diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..2b485dc --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +SOURCES/wireshark-1.10.14.tar.bz2 +SOURCES/wiresharkdoc-256x256.png +SOURCES/wiresharkdoc-32x32.png +SOURCES/wiresharkdoc-48x48.png diff --git a/.wireshark.metadata b/.wireshark.metadata new file mode 100644 index 0000000..a92f041 --- /dev/null +++ b/.wireshark.metadata @@ -0,0 +1,4 @@ +47c359dc1b9791d2091887a26fdba65f4a7ef3b8 SOURCES/wireshark-1.10.14.tar.bz2 +270551daad7666a3203647d3f340cee221976634 SOURCES/wiresharkdoc-256x256.png +a0c5d9f7540f9f63fbdce7047845bfe667dacb79 SOURCES/wiresharkdoc-32x32.png +278fb6ed0c8c02c3690ff8b813e9fd32aa79e975 SOURCES/wiresharkdoc-48x48.png diff --git a/README.md b/README.md deleted file mode 100644 index 0e7897f..0000000 --- a/README.md +++ /dev/null @@ -1,5 +0,0 @@ -The master branch has no content - -Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6 - -If you find this file in a distro specific branch, it means that no content has been checked in yet diff --git a/SOURCES/config.h b/SOURCES/config.h new file mode 100644 index 0000000..0c29e39 --- /dev/null +++ b/SOURCES/config.h @@ -0,0 +1,35 @@ +/* + * Copyright (C) 2013 Red Hat, Inc. All rights reserved. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of + * the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + * Authors: Peter Hatina + */ + +#ifndef __CONFIG_H__ +#define __CONFIG_H__ + +# include + +# if defined(__i386__) || defined(__i486__) || defined(__i586__) || defined(__i686__) +# include "config-x86.h" +# elif __WORDSIZE == 32 +# include "config-32.h" +# elif __WORDSIZE == 64 +# include "config-64.h" +# else +# error "Not supported architecture" +# endif + +#endif // __CONFIG_H__ diff --git a/SOURCES/wireshark-1.10.0-CVE-2013-3557.patch b/SOURCES/wireshark-1.10.0-CVE-2013-3557.patch new file mode 100644 index 0000000..c28067d --- /dev/null +++ b/SOURCES/wireshark-1.10.0-CVE-2013-3557.patch @@ -0,0 +1,25 @@ +diff --git a/epan/dissectors/packet-ber.c b/epan/dissectors/packet-ber.c +index 7dcfd42..adf01bd 100644 +--- a/epan/dissectors/packet-ber.c ++++ b/epan/dissectors/packet-ber.c +@@ -3503,6 +3503,10 @@ printf("CHOICE dissect_ber_old_choice(%s) entered len:%d\n", name, tvb_length_re + #endif + start_offset = offset; + ++ if (branch_taken) { ++ *branch_taken = -1; ++ } ++ + if (tvb_length_remaining(tvb, offset) == 0) { + item = proto_tree_add_string_format( + parent_tree, hf_ber_error, tvb, offset, 0, "empty_choice", +@@ -3545,9 +3549,6 @@ printf("CHOICE dissect_ber_old_choice(%s) entered len:%d\n", name, tvb_length_re + /* loop over all entries until we find the right choice or + run out of entries */ + ch = choice; +- if (branch_taken) { +- *branch_taken = -1; +- } + first_pass = TRUE; + while (ch->func || first_pass) { + if (branch_taken) { diff --git a/SOURCES/wireshark-1.10.10-CVE-2014-6425.patch b/SOURCES/wireshark-1.10.10-CVE-2014-6425.patch new file mode 100644 index 0000000..34c37ce --- /dev/null +++ b/SOURCES/wireshark-1.10.10-CVE-2014-6425.patch @@ -0,0 +1,22 @@ +diff --git a/epan/dissectors/packet-cups.c b/epan/dissectors/packet-cups.c +index 6f60d9f..bcb8e37 100644 +--- a/epan/dissectors/packet-cups.c ++++ b/epan/dissectors/packet-cups.c +@@ -280,7 +280,7 @@ get_quoted_string(tvbuff_t *tvb, gint offset, gint *next_offset, guint *len) + if (o != -1) { + offset++; + l = o - offset; +- s = tvb_get_ptr(tvb, offset, l); ++ s = tvb_get_ephemeral_string_enc(tvb, offset, l, ENC_ASCII); + offset = o + 1; + } + } +@@ -301,7 +301,7 @@ get_unquoted_string(tvbuff_t *tvb, gint offset, gint *next_offset, guint *len) + o = tvb_pbrk_guint8(tvb, offset, -1, " \t\r\n", NULL); + if (o != -1) { + l = o - offset; +- s = tvb_get_ptr(tvb, offset, l); ++ s = tvb_get_ephemeral_string_enc(tvb, offset, l, ENC_ASCII); + offset = o; + } + diff --git a/SOURCES/wireshark-1.10.10-CVE-2014-6426.patch b/SOURCES/wireshark-1.10.10-CVE-2014-6426.patch new file mode 100644 index 0000000..df7bd83 --- /dev/null +++ b/SOURCES/wireshark-1.10.10-CVE-2014-6426.patch @@ -0,0 +1,13 @@ +diff --git a/epan/dissectors/packet-hip.c b/epan/dissectors/packet-hip.c +index 7aa6489..463d6b2 100644 +--- a/epan/dissectors/packet-hip.c ++++ b/epan/dissectors/packet-hip.c +@@ -653,7 +653,7 @@ dissect_hip_tlv(tvbuff_t *tvb, int offset, proto_item *ti, int type, int tlv_len + newoffset += (1 + tvb_get_guint8(tvb, newoffset + 2)); + tlv_len -= (1 + tvb_get_guint8(tvb, newoffset + 2)); + } +- if (ti_loc) { ++ if (locator_type <= 2) { + ti_loc = proto_item_add_subtree(ti_loc, ett_hip_locator_data); + /* Traffic type */ + proto_tree_add_item(ti_loc, hf_hip_tlv_locator_traffic_type, tvb, diff --git a/SOURCES/wireshark-1.10.14-CVE-2015-3182.patch b/SOURCES/wireshark-1.10.14-CVE-2015-3182.patch new file mode 100644 index 0000000..71edb63 --- /dev/null +++ b/SOURCES/wireshark-1.10.14-CVE-2015-3182.patch @@ -0,0 +1,12 @@ +diff --git a/epan/dissectors/packet-dec-dnart.c b/epan/dissectors/packet-dec-dnart.c +index 79a15ca..a9622bb 100644 +--- a/epan/dissectors/packet-dec-dnart.c ++++ b/epan/dissectors/packet-dec-dnart.c +@@ -52,6 +52,7 @@ + #include + #include + #include ++#include + #include + #include + diff --git a/SOURCES/wireshark-1.10.14-CVE-2015-3810.patch b/SOURCES/wireshark-1.10.14-CVE-2015-3810.patch new file mode 100644 index 0000000..caeedb7 --- /dev/null +++ b/SOURCES/wireshark-1.10.14-CVE-2015-3810.patch @@ -0,0 +1,172 @@ +diff --git a/epan/dissectors/packet-http.c b/epan/dissectors/packet-http.c +index 225a7eb..e3e81f7 100644 +--- a/epan/dissectors/packet-http.c ++++ b/epan/dissectors/packet-http.c +@@ -2625,6 +2625,10 @@ dissect_http(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) + } else { + while (tvb_reported_length_remaining(tvb, offset) != 0) { + if (conv_data->upgrade == UPGRADE_WEBSOCKET && pinfo->fd->num >= conv_data->startframe) { ++ /* Websockets is a stream of data, preserve ++ * desegmentation functionality. */ ++ if (pinfo->can_desegment > 0) ++ pinfo->can_desegment++; + call_dissector_only(websocket_handle, tvb_new_subset_remaining(tvb, offset), pinfo, tree, NULL); + break; + } +diff --git a/epan/dissectors/packet-websocket.c b/epan/dissectors/packet-websocket.c +index e02825d..561e206 100644 +--- a/epan/dissectors/packet-websocket.c ++++ b/epan/dissectors/packet-websocket.c +@@ -31,6 +31,7 @@ + #include + #include + ++#include "packet-tcp.h" + + /* + * The information used comes from: +@@ -152,7 +153,7 @@ tvb_unmasked(tvbuff_t *tvb, const guint offset, guint payload_length, const guin + } + + static int +-dissect_websocket_payload(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, proto_tree *ws_tree, guint8 opcode, guint payload_length, guint8 mask, const guint8* masking_key) ++dissect_websocket_payload(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, proto_tree *ws_tree, guint8 opcode, guint payload_length, gboolean mask, const guint8* masking_key) + { + guint offset = 0; + proto_item *ti_unmask, *ti; +@@ -301,65 +302,35 @@ dissect_websocket_payload(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, p + } + + +-static int +-dissect_websocket(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_) ++static void ++dissect_websocket_frame(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) + { + proto_item *ti, *ti_len; +- guint8 fin, opcode, mask; +- guint length, short_length, payload_length, recurse_length; +- guint payload_offset, mask_offset, recurse_offset; ++ guint8 fin, opcode; ++ gboolean mask; ++ guint short_length, payload_length; ++ guint payload_offset, mask_offset; + proto_tree *ws_tree = NULL; + const guint8 *masking_key = NULL; + tvbuff_t *tvb_payload = NULL; + +- length = tvb_length(tvb); +- if(length<2){ +- pinfo->desegment_len = 2; +- return 0; +- } +- + short_length = tvb_get_guint8(tvb, 1) & MASK_WS_PAYLOAD_LEN; ++ mask_offset = 2; + if(short_length==126){ +- if(length < 2+2){ +- pinfo->desegment_len = 2+2; +- return 0; +- } + payload_length = tvb_get_ntohs(tvb, 2); +- mask_offset = 2+2; +- } +- else if(short_length==127){ +- if(length < 2+8){ +- pinfo->desegment_len = 2+8; +- return 0; +- } +- /* warning C4244: '=' : conversion from 'guint64' to 'guint ', possible loss of data */ ++ mask_offset += 2; ++ } else if (short_length==127) { ++ /* warning C4244: '=' : conversion from 'guint64' to 'guint ', possible loss of data */ + payload_length = (guint)tvb_get_ntoh64(tvb, 2); +- mask_offset = 2+8; +- } +- else{ ++ mask_offset += 8; ++ } else { + payload_length = short_length; +- mask_offset = 2; + } + + /* Mask */ +- mask = (tvb_get_guint8(tvb, 1) & MASK_WS_MASK) >> 4; ++ mask = (tvb_get_guint8(tvb, 1) & MASK_WS_MASK) != 0; + payload_offset = mask_offset + (mask ? 4 : 0); + +- if (payload_offset + payload_length < payload_length) { +- /* Integer overflow, which means the packet contains a ridiculous +- * payload length. Just take what we've got available. +- * See bug https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8448 */ +- payload_length = tvb_reported_length_remaining(tvb, payload_offset); +- } +- +- if(length < payload_offset + payload_length){ +- /* XXXX Warning desegment_len is 32 bits */ +- pinfo->desegment_len = payload_offset + payload_length - length; +- return 0; +- } +- +- /* We've got the entire message! */ +- + col_set_str(pinfo->cinfo, COL_PROTOCOL, "WebSocket"); + col_set_str(pinfo->cinfo, COL_INFO, "WebSocket"); + +@@ -402,18 +373,49 @@ dissect_websocket(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *dat + + tvb_payload = tvb_new_subset_remaining(tvb, payload_offset); + dissect_websocket_payload(tvb_payload, pinfo, tree, ws_tree, opcode, payload_length, mask, masking_key); ++} ++ ++static guint ++get_websocket_frame_length(packet_info *pinfo _U_, tvbuff_t *tvb, int offset) ++{ ++ guint frame_length, payload_length; ++ gboolean mask; ++ ++ frame_length = 2; /* flags, opcode and Payload length */ ++ mask = tvb_get_guint8(tvb, offset + 1) & MASK_WS_MASK; ++ ++ payload_length = tvb_get_guint8(tvb, offset + 1) & MASK_WS_PAYLOAD_LEN; ++ offset += 2; /* Skip flags, opcode and Payload length */ + +- /* Call this function recursively, to see if we have enough data to parse another websocket message */ ++ /* Check for Extended Payload Length. */ ++ if (payload_length == 126) { ++ if (tvb_reported_length_remaining(tvb, offset) < 2) ++ return 0; /* Need more data. */ + +- recurse_offset = payload_offset + payload_length; +- if(length > recurse_offset){ +- recurse_length = dissect_websocket(tvb_new_subset_remaining(tvb, payload_offset+payload_length), pinfo, tree, data); +- if(pinfo->desegment_len) pinfo->desegment_offset += recurse_offset; +- return recurse_offset + recurse_length; ++ payload_length = tvb_get_ntohs(tvb, offset); ++ frame_length += 2; /* Extended payload length */ ++ } else if (payload_length == 127) { ++ if (tvb_reported_length_remaining(tvb, offset) < 8) ++ return 0; /* Need more data. */ ++ ++ payload_length = (guint)tvb_get_ntoh64(tvb, offset); ++ frame_length += 8; /* Extended payload length */ + } +- return recurse_offset; ++ ++ if (mask) ++ frame_length += 4; /* Masking-key */ ++ frame_length += payload_length; /* Payload data */ ++ return frame_length; + } + ++static int ++dissect_websocket(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_) ++{ ++ /* Need at least two bytes for flags, opcode and Payload length. */ ++ tcp_dissect_pdus(tvb, pinfo, tree, TRUE, 2, ++ get_websocket_frame_length, dissect_websocket_frame); ++ return tvb_length(tvb); ++} + + void + proto_register_websocket(void) diff --git a/SOURCES/wireshark-1.10.14-CVE-2015-3813.patch b/SOURCES/wireshark-1.10.14-CVE-2015-3813.patch new file mode 100644 index 0000000..13a010b --- /dev/null +++ b/SOURCES/wireshark-1.10.14-CVE-2015-3813.patch @@ -0,0 +1,18 @@ +diff --git a/epan/reassemble.c b/epan/reassemble.c +index 5ff9dcf..0838cb1 100644 +--- a/epan/reassemble.c ++++ b/epan/reassemble.c +@@ -1008,9 +1008,11 @@ fragment_add_work(fragment_data *fd_head, tvbuff_t *tvb, const int offset, + + /* If we have reached this point, the packet is not defragmented yet. + * Save all payload in a buffer until we can defragment. +- * XXX - what if we didn't capture the entire fragment due +- * to a too-short snapshot length? + */ ++ if (!tvb_bytes_exist(tvb, offset, fd->len)) { ++ g_slice_free(fragment_data, fd); ++ THROW(BoundsError); ++ } + fd->data = (unsigned char *)g_malloc(fd->len); + tvb_memcpy(tvb, fd->data, offset, fd->len); + LINK_FRAG(fd_head,fd); diff --git a/SOURCES/wireshark-1.10.14-CVE-2015-6243.patch b/SOURCES/wireshark-1.10.14-CVE-2015-6243.patch new file mode 100644 index 0000000..131cce4 --- /dev/null +++ b/SOURCES/wireshark-1.10.14-CVE-2015-6243.patch @@ -0,0 +1,12 @@ +diff --git a/epan/packet.c b/epan/packet.c +index 1ad0320..179011e 100644 +--- a/epan/packet.c ++++ b/epan/packet.c +@@ -1266,6 +1266,7 @@ dissector_get_string_handle(dissector_table_t sub_dissectors, + { + dtbl_entry_t *dtbl_entry; + ++ if (!string) return 0; + dtbl_entry = find_string_dtbl_entry(sub_dissectors, string); + if (dtbl_entry != NULL) + return dtbl_entry->current; diff --git a/SOURCES/wireshark-1.10.14-CVE-2015-6244.patch b/SOURCES/wireshark-1.10.14-CVE-2015-6244.patch new file mode 100644 index 0000000..e3ea1e6 --- /dev/null +++ b/SOURCES/wireshark-1.10.14-CVE-2015-6244.patch @@ -0,0 +1,51 @@ +diff --git a/epan/dissectors/packet-zbee-security.c b/epan/dissectors/packet-zbee-security.c +index 14fdb0a..34bc1a8 100644 +--- a/epan/dissectors/packet-zbee-security.c ++++ b/epan/dissectors/packet-zbee-security.c +@@ -590,11 +590,9 @@ dissect_zbee_secure(tvbuff_t *tvb, packet_info *pinfo, proto_tree* tree, guint o + } + + /* Check for null payload. */ +- if ( !(payload_len = tvb_reported_length_remaining(tvb, offset+mic_len)) ) { ++ payload_len = tvb_captured_length_remaining(tvb, offset+mic_len); ++ if (payload_len == 0) + return NULL; +- } else if ( payload_len < 0 ) { +- THROW(ReportedBoundsError); +- } + + /********************************************** + * Perform Security Operations on the Frame * +@@ -606,10 +604,31 @@ dissect_zbee_secure(tvbuff_t *tvb, packet_info *pinfo, proto_tree* tree, guint o + (packet.level == ZBEE_SEC_MIC128)) { + + /* Payload is only integrity protected. Just return the sub-tvbuff. */ +- return tvb_new_subset(tvb, offset, payload_len, payload_len); ++ return tvb_new_subset_length(tvb, offset, payload_len); + } + + #ifdef HAVE_LIBGCRYPT ++ /* Have we captured all the payload? */ ++ if (tvb_length_remaining(tvb, offset+mic_len) < payload_len) { ++ /* ++ * No - don't try to decrypt it. ++ * ++ * XXX - it looks as if the decryption code is assuming we have the ++ * MIC, which won't be the case if the packet was cut short. Is ++ * that in fact that case, or can we still make this work with a ++ * partially-captured packet? ++ */ ++ /* Add expert info. */ ++ expert_add_info_format(pinfo, sec_tree, PI_UNDECODED, PI_WARN, ++ "Encrypted payload, cut short when capturing - can't decrypt"); ++ /* Create a buffer for the undecrypted payload. */ ++ payload_tvb = tvb_new_subset_length(tvb, offset, payload_len); ++ /* Dump the payload to the data dissector. */ ++ call_dissector(data_handle, payload_tvb, pinfo, tree); ++ /* Couldn't decrypt, so return NULL. */ ++ return NULL; ++ } ++ + /* Allocate memory to decrypt the payload into. */ + dec_buffer = (guint8 *)g_malloc(payload_len); + diff --git a/SOURCES/wireshark-1.10.14-CVE-2015-6245.patch b/SOURCES/wireshark-1.10.14-CVE-2015-6245.patch new file mode 100644 index 0000000..7f687ef --- /dev/null +++ b/SOURCES/wireshark-1.10.14-CVE-2015-6245.patch @@ -0,0 +1,76 @@ +diff --git a/epan/dissectors/packet-gsm_rlcmac.c b/epan/dissectors/packet-gsm_rlcmac.c +index e4eac08..7a783ef 100644 +--- a/epan/dissectors/packet-gsm_rlcmac.c ++++ b/epan/dissectors/packet-gsm_rlcmac.c +@@ -60,7 +60,7 @@ + /* private typedefs */ + typedef struct + { +- guint8 offset; ++ gint offset; + guint8 li; + }length_indicator_t; + +@@ -6737,10 +6737,11 @@ static const value_string gsm_rlcmac_t3192_vals[] = { + { 0, NULL} + }; + +-static guint8 construct_gprs_data_segment_li_array(tvbuff_t *tvb, proto_tree *tree, packet_info *pinfo, guint8 initial_offset, guint8 *li_count, length_indicator_t *li_array, guint64 *e) ++static gint construct_gprs_data_segment_li_array(tvbuff_t *tvb, proto_tree *tree, packet_info *pinfo, guint8 initial_offset, guint8 *li_count, length_indicator_t *li_array, guint64 *e) + { +- guint8 offset = initial_offset, li_array_size = *li_count; +- proto_item *item; ++ gint offset = initial_offset; ++ guint8 li_array_size = *li_count; ++ proto_item *item; + + *li_count = 0; + while(*e == 0) +@@ -6763,15 +6764,15 @@ static guint8 construct_gprs_data_segment_li_array(tvbuff_t *tvb, proto_tree *tr + return (offset - initial_offset); + } + +-static guint8 construct_egprs_data_segment_li_array(tvbuff_t *tvb, proto_tree *tree, packet_info *pinfo, guint8 initial_offset, guint8 *li_count, length_indicator_t *li_array, guint64 *e) ++static gint construct_egprs_data_segment_li_array(tvbuff_t *tvb, proto_tree *tree, packet_info *pinfo, guint8 initial_offset, guint8 *li_count, length_indicator_t *li_array, guint64 *e) + { +- guint8 offset = initial_offset, li_array_size = *li_count; +- proto_item *item; ++ gint offset = initial_offset; ++ guint8 li_array_size = *li_count; ++ proto_item *item; + + *li_count = 0; + while(*e == 0) + { +- DISSECTOR_ASSERT(*li_count < li_array_size); + item = proto_tree_add_bits_item(tree, hf_li, tvb, offset * 8, 7, ENC_BIG_ENDIAN); + proto_tree_add_bits_ret_val(tree, hf_e, tvb, (offset * 8) + 7, 1, e, ENC_BIG_ENDIAN); + if(*li_count < li_array_size) +@@ -7466,7 +7467,7 @@ dissect_ul_gprs_block(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, RlcMa + csnStream_t ar; + guint8 payload_type = tvb_get_bits8(tvb, 0, 2); + guint16 bit_length = tvb_length(tvb) * 8; +- guint16 bit_offset = 0; ++ gint bit_offset = 0; + length_indicator_t li_array[10]; + guint8 li_count = array_length(li_array); + +@@ -7595,7 +7596,7 @@ dissect_egprs_ul_data_block(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, + { + proto_item *ti = NULL; + proto_tree *data_tree = NULL; +- guint8 offset = 0; ++ gint offset = 0; + length_indicator_t li_array[20]; + guint8 li_count = array_length(li_array); + guint64 e, tlli_i; +@@ -7655,7 +7656,8 @@ dissect_egprs_dl_data_block(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, + { + proto_item *ti = NULL; + proto_tree *data_tree = NULL; +- guint16 offset = 0, block_number; ++ gint offset = 0; ++ guint16 block_number; + length_indicator_t li_array[20]; + guint8 li_count = array_length(li_array); + guint64 fbi, e; diff --git a/SOURCES/wireshark-1.10.14-CVE-2015-6246.patch b/SOURCES/wireshark-1.10.14-CVE-2015-6246.patch new file mode 100644 index 0000000..149fc45 --- /dev/null +++ b/SOURCES/wireshark-1.10.14-CVE-2015-6246.patch @@ -0,0 +1,32 @@ +diff --git a/epan/dissectors/packet-waveagent.c b/epan/dissectors/packet-waveagent.c +index b43cbfb..0d32ae6 100644 +--- a/epan/dissectors/packet-waveagent.c ++++ b/epan/dissectors/packet-waveagent.c +@@ -528,21 +528,20 @@ static void dissect_wa_payload(guint32 starting_offset, proto_item *parent_tree, + tag_len = tvb_get_ntohl(tvb, current_offset + 52); + + if (tag_len != 0) { +- const guint8 *tag_data_ptr; +- guint32 isr; +- +- tag_data_ptr = tvb_get_ptr (tvb, offset + 36, tag_len); ++ guint32 isr; ++ guint8 isr_value; + + for (isr = 0; isr < tag_len; isr++) { +- if (tag_data_ptr[isr] == 0xFF){ ++ isr_value = tvb_get_guint8(tvb, offset + 36 + isr); ++ if (isr_value == 0xFF){ + proto_tree_add_string (bss_tree, hf_waveagent_ifwlansupprates, tvb, offset + 36 + isr, + 1, + "BSS requires support for mandatory features of HT PHY (IEEE 802.11" + " - Clause 20)"); + } else { + ep_strbuf_append_printf(sb, "%2.1f%s ", +- (tag_data_ptr[isr] & 0x7F) * 0.5, +- (tag_data_ptr[isr] & 0x80) ? "(B)" : ""); ++ (isr_value & 0x7F) * 0.5, ++ (isr_value & 0x80) ? "(B)" : ""); + + } + } diff --git a/SOURCES/wireshark-1.10.14-CVE-2015-6248.patch b/SOURCES/wireshark-1.10.14-CVE-2015-6248.patch new file mode 100644 index 0000000..c1321a5 --- /dev/null +++ b/SOURCES/wireshark-1.10.14-CVE-2015-6248.patch @@ -0,0 +1,109 @@ +diff --git a/epan/proto.c b/epan/proto.c +index 004acb0..bf98a27 100644 +--- a/epan/proto.c ++++ b/epan/proto.c +@@ -1758,6 +1758,31 @@ proto_tree_new_item(field_info *new_fi, proto_tree *tree, + return pi; + } + ++ ++/* ++ * Validates that field length bytes are available starting from ++ * start (pos/neg). Throws an exception if they aren't. ++ */ ++static void ++test_length(header_field_info *hfinfo, tvbuff_t *tvb, ++ gint start, gint length) ++{ ++ gint size = length; ++ ++ if (!tvb) ++ return; ++ ++ if (hfinfo->type == FT_STRINGZ) { ++ /* If we're fetching until the end of the TVB, only validate ++ * that the offset is within range. ++ */ ++ if (length == -1) ++ size = 0; ++ } ++ ++ tvb_ensure_bytes_exist(tvb, start, size); ++} ++ + /* Gets data from tvbuff, adds it to proto_tree, increments offset, + and returns proto_item* */ + proto_item * +@@ -1786,6 +1811,8 @@ ptvcursor_add(ptvcursor_t *ptvc, int hfindex, gint length, + ptvc->offset += n; + } + ++ test_length(hfinfo, ptvc->tvb, offset, item_length); ++ + /* Coast clear. Try and fake it */ + TRY_TO_FAKE_THIS_ITEM(ptvc->tree, hfindex, hfinfo); + +@@ -1795,45 +1822,6 @@ ptvcursor_add(ptvcursor_t *ptvc, int hfindex, gint length, + offset, length, encoding); + } + +-/* +- * Validates that field length bytes are available starting from +- * start (pos/neg). Throws an exception if they aren't. +- */ +-static void +-test_length(header_field_info *hfinfo, proto_tree *tree, tvbuff_t *tvb, +- gint start, gint length, const guint encoding) +-{ +- gint size = length; +- +- if (!tvb) +- return; +- +- if (hfinfo->type == FT_UINT_BYTES || hfinfo->type == FT_UINT_STRING) { +- guint32 n; +- +- n = get_uint_value(tree, tvb, start, length, encoding); +- if (n > size + n) { +- /* If n > size + n then we have an integer overflow, so +- * set size to -1, which will force the +- * tvb_ensure_bytes_exist call below to throw a +- * ReportedBoundsError +- */ +- size = -1; +- } +- else { +- size += n; +- } +- } else if (hfinfo->type == FT_STRINGZ) { +- /* If we're fetching until the end of the TVB, only validate +- * that the offset is within range. +- */ +- if (length == -1) +- size = 0; +- } +- +- tvb_ensure_bytes_exist(tvb, start, size); +-} +- + /* Add an item to a proto_tree, using the text label registered to that item; + the item is extracted from the tvbuff handed to it. */ + proto_item * +@@ -1845,7 +1833,7 @@ proto_tree_add_item(proto_tree *tree, const int hfindex, tvbuff_t *tvb, + gint item_length; + + hfinfo = get_hfi_and_length(hfindex, tvb, start, &length, &item_length); +- test_length(hfinfo, tree, tvb, start, item_length, encoding); ++ test_length(hfinfo, tvb, start, item_length); + + TRY_TO_FAKE_THIS_ITEM(tree, hfindex, hfinfo); + +@@ -7540,7 +7528,7 @@ proto_tree_add_bits_item(proto_tree *tree, const int hf_index, tvbuff_t *tvb, + + octet_length = (no_of_bits + 7) >> 3; + octet_offset = bit_offset >> 3; +- test_length(hfinfo, tree, tvb, octet_offset, octet_length, encoding); ++ test_length(hfinfo, tvb, octet_offset, octet_length); + + /* Yes, we try to fake this item again in proto_tree_add_bits_ret_val() + * but only after doing a bunch more work (which we can, in the common diff --git a/SOURCES/wireshark-1.10.14-af-vsock-support.patch b/SOURCES/wireshark-1.10.14-af-vsock-support.patch new file mode 100644 index 0000000..3e1364a --- /dev/null +++ b/SOURCES/wireshark-1.10.14-af-vsock-support.patch @@ -0,0 +1,459 @@ +diff -u b/epan/dissectors/packet-vsock.c b/epan/dissectors/packet-vsock.c +--- b/epan/dissectors/packet-vsock.c ++++ b/epan/dissectors/packet-vsock.c +@@ -0,0 +1,339 @@ ++/* packet-vsock.c ++ * Routines for AF_VSOCK dissection ++ * Copyright 2016, Gerard Garcia ++ * ++ * Header definition: ++ * https://github.com/GerardGarcia/linux/blob/vsockmon/include/uapi/linux/vsockmon.h ++ * ++ * Wireshark - Network traffic analyzer ++ * By Gerald Combs ++ * Copyright 1998 Gerald Combs ++ * ++ * This program is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation; either version 2 of the License, or ++ * (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License along ++ * with this program; if not, write to the Free Software Foundation, Inc., ++ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. ++ */ ++ ++/* ++ * The AF_VSOCK socket allows zero-configuration communication between guests ++ * and hypervisors using the standard socket API. ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++ ++void proto_register_vsock(void); ++ ++static int proto_vsock = -1; ++static int vsock_address_type = -1; ++ ++/* Generic header related fields */ ++static int hf_vsock_src_cid = -1; ++static int hf_vsock_src_port = -1; ++static int hf_vsock_dst_cid = -1; ++static int hf_vsock_dst_port = -1; ++static int hf_vsock_op = -1; ++static int hf_vsock_t = -1; ++static int hf_vsock_t_len = -1; ++static int hf_vsock_reserved = -1; ++static int hf_vsock_payload = -1; ++ ++/* Virtio related fields */ ++static int hf_virtio_src_cid = -1; ++static int hf_virtio_dst_cid = -1; ++static int hf_virtio_src_port = -1; ++static int hf_virtio_dst_port = -1; ++static int hf_virtio_len = -1; ++static int hf_virtio_type = -1; ++static int hf_virtio_op = -1; ++static int hf_virtio_flags = -1; ++static int hf_virtio_buf_alloc = -1; ++static int hf_virtio_fwd_cnt = -1; ++ ++static gint ett_vsock = -1; ++static gint ett_virtio = -1; ++ ++static const value_string af_vsockmon_op_names[] = { ++ { 0, "Unknown" }, ++ { 1, "Connect" }, ++ { 2, "Disconnect" }, ++ { 3, "Control" }, ++ { 4, "Payload" }, ++ { 0, NULL } ++}; ++ ++enum af_vsockmon_t { ++ AF_VSOCK_T_UNKNOWN = 0, ++ AF_VSOCK_T_NO_INFO = 1, ++ AF_VSOCK_T_VIRTIO = 2 ++}; ++ ++static const value_string af_vsockmon_t_names[] = { ++ { 0, "Unknown" }, ++ { 1, "No info" }, ++ { 2, "Virtio" }, ++ { 0 , NULL } ++}; ++ ++static const value_string virtio_vsock_type_names[] = { ++ { 1, "Stream"}, ++ { 0, NULL } ++}; ++ ++static const value_string virtio_vsock_op_names[] = { ++ { 0, "Invalid" }, ++ { 1, "Request" }, ++ { 2, "Response" }, ++ { 3, "Rst" }, ++ { 4, "Shutdown" }, ++ { 5, "RW" }, ++ { 6, "Credit update" }, ++ { 7, "Credit response" }, ++ { 0 , NULL } ++}; ++ ++#define VSOCK_MIN_LENGTH 32 ++ ++static int vsock_addr_to_str(const address* addr, gchar *buf, int buf_len) ++{ ++ const guint8 *addrp = (const guint8 *)addr->data; ++ ++ if(pletoh64(&addrp[0])==2){ ++ g_strlcpy(buf, "host", buf_len); ++ } else { ++ g_snprintf(buf, buf_len, "%" G_GINT64_MODIFIER "u", pletoh64(&addrp[0])); ++ } ++ ++ return (int)(strlen(buf)+1); ++} ++ ++static int vsock_addr_str_len(const address* addr _U_) ++{ ++ /* 2^64 unsigned int len */ ++ return 19; ++} ++ ++static int ++dissect_vsock(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, ++ void *data _U_) ++{ ++ proto_item *ti, *virtio_ti; ++ proto_tree *vsock_tree = NULL, *virtio_tree = NULL; ++ ++ guint32 t_len, payload_len, virtio_buf_alloc, op, type, ++ virtio_fwd_cnt, virtio_op, virtio_type; ++ guint16 payload_offset = 0, offset = 0; ++ ++ if (tvb_reported_length(tvb) < VSOCK_MIN_LENGTH) ++ return 0; ++ col_set_str(pinfo->cinfo, COL_PROTOCOL, "vSocket"); ++ /* Clear column information before start parsing */ ++ col_clear(pinfo->cinfo, COL_INFO); ++ ++ /* Create top tree */ ++ ti = proto_tree_add_item(tree, proto_vsock, tvb, 0, -1, ENC_NA); ++ vsock_tree = proto_item_add_subtree(ti, ett_vsock); ++ ++ /* Parse generic header part */ ++ ++ proto_tree_add_item(vsock_tree, hf_vsock_src_cid, tvb, offset, 8, ENC_LITTLE_ENDIAN); ++ TVB_SET_ADDRESS(&pinfo->src, AT_VSOCK, tvb, offset, 8); ++ offset += 8; ++ ++ proto_tree_add_item(vsock_tree, hf_vsock_dst_cid, tvb, offset, 8, ENC_LITTLE_ENDIAN); ++ TVB_SET_ADDRESS(&pinfo->dst, AT_VSOCK, tvb, offset, 8); ++ offset += 8; ++ ++ proto_tree_add_item(vsock_tree, hf_vsock_src_port, tvb, offset, 4, ENC_LITTLE_ENDIAN); ++ offset += 4; ++ ++ proto_tree_add_item(vsock_tree, hf_vsock_dst_port, tvb, offset, 4, ENC_LITTLE_ENDIAN); ++ offset += 4; ++ ++ op = tvb_get_letohs(tvb, offset); ++ proto_tree_add_item(vsock_tree, hf_vsock_op, tvb, offset, 2, ENC_LITTLE_ENDIAN); ++ offset += 2; ++ ++ type = tvb_get_letohs(tvb, offset); ++ proto_tree_add_item(vsock_tree, hf_vsock_t, tvb, offset, 2, ENC_LITTLE_ENDIAN); ++ offset += 2; ++ ++ t_len = tvb_get_letohs(tvb, offset); ++ proto_tree_add_uint(vsock_tree, hf_vsock_t_len, tvb, offset, 2, t_len); ++ offset += 2; ++ ++ proto_tree_add_item(vsock_tree, hf_vsock_reserved, tvb, offset, 2, ENC_NA); ++ offset += 2; ++ ++ payload_offset = offset + t_len; ++ ++ ++ /* Append summary information to top tree */ ++ proto_item_append_text(ti, ", Op: %s, Transport: %s", ++ val_to_str(op, af_vsockmon_op_names, "Unknown (%d)"), ++ val_to_str(type, af_vsockmon_t_names, "Unknown (%d)")); ++ ++ /* Fill columns */ ++ col_add_fstr(pinfo->cinfo, COL_INFO, "[%s] %s", ++ val_to_str(op, af_vsockmon_op_names, "Unknown (%d)"), ++ val_to_str(type, af_vsockmon_t_names, "Unknown (%d)")); ++ ++ /* Create subtree if there is transport information */ ++ switch (type) { ++ case AF_VSOCK_T_UNKNOWN: ++ case AF_VSOCK_T_NO_INFO: ++ break; ++ case AF_VSOCK_T_VIRTIO: ++ ++ virtio_ti = proto_tree_add_text(vsock_tree, tvb, offset, 44, "Virtio transport header"); ++ virtio_tree = proto_item_add_subtree(virtio_ti, ett_vsock); ++ ++ proto_tree_add_item(virtio_tree, hf_virtio_src_cid, tvb, offset, 8, ENC_LITTLE_ENDIAN); ++ offset += 8; ++ proto_tree_add_item(virtio_tree, hf_virtio_dst_cid, tvb, offset, 8, ENC_LITTLE_ENDIAN); ++ offset += 8; ++ proto_tree_add_item(virtio_tree, hf_virtio_src_port, tvb, offset, 4, ENC_LITTLE_ENDIAN); ++ offset += 4; ++ proto_tree_add_item(virtio_tree, hf_virtio_dst_port, tvb, offset, 4, ENC_LITTLE_ENDIAN); ++ offset += 4; ++ proto_tree_add_item(virtio_tree, hf_virtio_len, tvb, offset, 4, ENC_LITTLE_ENDIAN); ++ offset += 4; ++ ++ virtio_type = tvb_get_letohs(tvb, offset); ++ proto_tree_add_item(virtio_tree, hf_virtio_type, tvb, offset, 2, ENC_LITTLE_ENDIAN); ++ offset += 2; ++ ++ virtio_op = tvb_get_letohs(tvb, offset); ++ proto_tree_add_item(virtio_tree, hf_virtio_op, tvb, offset, 2, ENC_LITTLE_ENDIAN); ++ offset += 2; ++ ++ proto_tree_add_item(virtio_tree, hf_virtio_flags, tvb, offset, 4, ENC_LITTLE_ENDIAN); ++ offset += 4; ++ ++ virtio_buf_alloc = tvb_get_letohl(tvb, offset); ++ proto_tree_add_item(virtio_tree, hf_virtio_buf_alloc, tvb, offset, 4, ENC_LITTLE_ENDIAN); ++ offset += 4; ++ ++ virtio_fwd_cnt = tvb_get_letohl(tvb, offset); ++ proto_tree_add_item(virtio_tree, hf_virtio_fwd_cnt, tvb, offset, 4, ENC_LITTLE_ENDIAN); ++ ++ /* Append virtio information */ ++ col_append_fstr(pinfo->cinfo, COL_INFO, ": %s, Op: %s, Buf alloc: %u, Fwd cnt: %u", ++ val_to_str(virtio_type, virtio_vsock_type_names, "Unknown (%d)"), ++ val_to_str(virtio_op, virtio_vsock_op_names, "Unknown (%d)"), ++ virtio_buf_alloc, virtio_fwd_cnt); ++ break; ++ } ++ ++ ++ /* Append payload */ ++ payload_len = tvb_reported_length_remaining(tvb, payload_offset); ++ if (payload_len) ++ proto_tree_add_bytes_format(vsock_tree, hf_vsock_payload, tvb, payload_offset, payload_len, ++ NULL, "Payload (%uB)", payload_len); ++ ++ return tvb_reported_length(tvb); ++} ++ ++void ++proto_register_vsock(void) ++{ ++ static hf_register_info hf[] = { ++ { &hf_vsock_src_cid, ++ {"Source cid", "vsock.src_cid", FT_UINT64, BASE_DEC, NULL, ++ 0x0, NULL, HFILL }}, ++ { &hf_vsock_dst_cid, ++ {"Destination cid", "vsock.dst_cid", FT_UINT64, BASE_DEC, NULL, ++ 0x0, NULL, HFILL }}, ++ { &hf_vsock_src_port, ++ {"Source port", "vsock.src_port", FT_UINT32, BASE_DEC, NULL, ++ 0x0, NULL, HFILL }}, ++ { &hf_vsock_dst_port, ++ {"Destination port", "vsock.dst_port", FT_UINT32, BASE_DEC, NULL, ++ 0x0, NULL, HFILL }}, ++ { &hf_vsock_op, ++ {"Operation", "vsock.op", FT_UINT16, BASE_DEC, VALS(af_vsockmon_op_names), ++ 0x0, NULL, HFILL }}, ++ { &hf_vsock_t, ++ {"Transport", "vsock.trans", FT_UINT16, BASE_DEC, VALS(af_vsockmon_t_names), ++ 0x0, NULL, HFILL }}, ++ { &hf_vsock_reserved, ++ {"Reserved", "vsock.reserved", FT_BYTES, BASE_NONE, NULL, ++ 0x0, NULL, HFILL }}, ++ { &hf_vsock_t_len, ++ {"Transport length", "vsock.trans_len", FT_UINT16, BASE_DEC, NULL, ++ 0x0, NULL, HFILL }}, ++ { &hf_vsock_payload, ++ { "Payload", "vsock.payload", FT_BYTES, BASE_NONE, NULL, ++ 0x0, NULL, HFILL}}, ++ { &hf_virtio_src_cid, ++ {"Source cid", "vsock.virtio.src_cid", FT_UINT64, BASE_DEC, NULL, ++ 0x0, NULL, HFILL }}, ++ { &hf_virtio_dst_cid, ++ {"Destination cid", "vsock.virtio.dst_cid", FT_UINT64, BASE_DEC, NULL, ++ 0x0, NULL, HFILL }}, ++ { &hf_virtio_src_port, ++ {"Source port", "vsock.virtio.src_prot", FT_UINT32, BASE_DEC, NULL, ++ 0x0, NULL, HFILL }}, ++ { &hf_virtio_dst_port, ++ {"Destination port", "vsock.virtio.dst_prot", FT_UINT32, BASE_DEC, NULL, ++ 0x0, NULL, HFILL }}, ++ { &hf_virtio_len, ++ {"Length", "vsock.virtio.len", FT_UINT32, BASE_DEC, NULL, ++ 0x0, NULL, HFILL }}, ++ { &hf_virtio_type, ++ {"Type", "vsock.virtio.type", FT_UINT16, BASE_DEC, VALS(virtio_vsock_type_names), ++ 0x0, NULL, HFILL }}, ++ { &hf_virtio_op, ++ {"Operation", "vsock.virtio.op", FT_UINT16, BASE_DEC, VALS(virtio_vsock_op_names), ++ 0x0, NULL, HFILL }}, ++ { &hf_virtio_flags, ++ {"Flags", "vsock.virtio.flags", FT_UINT32, BASE_HEX, NULL, ++ 0x0, NULL, HFILL }}, ++ { &hf_virtio_buf_alloc, ++ {"Buf alloc", "vsock.virtio.buf_alloc", FT_UINT32, BASE_DEC, NULL, ++ 0x0, NULL, HFILL }}, ++ { &hf_virtio_fwd_cnt, ++ {"Fwd cnt", "vsock.virtio.fwd_cnt", FT_UINT32, BASE_DEC, NULL, ++ 0x0, NULL, HFILL }} ++ }; ++ static gint *ett[] = { ++ &ett_vsock, ++ &ett_virtio ++ }; ++ ++ //vsock_address_type = address_type_dissector_register("AT_VSOCK", "vSocket Address", ++ // vsock_addr_to_str, vsock_addr_str_len, NULL, NULL, NULL, NULL, NULL); ++ ++ proto_vsock = proto_register_protocol("vSocket", "vsock", "vsock"); ++ proto_register_field_array(proto_vsock, hf, array_length(hf)); ++ proto_register_subtree_array(ett, array_length(ett)); ++ ++ //register_dissector("vsock", dissect_vsock, proto_vsock); ++} ++ ++/* ++ * Editor modelines - https://www.wireshark.org/tools/modelines.html ++ * ++ * Local variables: ++ * c-basic-offset: 4 ++ * tab-width: 8 ++ * indent-tabs-mode: nil ++ * End: ++ * ++ * vi: set shiftwidth=4 tabstop=8 expandtab: ++ * :indentSize=4:tabSize=8:noTabs=true: ++ */ +unchanged: +--- a/epan/dissectors/Makefile.common ++++ b/epan/dissectors/Makefile.common +@@ -2700,6 +2700,7 @@ DISSECTOR_SRC = \ + packet-vrt.c \ + packet-vssmonitoring.c \ + packet-vtp.c \ ++ packet-vsock.c \ + packet-vuze-dht.c \ + packet-vxi11.c \ + packet-vxlan.c \ +diff --git a/epan/dissectors/packet-vsock.c.old b/epan/dissectors/packet-vsock.c +index af8ce38..c13dfc0 100644 +--- a/epan/dissectors/packet-vsock.c.old ++++ b/epan/dissectors/packet-vsock.c +@@ -33,11 +33,14 @@ + #include + #include + #include ++#include + + void proto_register_vsock(void); ++void proto_reg_handoff_vsock(void); + + static int proto_vsock = -1; + static int vsock_address_type = -1; ++static dissector_handle_t vsock_handle; + + /* Generic header related fields */ + static int hf_vsock_src_cid = -1; +@@ -310,6 +313,13 @@ proto_register_vsock(void) + //register_dissector("vsock", dissect_vsock, proto_vsock); + } + ++void ++proto_reg_handoff_vsock(void) ++{ ++ vsock_handle = create_dissector_handle(dissect_vsock, proto_vsock); ++ dissector_add_uint("wtap_encap", WTAP_ENCAP_VSOCK, vsock_handle); ++} ++ + /* + * Editor modelines - https://www.wireshark.org/tools/modelines.html + * +diff --git a/wiretap/pcap-common.c.old b/wiretap/pcap-common.c +index 42caadc..87b845d 100644 +--- a/wiretap/pcap-common.c.old ++++ b/wiretap/pcap-common.c +@@ -397,6 +397,8 @@ static const struct { + { 248, WTAP_ENCAP_SCTP}, + /* USBPcap */ + { 249, WTAP_ENCAP_USBPCAP}, ++ /* Linux vsock */ ++ { 271, WTAP_ENCAP_VSOCK }, + + /* + * To repeat: +diff --git a/wiretap/wtap.c.old b/wiretap/wtap.c +index 69803d6..5be2666 100644 +--- a/wiretap/wtap.c.old ++++ b/wiretap/wtap.c +@@ -608,6 +608,9 @@ static struct encap_type_info encap_table_base[] = { + + /* WTAP_ENCAP_USBPCAP */ + { "USB packets with USBPcap header", "usb-usbpcap" }, ++ ++ /* Linux vsock */ ++ { "Linux vsock", "vsock" }, + }; + + WS_DLL_LOCAL +diff --git a/wiretap/wtap.h.old b/wiretap/wtap.h +index b49c280..c42d49e 100644 +--- a/wiretap/wtap.h.old ++++ b/wiretap/wtap.h +@@ -244,6 +244,7 @@ extern "C" { + #define WTAP_ENCAP_INFINIBAND 151 + #define WTAP_ENCAP_JUNIPER_SVCS 152 + #define WTAP_ENCAP_USBPCAP 153 ++#define WTAP_ENCAP_VSOCK 154 + + #define WTAP_NUM_ENCAP_TYPES wtap_get_num_encap_types() + +diff --git a/epan/address.h.old b/epan/address.h +index 5405075..8471289 100644 +--- a/epan/address.h.old ++++ b/epan/address.h +@@ -58,8 +58,9 @@ typedef enum { + AT_USB, /* USB Device address + * (0xffffffff represents the host) */ + AT_AX25, /* AX.25 */ +- AT_IEEE_802_15_4_SHORT /* IEEE 802.15.4 16-bit short address */ ++ AT_IEEE_802_15_4_SHORT,/* IEEE 802.15.4 16-bit short address */ + /* (the long addresses are EUI-64's */ ++ AT_VSOCK /* VSOCK */ + } address_type; + + typedef struct _address { +diff --git a/epan/address_to_str.c.old b/epan/address_to_str.c +index f360017..101d33e 100644 +--- a/epan/address_to_str.c.old ++++ b/epan/address_to_str.c +@@ -623,6 +623,13 @@ address_to_str_buf(const address *addr, gchar *buf, int buf_len) + else + g_snprintf(buf, buf_len, "0x%04x", ieee_802_15_4_short_addr); + break; ++ case AT_VSOCK: ++ addrdata = (const guint8 *)addr->data; ++ if(pletoh64(&addrdata[0])==2) ++ g_strlcpy(buf, "host", buf_len); ++ else ++ g_snprintf(buf, buf_len, "%" G_GINT64_MODIFIER "u", pletoh64(&addrdata[0])); ++ break; + default: + g_assert_not_reached(); + } diff --git a/SOURCES/wireshark-1.10.14-buffer-size.patch b/SOURCES/wireshark-1.10.14-buffer-size.patch new file mode 100644 index 0000000..dbdfc2f --- /dev/null +++ b/SOURCES/wireshark-1.10.14-buffer-size.patch @@ -0,0 +1,82 @@ +From 5cbf42acb616a34d5e41f03b881f8552e08855a7 Mon Sep 17 00:00:00 2001 +From: Martin Sehnoutka +Date: Thu, 4 May 2017 12:31:21 +0200 +Subject: [PATCH] Make the default capture buffer bigger. + +--- + capture_opts.h | 2 +- + doc/dumpcap.pod | 4 ++-- + doc/tshark.pod | 4 ++-- + doc/wireshark.pod.template | 4 ++-- + 4 files changed, 7 insertions(+), 7 deletions(-) + +diff --git a/capture_opts.h b/capture_opts.h +index c2f41d2..29a7132 100644 +--- a/capture_opts.h ++++ b/capture_opts.h +@@ -243,7 +243,7 @@ extern void + collect_ifaces(capture_options *capture_opts); + + /* Default capture buffer size in Mbytes. */ +-#define DEFAULT_CAPTURE_BUFFER_SIZE 2 ++#define DEFAULT_CAPTURE_BUFFER_SIZE 4 + + #ifdef __cplusplus + } +diff --git a/doc/dumpcap.pod b/doc/dumpcap.pod +index e1dc293..090cd53 100644 +--- a/doc/dumpcap.pod ++++ b/doc/dumpcap.pod +@@ -114,11 +114,11 @@ of size one megabyte each. + + =item -B Ecapture buffer sizeE + +-Set capture buffer size (in MiB, default is 2 MiB). This is used by ++Set capture buffer size (in MiB, default is 4 MiB). This is used by + the capture driver to buffer packet data until that data can be written + to disk. If you encounter packet drops while capturing, try to increase + this size. Note that, while B attempts to set the buffer size +-to 2 MiB by default, and can be told to set it to a larger value, the ++to 4 MiB by default, and can be told to set it to a larger value, the + system or interface on which you're capturing might silently limit the + capture buffer size to a lower value or raise it to a higher value. + +diff --git a/doc/tshark.pod b/doc/tshark.pod +index ba06225..38c43dd 100644 +--- a/doc/tshark.pod ++++ b/doc/tshark.pod +@@ -214,11 +214,11 @@ of size one megabyte each. + + =item -B Ecapture buffer sizeE + +-Set capture buffer size (in MiB, default is 2 MiB). This is used by ++Set capture buffer size (in MiB, default is 4 MiB). This is used by + the capture driver to buffer packet data until that data can be written + to disk. If you encounter packet drops while capturing, try to increase + this size. Note that, while B attempts to set the buffer size +-to 2 MiB by default, and can be told to set it to a larger value, the ++to 4 MiB by default, and can be told to set it to a larger value, the + system or interface on which you're capturing might silently limit the + capture buffer size to a lower value or raise it to a higher value. + +diff --git a/doc/wireshark.pod.template b/doc/wireshark.pod.template +index 130e7ef..1e9681f 100644 +--- a/doc/wireshark.pod.template ++++ b/doc/wireshark.pod.template +@@ -280,11 +280,11 @@ of size one megabyte each. + + =item -B Ecapture buffer sizeE + +-Set capture buffer size (in MiB, default is 2 MiB). This is used by ++Set capture buffer size (in MiB, default is 4 MiB). This is used by + the capture driver to buffer packet data until that data can be written + to disk. If you encounter packet drops while capturing, try to increase + this size. Note that, while B attempts to set the buffer size +-to 2 MiB by default, and can be told to set it to a larger value, the ++to 4 MiB by default, and can be told to set it to a larger value, the + system or interface on which you're capturing might silently limit the + capture buffer size to a lower value or raise it to a higher value. + +-- +2.9.3 + diff --git a/SOURCES/wireshark-1.10.14-default-snaplen.patch b/SOURCES/wireshark-1.10.14-default-snaplen.patch new file mode 100644 index 0000000..f1cd233 --- /dev/null +++ b/SOURCES/wireshark-1.10.14-default-snaplen.patch @@ -0,0 +1,178 @@ +From 1fb88fef9c8a61be94960e8f4ee0dffc53fc0b67 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 3 Apr 2017 15:18:41 +0200 +Subject: [PATCH] Reflect new default snaplet in help and man pages + +--- + doc/dumpcap.pod | 2 +- + doc/tshark.pod | 2 +- + doc/wireshark.pod.template | 4 ++-- + docbook/wsug_src/WSUG_app_tools.xml | 4 ++-- + docbook/wsug_src/WSUG_chapter_capture.xml | 4 ++-- + docbook/wsug_src/WSUG_chapter_customize.xml | 2 +- + dumpcap.c | 2 +- + tshark.c | 2 +- + ui/gtk/main.c | 2 +- + ui/qt/main.cpp | 2 +- + 10 files changed, 13 insertions(+), 13 deletions(-) + +diff --git a/doc/dumpcap.pod b/doc/dumpcap.pod +index dfd84d8..e1dc293 100644 +--- a/doc/dumpcap.pod ++++ b/doc/dumpcap.pod +@@ -299,7 +299,7 @@ have to explicitly set it to use it). + Set the default snapshot length to use when capturing live data. + No more than I bytes of each network packet will be read into + memory, or saved to disk. A value of 0 specifies a snapshot length of +-65535, so that the full packet is captured; this is the default. ++262144, so that the full packet is captured; this is the default. + + This option can occur multiple times. If used before the first + occurrence of the B<-i> option, it sets the default snapshot length. +diff --git a/doc/tshark.pod b/doc/tshark.pod +index fee8cbc..ba06225 100644 +--- a/doc/tshark.pod ++++ b/doc/tshark.pod +@@ -638,7 +638,7 @@ is one) will be checked against this filter. + Set the default snapshot length to use when capturing live data. + No more than I bytes of each network packet will be read into + memory, or saved to disk. A value of 0 specifies a snapshot length of +-65535, so that the full packet is captured; this is the default. ++262144, so that the full packet is captured; this is the default. + + This option can occur multiple times. If used before the first + occurrence of the B<-i> option, it sets the default snapshot length. +diff --git a/doc/wireshark.pod.template b/doc/wireshark.pod.template +index 0010a47..130e7ef 100644 +--- a/doc/wireshark.pod.template ++++ b/doc/wireshark.pod.template +@@ -536,7 +536,7 @@ capture file; packets not matching the filter are discarded. + Set the default snapshot length to use when capturing live data. + No more than I bytes of each network packet will be read into + memory, or saved to disk. A value of 0 specifies a snapshot length of +-65535, so that the full packet is captured; this is the default. ++262144, so that the full packet is captured; this is the default. + + This option can occur multiple times. If used before the first + occurrence of the B<-i> option, it sets the default snapshot length. +@@ -2345,7 +2345,7 @@ capturing. + + The I check box and field lets you + specify a maximum number of bytes per packet to capture and save; if the +-check box is not checked, the limit will be 65535 bytes. ++check box is not checked, the limit will be 262144 bytes. + + The I entry lets you specify the capture filter using a + tcpdump-style filter string as described above. +diff --git a/docbook/wsug_src/WSUG_app_tools.xml b/docbook/wsug_src/WSUG_app_tools.xml +index 9996e24..bfcec24 100644 +--- a/docbook/wsug_src/WSUG_app_tools.xml ++++ b/docbook/wsug_src/WSUG_app_tools.xml +@@ -40,7 +40,7 @@ Usage: tshark [options] ... + Capture interface: + -i <interface> name or idx of interface (def: first non-loopback) + -f <capture filter> packet filter in libpcap filter syntax +- -s <snaplen> packet snapshot length (def: 65535) ++ -s <snaplen> packet snapshot length (def: 262144) + -p don't capture in promiscuous mode + -I capture in monitor mode, if available + -B <buffer size> size of kernel buffer (def: 1MB) +@@ -190,7 +190,7 @@ Capture interface: + rpcap://<host>/<interface> + TCP@<host>:<port> + -f <capture filter> packet filter in libpcap filter syntax +- -s <snaplen> packet snapshot length (def: 65535) ++ -s <snaplen> packet snapshot length (def: 262144) + -p don't capture in promiscuous mode + -I capture in monitor mode, if available + -B <buffer size> size of kernel buffer in MB (def: 2MB) +diff --git a/docbook/wsug_src/WSUG_chapter_capture.xml b/docbook/wsug_src/WSUG_chapter_capture.xml +index c031da3..140092a 100644 +--- a/docbook/wsug_src/WSUG_chapter_capture.xml ++++ b/docbook/wsug_src/WSUG_chapter_capture.xml +@@ -310,7 +310,7 @@ wireshark -i eth0 -k + + + The maximum amount of data that will be captured for each packet. +- The default value is set to the 65535 bytes. ++ The default value is set to the 262144 bytes. + + + +@@ -684,7 +684,7 @@ wireshark -i eth0 -k + This field allows you to specify the maximum amount of + data that will be captured for each packet, and is + sometimes referred to as the snaplen. If disabled, +- the value is set to the maximum 65535, which will be sufficient for most ++ the value is set to the maximum 262144, which will be sufficient for most + protocols. Some rules of thumb: + + +diff --git a/docbook/wsug_src/WSUG_chapter_customize.xml b/docbook/wsug_src/WSUG_chapter_customize.xml +index 9849b43..cc87f73 100644 +--- a/docbook/wsug_src/WSUG_chapter_customize.xml ++++ b/docbook/wsug_src/WSUG_chapter_customize.xml +@@ -63,7 +63,7 @@ Usage: wireshark [options] ... [ <infile> ] + Capture interface: + -i <interface> name or idx of interface (def: first non-loopback) + -f <capture filter> packet filter in libpcap filter syntax +- -s <snaplen> packet snapshot length (def: 65535) ++ -s <snaplen> packet snapshot length (def: 262144) + -p don't capture in promiscuous mode + -k start capturing immediately (def: do nothing) + -S update packet display when new packets are captured +diff --git a/dumpcap.c b/dumpcap.c +index bae3fbf..066d039 100644 +--- a/dumpcap.c ++++ b/dumpcap.c +@@ -488,7 +488,7 @@ print_usage(gboolean print_ver) + " rpcap:///\n" + " TCP@:\n"); + fprintf(output, " -f packet filter in libpcap filter syntax\n"); +- fprintf(output, " -s packet snapshot length (def: 65535)\n"); ++ fprintf(output, " -s packet snapshot length (def: %u)\n", WTAP_MAX_PACKET_SIZE); + fprintf(output, " -p don't capture in promiscuous mode\n"); + #ifdef HAVE_PCAP_CREATE + fprintf(output, " -I capture in monitor mode, if available\n"); +diff --git a/tshark.c b/tshark.c +index 8cc4fae..a84f8e8 100644 +--- a/tshark.c ++++ b/tshark.c +@@ -257,7 +257,7 @@ print_usage(gboolean print_ver) + fprintf(output, "Capture interface:\n"); + fprintf(output, " -i name or idx of interface (def: first non-loopback)\n"); + fprintf(output, " -f packet filter in libpcap filter syntax\n"); +- fprintf(output, " -s packet snapshot length (def: 65535)\n"); ++ fprintf(output, " -s packet snapshot length (def: %u)\n", WTAP_MAX_PACKET_SIZE); + fprintf(output, " -p don't capture in promiscuous mode\n"); + #ifdef HAVE_PCAP_CREATE + fprintf(output, " -I capture in monitor mode, if available\n"); +diff --git a/ui/gtk/main.c b/ui/gtk/main.c +index 3e22c3e..9839a30 100644 +--- a/ui/gtk/main.c ++++ b/ui/gtk/main.c +@@ -1157,7 +1157,7 @@ print_usage(gboolean print_ver) { + fprintf(output, "Capture interface:\n"); + fprintf(output, " -i name or idx of interface (def: first non-loopback)\n"); + fprintf(output, " -f packet filter in libpcap filter syntax\n"); +- fprintf(output, " -s packet snapshot length (def: 65535)\n"); ++ fprintf(output, " -s packet snapshot length (def: 262144)\n"); + fprintf(output, " -p don't capture in promiscuous mode\n"); + fprintf(output, " -k start capturing immediately (def: do nothing)\n"); + fprintf(output, " -S update packet display when new packets are captured\n"); +diff --git a/ui/qt/main.cpp b/ui/qt/main.cpp +index 3193702..eb0a3b6 100644 +--- a/ui/qt/main.cpp ++++ b/ui/qt/main.cpp +@@ -224,7 +224,7 @@ print_usage(gboolean print_ver) { + fprintf(output, "Capture interface:\n"); + fprintf(output, " -i name or idx of interface (def: first non-loopback)\n"); + fprintf(output, " -f packet filter in libpcap filter syntax\n"); +- fprintf(output, " -s packet snapshot length (def: 65535)\n"); ++ fprintf(output, " -s packet snapshot length (def: 262144)\n"); + fprintf(output, " -p don't capture in promiscuous mode\n"); + fprintf(output, " -k start capturing immediately (def: do nothing)\n"); + fprintf(output, " -Q quit Wireshark after capturing\n"); +-- +2.9.3 + diff --git a/SOURCES/wireshark-1.10.14-display-data-len.patch b/SOURCES/wireshark-1.10.14-display-data-len.patch new file mode 100644 index 0000000..0fb004e --- /dev/null +++ b/SOURCES/wireshark-1.10.14-display-data-len.patch @@ -0,0 +1,13 @@ +diff --git a/epan/ftypes/ftype-integer.c b/epan/ftypes/ftype-integer.c +index 71b045a..1a71a04 100644 +--- a/epan/ftypes/ftype-integer.c ++++ b/epan/ftypes/ftype-integer.c +@@ -237,6 +237,8 @@ integer_to_repr(fvalue_t *fv, ftrepr_t rtype, char *buf) + val = -fv->value.sinteger; + } else + val = fv->value.sinteger; ++ ++ guint32_to_str_buf(val, buf, 11); + } + + static int diff --git a/SOURCES/wireshark-1.10.14-drop-count.patch b/SOURCES/wireshark-1.10.14-drop-count.patch new file mode 100644 index 0000000..6d3cbd0 --- /dev/null +++ b/SOURCES/wireshark-1.10.14-drop-count.patch @@ -0,0 +1,32 @@ +diff -up wireshark-1.10.14/wiretap/pcapng.c.drop_count wireshark-1.10.14/wiretap/pcapng.c +--- wireshark-1.10.14/wiretap/pcapng.c.drop_count 2017-06-13 10:08:24.297419620 +0200 ++++ wireshark-1.10.14/wiretap/pcapng.c 2017-06-13 11:33:46.264786204 +0200 +@@ -3242,6 +3242,10 @@ pcapng_write_enhanced_packet_block(wtap_ + have_options = TRUE; + options_total_length = options_total_length + 8; + } ++ if (phdr->presence_flags & WTAP_HAS_DROP_COUNT) { ++ have_options = TRUE; ++ options_total_length = options_total_length + 12; ++ } + if (have_options) { + /* End-of optios tag */ + options_total_length += 4; +@@ -3364,6 +3368,17 @@ pcapng_write_enhanced_packet_block(wtap_ + wdh->bytes_dumped += 4; + pcapng_debug1("pcapng_write_enhanced_packet_block: Wrote Options packet flags: %x", phdr->pack_flags); + } ++ if (phdr->presence_flags & WTAP_HAS_DROP_COUNT) { ++ option_hdr.type = OPT_EPB_DROPCOUNT; ++ option_hdr.value_length = 8; ++ if (!wtap_dump_file_write(wdh, &option_hdr, 4, err)) ++ return FALSE; ++ wdh->bytes_dumped += 4; ++ if (!wtap_dump_file_write(wdh, &phdr->drop_count, 8, err)) ++ return FALSE; ++ wdh->bytes_dumped += 8; ++ pcapng_debug1("pcapng_write_enhanced_packet_block: Wrote Options drop count: %" G_GINT64_MODIFIER "u", phdr->drop_count); ++ } + /* Write end of options if we have otions */ + if (have_options) { + if (!wtap_dump_file_write(wdh, &zero_pad, 4, err)) diff --git a/SOURCES/wireshark-1.10.14-gdk-pixbuf-deprecated-segfault.patch b/SOURCES/wireshark-1.10.14-gdk-pixbuf-deprecated-segfault.patch new file mode 100644 index 0000000..a2f73ae --- /dev/null +++ b/SOURCES/wireshark-1.10.14-gdk-pixbuf-deprecated-segfault.patch @@ -0,0 +1,18 @@ +diff --git a/configure.ac b/configure.ac +index a17ef31..090923b 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1396,7 +1396,12 @@ else + # Don't use GLIB_CFLAGS + AM_PATH_GLIB_2_0($GLIB_MIN_VERSION, , AC_MSG_ERROR(GLib $GLIB_MIN_VERSION or later distribution not found.), gthread gmodule) + +- CPPFLAGS="-DGDK_PIXBUF_DISABLE_DEPRECATED $CPPFLAGS" ++ # XXX: Disabled to fix Segfault: it worked before the latest gdk-pixbuf ++ # update, because that function is now under a #ifndef ++ # GDK_PIXBUF_DISABLE_DEPRECATED block which makes the declaration ++ # invisible and wireshark's configure sets this CPP directive. ++ # ++ # CPPFLAGS="-DGDK_PIXBUF_DISABLE_DEPRECATED $CPPFLAGS" + CPPFLAGS="-DGDK_DISABLE_DEPRECATED $CPPFLAGS" + if test \( $gtk_config_major_version -eq 3 -a $gtk_config_minor_version -ge 10 \) ; then + ## Allow use of deprecated & disable deprecated warnings if Gtk >= 3.10; diff --git a/SOURCES/wireshark-1.10.14-read-from-stdin.patch b/SOURCES/wireshark-1.10.14-read-from-stdin.patch new file mode 100644 index 0000000..e66f4ca --- /dev/null +++ b/SOURCES/wireshark-1.10.14-read-from-stdin.patch @@ -0,0 +1,27 @@ +diff --git a/tshark.c b/tshark.c +index 8c8de07..8cc4fae 100644 +--- a/tshark.c ++++ b/tshark.c +@@ -286,7 +286,7 @@ print_usage(gboolean print_ver) + #endif + /*fprintf(output, "\n");*/ + fprintf(output, "Input file:\n"); +- fprintf(output, " -r set the filename to read from (no pipes or stdin!)