarch s390 s390x sparcv9 sparc64
+export PIECFLAGS="-fPIE"
+%else
+export PIECFLAGS="-fpie"
+%endif
+
+export RELRO="-Wl,-z,relro,-z,now"
+
+# -fstack-protector-strong replaced -fstack-protector-all
+export CFLAGS="$RPM_OPT_FLAGS $CPPFLAGS $PIECFLAGS $RELRO -D_LARGEFILE64_SOURCE"
+export CXXFLAGS="$RPM_OPT_FLAGS $CPPFLAGS $PIECFLAGS $RELRO -D_LARGEFILE64_SOURCE"
+export LDFLAGS="$LDFLAGS -pie"
+
+# Temporary hack - wireshark-1.8.0 is not compilable with upstream
+# Makefile.in / configure, they need to be regenerated
+./autogen.sh
+
+%configure \
+ --bindir=%{_sbindir} \
+ --enable-ipv6 \
+ --with-libsmi \
+ --with-gnu-ld \
+ --with-pic \
+%if %{with_gtk2}
+ --with-gtk2 \
+%else
+ --with-gtk3 \
+%endif
+%if %{with_adns}
+ --with-adns \
+%else
+ --with-adns=no \
+%endif
+%if %{with_lua}
+ --with-lua \
+%else
+ --with-lua=no \
+%endif
+%if %{with_portaudio}
+ --with-portaudio \
+%else
+ --with-portaudio=no \
+%endif
+%if %{with_GeoIP}
+ --with-geoip \
+%else
+ --with-geoip=no \
+%endif
+ --with-ssl \
+ --disable-warnings-as-errors \
+ --with-python \
+ --with-plugins=%{_libdir}/%{name}/plugins/%{version} \
+ --with-dumpcap-group="wireshark" \
+ --enable-setcap-install \
+ --enable-airpcap
+
+#remove rpath
+sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
+sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
+
+make %{?_smp_mflags}
+
+%install
+# The evil plugins hack
+perl -pi -e 's|-L../../epan|-L../../epan/.libs|' plugins/*/*.la
+
+make DESTDIR=$RPM_BUILD_ROOT install
+
+# Install python stuff.
+mkdir -p $RPM_BUILD_ROOT%{python_sitearch}
+install -m 644 tools/wireshark_be.py tools/wireshark_gen.py $RPM_BUILD_ROOT%{python_sitearch}
+
+desktop-file-install \
+ --dir ${RPM_BUILD_ROOT}%{_datadir}/applications \
+ --add-category X-Fedora \
+ %{SOURCE3}
+
+mkdir -p $RPM_BUILD_ROOT/%{_datadir}/icons/hicolor/{16x16,32x32,48x48,64x64,256x256}/apps
+
+install -m 644 image/wsicon16.png $RPM_BUILD_ROOT/%{_datadir}/icons/hicolor/16x16/apps/wireshark.png
+install -m 644 image/wsicon32.png $RPM_BUILD_ROOT/%{_datadir}/icons/hicolor/32x32/apps/wireshark.png
+install -m 644 image/wsicon48.png $RPM_BUILD_ROOT/%{_datadir}/icons/hicolor/48x48/apps/wireshark.png
+install -m 644 image/wsicon64.png $RPM_BUILD_ROOT/%{_datadir}/icons/hicolor/64x64/apps/wireshark.png
+install -m 644 image/wsicon256.png $RPM_BUILD_ROOT/%{_datadir}/icons/hicolor/256x256/apps/wireshark.png
+
+#install devel files (inspired by debian/wireshark-dev.header-files)
+install -d -m 0755 $RPM_BUILD_ROOT/%{_includedir}/wireshark
+IDIR="${RPM_BUILD_ROOT}%{_includedir}/wireshark"
+mkdir -p "${IDIR}/epan"
+mkdir -p "${IDIR}/epan/crypt"
+mkdir -p "${IDIR}/epan/ftypes"
+mkdir -p "${IDIR}/epan/dfilter"
+mkdir -p "${IDIR}/epan/dissectors"
+mkdir -p "${IDIR}/wiretap"
+mkdir -p "${IDIR}/wsutil"
+install -m 644 color.h register.h "${IDIR}/"
+install -m 644 cfile.h file.h "${IDIR}/"
+install -m 644 packet-range.h print.h "${IDIR}/"
+install -m 644 epan/*.h "${IDIR}/epan/"
+install -m 644 epan/crypt/*.h "${IDIR}/epan/crypt"
+install -m 644 epan/ftypes/*.h "${IDIR}/epan/ftypes"
+install -m 644 epan/dfilter/*.h "${IDIR}/epan/dfilter"
+install -m 644 epan/dissectors/*.h "${IDIR}/epan/dissectors"
+install -m 644 wiretap/*.h "${IDIR}/wiretap"
+install -m 644 wsutil/*.h "${IDIR}/wsutil"
+install -m 644 ws_symbol_export.h "${IDIR}/"
+%ifarch %{ix86}
+# Due to NEED_8_BYTE_ALIGNMENT defined only for x86
+install -m 644 config.h "${IDIR}/config-x86.h"
+%else
+%ifarch s390 ppc
+install -m 644 config.h "${IDIR}/config-32.h"
+%else
+install -m 644 config.h "${IDIR}/config-64.h"
+%endif
+%endif
+install -m 644 -T %{SOURCE10} "${IDIR}/config.h"
+
+# Create pkg-config control file.