\n"); ++ fprintf(output, " -r set the filename to read from (no stdin!)\n"); + + fprintf(output, "\n"); + fprintf(output, "Processing:\n"); +diff --git a/wiretap/file_wrappers.c b/wiretap/file_wrappers.c +index c670c6e..e359cd7 100644 +--- a/wiretap/file_wrappers.c ++++ b/wiretap/file_wrappers.c +@@ -1046,7 +1046,8 @@ file_seek(FILE_T file, gint64 offset, int whence, int *err) + + /* if within raw area while reading, just go there */ + if (file->compression == UNCOMPRESSED && file->pos + offset >= file->raw +- && (offset < 0 || offset >= file->have) /* seek only when we don't have that offset in buffer */) ++ && (offset < 0 || offset >= file->have) /* seek only when we don't have that offset in buffer */ ++ && (file->fast_seek) /* seek only when random access is supported */) + { + if (ws_lseek64(file->fd, offset - file->have, SEEK_CUR) == -1) { + *err = errno; diff --git a/SOURCES/wireshark-1.10.14-tls-cert-verify-msgs.patch b/SOURCES/wireshark-1.10.14-tls-cert-verify-msgs.patch new file mode 100644 index 0000000..b1e7e60 --- /dev/null +++ b/SOURCES/wireshark-1.10.14-tls-cert-verify-msgs.patch @@ -0,0 +1,107 @@ +diff --git a/epan/dissectors/packet-ssl.c b/epan/dissectors/packet-ssl.c +index e97e46e..f70919b 100644 +--- a/epan/dissectors/packet-ssl.c ++++ b/epan/dissectors/packet-ssl.c +@@ -202,6 +202,8 @@ static gint hf_ssl_handshake_server_keyex_named_curve = -1; + static gint hf_ssl_handshake_server_keyex_point = -1; + static gint hf_ssl_handshake_client_keyex_epms = -1; + static gint hf_ssl_handshake_client_keyex_point = -1; ++static gint hf_ssl_handshake_client_vrfy_sig_len = -1; ++static gint hf_ssl_handshake_client_vrfy_sig = -1; + static gint hf_ssl_handshake_server_keyex_modulus = -1; + static gint hf_ssl_handshake_server_keyex_exponent = -1; + static gint hf_ssl_handshake_server_keyex_sig = -1; +@@ -682,6 +684,10 @@ static gint ssl_looks_like_valid_pct_handshake(tvbuff_t *tvb, + static gint dissect_ssl_hash_alg_list(tvbuff_t *tvb, proto_tree *tree, + guint32 offset, guint16 len); + ++static void dissect_ssl3_hnd_cli_cert_verify(tvbuff_t *tvb, proto_tree *tree, ++ guint32 offset, ++ const SslSession *session); ++ + /********************************************************************* + * + * Main dissector +@@ -2070,7 +2076,7 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo, + break; + + case SSL_HND_CERT_VERIFY: +- /* unimplemented */ ++ dissect_ssl3_hnd_cli_cert_verify(tvb, ssl_hand_tree, offset, session); + break; + + case SSL_HND_CLIENT_KEY_EXCHG: +@@ -3174,8 +3180,9 @@ dissect_ssl3_hnd_cert_req(tvbuff_t *tvb, + } + + static void +-dissect_ssl3_hnd_srv_keyex_sig(tvbuff_t *tvb, proto_tree *tree, +- guint32 offset, SslSession *session) ++dissect_ssl3_digitally_signed(tvbuff_t *tvb, proto_tree *tree, guint32 offset, ++ const SslSession *session, gint hf_sig_len, ++ gint hf_sig) + { + gint sig_len; + proto_item *ti_algo; +@@ -3202,10 +3209,40 @@ dissect_ssl3_hnd_srv_keyex_sig(tvbuff_t *tvb, proto_tree *tree, + + /* Sig */ + sig_len = tvb_get_ntohs(tvb, offset); +- proto_tree_add_item(tree, hf_ssl_handshake_server_keyex_sig_len, tvb, +- offset, 2, ENC_BIG_ENDIAN); +- proto_tree_add_item(tree, hf_ssl_handshake_server_keyex_sig, tvb, +- offset + 2, sig_len, ENC_NA); ++ proto_tree_add_item(tree, hf_sig_len, tvb, offset, 2, ENC_BIG_ENDIAN); ++ proto_tree_add_item(tree, hf_sig, tvb, offset + 2, sig_len, ENC_NA); ++} ++ ++static void ++dissect_ssl3_hnd_cli_cert_verify(tvbuff_t *tvb, proto_tree *tree, ++ guint32 offset, const SslSession *session) ++{ ++ dissect_ssl3_digitally_signed(tvb, tree, offset, session, ++ hf_ssl_handshake_client_vrfy_sig_len, ++ hf_ssl_handshake_client_vrfy_sig); ++} ++ ++static void ++dissect_ssl3_hnd_srv_keyex_sig(tvbuff_t *tvb, proto_tree *tree, ++ guint32 offset, SslSession *session) ++{ ++ /* ++ * TLSv1.2 (RFC 5246 sec 7.4.8) ++ * struct { ++ * digitally-signed struct { ++ * opaque handshake_messages[handshake_messages_length]; ++ * } ++ * } CertificateVerify; ++ * ++ * TLSv1.0/TLSv1.1 (RFC 5436 sec 7.4.8 and 7.4.3) works essentially the same ++ * as TLSv1.2, but the hash algorithms are not explicit in digitally-signed. ++ * ++ * SSLv3 (RFC 6101 sec 5.6.8) esseentially works the same as TLSv1.0 but it ++ * does more hashing including the master secret and padding. ++ */ ++ dissect_ssl3_digitally_signed(tvb, tree, offset, session, ++ hf_ssl_handshake_server_keyex_sig_len, ++ hf_ssl_handshake_server_keyex_sig); + } + + static void +@@ -5410,6 +5447,16 @@ proto_register_ssl(void) + FT_BYTES, BASE_NONE, NULL, 0x0, + "EC Diffie-Hellman client pubkey", HFILL } + }, ++ { &hf_ssl_handshake_client_vrfy_sig_len, ++ { "signature length", "ssl.handshake.client_cert_vrfy.sig_len", ++ FT_UINT16, BASE_DEC, NULL, 0x0, ++ "Length of CertificateVerify's signature", HFILL } ++ }, ++ { &hf_ssl_handshake_client_vrfy_sig, ++ { "signature", "ssl.handshake.client_cert_vrfy.sig", ++ FT_BYTES, BASE_NONE, NULL, 0x0, ++ "CertificateVerify's signature", HFILL } ++ }, + { &hf_ssl_handshake_server_keyex_modulus, + { "modulus", "ssl.handshake.modulus", + FT_BYTES, BASE_NONE, NULL, 0x0, diff --git a/SOURCES/wireshark-1.10.14-tvbuff.patch b/SOURCES/wireshark-1.10.14-tvbuff.patch new file mode 100644 index 0000000..9fd049a --- /dev/null +++ b/SOURCES/wireshark-1.10.14-tvbuff.patch @@ -0,0 +1,662 @@ +diff --git a/epan/tvbuff.c b/epan/tvbuff.c +index 98968a0..db2cfd1 100644 +--- a/epan/tvbuff.c ++++ b/epan/tvbuff.c +@@ -53,7 +53,7 @@ + + static const guint8* + ensure_contiguous_no_exception(tvbuff_t *tvb, const gint offset, const gint length, +- int *exception); ++ int *pexception); + + static const guint8* + ensure_contiguous(tvbuff_t *tvb, const gint offset, const gint length); +@@ -241,45 +241,48 @@ tvb_new_child_real_data(tvbuff_t *parent, const guint8* data, const guint length + return tvb; + } + +-/* Computes the absolute offset and length based on a possibly-negative offset +- * and a length that is possible -1 (which means "to the end of the data"). +- * Returns TRUE/FALSE indicating whether the offset is in bounds or +- * not. The integer ptrs are modified with the new offset and length. +- * No exception is thrown. ++/* ++ * Check whether that offset goes more than one byte past the ++ * end of the buffer. + * +- * XXX - we return TRUE, not FALSE, if the offset is positive and right +- * after the end of the tvbuff (i.e., equal to the length). We do this +- * so that a dissector constructing a subset tvbuff for the next protocol +- * will get a zero-length tvbuff, not an exception, if there's no data +- * left for the next protocol - we want the next protocol to be the one +- * that gets an exception, so the error is reported as an error in that +- * protocol rather than the containing protocol. */ +-static gboolean +-compute_offset_length(const tvbuff_t *tvb, +- const gint offset, const gint length_val, +- guint *offset_ptr, guint *length_ptr, int *exception) ++ * If not, return 0; otherwise, return exception ++ */ ++static inline int ++validate_offset(const tvbuff_t *tvb, const guint abs_offset) + { +- DISSECTOR_ASSERT(offset_ptr); +- DISSECTOR_ASSERT(length_ptr); ++ int exception; ++ ++ if (G_LIKELY(abs_offset <= tvb->length)) ++ exception = 0; ++ else if (abs_offset <= tvb->reported_length) ++ exception = BoundsError; ++ else { ++ if (tvb->flags & TVBUFF_FRAGMENT) ++ exception = FragmentBoundsError; ++ else ++ exception = ReportedBoundsError; ++ } ++ ++ return exception; ++} ++ ++static int ++compute_offset(const tvbuff_t *tvb, const gint offset, guint *offset_ptr) ++{ ++ int exception; + +- /* Compute the offset */ + if (offset >= 0) { + /* Positive offset - relative to the beginning of the packet. */ + if ((guint) offset > tvb->reported_length) { +- if (exception) { +- if (tvb->flags & TVBUFF_FRAGMENT) { +- *exception = FragmentBoundsError; +- } else { +- *exception = ReportedBoundsError; +- } ++ if (tvb->flags & TVBUFF_FRAGMENT) { ++ exception = FragmentBoundsError; ++ } else { ++ exception = ReportedBoundsError; + } +- return FALSE; ++ return exception; + } + else if ((guint) offset > tvb->length) { +- if (exception) { +- *exception = BoundsError; +- } +- return FALSE; ++ return BoundsError; + } + else { + *offset_ptr = offset; +@@ -288,95 +291,90 @@ compute_offset_length(const tvbuff_t *tvb, + else { + /* Negative offset - relative to the end of the packet. */ + if ((guint) -offset > tvb->reported_length) { +- if (exception) { +- if (tvb->flags & TVBUFF_FRAGMENT) { +- *exception = FragmentBoundsError; +- } else { +- *exception = ReportedBoundsError; +- } ++ if (tvb->flags & TVBUFF_FRAGMENT) { ++ exception = FragmentBoundsError; ++ } else { ++ exception = ReportedBoundsError; + } +- return FALSE; ++ return exception; + } + else if ((guint) -offset > tvb->length) { +- if (exception) { +- *exception = BoundsError; +- } +- return FALSE; ++ return BoundsError; + } + else { + *offset_ptr = tvb->length + offset; + } + } + +- /* Compute the length */ +- if (length_val < -1) { +- if (exception) { +- /* XXX - ReportedBoundsError? */ +- *exception = BoundsError; +- } +- return FALSE; +- } +- else if (length_val == -1) { +- *length_ptr = tvb->length - *offset_ptr; +- } +- else { +- *length_ptr = length_val; +- } ++ return 0; ++} + +- return TRUE; ++static int ++compute_offset_and_remaining(const tvbuff_t *tvb, const gint offset, guint *offset_ptr, guint *rem_len) ++{ ++ int exception; ++ ++ exception = compute_offset(tvb, offset, offset_ptr); ++ if (!exception) ++ *rem_len = tvb->length - *offset_ptr; ++ ++ return exception; + } + +-static gboolean ++/* Computes the absolute offset and length based on a possibly-negative offset ++ * and a length that is possible -1 (which means "to the end of the data"). ++ * Returns integer indicating whether the offset is in bounds (0) or ++ * not (exception number). The integer ptrs are modified with the new offset and length. ++ * No exception is thrown. ++ * ++ * XXX - we return success (0), if the offset is positive and right ++ * after the end of the tvbuff (i.e., equal to the length). We do this ++ * so that a dissector constructing a subset tvbuff for the next protocol ++ * will get a zero-length tvbuff, not an exception, if there's no data ++ * left for the next protocol - we want the next protocol to be the one ++ * that gets an exception, so the error is reported as an error in that ++ * protocol rather than the containing protocol. */ ++static int + check_offset_length_no_exception(const tvbuff_t *tvb, + const gint offset, gint const length_val, +- guint *offset_ptr, guint *length_ptr, int *exception) ++ guint *offset_ptr, guint *length_ptr) + { +- guint end_offset; ++ guint end_offset; ++ int exception; + +- if (!compute_offset_length(tvb, +- offset, length_val, offset_ptr, length_ptr, exception)) { +- return FALSE; ++ DISSECTOR_ASSERT(offset_ptr); ++ DISSECTOR_ASSERT(length_ptr); ++ ++ /* Compute the offset */ ++ exception = compute_offset(tvb, offset, offset_ptr); ++ if (exception) ++ return exception; ++ ++ if (length_val < -1) { ++ /* XXX - ReportedBoundsError? */ ++ return BoundsError; + } + ++ /* Compute the length */ ++ if (length_val == -1) ++ *length_ptr = tvb->length - *offset_ptr; ++ else ++ *length_ptr = length_val; ++ + /* + * Compute the offset of the first byte past the length. + */ + end_offset = *offset_ptr + *length_ptr; + + /* +- * Check for an overflow, and clamp "end_offset" at the maximum +- * if we got an overflow - that should force us to indicate that +- * we're past the end of the tvbuff. ++ * Check for an overflow + */ + if (end_offset < *offset_ptr) +- end_offset = UINT_MAX; +- +- /* +- * Check whether that offset goes more than one byte past the +- * end of the buffer. +- * +- * If not, return TRUE; otherwise, return FALSE and, if "exception" +- * is non-null, return the appropriate exception through it. +- */ +- if (end_offset <= tvb->length) { +- return TRUE; +- } +- else { +- if (exception) { +- if (end_offset <= tvb->reported_length) { +- *exception = BoundsError; +- } +- else { +- if (tvb->flags & TVBUFF_FRAGMENT) { +- *exception = FragmentBoundsError; +- } else { +- *exception = ReportedBoundsError; +- } +- } +- } ++ exception = BoundsError; ++ else ++ exception = validate_offset(tvb, end_offset); + +- return FALSE; +- } ++ return exception; + } + + /* Checks (+/-) offset and length and throws an exception if +@@ -387,13 +385,11 @@ check_offset_length(const tvbuff_t *tvb, + const gint offset, gint const length_val, + guint *offset_ptr, guint *length_ptr) + { +- int exception = 0; +- +- if (!check_offset_length_no_exception(tvb, +- offset, length_val, offset_ptr, length_ptr, &exception)) { +- DISSECTOR_ASSERT(exception > 0); ++ int exception; ++ ++ exception = check_offset_length_no_exception(tvb, offset, length_val, offset_ptr, length_ptr); ++ if (exception) + THROW(exception); +- } + } + + static tvbuff_t * +@@ -538,7 +534,7 @@ tvb_new_octet_aligned(tvbuff_t *tvb, guint32 bit_offset, gint32 no_of_bits) + right = 8 - left; /* for right-shifting */ + + if (no_of_bits == -1) { +- datalen = tvb_length_remaining(tvb, byte_offset); ++ datalen = tvb_captured_length_remaining(tvb, byte_offset); + remaining_bits = 0; + } else { + datalen = no_of_bits >> 3; +@@ -560,7 +556,7 @@ tvb_new_octet_aligned(tvbuff_t *tvb, guint32 bit_offset, gint32 no_of_bits) + * if non extra byte is available, the last shifted byte requires + * special treatment + */ +- if (tvb_length_remaining(tvb, byte_offset) > datalen) { ++ if (tvb_captured_length_remaining(tvb, byte_offset) > datalen) { + data = tvb_get_ptr(tvb, byte_offset, datalen + 1); + + /* Do this allocation AFTER tvb_get_ptr() (which could throw an exception) */ +@@ -679,7 +675,7 @@ tvb_composite_finalize(tvbuff_t *tvb) + + + guint +-tvb_length(const tvbuff_t *tvb) ++tvb_captured_length(const tvbuff_t *tvb) + { + DISSECTOR_ASSERT(tvb && tvb->initialized); + +@@ -687,32 +683,33 @@ tvb_length(const tvbuff_t *tvb) + } + + gint +-tvb_length_remaining(const tvbuff_t *tvb, const gint offset) ++tvb_captured_length_remaining(const tvbuff_t *tvb, const gint offset) + { +- guint abs_offset, abs_length; ++ guint abs_offset, rem_length; ++ int exception; + + DISSECTOR_ASSERT(tvb && tvb->initialized); + +- if (compute_offset_length(tvb, offset, -1, &abs_offset, &abs_length, NULL)) { +- return abs_length; +- } +- else { +- return -1; +- } ++ exception = compute_offset_and_remaining(tvb, offset, &abs_offset, &rem_length); ++ if (exception) ++ return 0; ++ ++ return rem_length; + } + + guint +-tvb_ensure_length_remaining(const tvbuff_t *tvb, const gint offset) ++tvb_ensure_captured_length_remaining(const tvbuff_t *tvb, const gint offset) + { +- guint abs_offset, abs_length; ++ guint abs_offset, rem_length; + int exception; + + DISSECTOR_ASSERT(tvb && tvb->initialized); + +- if (!compute_offset_length(tvb, offset, -1, &abs_offset, &abs_length, &exception)) { ++ exception = compute_offset_and_remaining(tvb, offset, &abs_offset, &rem_length); ++ if (exception) + THROW(exception); +- } +- if (abs_length == 0) { ++ ++ if (rem_length == 0) { + /* + * This routine ensures there's at least one byte available. + * There aren't any bytes available, so throw the appropriate +@@ -727,7 +724,7 @@ tvb_ensure_length_remaining(const tvbuff_t *tvb, const gint offset) + } else + THROW(BoundsError); + } +- return abs_length; ++ return rem_length; + } + + +@@ -739,18 +736,15 @@ gboolean + tvb_bytes_exist(const tvbuff_t *tvb, const gint offset, const gint length) + { + guint abs_offset, abs_length; ++ int exception; + + DISSECTOR_ASSERT(tvb && tvb->initialized); + +- if (!compute_offset_length(tvb, offset, length, &abs_offset, &abs_length, NULL)) ++ exception = check_offset_length_no_exception(tvb, offset, length, &abs_offset, &abs_length); ++ if (exception) + return FALSE; + +- if (abs_offset + abs_length <= tvb->length) { +- return TRUE; +- } +- else { +- return FALSE; +- } ++ return TRUE; + } + + /* Validates that 'length' bytes are available starting from +@@ -781,10 +775,13 @@ tvb_ensure_bytes_exist(const tvbuff_t *tvb, const gint offset, const gint length + gboolean + tvb_offset_exists(const tvbuff_t *tvb, const gint offset) + { +- guint abs_offset, abs_length; ++ guint abs_offset; ++ int exception; + + DISSECTOR_ASSERT(tvb && tvb->initialized); +- if (!compute_offset_length(tvb, offset, -1, &abs_offset, &abs_length, NULL)) ++ ++ exception = compute_offset(tvb, offset, &abs_offset); ++ if (exception) + return FALSE; + + if (abs_offset < tvb->length) { +@@ -806,19 +803,19 @@ tvb_reported_length(const tvbuff_t *tvb) + gint + tvb_reported_length_remaining(const tvbuff_t *tvb, const gint offset) + { +- guint abs_offset, abs_length; ++ guint abs_offset; ++ int exception; + + DISSECTOR_ASSERT(tvb && tvb->initialized); + +- if (compute_offset_length(tvb, offset, -1, &abs_offset, &abs_length, NULL)) { +- if (tvb->reported_length >= abs_offset) +- return tvb->reported_length - abs_offset; +- else +- return -1; +- } +- else { +- return -1; +- } ++ exception = compute_offset(tvb, offset, &abs_offset); ++ if (exception) ++ return 0; ++ ++ if (tvb->reported_length >= abs_offset) ++ return tvb->reported_length - abs_offset; ++ else ++ return 0; + } + + /* Set the reported length of a tvbuff to a given value; used for protocols +@@ -896,6 +893,7 @@ composite_ensure_contiguous_no_exception(tvbuff_t *tvb, const guint abs_offset, + tvbuff_t *member_tvb = NULL; + guint member_offset, member_length; + GSList *slist; ++ int exception; + + DISSECTOR_ASSERT(tvb->type == TVBUFF_COMPOSITE); + +@@ -913,10 +911,11 @@ composite_ensure_contiguous_no_exception(tvbuff_t *tvb, const guint abs_offset, + } + DISSECTOR_ASSERT(member_tvb); + +- if (check_offset_length_no_exception(member_tvb, ++ exception = check_offset_length_no_exception(member_tvb, + abs_offset - composite->start_offsets[i], +- abs_length, &member_offset, &member_length, NULL)) { ++ abs_length, &member_offset, &member_length); + ++ if (!exception) { + /* + * The range is, in fact, contiguous within member_tvb. + */ +@@ -932,12 +931,15 @@ composite_ensure_contiguous_no_exception(tvbuff_t *tvb, const guint abs_offset, + } + + static const guint8* +-ensure_contiguous_no_exception(tvbuff_t *tvb, const gint offset, const gint length, int *exception) ++ensure_contiguous_no_exception(tvbuff_t *tvb, const gint offset, const gint length, int *pexception) + { + guint abs_offset, abs_length; ++ int exception; + +- if (!check_offset_length_no_exception(tvb, offset, length, +- &abs_offset, &abs_length, exception)) { ++ exception = check_offset_length_no_exception(tvb, offset, length, &abs_offset, &abs_length); ++ if (exception) { ++ if (pexception) ++ *pexception = exception; + return NULL; + } + +@@ -1046,7 +1048,7 @@ composite_memcpy(tvbuff_t *tvb, guint8* target, guint abs_offset, size_t abs_len + tvb_comp_t *composite; + tvbuff_t *member_tvb = NULL; + guint member_offset, member_length; +- gboolean retval; ++ int exception; + GSList *slist; + + DISSECTOR_ASSERT(tvb->type == TVBUFF_COMPOSITE); +@@ -1065,9 +1067,10 @@ composite_memcpy(tvbuff_t *tvb, guint8* target, guint abs_offset, size_t abs_len + } + DISSECTOR_ASSERT(member_tvb); + +- if (check_offset_length_no_exception(member_tvb, abs_offset - composite->start_offsets[i], +- (gint) abs_length, &member_offset, &member_length, NULL)) { +- ++ exception = check_offset_length_no_exception(member_tvb, abs_offset - composite->start_offsets[i], ++ (gint) abs_length, &member_offset, &member_length); ++ ++ if (!exception) { + DISSECTOR_ASSERT(!tvb->real_data); + return tvb_memcpy(member_tvb, target, member_offset, member_length); + } +@@ -1077,9 +1080,9 @@ composite_memcpy(tvbuff_t *tvb, guint8* target, guint abs_offset, size_t abs_len + * then iterate across the other member tvb's, copying their portions + * until we have copied all data. + */ +- retval = compute_offset_length(member_tvb, abs_offset - composite->start_offsets[i], -1, +- &member_offset, &member_length, NULL); +- DISSECTOR_ASSERT(retval); ++ exception = compute_offset_and_remaining(member_tvb, abs_offset - composite->start_offsets[i], ++ &member_offset, &member_length); ++ DISSECTOR_ASSERT(!exception); + + /* composite_memcpy() can't handle a member_length of zero. */ + DISSECTOR_ASSERT(member_length); +@@ -1909,6 +1912,21 @@ tvb_get_bits(tvbuff_t *tvb, const guint bit_offset, const gint no_of_bits, const + return (guint32)_tvb_get_bits64(tvb, bit_offset, no_of_bits); + } + ++static gint ++tvb_find_guint8_generic(tvbuff_t *tvb, guint abs_offset, guint limit, guint8 needle) ++{ ++ const guint8 *ptr; ++ const guint8 *result; ++ ++ ptr = tvb_get_ptr(tvb, abs_offset, limit); ++ ++ result = (const guint8 *) memchr(ptr, needle, limit); ++ if (!result) ++ return -1; ++ ++ return (gint) ((result - ptr) + abs_offset); ++} ++ + /* Find first occurrence of needle in tvbuff, starting at offset. Searches + * at most maxlength number of bytes; if maxlength is -1, searches to + * end of tvbuff. +@@ -1920,16 +1938,15 @@ gint + tvb_find_guint8(tvbuff_t *tvb, const gint offset, const gint maxlength, const guint8 needle) + { + const guint8 *result; +- guint abs_offset, junk_length; ++ guint abs_offset; + guint tvbufflen; + guint limit; + + DISSECTOR_ASSERT(tvb && tvb->initialized); + +- check_offset_length(tvb, offset, 0, &abs_offset, &junk_length); ++ check_offset_length(tvb, offset, -1, &abs_offset, &tvbufflen); + + /* Only search to end of tvbuff, w/o throwing exception. */ +- tvbufflen = tvb_length_remaining(tvb, abs_offset); + if (maxlength == -1) { + /* No maximum length specified; search to end of tvbuff. */ + limit = tvbufflen; +@@ -1985,16 +2002,15 @@ gint + tvb_pbrk_guint8(tvbuff_t *tvb, const gint offset, const gint maxlength, const guint8 *needles, guchar *found_needle) + { + const guint8 *result; +- guint abs_offset, junk_length; ++ guint abs_offset; + guint tvbufflen; + guint limit; + + DISSECTOR_ASSERT(tvb && tvb->initialized); + +- check_offset_length(tvb, offset, 0, &abs_offset, &junk_length); ++ check_offset_length(tvb, offset, -1, &abs_offset, &tvbufflen); + + /* Only search to end of tvbuff, w/o throwing exception. */ +- tvbufflen = tvb_length_remaining(tvb, abs_offset); + if (maxlength == -1) { + /* No maximum length specified; search to end of tvbuff. */ + limit = tvbufflen; +@@ -2845,11 +2861,12 @@ static gint + _tvb_get_nstringz(tvbuff_t *tvb, const gint offset, const guint bufsize, guint8* buffer, gint *bytes_copied) + { + gint stringlen; +- guint abs_offset, junk_length; ++ guint abs_offset; + gint limit, len; + gboolean decreased_max = FALSE; + +- check_offset_length(tvb, offset, 0, &abs_offset, &junk_length); ++ /* Only read to end of tvbuff, w/o throwing exception. */ ++ check_offset_length(tvb, offset, -1, &abs_offset, &len); + + /* There must at least be room for the terminating NUL. */ + DISSECTOR_ASSERT(bufsize != 0); +@@ -2861,9 +2878,6 @@ _tvb_get_nstringz(tvbuff_t *tvb, const gint offset, const guint bufsize, guint8* + return 0; + } + +- /* Only read to end of tvbuff, w/o throwing exception. */ +- len = tvb_length_remaining(tvb, abs_offset); +- + /* check_offset_length() won't throw an exception if we're + * looking at the byte immediately after the end of the tvbuff. */ + if (len == 0) { +@@ -2984,7 +2998,7 @@ tvb_find_line_end(tvbuff_t *tvb, const gint offset, int len, gint *next_offset, + guchar found_needle = 0; + + if (len == -1) +- len = tvb_length_remaining(tvb, offset); ++ len = tvb_captured_length_remaining(tvb, offset); + /* + * XXX - what if "len" is still -1, meaning "offset is past the + * end of the tvbuff"? +@@ -3100,7 +3114,7 @@ tvb_find_line_end_unquoted(tvbuff_t *tvb, const gint offset, int len, gint *next + int linelen; + + if (len == -1) +- len = tvb_length_remaining(tvb, offset); ++ len = tvb_captured_length_remaining(tvb, offset); + /* + * XXX - what if "len" is still -1, meaning "offset is past the + * end of the tvbuff"? +@@ -3238,7 +3252,7 @@ tvb_skip_wsp(tvbuff_t *tvb, const gint offset, const gint maxlength) + guint8 tempchar; + + /* Get the length remaining */ +- tvb_len = tvb_length(tvb); ++ tvb_len = tvb_captured_length(tvb); + end = offset + maxlength; + if (end >= tvb_len) + { +@@ -3310,7 +3324,7 @@ tvb_bcd_dig_to_ep_str(tvbuff_t *tvb, const gint offset, const gint len, dgt_set_ + dgt = &Dgt1_9_bcd; + + if (len == -1) { +- length = tvb_length(tvb); ++ length = tvb_captured_length(tvb); + if (length < offset) { + return ""; + } +diff --git a/epan/tvbuff.h b/epan/tvbuff.h +index 8950feb..f815c1f 100644 +--- a/epan/tvbuff.h ++++ b/epan/tvbuff.h +@@ -213,16 +213,28 @@ WS_DLL_PUBLIC tvbuff_t* tvb_new_composite(void); + WS_DLL_PUBLIC void tvb_composite_finalize(tvbuff_t* tvb); + + +-/* Get total length of buffer */ +-WS_DLL_PUBLIC guint tvb_length(const tvbuff_t*); ++/* Get amount of captured data in the buffer (which is *NOT* necessarily the ++ * * length of the packet). You probably want tvb_reported_length instead. */ ++WS_DLL_PUBLIC guint tvb_captured_length(const tvbuff_t *tvb); ++ ++/* DEPRECATED, do not use in new code, call tvb_captured_length directly! */ ++#define tvb_length tvb_captured_length + + /** Computes bytes to end of buffer, from offset (which can be negative, +- * to indicate bytes from end of buffer). Function returns -1 to +- * indicate that offset is out of bounds. No exception is thrown. */ +-WS_DLL_PUBLIC gint tvb_length_remaining(const tvbuff_t*, const gint offset); ++ * to indicate bytes from end of buffer). Function returns 0 if offset is out ++ * of bounds. No exception is thrown. */ ++WS_DLL_PUBLIC gint tvb_captured_length_remaining(const tvbuff_t *tvb, const gint offset); ++ ++/* DEPRECATED, do not use in new code, call tvb_captured_length_remaining directly! */ ++#define tvb_length_remaining tvb_captured_length_remaining ++ + + /** Same as above, but throws an exception if the offset is out of bounds. */ +-WS_DLL_PUBLIC guint tvb_ensure_length_remaining(const tvbuff_t*, const gint offset); ++WS_DLL_PUBLIC guint tvb_ensure_captured_length_remaining(const tvbuff_t *tvb, ++ const gint offset); ++ ++/* DEPRECATED, do not use in new code, call tvb_ensure_captured_length_remaining directly! */ ++#define tvb_ensure_length_remaining tvb_ensure_captured_length_remaining + + /* Checks (w/o throwing exception) that the bytes referred to by + * 'offset'/'length' actually exist in the buffer */ +@@ -240,8 +252,7 @@ WS_DLL_PUBLIC guint tvb_reported_length(const tvbuff_t*); + + /** Computes bytes of reported packet data to end of buffer, from offset + * (which can be negative, to indicate bytes from end of buffer). Function +- * returns -1 to indicate that offset is out of bounds. No exception is +- * thrown. */ ++ * returns 0 if offset is out of bounds. No exception is thrown. */ + WS_DLL_PUBLIC gint tvb_reported_length_remaining(const tvbuff_t *tvb, const gint offset); + + /** Set the reported length of a tvbuff to a given value; used for protocols diff --git a/SOURCES/wireshark-1.10.3-dtls-elliptic-curves.patch b/SOURCES/wireshark-1.10.3-dtls-elliptic-curves.patch new file mode 100644 index 0000000..7024eb1 --- /dev/null +++ b/SOURCES/wireshark-1.10.3-dtls-elliptic-curves.patch @@ -0,0 +1,106 @@ +diff --git a/epan/dissectors/packet-dtls.c b/epan/dissectors/packet-dtls.c +index f0c8a3e..5e287e0 100644 +--- a/epan/dissectors/packet-dtls.c ++++ b/epan/dissectors/packet-dtls.c +@@ -119,6 +119,9 @@ static gint hf_dtls_handshake_extensions_len = -1; + static gint hf_dtls_handshake_extension_type = -1; + static gint hf_dtls_handshake_extension_len = -1; + static gint hf_dtls_handshake_extension_data = -1; ++static gint hf_ssl_handshake_extension_elliptic_curves_len = -1; ++static gint hf_ssl_handshake_extension_elliptic_curves = -1; ++static gint hf_ssl_handshake_extension_elliptic_curve = -1; + static gint hf_dtls_handshake_session_ticket_lifetime_hint = -1; + static gint hf_dtls_handshake_session_ticket_len = -1; + static gint hf_dtls_handshake_session_ticket = -1; +@@ -165,6 +168,7 @@ static gint ett_dtls_heartbeat = -1; + static gint ett_dtls_cipher_suites = -1; + static gint ett_dtls_comp_methods = -1; + static gint ett_dtls_extension = -1; ++static gint ett_dtls_extension_curves = -1; + static gint ett_dtls_new_ses_ticket = -1; + static gint ett_dtls_certs = -1; + static gint ett_dtls_cert_types = -1; +@@ -1654,6 +1658,43 @@ dissect_dtls_hnd_hello_common(tvbuff_t *tvb, proto_tree *tree, + } + + static gint ++dissect_dtls_hnd_hello_ext_elliptic_curves(tvbuff_t *tvb, ++ proto_tree *tree, guint32 offset) ++{ ++ gint16 curves_length; ++ proto_tree *curves_tree; ++ proto_item *ti; ++ ++ curves_length = tvb_get_ntohs(tvb, offset); ++ proto_tree_add_item(tree, hf_ssl_handshake_extension_elliptic_curves_len, ++ tvb, offset, 2, ENC_BIG_ENDIAN); ++ ++ offset += 2; ++ tvb_ensure_bytes_exist(tvb, offset, curves_length); ++ ti = proto_tree_add_none_format(tree, ++ hf_ssl_handshake_extension_elliptic_curves, ++ tvb, offset, curves_length, ++ "Elliptic curves (%d curve%s)", ++ curves_length / 2, ++ plurality(curves_length/2, "", "s")); ++ ++ /* make this a subtree */ ++ curves_tree = proto_item_add_subtree(ti, ett_dtls_extension_curves); ++ ++ /* loop over all curves */ ++ while (curves_length > 0) ++ { ++ proto_tree_add_item(curves_tree, ++ hf_ssl_handshake_extension_elliptic_curve, ++ tvb, offset, 2, ENC_BIG_ENDIAN); ++ offset += 2; ++ curves_length -= 2; ++ } ++ ++ return offset; ++} ++ ++static gint + dissect_dtls_hnd_hello_ext(tvbuff_t *tvb, + proto_tree *tree, guint32 offset, guint32 left) + { +@@ -1700,6 +1741,9 @@ dissect_dtls_hnd_hello_ext(tvbuff_t *tvb, + tvb, offset, 1, ENC_BIG_ENDIAN); + offset += ext_len; + break; ++ case SSL_HND_HELLO_EXT_ELLIPTIC_CURVES: ++ offset = dissect_dtls_hnd_hello_ext_elliptic_curves(tvb, ext_tree, offset); ++ break; + default: + proto_tree_add_bytes_format(ext_tree, hf_dtls_handshake_extension_data, + tvb, offset, ext_len, NULL, +@@ -2534,6 +2578,21 @@ proto_register_dtls(void) + FT_BYTES, BASE_NONE, NULL, 0x0, + "Hello Extension data", HFILL } + }, ++ { &hf_ssl_handshake_extension_elliptic_curves_len, ++ { "Elliptic Curves Length", "dtls.handshake.extensions_elliptic_curves_length", ++ FT_UINT16, BASE_DEC, NULL, 0x0, ++ "Length of elliptic curves field", HFILL } ++ }, ++ { &hf_ssl_handshake_extension_elliptic_curves, ++ { "Elliptic Curves List", "dtls.handshake.extensions_elliptic_curves", ++ FT_NONE, BASE_NONE, NULL, 0x0, ++ "List of elliptic curves supported", HFILL } ++ }, ++ { &hf_ssl_handshake_extension_elliptic_curve, ++ { "Elliptic curve", "dtls.handshake.extensions_elliptic_curve", ++ FT_UINT16, BASE_HEX, VALS(ssl_extension_curves), 0x0, ++ NULL, HFILL } ++ }, + { &hf_dtls_handshake_session_ticket_lifetime_hint, + { "Session Ticket Lifetime Hint", "dtls.handshake.session_ticket_lifetime_hint", + FT_UINT32, BASE_DEC, NULL, 0x0, +@@ -2707,6 +2766,7 @@ proto_register_dtls(void) + &ett_dtls_cipher_suites, + &ett_dtls_comp_methods, + &ett_dtls_extension, ++ &ett_dtls_extension_curves, + &ett_dtls_new_ses_ticket, + &ett_dtls_certs, + &ett_dtls_cert_types, diff --git a/SOURCES/wireshark-1.10.3-nanosecond-timestamps.patch b/SOURCES/wireshark-1.10.3-nanosecond-timestamps.patch new file mode 100644 index 0000000..2809de3 --- /dev/null +++ b/SOURCES/wireshark-1.10.3-nanosecond-timestamps.patch @@ -0,0 +1,2476 @@ +diff --git a/acinclude.m4 b/acinclude.m4 +index f962022..719bdbe 100644 +--- a/acinclude.m4 ++++ b/acinclude.m4 +@@ -615,7 +615,7 @@ install a newer version of the header file.]) + AC_CHECK_FUNCS(pcap_datalink_val_to_description) + AC_CHECK_FUNCS(pcap_list_datalinks pcap_set_datalink pcap_lib_version) + AC_CHECK_FUNCS(pcap_get_selectable_fd pcap_free_datalinks) +- AC_CHECK_FUNCS(pcap_create bpf_image) ++ AC_CHECK_FUNCS(pcap_create bpf_image pcap_set_tstamp_precision) + fi + LIBS="$ac_save_LIBS" + ]) +diff --git a/cmake/modules/FindPCAP.cmake b/cmake/modules/FindPCAP.cmake +index 1d3c1b6..bde07d7 100644 +--- a/cmake/modules/FindPCAP.cmake ++++ b/cmake/modules/FindPCAP.cmake +@@ -121,6 +121,7 @@ CHECK_FUNCTION_EXISTS("pcap_get_selectable_fd" HAVE_PCAP_GET_SELECTABLE_FD) + CHECK_FUNCTION_EXISTS("pcap_lib_version" HAVE_PCAP_LIB_VERSION) + CHECK_FUNCTION_EXISTS("pcap_list_datalinks" HAVE_PCAP_LIST_DATALINKS) + CHECK_FUNCTION_EXISTS("pcap_set_datalink" HAVE_PCAP_SET_DATALINK) ++CHECK_FUNCTION_EXISTS("pcap_set_tstamp_precision" HAVE_PCAP_SET_TSTAMP_PRECISION) + # Remote pcap checks + CHECK_FUNCTION_EXISTS("pcap_open" H_PCAP_OPEN) + CHECK_FUNCTION_EXISTS("pcap_findalldevs_ex" H_FINDALLDEVS_EX) +diff --git a/cmakeconfig.h.in b/cmakeconfig.h.in +index 2ef36d1..fee55c5 100644 +--- a/cmakeconfig.h.in ++++ b/cmakeconfig.h.in +@@ -252,6 +252,9 @@ + #cmakedefine HAVE_PCAP_REMOTE 1 + #cmakedefine HAVE_REMOTE 1 + ++/* Define to 1 if you have the `pcap_set_tstamp_precision' function. */ ++#cmakedefine HAVE_PCAP_SET_TSTAMP_PRECISION 1 ++ + /* Define to 1 if you have the header file. */ + #cmakedefine HAVE_PORTAUDIO_H 1 + +diff --git a/dumpcap.c b/dumpcap.c +index adba93d..bae3fbf 100644 +--- a/dumpcap.c ++++ b/dumpcap.c +@@ -641,7 +641,12 @@ relinquish_all_capabilities(void) + #endif + + static pcap_t * +-open_capture_device(interface_options *interface_opts, ++open_capture_device(capture_options *capture_opts ++#ifndef HAVE_PCAP_SET_TSTAMP_PRECISION ++ _U_ ++#endif ++ , ++ interface_options *interface_opts, + char (*open_err_str)[PCAP_ERRBUF_SIZE]) + { + pcap_t *pcap_h; +@@ -714,6 +719,31 @@ open_capture_device(interface_options *interface_opts, + pcap_set_promisc(pcap_h, interface_opts->promisc_mode); + pcap_set_timeout(pcap_h, CAP_READ_TIMEOUT); + ++#ifdef HAVE_PCAP_SET_TSTAMP_PRECISION ++ /* ++ * If we're writing pcap-ng files, try to enable ++ * nanosecond-resolution capture; any code that ++ * can read pcap-ng files must be able to handle ++ * nanosecond-resolution time stamps. ++ * ++ * If we're writing pcap files, don't