+mkdir -p "${RPM_BUILD_ROOT}%{_libdir}/pkgconfig"
+cat > "${RPM_BUILD_ROOT}%{_libdir}/pkgconfig/wireshark.pc" <<- "EOF"
+ prefix=%{_prefix}
+ exec_prefix=%{_prefix}
+ libdir=%{_libdir}
+ includedir=%{_includedir}
+
+ Name: %{name}
+ Description: Network Traffic Analyzer
+ Version: %{version}
+ Requires: glib-2.0 gmodule-2.0
+ Libs: -L${libdir} -lwireshark -lwiretap
+ Cflags: -DWS_VAR_IMPORT=extern -DHAVE_STDARG_H -DWS_MSVC_NORETURN= -I${includedir}/wireshark -I${includedir}/wireshark/epan
+EOF
+
+# Install the autoconf macro.
+mkdir -p "${RPM_BUILD_ROOT}%{_datadir}/aclocal"
+cp "%{SOURCE4}" "${RPM_BUILD_ROOT}%{_datadir}/aclocal/wireshark.m4"
+
+# Install desktop stuff
+mkdir -p $RPM_BUILD_ROOT/%{_datadir}/{icons/gnome/{16x16,32x32,48x48,256x256}/mimetypes,mime/packages}
+install -m 644 -T %{SOURCE5} $RPM_BUILD_ROOT/%{_datadir}/mime/packages/wireshark.xml
+install -m 644 -T %{SOURCE6} $RPM_BUILD_ROOT/%{_datadir}/icons/gnome/16x16/mimetypes/application-x-pcap.png
+install -m 644 -T %{SOURCE7} $RPM_BUILD_ROOT/%{_datadir}/icons/gnome/32x32/mimetypes/application-x-pcap.png
+install -m 644 -T %{SOURCE8} $RPM_BUILD_ROOT/%{_datadir}/icons/gnome/48x48/mimetypes/application-x-pcap.png
+install -m 644 -T %{SOURCE9} $RPM_BUILD_ROOT/%{_datadir}/icons/gnome/256x256/mimetypes/application-x-pcap.png
+
+# Remove .la files
+rm -f $RPM_BUILD_ROOT/%{_libdir}/%{name}/plugins/%{version}/*.la
+
+# Remove .la files in libdir
+rm -f $RPM_BUILD_ROOT/%{_libdir}/*.la
+
+# add wspy_dissectors directory for plugins
+mkdir -p $RPM_BUILD_ROOT/%{_libdir}/%{name}/python/%{version}/wspy_dissectors
+
+%pre
+getent group wireshark >/dev/null || groupadd -r wireshark
+
+%post -p /sbin/ldconfig
+
+%postun -p /sbin/ldconfig
+
+%post gnome
+update-desktop-database &> /dev/null ||:
+update-mime-database %{_datadir}/mime &> /dev/null || :
+touch --no-create %{_datadir}/icons/gnome &>/dev/null || :
+touch --no-create %{_datadir}/icons/hicolor &>/dev/null || :
+
+%postun gnome
+update-desktop-database &> /dev/null ||:
+update-mime-database %{_datadir}/mime &> /dev/null || :
+if [ $1 -eq 0 ] ; then
+ touch --no-create %{_datadir}/icons/gnome &>/dev/null
+ gtk-update-icon-cache %{_datadir}/icons/gnome &>/dev/null || :
+
+ touch --no-create %{_datadir}/icons/hicolor &>/dev/null
+ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
+fi
+
+%posttrans
+gtk-update-icon-cache %{_datadir}/icons/gnome &>/dev/null || :
+gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
+
+%files
+%doc AUTHORS COPYING ChangeLog INSTALL NEWS README*
+%{_sbindir}/editcap
+%{_sbindir}/tshark
+%{_sbindir}/mergecap
+%{_sbindir}/text2pcap
+%{_sbindir}/dftest
+%{_sbindir}/capinfos
+%{_sbindir}/randpkt
+%{_sbindir}/reordercap
+%attr(0750, root, wireshark) %caps(cap_net_raw,cap_net_admin=ep) %{_sbindir}/dumpcap
+%{_sbindir}/rawshark
+%{python_sitearch}/*.py*
+%{_libdir}/lib*.so.*
+%{_libdir}/wireshark
+%{_mandir}/man1/editcap.*
+%{_mandir}/man1/tshark.*
+%{_mandir}/man1/mergecap.*
+%{_mandir}/man1/text2pcap.*
+%{_mandir}/man1/capinfos.*
+%{_mandir}/man1/dumpcap.*
+%{_mandir}/man4/wireshark-filter.*
+%{_mandir}/man1/rawshark.*
+%{_mandir}/man1/dftest.*
+%{_mandir}/man1/randpkt.*
+%{_mandir}/man1/reordercap.*
+%{_datadir}/wireshark
+%if %{with_lua}
+%exclude %{_datadir}/wireshark/init.lua
+%endif
+
+
+%files gnome
+%{_datadir}/applications/wireshark.desktop
+%{_datadir}/icons/hicolor/16x16/apps/wireshark.png