try to enable ++ * nanosecond-resolution capture, as not all code ++ * that reads pcap files recognizes the nanosecond- ++ * resolution pcap file magic number. ++ */ ++ if (capture_opts->use_pcapng) { ++ /* ++ * The only errors this is documenting as returning ++ * are PCAP_ERROR_TSTAMP_PRECISION_NOTSUP, which jus ++ * means we can't do nanosecond precision on this adapter, ++ * in which case we just live with whatever resolution ++ * we get by default, and PCAP_ERROR_ACTIVATED, which ++ * can't happen as we haven't activated the pcap_t yet. ++ */ ++ pcap_set_tstamp_precision(pcap_h, PCAP_TSTAMP_PRECISION_NANO); ++ } ++#endif ++ + g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, + "buffersize %d.", interface_opts->buffer_size); + if (interface_opts->buffer_size != 0) { +@@ -913,7 +943,7 @@ show_filter_code(capture_options *capture_opts) + + for (j = 0; j < capture_opts->ifaces->len; j++) { + interface_opts = g_array_index(capture_opts->ifaces, interface_options, j); +- pcap_h = open_capture_device(&interface_opts, &open_err_str); ++ pcap_h = open_capture_device(capture_opts, &interface_opts, &open_err_str); + if (pcap_h == NULL) { + /* Open failed; get messages */ + get_capture_device_open_failure_messages(open_err_str, +@@ -2680,10 +2710,16 @@ capture_loop_open_input(capture_options *capture_opts, loop_data *ld, + g_array_append_val(ld->pcaps, pcap_opts); + + g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "capture_loop_open_input : %s", interface_opts.name); +- pcap_opts->pcap_h = open_capture_device(&interface_opts, &open_err_str); ++ pcap_opts->pcap_h = open_capture_device(capture_opts, &interface_opts, &open_err_str); + + if (pcap_opts->pcap_h != NULL) { + /* we've opened "iface" as a network device */ ++ ++#ifdef HAVE_PCAP_SET_TSTAMP_PRECISION ++ /* Find out if we're getting nanosecond-precision time stamps */ ++ pcap_opts->ts_nsec = pcap_get_tstamp_precision(pcap_opts->pcap_h) == PCAP_TSTAMP_PRECISION_NANO; ++#endif ++ + #ifdef _WIN32 + /* try to set the capture buffer size */ + if (interface_opts.buffer_size > 1 && +diff --git a/editcap.c b/editcap.c +index 9ba8245..8caa1bf 100644 +--- a/editcap.c ++++ b/editcap.c +@@ -125,7 +125,6 @@ fd_hash_t fd_hash[MAX_DUP_DEPTH]; + int dup_window = DEFAULT_DUP_DEPTH; + int cur_dup_entry = 0; + +-#define ONE_MILLION 1000000 + #define ONE_BILLION 1000000000 + + /* Weights of different errors we can introduce */ +@@ -143,7 +142,7 @@ int cur_dup_entry = 0; + + + struct time_adjustment { +- struct timeval tv; ++ nstime_t tv; + int is_negative; + }; + +@@ -368,18 +367,18 @@ set_time_adjustment(char *optarg_str_p) + exit(1); + } + } +- time_adj.tv.tv_sec = val; ++ time_adj.tv.secs = val; + + /* now collect the partial seconds, if any */ + if (*frac != '\0') { /* chars left, so get fractional part */ + val = strtol(&(frac[1]), &end, 10); +- /* if more than 6 fractional digits truncate to 6 */ +- if((end - &(frac[1])) > 6) { +- frac[7] = 't'; /* 't' for truncate */ ++ /* if more than 9 fractional digits truncate to 9 */ ++ if((end - &(frac[1])) > 9) { ++ frac[10] = 't'; /* 't' for truncate */ + val = strtol(&(frac[1]), &end, 10); + } + if (*frac != '.' || end == NULL || end == frac +- || val < 0 || val > ONE_MILLION || val == LONG_MIN || val == LONG_MAX) { ++ || val < 0 || val > ONE_BILLION || val == LONG_MIN || val == LONG_MAX) { + fprintf(stderr, "editcap: \"%s\" isn't a valid time adjustment\n", + optarg_str_p); + exit(1); +@@ -390,15 +389,15 @@ set_time_adjustment(char *optarg_str_p) + } + + /* adjust fractional portion from fractional to numerator +- * e.g., in "1.5" from 5 to 500000 since .5*10^6 = 500000 */ ++ * e.g., in "1.5" from 5 to 500000000 since .5*10^9 = 500000000 */ + if (frac && end) { /* both are valid */ + frac_digits = end - frac - 1; /* fractional digit count (remember '.') */ +- while(frac_digits < 6) { /* this is frac of 10^6 */ ++ while(frac_digits < 9) { /* this is frac of 10^9 */ + val *= 10; + frac_digits++; + } + } +- time_adj.tv.tv_usec = (int)val; ++ time_adj.tv.nsecs = (int) val; + } + + static void +@@ -443,18 +442,18 @@ set_strict_time_adj(char *optarg_str_p) + exit(1); + } + } +- strict_time_adj.tv.tv_sec = val; ++ strict_time_adj.tv.secs = val; + + /* now collect the partial seconds, if any */ + if (*frac != '\0') { /* chars left, so get fractional part */ + val = strtol(&(frac[1]), &end, 10); +- /* if more than 6 fractional digits truncate to 6 */ +- if((end - &(frac[1])) > 6) { +- frac[7] = 't'; /* 't' for truncate */ ++ /* if more than 9 fractional digits truncate to 9 */ ++ if((end - &(frac[1])) > 9) { ++ frac[10] = 't'; /* 't' for truncate */ + val = strtol(&(frac[1]), &end, 10); + } + if (*frac != '.' || end == NULL || end == frac +- || val < 0 || val > ONE_MILLION || val == LONG_MIN || val == LONG_MAX) { ++ || val < 0 || val > ONE_BILLION || val == LONG_MIN || val == LONG_MAX) { + fprintf(stderr, "editcap: \"%s\" isn't a valid time adjustment\n", + optarg_str_p); + exit(1); +@@ -465,15 +464,15 @@ set_strict_time_adj(char *optarg_str_p) + } + + /* adjust fractional portion from fractional to numerator +- * e.g., in "1.5" from 5 to 500000 since .5*10^6 = 500000 */ ++ * e.g., in "1.5" from 5 to 500000000 since .5*10^9 = 500000000 */ + if (frac && end) { /* both are valid */ + frac_digits = end - frac - 1; /* fractional digit count (remember '.') */ +- while(frac_digits < 6) { /* this is frac of 10^6 */ ++ while(frac_digits < 9) { /* this is frac of 10^9 */ + val *= 10; + frac_digits++; + } + } +- strict_time_adj.tv.tv_usec = (int)val; ++ strict_time_adj.tv.nsecs = (int) val; + } + + static void +@@ -1319,14 +1318,14 @@ main(int argc, char *argv[]) + */ + /* printf("++out of order, need to adjust this packet!\n"); */ + snap_phdr = *phdr; +- snap_phdr.ts.secs = previous_time.secs + strict_time_adj.tv.tv_sec; ++ snap_phdr.ts.secs = previous_time.secs + strict_time_adj.tv.secs; + snap_phdr.ts.nsecs = previous_time.nsecs; +- if (snap_phdr.ts.nsecs + strict_time_adj.tv.tv_usec * 1000 > ONE_MILLION * 1000) { ++ if (snap_phdr.ts.nsecs + strict_time_adj.tv.nsecs > ONE_BILLION) { + /* carry */ + snap_phdr.ts.secs++; +- snap_phdr.ts.nsecs += (strict_time_adj.tv.tv_usec - ONE_MILLION) * 1000; ++ snap_phdr.ts.nsecs += strict_time_adj.tv.nsecs - ONE_BILLION; + } else { +- snap_phdr.ts.nsecs += strict_time_adj.tv.tv_usec * 1000; ++ snap_phdr.ts.nsecs += strict_time_adj.tv.nsecs; + } + phdr = &snap_phdr; + } +@@ -1337,14 +1336,14 @@ main(int argc, char *argv[]) + * packet's timestamp plus delta. + */ + snap_phdr = *phdr; +- snap_phdr.ts.secs = previous_time.secs + strict_time_adj.tv.tv_sec; ++ snap_phdr.ts.secs = previous_time.secs + strict_time_adj.tv.secs; + snap_phdr.ts.nsecs = previous_time.nsecs; +- if (snap_phdr.ts.nsecs + strict_time_adj.tv.tv_usec * 1000 > ONE_MILLION * 1000) { ++ if (snap_phdr.ts.nsecs + strict_time_adj.tv.nsecs > ONE_BILLION) { + /* carry */ + snap_phdr.ts.secs++; +- snap_phdr.ts.nsecs += (strict_time_adj.tv.tv_usec - ONE_MILLION) * 1000; ++ snap_phdr.ts.nsecs += strict_time_adj.tv.nsecs - ONE_BILLION; + } else { +- snap_phdr.ts.nsecs += strict_time_adj.tv.tv_usec * 1000; ++ snap_phdr.ts.nsecs += strict_time_adj.tv.nsecs; + } + phdr = &snap_phdr; + } +@@ -1355,32 +1354,32 @@ main(int argc, char *argv[]) + + /* assume that if the frame's tv_sec is 0, then + * the timestamp isn't supported */ +- if (phdr->ts.secs > 0 && time_adj.tv.tv_sec != 0) { ++ if (phdr->ts.secs > 0 && time_adj.tv.secs != 0) { + snap_phdr = *phdr; + if (time_adj.is_negative) +- snap_phdr.ts.secs -= time_adj.tv.tv_sec; ++ snap_phdr.ts.secs -= time_adj.tv.secs; + else +- snap_phdr.ts.secs += time_adj.tv.tv_sec; ++ snap_phdr.ts.secs += time_adj.tv.secs; + phdr = &snap_phdr; + } + + /* assume that if the frame's tv_sec is 0, then + * the timestamp isn't supported */ +- if (phdr->ts.secs > 0 && time_adj.tv.tv_usec != 0) { ++ if (phdr->ts.secs > 0 && time_adj.tv.nsecs != 0) { + snap_phdr = *phdr; + if (time_adj.is_negative) { /* subtract */ +- if (snap_phdr.ts.nsecs/1000 < time_adj.tv.tv_usec) { /* borrow */ ++ if (snap_phdr.ts.nsecs < time_adj.tv.nsecs) { /* borrow */ + snap_phdr.ts.secs--; +- snap_phdr.ts.nsecs += ONE_MILLION * 1000; ++ snap_phdr.ts.nsecs += ONE_BILLION; + } +- snap_phdr.ts.nsecs -= time_adj.tv.tv_usec * 1000; ++ snap_phdr.ts.nsecs -= time_adj.tv.nsecs; + } else { /* add */ +- if (snap_phdr.ts.nsecs + time_adj.tv.tv_usec * 1000 > ONE_MILLION * 1000) { ++ if (snap_phdr.ts.nsecs + time_adj.tv.nsecs > ONE_BILLION) { + /* carry */ + snap_phdr.ts.secs++; +- snap_phdr.ts.nsecs += (time_adj.tv.tv_usec - ONE_MILLION) * 1000; ++ snap_phdr.ts.nsecs += time_adj.tv.nsecs - ONE_BILLION; + } else { +- snap_phdr.ts.nsecs += time_adj.tv.tv_usec * 1000; ++ snap_phdr.ts.nsecs += time_adj.tv.nsecs; + } + } + phdr = &snap_phdr; +diff --git a/epan/column-utils.c b/epan/column-utils.c +index 6ed9f85..8e89409 100644 +--- a/epan/column-utils.c ++++ b/epan/column-utils.c +@@ -675,6 +675,7 @@ set_abs_date_time(const frame_data *fd, gchar *buf, gboolean local) + { + struct tm *tmp; + time_t then; ++ int tsprecision; + + if (fd->flags.has_ts) { + then = fd->abs_ts.secs; +@@ -685,9 +686,33 @@ set_abs_date_time(const frame_data *fd, gchar *buf, gboolean local) + } else + tmp = NULL; + if (tmp != NULL) { +- switch(timestamp_get_precision()) { +- case TS_PREC_FIXED_SEC: +- case TS_PREC_AUTO_SEC: ++ switch (timestamp_get_precision()) { ++ case TS_PREC_FIXED_SEC: ++ tsprecision = WTAP_TSPREC_SEC; ++ break; ++ case TS_PREC_FIXED_DSEC: ++ tsprecision = WTAP_TSPREC_DSEC; ++ break; ++ case TS_PREC_FIXED_CSEC: ++ tsprecision = WTAP_TSPREC_CSEC; ++ break; ++ case TS_PREC_FIXED_MSEC: ++ tsprecision = WTAP_TSPREC_MSEC; ++ break; ++ case TS_PREC_FIXED_USEC: ++ tsprecision = WTAP_TSPREC_USEC; ++ break; ++ case TS_PREC_FIXED_NSEC: ++ tsprecision = WTAP_TSPREC_NSEC; ++ break; ++ case TS_PREC_AUTO: ++ tsprecision = fd->tsprec; ++ break; ++ default: ++ g_assert_not_reached(); ++ } ++ switch(tsprecision) { ++ case WTAP_TSPREC_SEC: + g_snprintf(buf, COL_MAX_LEN,"%04d-%02d-%02d %02d:%02d:%02d", + tmp->tm_year + 1900, + tmp->tm_mon + 1, +@@ -696,8 +721,7 @@ set_abs_date_time(const frame_data *fd, gchar *buf, gboolean local) + tmp->tm_min, + tmp->tm_sec); + break; +- case TS_PREC_FIXED_DSEC: +- case TS_PREC_AUTO_DSEC: ++ case WTAP_TSPREC_DSEC: + g_snprintf(buf, COL_MAX_LEN,"%04d-%02d-%02d %02d:%02d:%02d.%01d", + tmp->tm_year + 1900, + tmp->tm_mon + 1, +@@ -707,8 +731,7 @@ set_abs_date_time(const frame_data *fd, gchar *buf, gboolean local) + tmp->tm_sec, + fd->abs_ts.nsecs / 100000000); + break; +- case TS_PREC_FIXED_CSEC: +- case TS_PREC_AUTO_CSEC: ++ case WTAP_TSPREC_CSEC: + g_snprintf(buf, COL_MAX_LEN,"%04d-%02d-%02d %02d:%02d:%02d.%02d", + tmp->tm_year + 1900, + tmp->tm_mon + 1, +@@ -718,8 +741,7 @@ set_abs_date_time(const frame_data *fd, gchar *buf, gboolean local) + tmp->tm_sec, + fd->abs_ts.nsecs / 10000000); + break; +- case TS_PREC_FIXED_MSEC: +- case TS_PREC_AUTO_MSEC: ++ case WTAP_TSPREC_MSEC: + g_snprintf(buf, COL_MAX_LEN, "%04d-%02d-%02d %02d:%02d:%02d.%03d", + tmp->tm_year + 1900, + tmp->tm_mon + 1, +@@ -729,8 +751,7 @@ set_abs_date_time(const frame_data *fd, gchar *buf, gboolean local) + tmp->tm_sec, + fd->abs_ts.nsecs / 1000000); + break; +- case TS_PREC_FIXED_USEC: +- case TS_PREC_AUTO_USEC: ++ case WTAP_TSPREC_USEC: + g_snprintf(buf, COL_MAX_LEN, "%04d-%02d-%02d %02d:%02d:%02d.%06d", + tmp->tm_year + 1900, + tmp->tm_mon + 1, +@@ -740,8 +761,7 @@ set_abs_date_time(const frame_data *fd, gchar *buf, gboolean local) + tmp->tm_sec, + fd->abs_ts.nsecs / 1000); + break; +- case TS_PREC_FIXED_NSEC: +- case TS_PREC_AUTO_NSEC: ++ case WTAP_TSPREC_NSEC: + g_snprintf(buf, COL_MAX_LEN, "%04d-%02d-%02d %02d:%02d:%02d.%09d", + tmp->tm_year + 1900, + tmp->tm_mon + 1, +@@ -780,36 +800,57 @@ col_set_utc_date_time(const frame_data *fd, column_info *cinfo, const int col) + } + + static void +-set_time_seconds(const nstime_t *ts, gchar *buf) ++set_time_seconds(const frame_data *fd, const nstime_t *ts, gchar *buf) + { +- switch(timestamp_get_precision()) { +- case TS_PREC_FIXED_SEC: +- case TS_PREC_AUTO_SEC: ++ int tsprecision; ++ ++ switch (timestamp_get_precision()) { ++ case TS_PREC_FIXED_SEC: ++ tsprecision = WTAP_TSPREC_SEC; ++ break; ++ case TS_PREC_FIXED_DSEC: ++ tsprecision = WTAP_TSPREC_DSEC; ++ break; ++ case TS_PREC_FIXED_CSEC: ++ tsprecision = WTAP_TSPREC_CSEC; ++ break; ++ case TS_PREC_FIXED_MSEC: ++ tsprecision = WTAP_TSPREC_MSEC; ++ break; ++ case TS_PREC_FIXED_USEC: ++ tsprecision = WTAP_TSPREC_USEC; ++ break; ++ case TS_PREC_FIXED_NSEC: ++ tsprecision = WTAP_TSPREC_NSEC; ++ break; ++ case TS_PREC_AUTO: ++ tsprecision = fd->tsprec; ++ break; ++ default: ++ g_assert_not_reached(); ++ } ++ switch(tsprecision) { ++ case WTAP_TSPREC_SEC: + display_signed_time(buf, COL_MAX_LEN, + (gint32) ts->secs, ts->nsecs / 1000000000, TO_STR_TIME_RES_T_SECS); + break; +- case TS_PREC_FIXED_DSEC: +- case TS_PREC_AUTO_DSEC: ++ case WTAP_TSPREC_DSEC: + display_signed_time(buf, COL_MAX_LEN, + (gint32) ts->secs, ts->nsecs / 100000000, TO_STR_TIME_RES_T_DSECS); + break; +- case TS_PREC_FIXED_CSEC: +- case TS_PREC_AUTO_CSEC: ++ case WTAP_TSPREC_CSEC: + display_signed_time(buf, COL_MAX_LEN, + (gint32) ts->secs, ts->nsecs / 10000000, TO_STR_TIME_RES_T_CSECS); + break; +- case TS_PREC_FIXED_MSEC: +- case TS_PREC_AUTO_MSEC: ++ case WTAP_TSPREC_MSEC: + display_signed_time(buf, COL_MAX_LEN, + (gint32) ts->secs, ts->nsecs / 1000000, TO_STR_TIME_RES_T_MSECS); + break; +- case TS_PREC_FIXED_USEC: +- case TS_PREC_AUTO_USEC: ++ case WTAP_TSPREC_USEC: + display_signed_time(buf, COL_MAX_LEN, + (gint32) ts->secs, ts->nsecs / 1000, TO_STR_TIME_RES_T_USECS); + break; +- case TS_PREC_FIXED_NSEC: +- case TS_PREC_AUTO_NSEC: ++ case WTAP_TSPREC_NSEC: + display_signed_time(buf, COL_MAX_LEN, + (gint32) ts->secs, ts->nsecs, TO_STR_TIME_RES_T_NSECS); + break; +@@ -819,11 +860,12 @@ set_time_seconds(const nstime_t *ts, gchar *buf) + } + + static void +-set_time_hour_min_sec(const nstime_t *ts, gchar *buf) ++set_time_hour_min_sec(const frame_data *fd, const nstime_t *ts, gchar *buf) + { + time_t secs = ts->secs; + long nsecs = (long) ts->nsecs; + gboolean negative = FALSE; ++ int tsprecision; + + if (secs < 0) { + secs = -secs; +@@ -834,9 +876,33 @@ set_time_hour_min_sec(const nstime_t *ts, gchar *buf) + negative = TRUE; + } + +- switch(timestamp_get_precision()) { ++ switch (timestamp_get_precision()) { + case TS_PREC_FIXED_SEC: +- case TS_PREC_AUTO_SEC: ++ tsprecision = WTAP_TSPREC_SEC; ++ break; ++ case TS_PREC_FIXED_DSEC: ++ tsprecision = WTAP_TSPREC_DSEC; ++ break; ++ case TS_PREC_FIXED_CSEC: ++ tsprecision = WTAP_TSPREC_CSEC; ++ break; ++ case TS_PREC_FIXED_MSEC: ++ tsprecision = WTAP_TSPREC_MSEC; ++ break; ++ case TS_PREC_FIXED_USEC: ++ tsprecision = WTAP_TSPREC_USEC; ++ break; ++ case TS_PREC_FIXED_NSEC: ++ tsprecision = WTAP_TSPREC_NSEC; ++ break; ++ case TS_PREC_AUTO: ++ tsprecision = fd->tsprec; ++ break; ++ default: ++ g_assert_not_reached(); ++ } ++ switch(tsprecision) { ++ case WTAP_TSPREC_SEC: + if (secs >= (60*60)) { + g_snprintf(buf, COL_MAX_LEN, "%s%dh %2dm %2ds", + negative ? "- " : "", +@@ -854,8 +920,7 @@ set_time_hour_min_sec(const nstime_t *ts, gchar *buf) + (gint32) secs); + } + break; +- case TS_PREC_FIXED_DSEC: +- case TS_PREC_AUTO_DSEC: ++ case WTAP_TSPREC_DSEC: + if (secs >= (60*60)) { + g_snprintf(buf, COL_MAX_LEN, "%s%dh %2dm %2d.%01lds", + negative ? "- " : "", +@@ -876,8 +941,7 @@ set_time_hour_min_sec(const nstime_t *ts, gchar *buf) + nsecs / 100000000); + } + break; +- case TS_PREC_FIXED_CSEC: +- case TS_PREC_AUTO_CSEC: ++ case WTAP_TSPREC_CSEC: + if (secs >= (60*60)) { + g_snprintf(buf, COL_MAX_LEN, "%s%dh %2dm %2d.%02lds", + negative ? "- " : "", +@@ -898,8 +962,7 @@ set_time_hour_min_sec(const nstime_t *ts, gchar *buf) + nsecs / 10000000); + } + break; +- case TS_PREC_FIXED_MSEC: +- case TS_PREC_AUTO_MSEC: ++ case WTAP_TSPREC_MSEC: + if (secs >= (60*60)) { + g_snprintf(buf, COL_MAX_LEN, "%s%dh %2dm %2d.%03lds", + negative ? "- " : "", +@@ -920,8 +983,7 @@ set_time_hour_min_sec(const nstime_t *ts, gchar *buf) + nsecs / 1000000); + } + break; +- case TS_PREC_FIXED_USEC: +- case TS_PREC_AUTO_USEC: ++ case WTAP_TSPREC_USEC: + if (secs >= (60*60)) { + g_snprintf(buf, COL_MAX_LEN, "%s%dh %2dm %2d.%06lds", + negative ? "- " : "", +@@ -942,8 +1004,7 @@ set_time_hour_min_sec(const nstime_t *ts, gchar *buf) + nsecs / 1000); + } + break; +- case TS_PREC_FIXED_NSEC: +- case TS_PREC_AUTO_NSEC: ++ case WTAP_TSPREC_NSEC: + if (secs >= (60*60)) { + g_snprintf(buf, COL_MAX_LEN, "%s%dh %2dm %2d.