+%{_datadir}/icons/hicolor/32x32/apps/wireshark.png
+%{_datadir}/icons/hicolor/48x48/apps/wireshark.png
+%{_datadir}/icons/hicolor/64x64/apps/wireshark.png
+%{_datadir}/icons/hicolor/256x256/apps/wireshark.png
+%{_datadir}/icons/gnome/16x16/mimetypes/application-x-pcap.png
+%{_datadir}/icons/gnome/32x32/mimetypes/application-x-pcap.png
+%{_datadir}/icons/gnome/48x48/mimetypes/application-x-pcap.png
+%{_datadir}/icons/gnome/256x256/mimetypes/application-x-pcap.png
+%{_datadir}/mime/packages/wireshark.xml
+%{_sbindir}/wireshark
+%{_mandir}/man1/wireshark.*
+
+%files devel
+%doc doc/README.*
+%config(noreplace) %{_datadir}/wireshark/init.lua
+%{_includedir}/wireshark
+%{_libdir}/lib*.so
+%{_libdir}/pkgconfig/*
+%{_datadir}/aclocal/*
+
+%changelog
+* Thu Jun 21 2018 Michal Ruprich - 1.10.14-16
+- Resolves: #1464395 - RFE: AF_VSOCK support in Wireshark
+
+* Wed May 09 2018 Martin Sehnoutka - 1.10.14-15
+- include drop count information in pcapng capture files
+
+* Thu May 04 2017 Martin Sehnoutka - 1.10.14-14
+- Change buffer size in man pages
+- Related: #1359974
+
+* Fri Apr 21 2017 Martin Sehnoutka - 1.10.14-13
+- Require exact version of Wireshark as a dependency for devel subpackage
+
+* Mon Apr 03 2017 Martin Sehnoutka - 1.10.14-12
+- Fix wrong snaplen in man pages and help
+- Make the capture buffer bigger to prevent dropping packages
+
+* Mon Mar 13 2017 Martin Sehnoutka - 1.10.14-11
+- Backport upstream changes for CVE-2013-4075
+
+* Thu Aug 18 2016 Martin Sehnoutka - 1.10.14-10
+- Rebuild package
+- Related to: #1233966
+
+* Wed Jul 27 2016 Martin Sehnoutka - 1.10.14-9
+- Resolves: #1233966 support for reading from stdin/pipes
+
+* Tue Jul 26 2016 Martin Sehnoutka - 1.10.14-8
+- Resolves: #1337695 tshark failing to display data.len
+
+* Tue Oct 6 2015 Peter Hatina - 1.10.14-7
+- Rebase some tvbuff API from upstream to 1.10.14
+- Fixes crash when tvb_length_remaining() is used
+- Related: CVE-2015-6244
+
+* Mon Oct 5 2015 Peter Hatina - 1.10.14-6
+- Security patch
+- Resolves: CVE-2015-3182
+
+* Thu Oct 1 2015 Peter Hatina - 1.10.14-5
+- Fix crash caused by -DGDK_PIXBUF_DEPRECATED on startup
+- Resolves: rhbz#1267959
+
+* Tue Sep 22 2015 Peter Hatina - 1.10.14-4
+- Security patches
+- Resolves: CVE-2015-6243
+ CVE-2015-6244
+ CVE-2015-6245
+ CVE-2015-6246
+ CVE-2015-6248
+
+* Fri Aug 7 2015 Peter Hatina - 1.10.14-3
+- Security patches
+- Resolves: CVE-2015-3810
+ CVE-2015-3813
+
+* Mon Jul 6 2015 Peter Hatina - 1.10.14-2
+- Add certificate verify message decoding in TLS extension
+- Resolves: #1239150
+
+* Thu Jul 2 2015 Peter Hatina - 1.10.14-1
+- Upgrade to 1.10.14
+- Resolves: #1238676
+
+* Tue Jun 2 2015 Peter Hatina - 1.10.3-20
+- add master secret extension decoding in TLS extension
+- add encrypt-then-mac extension decoding in TLS extension
+- Resolves: #1222901
+
+* Tue Jun 2 2015 Peter Hatina - 1.10.3-19
+- create pcap file if -F pcap specified
+- Resolves: #1227199
+
+* Wed May 20 2015 Peter Hatina - 1.10.3-18
+- add key exchange algorithms decoding in TLS extension
+- Resolves: #1222600
+
+* Mon May 18 2015 Peter Hatina - 1.10.3-17
+- add signature algorithms decoding in TLS extension
+- Resolves: #1221701
+
+* Wed May 6 2015 Peter Hatina - 1.10.3-16
+- add relro check
+- Resolves: #1092532
+
+* Tue Apr 21 2015 Peter Hatina - 1.10.3-15
+- add elliptic curves decoding in DTLS HELLO
+- Resolves: #1131202
+
+* Tue Apr 21 2015 Peter Hatina - 1.10.3-14
+- introduced nanosecond time precision
+- Resolves: #1213339
+
+* Mon Oct 13 2014 Peter Hatina - 1.10.3-13
+- security patches
+- Resolves: #1148267
+
+* Fri Oct 3 2014 Peter Hatina - 1.10.3-12
+- security patches
+- Resolves: CVE-2014-6421
+ CVE-2014-6423
+ CVE-2014-6424
+ CVE-2014-6425
+ CVE-2014-6426
+ CVE-2014-6427
+ CVE-2014-6428
+ CVE-2014-6429
+
+* Thu Aug 28 2014 Peter Hatina - 1.10.3-11
+- fix FTBFS due to glib2-2.40
+- Resolves: #1132673
+
+* Mon Mar 10 2014 Peter Hatina - 1.10.3-10
+- fix missing tshark's name resolving flag in help message
+- Related: #1004250
+
+* Mon Mar 10 2014 Peter Hatina - 1.10.3-9
+- security patches
+- Resolves: CVE-2014-2281
+ CVE-2014-2282
+ CVE-2014-2283
+ CVE-2014-2299
+
+* Fri Jan 31 2014 Peter Hatina - 1.10.3-8
+- remove last data source due to HTTP dissector, which was
+ spewing too much output
+- Related: #1011339
+
+* Fri Jan 24 2014 Daniel Mach - 1.10.3-7
+- Mass rebuild 2014-01-24
+
+* Mon Jan 13 2014 Peter Hatina - 1.10.3-6
+- stack-protector-all replaced by stack-protector-strong
+- Resolves: #1048907
+
+* Fri Dec 27 2013 Daniel Mach - 1.10.3-5
+- Mass rebuild 2013-12-27
+
+* Thu Dec 19 2013 Peter Hatina 1.10.3-4
+- security patches
+- Resolves: CVE-2013-7112
+ CVE-2013-7113
+ CVE-2013-7114
+
+* Wed Dec 11 2013 Peter Hatina 1.10.3-3
+- fix tshark's name resolving flags error string
+- Resolves: #1004250
+
+* Tue Nov 5 2013 Peter Hatina 1.10.3-2
+- harden dumpcap capabilities
+- Resolves: #1022378
+
+* Tue Nov 5 2013 Peter Hatina 1.10.3-1
+- upgrade to 1.10.3
+- see http://www.wireshark.org/docs/relnotes/wireshark-1.10.3.html
+- Resolves: #1026649
+ CVE-2013-6336
+ CVE-2013-6337
+ CVE-2013-6338
+ CVE-2013-6339
+ CVE-2013-6340
+
+* Tue Sep 24 2013 Peter Hatina 1.10.2-6
+- fix memory leak when reassemblying a packet
+- Resolves: #1011339
+
+* Thu Sep 19 2013 Peter Hatina 1.10.2-5
+- fix config.h conflict
+- Resolves: #881273
+
+* Fri Sep 13 2013 Peter Hatina 1.10.2-4
+- fix desktop file entries
+
+* Fri Sep 13 2013 Peter Hatina 1.10.2-3
+- fix description, Gnome 3
+
+* Fri Sep 13 2013 Peter Hatina 1.10.2-2
+- new sources
+
+* Thu Sep 12 2013 Peter Hatina 1.10.2-1
+- upgrade to 1.10.2
+- see http://www.wireshark.org/docs/relnotes/wireshark-1.10.2.html
+
+* Tue Sep 10 2013 Peter Hatina 1.10.0-9
+- security patches
+- Resolves: CVE-2013-4927
+ CVE-2013-4931
+ CVE-2013-4932
+ CVE-2013-4933
+ CVE-2013-4934
+ CVE-2013-4935
+ CVE-2013-4936
+ CVE-2013-4083
+ CVE-2013-3557
+
+* Mon Sep 9 2013 Peter Hatina 1.10-0-8
+- fix missing ws_symbol_export.h
+
+* Fri Jul 26 2013 Peter Hatina 1.10.0-7
+- fix tap iostat overflow
+
+* Fri Jul 26 2013 Peter Hatina 1.10.0-6
+- fix sctp bytes graph crash
+
+* Fri Jul 26 2013 Peter Hatina 1.10.0-5
+- fix string overrin in plugins/profinet
+
+* Fri Jul 26 2013 Peter Hatina 1.10.0-4
+- fix pod2man encoding issues
+
+* Fri Jul 26 2013 Peter Hatina 1.10.0-3
+- fix BuildRequires - libgcrypt-devel
+
+* Mon Jun 17 2013 Peter Hatina 1.10.0-2
+- fix flow graph crash
+
+* Mon Jun 17 2013 Peter Hatina 1.10.0-1
+- upgrade to 1.10.0
+- see http://www.wireshark.org/docs/relnotes/wireshark-1.10.0.html
+
+* Wed Mar 27 2013 Peter Hatina 1.8.6-4
+- fix capture crash (#894753)
+
+* Tue Mar 19 2013 Peter Hatina 1.8.6-3
+- fix dns resolving crash (#908211)
+
+* Mon Mar 18 2013 Peter Hatina 1.8.6-2
+- return to gtk2, stable branch 1.8 is not gtk3 ready