%09lds", + negative ? "- " : "", +@@ -978,14 +1039,14 @@ col_set_rel_time(const frame_data *fd, column_info *cinfo, const int col) + } + switch (timestamp_get_seconds_type()) { + case TS_SECONDS_DEFAULT: +- set_time_seconds(&fd->rel_ts, cinfo->col_buf[col]); ++ set_time_seconds(fd, &fd->rel_ts, cinfo->col_buf[col]); + cinfo->col_expr.col_expr[col] = "frame.time_relative"; + g_strlcpy(cinfo->col_expr.col_expr_val[col],cinfo->col_buf[col],COL_MAX_LEN); + break; + case TS_SECONDS_HOUR_MIN_SEC: +- set_time_hour_min_sec(&fd->rel_ts, cinfo->col_buf[col]); ++ set_time_hour_min_sec(fd, &fd->rel_ts, cinfo->col_buf[col]); + cinfo->col_expr.col_expr[col] = "frame.time_relative"; +- set_time_seconds(&fd->rel_ts, cinfo->col_expr.col_expr_val[col]); ++ set_time_seconds(fd, &fd->rel_ts, cinfo->col_expr.col_expr_val[col]); + break; + default: + g_assert_not_reached(); +@@ -1002,14 +1063,14 @@ col_set_delta_time(const frame_data *fd, column_info *cinfo, const int col) + + switch (timestamp_get_seconds_type()) { + case TS_SECONDS_DEFAULT: +- set_time_seconds(&del_cap_ts, cinfo->col_buf[col]); ++ set_time_seconds(fd, &del_cap_ts, cinfo->col_buf[col]); + cinfo->col_expr.col_expr[col] = "frame.time_delta"; + g_strlcpy(cinfo->col_expr.col_expr_val[col],cinfo->col_buf[col],COL_MAX_LEN); + break; + case TS_SECONDS_HOUR_MIN_SEC: +- set_time_hour_min_sec(&del_cap_ts, cinfo->col_buf[col]); ++ set_time_hour_min_sec(fd, &del_cap_ts, cinfo->col_buf[col]); + cinfo->col_expr.col_expr[col] = "frame.time_delta"; +- set_time_seconds(&del_cap_ts, cinfo->col_expr.col_expr_val[col]); ++ set_time_seconds(fd, &del_cap_ts, cinfo->col_expr.col_expr_val[col]); + break; + default: + g_assert_not_reached(); +@@ -1032,14 +1093,14 @@ col_set_delta_time_dis(const frame_data *fd, column_info *cinfo, const int col) + + switch (timestamp_get_seconds_type()) { + case TS_SECONDS_DEFAULT: +- set_time_seconds(&del_dis_ts, cinfo->col_buf[col]); ++ set_time_seconds(fd, &del_dis_ts, cinfo->col_buf[col]); + cinfo->col_expr.col_expr[col] = "frame.time_delta_displayed"; + g_strlcpy(cinfo->col_expr.col_expr_val[col],cinfo->col_buf[col],COL_MAX_LEN); + break; + case TS_SECONDS_HOUR_MIN_SEC: +- set_time_hour_min_sec(&del_dis_ts, cinfo->col_buf[col]); ++ set_time_hour_min_sec(fd, &del_dis_ts, cinfo->col_buf[col]); + cinfo->col_expr.col_expr[col] = "frame.time_delta_displayed"; +- set_time_seconds(&del_dis_ts, cinfo->col_expr.col_expr_val[col]); ++ set_time_seconds(fd, &del_dis_ts, cinfo->col_expr.col_expr_val[col]); + break; + default: + g_assert_not_reached(); +@@ -1053,6 +1114,7 @@ set_abs_time(const frame_data *fd, gchar *buf, gboolean local) + { + struct tm *tmp; + time_t then; ++ int tsprecision; + + if (fd->flags.has_ts) { + then = fd->abs_ts.secs; +@@ -1063,48 +1125,67 @@ set_abs_time(const frame_data *fd, gchar *buf, gboolean local) + } else + tmp = NULL; + if (tmp != NULL) { +- switch(timestamp_get_precision()) { ++ switch (timestamp_get_precision()) { + case TS_PREC_FIXED_SEC: +- case TS_PREC_AUTO_SEC: ++ tsprecision = WTAP_TSPREC_SEC; ++ break; ++ case TS_PREC_FIXED_DSEC: ++ tsprecision = WTAP_TSPREC_DSEC; ++ break; ++ case TS_PREC_FIXED_CSEC: ++ tsprecision = WTAP_TSPREC_CSEC; ++ break; ++ case TS_PREC_FIXED_MSEC: ++ tsprecision = WTAP_TSPREC_MSEC; ++ break; ++ case TS_PREC_FIXED_USEC: ++ tsprecision = WTAP_TSPREC_USEC; ++ break; ++ case TS_PREC_FIXED_NSEC: ++ tsprecision = WTAP_TSPREC_NSEC; ++ break; ++ case TS_PREC_AUTO: ++ tsprecision = fd->tsprec; ++ break; ++ default: ++ g_assert_not_reached(); ++ } ++ switch(tsprecision) { ++ case WTAP_TSPREC_SEC: + g_snprintf(buf, COL_MAX_LEN,"%02d:%02d:%02d", + tmp->tm_hour, + tmp->tm_min, + tmp->tm_sec); + break; +- case TS_PREC_FIXED_DSEC: +- case TS_PREC_AUTO_DSEC: ++ case WTAP_TSPREC_DSEC: + g_snprintf(buf, COL_MAX_LEN,"%02d:%02d:%02d.%01d", + tmp->tm_hour, + tmp->tm_min, + tmp->tm_sec, + fd->abs_ts.nsecs / 100000000); + break; +- case TS_PREC_FIXED_CSEC: +- case TS_PREC_AUTO_CSEC: ++ case WTAP_TSPREC_CSEC: + g_snprintf(buf, COL_MAX_LEN,"%02d:%02d:%02d.%02d", + tmp->tm_hour, + tmp->tm_min, + tmp->tm_sec, + fd->abs_ts.nsecs / 10000000); + break; +- case TS_PREC_FIXED_MSEC: +- case TS_PREC_AUTO_MSEC: ++ case WTAP_TSPREC_MSEC: + g_snprintf(buf, COL_MAX_LEN,"%02d:%02d:%02d.%03d", + tmp->tm_hour, + tmp->tm_min, + tmp->tm_sec, + fd->abs_ts.nsecs / 1000000); + break; +- case TS_PREC_FIXED_USEC: +- case TS_PREC_AUTO_USEC: ++ case WTAP_TSPREC_USEC: + g_snprintf(buf, COL_MAX_LEN,"%02d:%02d:%02d.%06d", + tmp->tm_hour, + tmp->tm_min, + tmp->tm_sec, + fd->abs_ts.nsecs / 1000); + break; +- case TS_PREC_FIXED_NSEC: +- case TS_PREC_AUTO_NSEC: ++ case WTAP_TSPREC_NSEC: + g_snprintf(buf, COL_MAX_LEN, "%02d:%02d:%02d.%09d", + tmp->tm_hour, + tmp->tm_min, +@@ -1143,38 +1224,59 @@ col_set_utc_time(const frame_data *fd, column_info *cinfo, const int col) + static gboolean + set_epoch_time(const frame_data *fd, gchar *buf) + { ++ int tsprecision; ++ + if (!fd->flags.has_ts) { + buf[0] = '\0'; + return FALSE; + } +- switch(timestamp_get_precision()) { +- case TS_PREC_FIXED_SEC: +- case TS_PREC_AUTO_SEC: ++ switch (timestamp_get_precision()) { ++ case TS_PREC_FIXED_SEC: ++ tsprecision = WTAP_TSPREC_SEC; ++ break; ++ case TS_PREC_FIXED_DSEC: ++ tsprecision = WTAP_TSPREC_DSEC; ++ break; ++ case TS_PREC_FIXED_CSEC: ++ tsprecision = WTAP_TSPREC_CSEC; ++ break; ++ case TS_PREC_FIXED_MSEC: ++ tsprecision = WTAP_TSPREC_MSEC; ++ break; ++ case TS_PREC_FIXED_USEC: ++ tsprecision = WTAP_TSPREC_USEC; ++ break; ++ case TS_PREC_FIXED_NSEC: ++ tsprecision = WTAP_TSPREC_NSEC; ++ break; ++ case TS_PREC_AUTO: ++ tsprecision = fd->tsprec; ++ break; ++ default: ++ g_assert_not_reached(); ++ } ++ switch(tsprecision) { ++ case WTAP_TSPREC_SEC: + display_epoch_time(buf, COL_MAX_LEN, + fd->abs_ts.secs, fd->abs_ts.nsecs / 1000000000, TO_STR_TIME_RES_T_SECS); + break; +- case TS_PREC_FIXED_DSEC: +- case TS_PREC_AUTO_DSEC: ++ case WTAP_TSPREC_DSEC: + display_epoch_time(buf, COL_MAX_LEN, + fd->abs_ts.secs, fd->abs_ts.nsecs / 100000000, TO_STR_TIME_RES_T_DSECS); + break; +- case TS_PREC_FIXED_CSEC: +- case TS_PREC_AUTO_CSEC: ++ case WTAP_TSPREC_CSEC: + display_epoch_time(buf, COL_MAX_LEN, + fd->abs_ts.secs, fd->abs_ts.nsecs / 10000000, TO_STR_TIME_RES_T_CSECS); + break; +- case TS_PREC_FIXED_MSEC: +- case TS_PREC_AUTO_MSEC: ++ case WTAP_TSPREC_MSEC: + display_epoch_time(buf, COL_MAX_LEN, + fd->abs_ts.secs, fd->abs_ts.nsecs / 1000000, TO_STR_TIME_RES_T_MSECS); + break; +- case TS_PREC_FIXED_USEC: +- case TS_PREC_AUTO_USEC: ++ case WTAP_TSPREC_USEC: + display_epoch_time(buf, COL_MAX_LEN, + fd->abs_ts.secs, fd->abs_ts.nsecs / 1000, TO_STR_TIME_RES_T_USECS); + break; +- case TS_PREC_FIXED_NSEC: +- case TS_PREC_AUTO_NSEC: ++ case WTAP_TSPREC_NSEC: + display_epoch_time(buf, COL_MAX_LEN, + fd->abs_ts.secs, fd->abs_ts.nsecs, TO_STR_TIME_RES_T_NSECS); + break; +@@ -1211,10 +1313,10 @@ set_fd_time(frame_data *fd, gchar *buf) + if (fd->flags.has_ts) { + switch (timestamp_get_seconds_type()) { + case TS_SECONDS_DEFAULT: +- set_time_seconds(&fd->rel_ts, buf); ++ set_time_seconds(fd, &fd->rel_ts, buf); + break; + case TS_SECONDS_HOUR_MIN_SEC: +- set_time_seconds(&fd->rel_ts, buf); ++ set_time_seconds(fd, &fd->rel_ts, buf); + break; + default: + g_assert_not_reached(); +@@ -1232,10 +1334,10 @@ set_fd_time(frame_data *fd, gchar *buf) + + switch (timestamp_get_seconds_type()) { + case TS_SECONDS_DEFAULT: +- set_time_seconds(&del_cap_ts, buf); ++ set_time_seconds(fd, &del_cap_ts, buf); + break; + case TS_SECONDS_HOUR_MIN_SEC: +- set_time_hour_min_sec(&del_cap_ts, buf); ++ set_time_hour_min_sec(fd, &del_cap_ts, buf); + break; + default: + g_assert_not_reached(); +@@ -1253,10 +1355,10 @@ set_fd_time(frame_data *fd, gchar *buf) + + switch (timestamp_get_seconds_type()) { + case TS_SECONDS_DEFAULT: +- set_time_seconds(&del_dis_ts, buf); ++ set_time_seconds(fd, &del_dis_ts, buf); + break; + case TS_SECONDS_HOUR_MIN_SEC: +- set_time_hour_min_sec(&del_dis_ts, buf); ++ set_time_hour_min_sec(fd, &del_dis_ts, buf); + break; + default: + g_assert_not_reached(); +@@ -1400,38 +1502,33 @@ col_set_time(column_info *cinfo, const gint el, const nstime_t *ts, const char * + for (col = cinfo->col_first[el]; col <= cinfo->col_last[el]; col++) { + if (cinfo->fmt_matx[col][el]) { + switch(timestamp_get_precision()) { +- case TS_PREC_FIXED_SEC: +- case TS_PREC_AUTO_SEC: +- display_signed_time(cinfo->col_buf[col], COL_MAX_LEN, +- (gint32) ts->secs, ts->nsecs / 1000000000, TO_STR_TIME_RES_T_SECS); +- break; +- case TS_PREC_FIXED_DSEC: +- case TS_PREC_AUTO_DSEC: +- display_signed_time(cinfo->col_buf[col], COL_MAX_LEN, +- (gint32) ts->secs, ts->nsecs / 100000000, TO_STR_TIME_RES_T_DSECS); +- break; +- case TS_PREC_FIXED_CSEC: +- case TS_PREC_AUTO_CSEC: +- display_signed_time(cinfo->col_buf[col], COL_MAX_LEN, +- (gint32) ts->secs, ts->nsecs / 10000000, TO_STR_TIME_RES_T_CSECS); +- break; +- case TS_PREC_FIXED_MSEC: +- case TS_PREC_AUTO_MSEC: +- display_signed_time(cinfo->col_buf[col], COL_MAX_LEN, +- (gint32) ts->secs, ts->nsecs / 1000000, TO_STR_TIME_RES_T_MSECS); +- break; +- case TS_PREC_FIXED_USEC: +- case TS_PREC_AUTO_USEC: +- display_signed_time(cinfo->col_buf[col], COL_MAX_LEN, +- (gint32) ts->secs, ts->nsecs / 1000, TO_STR_TIME_RES_T_USECS); +- break; +- case TS_PREC_FIXED_NSEC: +- case TS_PREC_AUTO_NSEC: +- display_signed_time(cinfo->col_buf[col], COL_MAX_LEN, +- (gint32) ts->secs, ts->nsecs, TO_STR_TIME_RES_T_NSECS); +- break; +- default: +- g_assert_not_reached(); ++ case TS_PREC_FIXED_SEC: ++ display_signed_time(cinfo->col_buf[col], COL_MAX_LEN, ++ (gint32) ts->secs, ts->nsecs / 1000000000, TO_STR_TIME_RES_T_SECS); ++ break; ++ case TS_PREC_FIXED_DSEC: ++ display_signed_time(cinfo->col_buf[col], COL_MAX_LEN, ++ (gint32) ts->secs, ts->nsecs / 100000000, TO_STR_TIME_RES_T_DSECS); ++ break; ++ case TS_PREC_FIXED_CSEC: ++ display_signed_time(cinfo->col_buf[col], COL_MAX_LEN, ++ (gint32) ts->secs, ts->nsecs / 10000000, TO_STR_TIME_RES_T_CSECS); ++ break; ++ case TS_PREC_FIXED_MSEC: ++ display_signed_time(cinfo->col_buf[col], COL_MAX_LEN, ++ (gint32) ts->secs, ts->nsecs / 1000000, TO_STR_TIME_RES_T_MSECS); ++ break; ++ case TS_PREC_FIXED_USEC: ++ display_signed_time(cinfo->col_buf[col], COL_MAX_LEN, ++ (gint32) ts->secs, ts->nsecs / 1000, TO_STR_TIME_RES_T_USECS); ++ break; ++ case TS_PREC_FIXED_NSEC: ++ case TS_PREC_AUTO: /* default to maximum */ ++ display_signed_time(cinfo->col_buf[col], COL_MAX_LEN, ++ (gint32) ts->secs, ts->nsecs, TO_STR_TIME_RES_T_NSECS); ++ break; ++ default: ++ g_assert_not_reached(); + } + cinfo->col_data[col] = cinfo->col_buf[col]; + cinfo->col_expr.col_expr[col] = fieldname; +diff --git a/epan/column.c b/epan/column.c +index 231f1c5..43da75f 100644 +--- a/epan/column.c ++++ b/epan/column.c +@@ -254,28 +254,23 @@ get_timestamp_column_longest_string(const gint type, const gint precision) + case(TS_ABSOLUTE_WITH_DATE): + case(TS_UTC_WITH_DATE): + switch(precision) { +- case(TS_PREC_AUTO_SEC): + case(TS_PREC_FIXED_SEC): + return "0000-00-00 00:00:00"; + break; +- case(TS_PREC_AUTO_DSEC): + case(TS_PREC_FIXED_DSEC): + return "0000-00-00 00:00:00.0"; + break; +- case(TS_PREC_AUTO_CSEC): + case(TS_PREC_FIXED_CSEC): + return "0000-00-00 00:00:00.00"; + break; +- case(TS_PREC_AUTO_MSEC): + case(TS_PREC_FIXED_MSEC): + return "0000-00-00 00:00:00.000"; + break; +- case(TS_PREC_AUTO_USEC): + case(TS_PREC_FIXED_USEC): + return "0000-00-00 00:00:00.000000"; + break; +- case(TS_PREC_AUTO_NSEC): + case(TS_PREC_FIXED_NSEC): ++ case(TS_PREC_AUTO): /* Leave enough room for the maximum */ + return "0000-00-00 00:00:00.000000000"; + break; + default: +@@ -285,28 +280,23 @@ get_timestamp_column_longest_string(const gint type, const gint precision) + case(TS_ABSOLUTE): + case(TS_UTC): + switch(precision) { +- case(TS_PREC_AUTO_SEC): + case(TS_PREC_FIXED_SEC): + return "00:00:00"; + break; +- case(TS_PREC_AUTO_DSEC): + case(TS_PREC_FIXED_DSEC): + return "00:00:00.0"; + break; +- case(TS_PREC_AUTO_CSEC): + case(TS_PREC_FIXED_CSEC): + return "00:00:00.00"; + break; +- case(TS_PREC_AUTO_MSEC): + case(TS_PREC_FIXED_MSEC): + return "00:00:00.000"; + break; +- case(TS_PREC_AUTO_USEC): + case(TS_PREC_FIXED_USEC): + return "00:00:00.000000"; + break; +- case(TS_PREC_AUTO_NSEC): + case(TS_PREC_FIXED_NSEC): ++ case(TS_PREC_AUTO): /* Leave enough room for the maximum */ + return "00:00:00.000000000"; + break; + default: +@@ -317,28 +307,23 @@ get_timestamp_column_longest_string(const gint type, const gint precision) + case(TS_DELTA): + case(TS_DELTA_DIS): + switch(precision) { +- case(TS_PREC_AUTO_SEC): + case(TS_PREC_FIXED_SEC): + return "0000"; + break; +- case(TS_PREC_AUTO_DSEC): + case(TS_PREC_FIXED_DSEC): + return "0000.0"; + break; +- case(TS_PREC_AUTO_CSEC): + case(TS_PREC_FIXED_CSEC): + return "0000.00"; + break; +- case(TS_PREC_AUTO_MSEC): + case(TS_PREC_FIXED_MSEC): + return "0000.000"; + break; +- case(TS_PREC_AUTO_USEC): + case(TS_PREC_FIXED_USEC): + return "0000.000000"; + break; +- case(TS_PREC_AUTO_NSEC): + case(TS_PREC_FIXED_NSEC): ++ case(TS_PREC_AUTO): /* Leave enough room for the maximum */ + return "0000.000000000"; + break; + default: +@@ -348,28 +333,23 @@ get_timestamp_column_longest_string(const gint type, const gint precision) + case(TS_EPOCH): + /* This is enough to represent 2^63 (signed 64-bit integer) + fractions */ + switch(precision) { +- case(TS_PREC_AUTO_SEC): + case(TS_PREC_FIXED_SEC): + return "0000000000000000000"; + break; +- case(TS_PREC_AUTO_DSEC): + case(TS_PREC_FIXED_DSEC): + return "0000000000000000000.0"; + break; +- case(TS_PREC_AUTO_CSEC): + case(TS_PREC_FIXED_CSEC): + return "0000000000000000000.00"; + break; +- case(TS_PREC_AUTO_MSEC): + case(TS_PREC_FIXED_MSEC): + return "0000000000000000000.000"; + break; +- case(TS_PREC_AUTO_USEC): + case(TS_PREC_FIXED_USEC): + return "0000000000000000000.000000"; + break; +- case(TS_PREC_AUTO_NSEC): + case(TS_PREC_FIXED_NSEC): ++ case(TS_PREC_AUTO): /* Leave enough room for the maximum */ + return "0000000000000000000.000000000"; + break; + default: +diff --git a/epan/frame_data.c b/epan/frame_data.c +index 63d9805..79b435e 100644 +--- a/epan/frame_data.c ++++ b/epan/frame_data.c +@@ -269,6 +269,7 @@ frame_data_init(frame_data *fdata, guint32 num, + fdata->flags.ignored = 0; + fdata->flags.has_ts = (phdr->presence_flags & WTAP_HAS_TS) ? 1 : 0; + fdata->flags.has_if_id = (phdr->presence_flags & WTAP_HAS_INTERFACE_ID) ? 1 : 0; ++ fdata->tsprec = (guint16)phdr->pkt_tsprec; + fdata->flags.has_pack_flags = (phdr->presence_flags & WTAP_HAS_PACK_FLAGS) ? 1 : 0; + fdata->color_filter = NULL; + fdata->abs_ts.secs = phdr->ts.secs; +diff --git a/epan/frame_data.h b/epan/frame_data.h +index 580d238..2a73cdf 100644 +--- a/epan/frame_data.h ++++ b/epan/frame_data.h +@@ -69,6 +69,7 @@ typedef struct _frame_data { + unsigned int has_if_id : 1; /**< 1 = has interface ID, 0 = no interface ID */ + unsigned int has_pack_flags : 1; /**< 1 = has packet flags, 0 = no packet flags */ + } flags; ++ gint16 tsprec; /**< Time stamp precision */ + + const void *color_filter; /**< Per-packet matching color_filter_t object */ + +diff --git a/epan/timestamp.c b/epan/timestamp.c +index 155d8bb..65aa41c 100644 +--- a/epan/timestamp.c ++++ b/epan/timestamp.c +@@ -30,7 +30,7 @@ + * and distinguish it from a command line value */ + static ts_type timestamp_type = TS_NOT_SET; + +-static int timestamp_precision = TS_PREC_AUTO_USEC; ++static int timestamp_precision = TS_PREC_AUTO; + + static ts_seconds_type timestamp_seconds_type = TS_SECONDS_NOT_SET; + +diff --git a/epan/timestamp.h b/epan/timestamp.h +index 0992b3e..3881696 100644 +--- a/epan/timestamp.h ++++ b/epan/timestamp.h +@@ -52,19 +52,13 @@ typedef enum { + } ts_type; + + typedef enum { +- TS_PREC_AUTO, /* recent */ +- TS_PREC_FIXED_SEC, /* recent and internal */ +- TS_PREC_FIXED_DSEC, /* recent and internal */ +- TS_PREC_FIXED_CSEC, /* recent and internal */ +- TS_PREC_FIXED_MSEC, /* recent and internal */ +- TS_PREC_FIXED_USEC, /* recent and internal */ +- TS_PREC_FIXED_NSEC, /* recent and internal */ +- TS_PREC_AUTO_SEC, /* internal */ +- TS_PREC_AUTO_DSEC, /* internal */ +- TS_PREC_AUTO_CSEC, /* internal */ +- TS_PREC_AUTO_MSEC, /* internal */ +- TS_PREC_AUTO_USEC, /* internal */ +- TS_PREC_AUTO_NSEC /* internal */ ++ TS_PREC_AUTO, ++ TS_PREC_FIXED_SEC, ++ TS_PREC_FIXED_DSEC, ++ TS_PREC_FIXED_CSEC, ++ TS_PREC_FIXED_MSEC, ++ TS_PREC_FIXED_USEC, ++ TS_PREC_FIXED_NSEC, + } ts_precision; + + typedef enum { +diff --git a/epan/wslua/make-init-lua.pl b/epan/wslua/make-init-lua.pl +index 878faf5..e9f186d 100755 +--- a/epan/wslua/make-init-lua.pl ++++ b/epan/wslua/make-init-lua.pl +@@ -33,6 +33,7 @@ my $WSROOT = shift; + die "'$WSROOT' is not a directory" unless -d $WSROOT; + + my $wtap_encaps_table = ''; ++my $wtap_tsprecs_table = ''; + my $wtap_filetypes_table = ''; + my $ft_types_table = ''; + my $bases_table = ''; +@@ -42,6 +43,7 @@ my $menu_groups = ''; + + my %replacements = %{{ + WTAP_ENCAPS => \$wtap_encaps_table, ++ WTAP_TSPRECS => \$wtap_tsprecs_table, + WTAP_FILETYPES => \$wtap_filetypes_table, + FT_TYPES => \$ft_types_table, + BASES => \$bases_table, +@@ -69,6 +71,7 @@ close TEMPLATE; + # + + $wtap_encaps_table = "-- Wiretap encapsulations XXX\nwtap_encaps = {\n"; ++$wtap_tsprecs_table = "-- Wiretap timestamp precision types\nwtap_tsprecs = {\n"; + $wtap_filetypes_table = "-- Wiretap file types\nwtap_filetypes = {\n"; + + open WTAP_H, "< $WSROOT/wiretap/wtap.h" or die "cannot open '$WSROOT/wiretap/wtap.h': $!"; +@@ -81,10 +84,17 @@ while() { + if ( /^#define WTAP_FILE_([A-Z0-9_]+)\s+(\d+)/ ) { + $wtap_filetypes_table .= "\t[\"$1\"] = $2,\n"; + } ++ ++ if ( /^#define WTAP_TSPREC_([A-Z0-9_]+)\s+(\d+)/ ) { ++ $wtap_tsprecs_table .= "\t[\"$1\"] = $2,\n"; ++ # for backwards compatibility we need to add them to the filetypes table too ++ $wtap_filetypes_table .