+
+* Tue Mar 12 2013 Peter Hatina 1.8.6-1
+- upgrade to 1.8.6
+- see http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html
+
+* Sun Feb 10 2013 Parag Nemade - 1.8.5-3
+- Remove vendor tag from desktop file as per https://fedorahosted.org/fesco/ticket/1077
+
+* Tue Feb 05 2013 Peter Hatina - 1.8.5-2
+- fix gtk3 layout issues
+- NOTE: there may be some windows with broken layouts left
+
+* Thu Jan 31 2013 Peter Hatina - 1.8.5-1
+- upgrade to 1.8.5
+- see http://www.wireshark.org/docs/relnotes/wireshark-1.8.5.html
+
+* Mon Dec 03 2012 Peter Hatina - 1.8.4-1
+- upgrade to 1.8.4
+- see http://www.wireshark.org/docs/relnotes/wireshark-1.8.4.html
+
+* Tue Oct 16 2012 Peter Hatina - 1.8.3-2
+- backport dissector table fix
+- TODO: remove this after new release
+
+* Thu Oct 11 2012 Peter Hatina - 1.8.3-1
+- upgrade to 1.8.3
+- see http://www.wireshark.org/docs/relnotes/wireshark-1.8.3.html
+
+* Tue Sep 4 2012 Jan Safranek - 1.8.2-3
+- added back compatibility with RHEL6
+- GeoIP build dependency made also conditional on with_GeoIP variable
+
+* Wed Aug 29 2012 Jan Safranek - 1.8.2-2
+- fixed "libwireshark.so.1: cannot open shared object file" error
+ message on startup
+
+* Thu Aug 16 2012 Jan Safranek - 1.8.2-1
+- upgrade to 1.8.2
+- see http://www.wireshark.org/docs/relnotes/wireshark-1.8.2.html
+
+* Fri Jul 27 2012 Fedora Release Engineering - 1.8.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Tue Jul 24 2012 Jan Safranek - 1.8.1-1
+- upgrade to 1.8.1
+- see http://www.wireshark.org/docs/relnotes/wireshark-1.8.1.html
+
+* Mon Jun 25 2012 Jan Safranek - 1.8.0
+- upgrade to 1.8.0
+- see http://www.wireshark.org/docs/relnotes/wireshark-1.8.0.html
+
+* Wed May 23 2012 Jan Safranek - 1.6.8-1
+- upgrade to 1.6.8
+- see http://www.wireshark.org/docs/relnotes/wireshark-1.6.8.html
+
+* Mon May 21 2012 Jan Safranek - 1.6.7-2
+- Removed dependency on GeoIP on RHEL.
+
+* Tue Apr 10 2012 Jan Safranek - 1.6.7-1
+- upgrade to 1.6.7
+- see http://www.wireshark.org/docs/relnotes/wireshark-1.6.7.html
+
+* Wed Mar 28 2012 Jan Safranek - 1.6.6-1
+- upgrade to 1.6.6
+- see http://www.wireshark.org/docs/relnotes/wireshark-1.6.6.html
+
+* Fri Mar 9 2012 Jan Safranek - 1.6.5-2
+- fixed wireshark crashing when using combo box in import dialog (#773290)
+- added AES support into netlogon dissector
+
+* Wed Jan 11 2012 Jan Safranek - 1.6.5-1
+- upgrade to 1.6.5
+- see http://www.wireshark.org/docs/relnotes/wireshark-1.6.5.html
+
+* Fri Dec 2 2011 Jan Safranek - 1.6.4-1
+- upgrade to 1.6.4
+- see http://www.wireshark.org/docs/relnotes/wireshark-1.6.4.html
+- build with c-ares and libpcap (#759305)
+- fixed display of error message boxes on startup in gnome3 (#752559)
+
+* Mon Nov 14 2011 Jan Safranek - 1.6.3-2
+- added dependency on shadow-utils (#753293)
+- removed usermode support
+
+* Wed Nov 2 2011 Jan Safranek - 1.6.3-1
+- upgrade to 1.6.3
+- see http://www.wireshark.org/docs/relnotes/wireshark-1.6.3.html
+
+* Wed Oct 26 2011 Fedora Release Engineering - 1.6.2-5
+- Rebuilt for glibc bug#747377
+
+* Fri Oct 21 2011 Jan Safranek - 1.6.2-4
+- updated autoconf macros and pkgconfig file in wireshark-devel to reflect
+ current config.h (#746655)
+
+* Mon Oct 17 2011 Steve Dickson - 1.6.2-3
+- Fixed a regression introduce by upstream patch r38306
+ which caused v4.1 traffic not to be displayed.
+- Added v4 error status to packet detail window.
+
+* Tue Sep 13 2011 Jan Safranek - 1.6.2-2
+- fixed spelling of the security message (#737270)
+
+* Fri Sep 9 2011 Jan Safranek - 1.6.2-1
+- upgrade to 1.6.2
+- see http://www.wireshark.org/docs/relnotes/wireshark-1.6.2.html
+
+
+* Thu Jul 21 2011 Jan Safranek - 1.6.1-1
+- upgrade to 1.6.1
+- see http://www.wireshark.org/docs/relnotes/wireshark-1.6.1.html
+
+* Thu Jun 16 2011 Jan Safranek - 1.6.0-4
+- fixed previous incomplete fix
+
+* Thu Jun 16 2011 Jan Safranek - 1.6.0-3
+- fixed Fedora-specific message when user is not part of 'wireshark' group
+ - now it does not contain '<' and '>' characters (#713545)
+
+* Thu Jun 9 2011 Jan Safranek - 1.6.0-2
+- added wspy_dissectors directory to the package
+ - other packages can add Python plugins there
+ - as side effect, removed following message:
+ [Errno 2] No such file or directory: '/usr/lib64/wireshark/python/1.6.0/wspy_dissectors'
+- enabled zlib support
+
+* Wed Jun 8 2011 Jan Safranek - 1.6.0-1
+- upgrade to 1.6.0
+- see http://www.wireshark.org/docs/relnotes/wireshark-1.6.0.html
+
+* Thu Jun 2 2011 Jan Safranek - 1.4.7-1
+- upgrade to 1.4.7
+- see http://www.wireshark.org/docs/relnotes/wireshark-1.4.7.html
+
+* Thu May 19 2011 Steve Dickson - 1.4.6-3
+- Improved the NFS4.1 patcket dissectors
+
+* Sat May 07 2011 Christopher Aillon - 1.4.6-2
+- Update icon cache scriptlet
+
+* Tue Apr 19 2011 Jan Safranek - 1.4.6-1
+- upgrade to 1.4.6
+- see http://www.wireshark.org/docs/relnotes/wireshark-1.4.6.html
+
+* Mon Apr 18 2011 Jan Safranek - 1.4.5-1
+- upgrade to 1.4.5
+- see http://www.wireshark.org/docs/relnotes/wireshark-1.4.5.html
+
+* Sun Apr 03 2011 Cosimo Cecchi - 1.4.4-2
+- Use hi-res icons
+
+* Thu Mar 3 2011 Jan Safranek - 1.4.4-1
+- upgrade to 1.4.4
+- see http://www.wireshark.org/docs/relnotes/wireshark-1.4.4.html
+
+* Mon Feb 07 2011 Fedora Release Engineering - 1.4.3-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
+
+* Mon Jan 17 2011 Jan Safranek - 1.4.3-2
+- create the 'wireshark' group as system, not user
+- add few additional header files to -devel subpackage (#671997)
+
+* Thu Jan 13 2011 Jan Safranek - 1.4.3-1
+- upgrade to 1.4.3
+- see http://www.wireshark.org/docs/relnotes/wireshark-1.4.3.html
+
+* Wed Jan 5 2011 Jan Safranek - 1.4.2-5
+- fixed buffer overflow in ENTTEC dissector (#666897)
+
+* Wed Dec 15 2010 Jan Safranek - 1.4.2-4
+- added epan/dissectors/*.h to -devel subpackage (#662969)
+
+* Mon Dec 6 2010 Jan Safranek - 1.4.2-3
+- fixed generation of man pages again (#635878)
+
+* Fri Nov 26 2010 Jan Safranek - 1.4.2-2
+- rework the Wireshark security (#657490). Remove the console helper and
+ allow only members of new 'wireshark' group to capture the packets.
+
+* Mon Nov 22 2010 Jan Safranek - 1.4.2-1
+- upgrade to 1.4.2
+- see http://www.wireshark.org/docs/relnotes/wireshark-1.4.2.html
+
+* Mon Nov 1 2010 Jan Safranek - 1.4.1-2
+- temporarily disable zlib until
+ https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4955 is resolved (#643461)
+
+* Fri Oct 22 2010 Jan Safranek - 1.4.1-1
+- upgrade to 1.4.1
+- see http://www.wireshark.org/docs/relnotes/wireshark-1.4.1.html
+- Own the %%{_libdir}/wireshark dir (#644508)
+- associate *.pcap files with wireshark (#641163)
+
+* Wed Sep 29 2010 jkeating - 1.4.0-2
+- Rebuilt for gcc bug 634757
+
+* Fri Sep 24 2010 Jan Safranek - 1.4.0-2
+- fixed generation of man pages (#635878)
+
+* Tue Aug 31 2010 Jan Safranek - 1.4.0-1
+- upgrade to 1.4.0
+- see http://www.wireshark.org/docs/relnotes/wireshark-1.4.0.html
+
+* Fri Jul 30 2010 Jan Safranek - 1.2.10-1
+- upgrade to 1.2.10
+- see http://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html
+
+* Fri Jul 30 2010 Jan Safranek - 1.2.9-4
+- Rebuilt again for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
+
+* Thu Jul 22 2010 Jan Safranek - 1.2.9-3
+- removing useless LDFLAGS (#603224)
+
+* Thu Jul 22 2010 David Malcolm - 1.2.9-2
+- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
+
+* Fri Jun 11 2010 Radek Vokal - 1.2.9-1
+- upgrade to 1.2.9
+- see http://www.wireshark.org/docs/relnotes/wireshark-1.2.9.html
+
+* Mon May 17 2010 Radek Vokal - 1.2.8-4
+- removing traling bracket from python_sitearch (#592391)
+
+* Fri May 7 2010 Radek Vokal - 1.2.8-3
+- fix patched applied without fuzz=0
+
+* Thu May 6 2010 Radek Vokal - 1.2.8-2
+- use sitearch instead of sitelib to avoid pyo and pyc conflicts
+
+* Thu May 6 2010 Radek Vokal - 1.2.8-1
+- upgrade to 1.2.8
+- see http://www.wireshark.org/docs/relnotes/wireshark-1.2.8.html
+
+* Tue Apr 6 2010 Radek Vokal - 1.2.7-2
+- rebuild with GeoIP support (needs to be turned on in IP protocol preferences)
+
+* Fri Apr 2 2010 Radek Vokal - 1.2.7-1
+- upgrade to 1.2.7
+- see http://www.wireshark.org/docs/relnotes/wireshark-1.2.7.html
+
+* Wed Mar 24 2010 Radek Vokal - 1.2.6-3
+- bring back -pie
+
+* Tue Mar 16 2010 Jeff Layton - 1.2.6-2
+- add patch to allow decode of NFSv4.0 callback channel
+- add patch to allow decode of more SMB FIND_FILE infolevels
+
+* Fri Jan 29 2010 Radek Vokal - 1.2.6-1
+- upgrade to 1.2.6
+- see http://www.wireshark.org/docs/relnotes/wireshark-1.2.6.html
+
+* Wed Jan 20 2010 Radek Vokal - 1.2.5-5
+- minor spec file tweaks for better svn checkout support (#553500)
+
+* Tue Jan 05 2010 Radek Vokál - 1.2.5-4
+- init.lua is present always and not only when lua support is enabled
+
+* Tue Jan 05 2010 Radek Vokál - 1.2.5-3
+- fix file list, init.lua is only in -devel subpackage (#552406)
+
+* Fri Dec 18 2009 Patrick Monnerat 1.2.5-2
+- Autoconf macro for plugin development.
+
+* Fri Dec 18 2009 Radek Vokal - 1.2.5-1
+- upgrade to 1.2.5
+- fixes security vulnaribilities, see http://www.wireshark.org/security/wnpa-sec-2009-09.html
+
+* Thu Dec 17 2009 Radek Vokal - 1.2.4-3
+- split -devel package (#547899, #203642, #218451)
+- removing root warning dialog (#543709)
+
+* Mon Dec 14 2009 Radek Vokal - 1.2.4-2
+- enable lua support - http://wiki.wireshark.org/Lua
+- attempt to fix filter crash on 64bits
+
+* Wed Nov 18 2009 Radek Vokal - 1.2.4-1
+- upgrade to 1.2.4
+- http://www.wireshark.org/docs/relnotes/wireshark-1.2.4.html
+
+* Fri Oct 30 2009 Radek Vokal - 1.2.3-1
+- upgrade to 1.2.3
+- http://www.wireshark.org/docs/relnotes/wireshark-1.2.3.html
+
+* Mon Sep 21 2009 Radek Vokal - 1.2.2-1
+- upgrade to 1.2.2
+- http://www.wireshark.org/docs/relnotes/wireshark-1.2.2.html
+
+* Mon Sep 14 2009 Bill Nottingham - 1.2.1-5
+- do not use portaudio in RHEL
+
+* Fri Aug 28 2009 Radek Vokal - 1.2.1-4
+- yet anohter rebuilt
+
+* Fri Aug 21 2009 Tomas Mraz - 1.2.1-3
+- rebuilt with new openssl
+
+* Mon Jul 27 2009 Fedora Release Engineering - 1.2.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Wed Jul 22 2009 Radek Vokal - 1.2.1
+- upgrade to 1.2.1
+- http://www.wireshark.org/docs/relnotes/wireshark-1.2.1.html
+
+* Tue Jun 16 2009 Radek Vokal - 1.2.0
+- upgrade to 1.2.0
+- http://www.wireshark.org/docs/relnotes/wireshark-1.2.0.html
+
+* Fri May 22 2009 Radek Vokal - 1.1.4-0.pre1
+- update to latest development build
+
+* Thu Mar 26 2009 Radek Vokal - 1.1.3-1
+- upgrade to 1.1.3
+
+* Thu Mar 26 2009 Radek Vokal - 1.1.2-4.pre1
+- fix libsmi support
+
+* Wed Feb 25 2009 Fedora Release Engineering - 1.1.2-3.pre1
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+
+* Mon Feb 16 2009 Radek Vokal - 1.1.2-2.pre1
+- add netdump support
+
+* Sun Feb 15 2009 Steve Dickson - 1.1.2-1.pre1
+- NFSv4.1: Add support for backchannel decoding
+
+* Mon Jan 19 2009 Radek Vokal - 1.1.2-0.pre1
+- upgrade to latest development release
+- added support for portaudio (#480195)
+
+* Sun Jan 18 2009 Tomas Mraz - 1.1.1-0.pre1.2
+- rebuild with new openssl
+
+* Sat Nov 29 2008 Ignacio Vazquez-Abrams - 1.1.1-0.pre1.1
+- Rebuild for Python 2.6
+
+* Thu Nov 13 2008 Radek Vokál 1.1.1-0.pre1
+- upgrade to 1.1.1 development branch
+
+* Wed Sep 10 2008 Radek Vokál 1.0.3-1
+- upgrade to 1.0.3
+- Security-related bugs in the NCP dissector, zlib compression code, and Tektronix .rf5 file parser have been fixed.
+- WPA group key decryption is now supported.
+- A bug that could cause packets to be wrongly dissected as "Redback Lawful Intercept" has been fixed.
+
+* Mon Aug 25 2008 Radek Vokál 1.0.2-3
+- fix requires for wireshark-gnome
+
+* Thu Jul 17 2008 Steve Dickson 1.0.2-2
+- Added patches to support NFSv4.1
+
+* Fri Jul 11 2008 Radek Vokál 1.0.2-1
+- upgrade to 1.0.2
+
+* Tue Jul 8 2008 Radek Vokál 1.0.1-1
+- upgrade to 1.0.1
+
+* Sun Jun 29 2008 Dennis Gilmore 1.0.0-3
+- add sparc arches to -fPIE
+- rebuild for new gnutls
+
+* Tue Apr 1 2008 Radek Vokál 1.0.0-2
+- fix BuildRequires - python, yacc, bison
+
+* Tue Apr 1 2008 Radek Vokál 1.0.0-1
+- April Fools' day upgrade to 1.0.0
+
+* Tue Feb 19 2008 Fedora Release Engineering - 0.99.7-3
+- Autorebuild for GCC 4.3
+
+* Wed Dec 19 2007 Radek Vokál 0.99.7-2
+- fix crash in unprivileged mode (#317681)
+
+* Tue Dec 18 2007 Radek Vokál 0.99.7-1
+- upgrade to 0.99.7
+
+* Fri Dec 7 2007 Radek Vokál 0.99.7-0.pre2.1
+- rebuilt for openssl
+
+* Mon Nov 26 2007 Radek Vokal 0.99.7-0.pre2
+- switch to libsmi from net-snmp
+- disable ADNS due to its lack of Ipv6 support
+- 0.99.7 prerelease 2
+
+* Tue Nov 20 2007 Radek Vokal 0.99.7-0.pre1
+- upgrade to 0.99.7 pre-release
+
+* Wed Sep 19 2007 Radek Vokál 0.99.6-3
+- fixed URL
+
+* Thu Aug 23 2007 Radek Vokál 0.99.6-2
+- rebuilt
+
+* Mon Jul 9 2007 Radek Vokal 0.99.6-1
+- upgrade to 0.99.6 final
+
+* Fri Jun 15 2007 Radek Vokál 0.99.6-0.pre2
+- another pre-release
+- turn on ADNS support
+
+* Wed May 23 2007 Radek Vokál 0.99.6-0.pre1
+- update to pre1 of 0.99.6 release
+
+* Mon Feb 5 2007 Radek Vokál 0.99.5-1
+- multiple security issues fixed (#227140)
+- CVE-2007-0459 - The TCP dissector could hang or crash while reassembling HTTP packets
+- CVE-2007-0459 - The HTTP dissector could crash.
+- CVE-2007-0457 - On some systems, the IEEE 802.11 dissector could crash.
+- CVE-2007-0456 - On some systems, the LLT dissector could crash.
+
+* Mon Jan 15 2007 Radek Vokal 0.99.5-0.pre2
+- another 0.99.5 prerelease, fix build bug and pie flags
+
+* Tue Dec 12 2006 Radek Vokal 0.99.5-0.pre1
+- update to 0.99.5 prerelease
+
+* Thu Dec 7 2006 Jeremy Katz - 0.99.4-5
+- rebuild for python 2.5
+
+* Tue Nov 28 2006 Radek Vokal 0.99.4-4
+- rebuilt for new libpcap and net-snmp
+
+* Thu Nov 23 2006 Radek Vokal 0.99.4-3
+- add htmlview to Buildrequires to be picked up by configure scripts (#216918)
+
+* Tue Nov 7 2006 Radek Vokal 0.99.4-2.fc7
+- Requires: net-snmp for the list of MIB modules
+
+* Wed Nov 1 2006 Radek Vokál 0.99.4-1
+- upgrade to 0.99.4 final
+
+* Tue Oct 31 2006 Radek Vokál 0.99.4-0.pre2
+- upgrade to 0.99.4pre2
+
+* Tue Oct 10 2006 Radek Vokal 0.99.4-0.pre1
+- upgrade to 0.99.4-0.pre1
+
+* Fri Aug 25 2006 Radek Vokál 0.99.3-1
+- upgrade to 0.99.3
+- Wireshark 0.99.3 fixes the following vulnerabilities:
+- the SCSI dissector could crash. Versions affected: CVE-2006-4330
+- the IPsec ESP preference parser was susceptible to off-by-one errors. CVE-2006-4331
+- a malformed packet could make the Q.2931 dissector use up available memory. CVE-2006-4333
+
+* Tue Jul 18 2006 Radek Vokál