= "\t[\"TSPREC_$1\"] = $2,\n"; ++ } + } + + $wtap_encaps_table =~ s/,\n$/\n}\nwtap = wtap_encaps -- for bw compatibility\n/msi; + $wtap_filetypes_table =~ s/,\n$/\n}\n/msi; ++$wtap_tsprecs_table =~ s/,\n$/\n}\n/msi; + + # + # Extract values from epan/ftypes/ftypes.h: +diff --git a/epan/wslua/template-init.lua b/epan/wslua/template-init.lua +index 2538c4c..31f298e 100644 +--- a/epan/wslua/template-init.lua ++++ b/epan/wslua/template-init.lua +@@ -66,6 +66,8 @@ end + + -- %WTAP_ENCAPS% + ++-- %WTAP_TSPRECS% ++ + -- %WTAP_FILETYPES% + + -- %FT_TYPES% +diff --git a/file.c b/file.c +index 5059e0b..6db3c68 100644 +--- a/file.c ++++ b/file.c +@@ -222,7 +222,6 @@ void + cf_timestamp_auto_precision(capture_file *cf) + { + int i; +- int prec = timestamp_get_precision(); + + + /* don't try to get the file's precision if none is opened */ +@@ -230,38 +229,6 @@ cf_timestamp_auto_precision(capture_file *cf) + return; + } + +- /* if we are in auto mode, set precision of current file */ +- if (prec == TS_PREC_AUTO || +- prec == TS_PREC_AUTO_SEC || +- prec == TS_PREC_AUTO_DSEC || +- prec == TS_PREC_AUTO_CSEC || +- prec == TS_PREC_AUTO_MSEC || +- prec == TS_PREC_AUTO_USEC || +- prec == TS_PREC_AUTO_NSEC) +- { +- switch(wtap_file_tsprecision(cf->wth)) { +- case(WTAP_FILE_TSPREC_SEC): +- timestamp_set_precision(TS_PREC_AUTO_SEC); +- break; +- case(WTAP_FILE_TSPREC_DSEC): +- timestamp_set_precision(TS_PREC_AUTO_DSEC); +- break; +- case(WTAP_FILE_TSPREC_CSEC): +- timestamp_set_precision(TS_PREC_AUTO_CSEC); +- break; +- case(WTAP_FILE_TSPREC_MSEC): +- timestamp_set_precision(TS_PREC_AUTO_MSEC); +- break; +- case(WTAP_FILE_TSPREC_USEC): +- timestamp_set_precision(TS_PREC_AUTO_USEC); +- break; +- case(WTAP_FILE_TSPREC_NSEC): +- timestamp_set_precision(TS_PREC_AUTO_NSEC); +- break; +- default: +- g_assert_not_reached(); +- } +- } + /* Set the column widths of those columns that show the time in + "command-line-specified" format. */ + for (i = 0; i < cf->cinfo.num_cols; i++) { +diff --git a/rawshark.c b/rawshark.c +index dbb9f42..1d2ff97 100644 +--- a/rawshark.c ++++ b/rawshark.c +@@ -832,35 +832,6 @@ main(int argc, char *argv[]) + } + } + +- /* Set timestamp precision; there should arguably be a command-line +- option to let the user set this. */ +-#if 0 +- switch(wtap_file_tsprecision(cfile.wth)) { +- case(WTAP_FILE_TSPREC_SEC): +- timestamp_set_precision(TS_PREC_AUTO_SEC); +- break; +- case(WTAP_FILE_TSPREC_DSEC): +- timestamp_set_precision(TS_PREC_AUTO_DSEC); +- break; +- case(WTAP_FILE_TSPREC_CSEC): +- timestamp_set_precision(TS_PREC_AUTO_CSEC); +- break; +- case(WTAP_FILE_TSPREC_MSEC): +- timestamp_set_precision(TS_PREC_AUTO_MSEC); +- break; +- case(WTAP_FILE_TSPREC_USEC): +- timestamp_set_precision(TS_PREC_AUTO_USEC); +- break; +- case(WTAP_FILE_TSPREC_NSEC): +- timestamp_set_precision(TS_PREC_AUTO_NSEC); +- break; +- default: +- g_assert_not_reached(); +- } +-#else +- timestamp_set_precision(TS_PREC_AUTO_USEC); +-#endif +- + /* Process the packets in the file */ + err = load_cap_file(&cfile); + +diff --git a/tshark.c b/tshark.c +index 98b95bf..8c8de07 100644 +--- a/tshark.c ++++ b/tshark.c +@@ -1903,31 +1903,6 @@ main(int argc, char *argv[]) + return 2; + } + +- /* Set timestamp precision; there should arguably be a command-line +- option to let the user set this. */ +- switch(wtap_file_tsprecision(cfile.wth)) { +- case(WTAP_FILE_TSPREC_SEC): +- timestamp_set_precision(TS_PREC_AUTO_SEC); +- break; +- case(WTAP_FILE_TSPREC_DSEC): +- timestamp_set_precision(TS_PREC_AUTO_DSEC); +- break; +- case(WTAP_FILE_TSPREC_CSEC): +- timestamp_set_precision(TS_PREC_AUTO_CSEC); +- break; +- case(WTAP_FILE_TSPREC_MSEC): +- timestamp_set_precision(TS_PREC_AUTO_MSEC); +- break; +- case(WTAP_FILE_TSPREC_USEC): +- timestamp_set_precision(TS_PREC_AUTO_USEC); +- break; +- case(WTAP_FILE_TSPREC_NSEC): +- timestamp_set_precision(TS_PREC_AUTO_NSEC); +- break; +- default: +- g_assert_not_reached(); +- } +- + /* Process the packets in the file */ + TRY { + #ifdef HAVE_LIBPCAP +@@ -2030,9 +2005,6 @@ main(int argc, char *argv[]) + } + } + +- /* For now, assume libpcap gives microsecond precision. */ +- timestamp_set_precision(TS_PREC_AUTO_USEC); +- + /* + * XXX - this returns FALSE if an error occurred, but it also + * returns FALSE if the capture stops because a time limit +diff --git a/ui/cli/tap-comparestat.c b/ui/cli/tap-comparestat.c +index 6f55926..d449f32 100644 +--- a/ui/cli/tap-comparestat.c ++++ b/ui/cli/tap-comparestat.c +@@ -545,8 +545,6 @@ comparestat_init(const char *optarg, void* userdata _U_) + cs->zebra_time.secs=0; + cs->zebra_time.nsecs=1; + cs->nr_tree=se_tree_create(EMEM_TREE_TYPE_RED_BLACK, "nr_tree"); +- /* microsecond precision */ +- timestamp_set_precision(TS_PREC_AUTO_NSEC); + + if(filter){ + cs->filter=g_strdup(filter); +diff --git a/ui/gtk/compare_stat.c b/ui/gtk/compare_stat.c +index e07ee96..b8ad2b2 100644 +--- a/ui/gtk/compare_stat.c ++++ b/ui/gtk/compare_stat.c +@@ -584,8 +584,6 @@ comparestat_draw(void *arg) + second_file_amount=cs->second_file_amount; + /* reset after numbering */ + cs->nr_tree=se_tree_create(EMEM_TREE_TYPE_RED_BLACK, "nr_tree"); +- /* microsecond precision for Info column*/ +- timestamp_set_precision(TS_PREC_AUTO_NSEC); + /* reset ordering */ + nstime_set_unset(&cs->current_time); + +@@ -738,8 +736,6 @@ gtk_comparestat_init(const char *opt_arg, void* userdata _U_) + cs->zebra_time.secs=0; + cs->zebra_time.nsecs=1; + cs->nr_tree=se_tree_create(EMEM_TREE_TYPE_RED_BLACK, "nr_tree"); +- /* microsecond precision */ +- timestamp_set_precision(TS_PREC_AUTO_NSEC); + + /* transient_for top_level */ + cs->win=dlg_window_new("compare-stat"); +diff --git a/ui/gtk/main_menubar.c b/ui/gtk/main_menubar.c +index 23ceff2..dd83125 100644 +--- a/ui/gtk/main_menubar.c ++++ b/ui/gtk/main_menubar.c +@@ -635,11 +635,7 @@ timestamp_precision_new_cb (GtkRadioAction *action, GtkRadioAction *current _U_, + value = gtk_radio_action_get_current_value (action); + if (recent.gui_time_precision != value) { + /* the actual precision will be set in packet_list_queue_draw() below */ +- if (value == TS_PREC_AUTO) { +- timestamp_set_precision(TS_PREC_AUTO_SEC); +- } else { +- timestamp_set_precision(value); +- } ++ timestamp_set_precision(value); + recent.gui_time_precision = value; + /* This call adjusts column width */ + cf_timestamp_auto_precision(&cfile); +@@ -1818,7 +1814,7 @@ static const GtkRadioActionEntry main_menu_bar_radio_view_time_entries [] = + static const GtkRadioActionEntry main_menu_bar_radio_view_time_fileformat_prec_entries [] = + { + /* name, stock id, label, accel, tooltip, value */ +- { "/View/TimeDisplayFormat/FileFormatPrecision-Automatic", NULL, "Automatic (File Format Precision)", NULL, NULL, TS_PREC_AUTO }, ++ { "/View/TimeDisplayFormat/FileFormatPrecision-Automatic", NULL, "Automatic (use precision indicated in the file)", NULL, NULL, TS_PREC_AUTO }, + { "/View/TimeDisplayFormat/FileFormatPrecision-Seconds", NULL, "Seconds: 0", NULL, NULL, TS_PREC_FIXED_SEC }, + { "/View/TimeDisplayFormat/FileFormatPrecision-Deciseconds", NULL, "Deciseconds: 0.1", NULL, NULL, TS_PREC_FIXED_DSEC }, + { "/View/TimeDisplayFormat/FileFormatPrecision-Centiseconds", NULL, "Centiseconds: 0.12", NULL, NULL, TS_PREC_FIXED_CSEC }, +@@ -4634,8 +4630,8 @@ menu_recent_read_finished(void) + cf_timestamp_auto_precision(&cfile); + packet_list_queue_draw(); + /* the actual precision will be set in packet_list_queue_draw() below */ +- if (recent.gui_time_precision == TS_PREC_AUTO) { +- timestamp_set_precision(TS_PREC_AUTO_SEC); ++ if (recent.gui_time_precision > TS_PREC_FIXED_NSEC) { ++ timestamp_set_precision(TS_PREC_AUTO); + } else { + timestamp_set_precision(recent.gui_time_precision); + } +diff --git a/ui/qt/main.cpp b/ui/qt/main.cpp +index 12b0e81..3193702 100644 +--- a/ui/qt/main.cpp ++++ b/ui/qt/main.cpp +@@ -856,7 +856,7 @@ int main(int argc, char *argv[]) + + g_log(NULL, G_LOG_LEVEL_DEBUG, "FIX: timestamp types should be set elsewhere"); + timestamp_set_type(TS_RELATIVE); +- timestamp_set_precision(TS_PREC_AUTO_USEC); ++ timestamp_set_precision(TS_PREC_AUTO); + timestamp_set_seconds_type(TS_SECONDS_DEFAULT); + + ///////// +diff --git a/wiretap/5views.c b/wiretap/5views.c +index e8dd0b8..c7a9078 100644 +--- a/wiretap/5views.c ++++ b/wiretap/5views.c +@@ -191,7 +191,7 @@ int _5views_open(wtap *wth, int *err, gchar **err_info) + wth->subtype_seek_read = _5views_seek_read; + wth->file_encap = encap; + wth->snapshot_length = 0; /* not available in header */ +- wth->tsprecision = WTAP_FILE_TSPREC_NSEC; ++ wth->file_tsprec = WTAP_TSPREC_NSEC; + + return 1; + } +diff --git a/wiretap/aethra.c b/wiretap/aethra.c +index d04bf8d..02d1b6c 100644 +--- a/wiretap/aethra.c ++++ b/wiretap/aethra.c +@@ -178,7 +178,7 @@ int aethra_open(wtap *wth, int *err, gchar **err_info) + */ + wth->file_encap = WTAP_ENCAP_ISDN; + wth->snapshot_length = 0; /* not available in header */ +- wth->tsprecision = WTAP_FILE_TSPREC_MSEC; ++ wth->file_tsprec = WTAP_TSPREC_MSEC; + return 1; + } + +diff --git a/wiretap/ascendtext.c b/wiretap/ascendtext.c +index d0b4e76..a05fe34 100644 +--- a/wiretap/ascendtext.c ++++ b/wiretap/ascendtext.c +@@ -229,7 +229,7 @@ int ascend_open(wtap *wth, int *err, gchar **err_info) + } + ascend->inittime = statbuf.st_ctime; + ascend->adjusted = 0; +- wth->tsprecision = WTAP_FILE_TSPREC_USEC; ++ wth->file_tsprec = WTAP_TSPREC_USEC; + + init_parse_ascend(); + +diff --git a/wiretap/ber.c b/wiretap/ber.c +index 990db1d..6904367 100644 +--- a/wiretap/ber.c ++++ b/wiretap/ber.c +@@ -192,7 +192,7 @@ int ber_open(wtap *wth, int *err, gchar **err_info) + + wth->subtype_read = ber_read; + wth->subtype_seek_read = ber_seek_read; +- wth->tsprecision = WTAP_FILE_TSPREC_SEC; ++ wth->file_tsprec = WTAP_TSPREC_SEC; + + return 1; + } +diff --git a/wiretap/btsnoop.c b/wiretap/btsnoop.c +index 042cc8b..1a2e8ac 100644 +--- a/wiretap/btsnoop.c ++++ b/wiretap/btsnoop.c +@@ -147,7 +147,7 @@ int btsnoop_open(wtap *wth, int *err, gchar **err_info) + wth->subtype_seek_read = btsnoop_seek_read; + wth->file_encap = file_encap; + wth->snapshot_length = 0; /* not available in header */ +- wth->tsprecision = WTAP_FILE_TSPREC_USEC; ++ wth->file_tsprec = WTAP_TSPREC_USEC; + wth->file_type = WTAP_FILE_BTSNOOP; + return 1; + } +@@ -443,7 +443,7 @@ gboolean btsnoop_dump_open_h1(wtap_dumper *wdh, int *err) + switch (wdh->file_type) { + + case WTAP_FILE_BTSNOOP: +- wdh->tsprecision = WTAP_FILE_TSPREC_USEC; ++ wdh->tsprecision = WTAP_TSPREC_USEC; + break; + + default: +@@ -485,7 +485,7 @@ gboolean btsnoop_dump_open_h4(wtap_dumper *wdh, int *err) + switch (wdh->file_type) { + + case WTAP_FILE_BTSNOOP: +- wdh->tsprecision = WTAP_FILE_TSPREC_USEC; ++ wdh->tsprecision = WTAP_TSPREC_USEC; + break; + + default: +diff --git a/wiretap/camins.c b/wiretap/camins.c +index 879b68d..3c7a608 100644 +--- a/wiretap/camins.c ++++ b/wiretap/camins.c +@@ -372,7 +372,7 @@ int camins_open(wtap *wth, int *err, gchar **err_info _U_) + + wth->file_encap = WTAP_ENCAP_DVBCI; + wth->snapshot_length = 0; +- wth->tsprecision = WTAP_FILE_TSPREC_MSEC; ++ wth->file_tsprec = WTAP_TSPREC_MSEC; + + wth->priv = NULL; + +diff --git a/wiretap/catapult_dct2000.c b/wiretap/catapult_dct2000.c +index a17ab0d..b389d2a 100644 +--- a/wiretap/catapult_dct2000.c ++++ b/wiretap/catapult_dct2000.c +@@ -262,7 +262,7 @@ catapult_dct2000_open(wtap *wth, int *err, gchar **err_info) + wth->subtype_close = catapult_dct2000_close; + + /* Choose microseconds (have 4 decimal places...) */ +- wth->tsprecision = WTAP_FILE_TSPREC_USEC; ++ wth->file_tsprec = WTAP_TSPREC_USEC; + + + /***************************************************************/ +diff --git a/wiretap/commview.c b/wiretap/commview.c +index 935d15f..f85b1c8 100644 +--- a/wiretap/commview.c ++++ b/wiretap/commview.c +@@ -126,7 +126,7 @@ int commview_open(wtap *wth, int *err, gchar **err_info) + + wth->file_type = WTAP_FILE_COMMVIEW; + wth->file_encap = WTAP_ENCAP_PER_PACKET; +- wth->tsprecision = WTAP_FILE_TSPREC_USEC; ++ wth->file_tsprec = WTAP_TSPREC_USEC; + + return 1; /* Our kind of file */ + } +diff --git a/wiretap/cosine.c b/wiretap/cosine.c +index d6db197..76892b2 100644 +--- a/wiretap/cosine.c ++++ b/wiretap/cosine.c +@@ -282,7 +282,7 @@ int cosine_open(wtap *wth, int *err, gchar **err_info) + wth->snapshot_length = 0; /* not known */ + wth->subtype_read = cosine_read; + wth->subtype_seek_read = cosine_seek_read; +- wth->tsprecision = WTAP_FILE_TSPREC_CSEC; ++ wth->file_tsprec = WTAP_TSPREC_CSEC; + + return 1; + } +diff --git a/wiretap/csids.c b/wiretap/csids.c +index a60fd11..30702b4 100644 +--- a/wiretap/csids.c ++++ b/wiretap/csids.c +@@ -139,7 +139,7 @@ int csids_open(wtap *wth, int *err, gchar **err_info) + wth->snapshot_length = 0; /* not known */ + wth->subtype_read = csids_read; + wth->subtype_seek_read = csids_seek_read; +- wth->tsprecision = WTAP_FILE_TSPREC_SEC; ++ wth->file_tsprec = WTAP_TSPREC_SEC; + + return 1; + } +diff --git a/wiretap/daintree-sna.c b/wiretap/daintree-sna.c +index a9edc71..4c79217 100644 +--- a/wiretap/daintree-sna.c ++++ b/wiretap/daintree-sna.c +@@ -125,7 +125,7 @@ int daintree_sna_open(wtap *wth, int *err, gchar **err_info) + /* set up for file type */ + wth->file_type = WTAP_FILE_DAINTREE_SNA; + wth->file_encap = WTAP_ENCAP_IEEE802_15_4_NOFCS; +- wth->tsprecision = WTAP_FILE_TSPREC_USEC; ++ wth->file_tsprec = WTAP_TSPREC_USEC; + wth->snapshot_length = 0; /* not available in header */ + + return 1; /* it's a Daintree file */ +diff --git a/wiretap/dbs-etherwatch.c b/wiretap/dbs-etherwatch.c +index 11ab38a..cc3d0c3 100644 +--- a/wiretap/dbs-etherwatch.c ++++ b/wiretap/dbs-etherwatch.c +@@ -192,7 +192,7 @@ int dbs_etherwatch_open(wtap *wth, int *err, gchar **err_info) + wth->snapshot_length = 0; /* not known */ + wth->subtype_read = dbs_etherwatch_read; + wth->subtype_seek_read = dbs_etherwatch_seek_read; +- wth->tsprecision = WTAP_FILE_TSPREC_CSEC; ++ wth->file_tsprec = WTAP_TSPREC_CSEC; + + return 1; + } +diff --git a/wiretap/dct3trace.c b/wiretap/dct3trace.c +index e2285ec..94e1012 100644 +--- a/wiretap/dct3trace.c ++++ b/wiretap/dct3trace.c +@@ -181,7 +181,7 @@ int dct3trace_open(wtap *wth, int *err, gchar **err_info) + wth->snapshot_length = 0; /* not known */ + wth->subtype_read = dct3trace_read; + wth->subtype_seek_read = dct3trace_seek_read; +- wth->tsprecision = WTAP_FILE_TSPREC_SEC; ++ wth->file_tsprec = WTAP_TSPREC_SEC; + + return 1; + } +diff --git a/wiretap/erf.c b/wiretap/erf.c +index 6fe4847..d762745 100644 +--- a/wiretap/erf.c ++++ b/wiretap/erf.c +@@ -274,7 +274,7 @@ extern int erf_open(wtap *wth, int *err, gchar **err_info) + + wth->subtype_read = erf_read; + wth->subtype_seek_read = erf_seek_read; +- wth->tsprecision = WTAP_FILE_TSPREC_NSEC; ++ wth->file_tsprec = WTAP_TSPREC_NSEC; + + erf_populate_interfaces(wth); + +@@ -698,7 +698,7 @@ int erf_dump_open(wtap_dumper *wdh, int *err) + + switch(wdh->file_type){ + case WTAP_FILE_ERF: +- wdh->tsprecision = WTAP_FILE_TSPREC_NSEC; ++ wdh->tsprecision = WTAP_TSPREC_NSEC; + break; + default: + *err = WTAP_ERR_UNSUPPORTED_FILE_TYPE; +diff --git a/wiretap/eyesdn.c b/wiretap/eyesdn.c +index c32f5b8..5ff55df 100644 +--- a/wiretap/eyesdn.c ++++ b/wiretap/eyesdn.c +@@ -148,7 +148,7 @@ int eyesdn_open(wtap *wth, int *err, gchar **err_info) + wth->snapshot_length = 0; /* not known */ + wth->subtype_read = eyesdn_read; + wth->subtype_seek_read = eyesdn_seek_read; +- wth->tsprecision = WTAP_FILE_TSPREC_USEC; ++ wth->file_tsprec = WTAP_TSPREC_USEC; + + return 1; + } +diff --git a/wiretap/file_access.c b/wiretap/file_access.c +index cbea1af..640b867 100644 +--- a/wiretap/file_access.c ++++ b/wiretap/file_access.c +@@ -357,7 +357,7 @@ wtap* wtap_open_offline(const char *filename, int *err, char **err_info, + wth->file_encap = WTAP_ENCAP_UNKNOWN; + wth->subtype_sequential_close = NULL; + wth->subtype_close = NULL; +- wth->tsprecision = WTAP_FILE_TSPREC_USEC; ++ wth->file_tsprec = WTAP_TSPREC_USEC; + wth->priv = NULL; + + init_open_routines(); +diff --git a/wiretap/hcidump.c b/wiretap/hcidump.c +index 50c37c1..f7b839f 100644 +--- a/wiretap/hcidump.c ++++ b/wiretap/hcidump.c +@@ -157,7 +157,7 @@ int hcidump_open(wtap *wth, int *err, gchar **err_info) + + wth->subtype_read = hcidump_read; + wth->subtype_seek_read = hcidump_seek_read; +- wth->tsprecision = WTAP_FILE_TSPREC_USEC; ++ wth->file_tsprec = WTAP_TSPREC_USEC; + + return 1; + } +diff --git a/wiretap/i4btrace.c b/wiretap/i4btrace.c +index 5cabbfe..e0e4f4a 100644 +--- a/wiretap/i4btrace.c ++++ b/wiretap/i4btrace.c +@@ -112,7 +112,7 @@ int i4btrace_open(wtap *wth, int *err, gchar **err_info) + i4btrace->byte_swapped = byte_swapped; + + wth->file_encap = WTAP_ENCAP_ISDN; +- wth->tsprecision = WTAP_FILE_TSPREC_USEC; ++ wth->file_tsprec = WTAP_TSPREC_USEC; + + return 1; + } +diff --git a/wiretap/ipfix.c b/wiretap/ipfix.c +index 9a65680..97d4529 100644 +--- a/wiretap/ipfix.c ++++ b/wiretap/ipfix.c +@@ -239,7 +239,7 @@ ipfix_open(wtap *wth, int *err, gchar **err_info) + /* all's good, this is a IPFIX file */ + wth->file_encap = WTAP_ENCAP_RAW_IPFIX; + wth->snapshot_length = 0; +- wth->tsprecision = WTAP_FILE_TSPREC_SEC; ++ wth->file_tsprec = WTAP_TSPREC_SEC; + wth->subtype_read = ipfix_read; + wth->subtype_seek_read = ipfix_seek_read; + wth->subtype_close = ipfix_close; +diff --git a/wiretap/iptrace.c b/wiretap/iptrace.c +index 152e008..aad4b3c 100644 +--- a/wiretap/iptrace.c ++++ b/wiretap/iptrace.c +@@ -72,13 +72,13 @@ int iptrace_open(wtap *wth, int *err, gchar **err_info) + wth->file_type = WTAP_FILE_IPTRACE_1_0; + wth->subtype_read = iptrace_read_1_0; + wth->subtype_seek_read = iptrace_seek_read_1_0; +- wth->tsprecision = WTAP_FILE_TSPREC_SEC; ++ wth->file_tsprec = WTAP_TSPREC_SEC; + } + else if (strcmp(name, "iptrace 2.0") == 0) { + wth->file_type = WTAP_FILE_IPTRACE_2_0; + wth->subtype_read = iptrace_read_2_0; + wth->subtype_seek_read = iptrace_seek_read_2_0; +- wth->tsprecision = WTAP_FILE_TSPREC_NSEC; ++ wth->file_tsprec = WTAP_TSPREC_NSEC; + } + else { + return 0; +diff --git a/wiretap/iseries.c b/wiretap/iseries.c +index e31d5ec..8d5e111 100644 +--- a/wiretap/iseries.c ++++ b/wiretap/iseries.c +@@ -250,7 +250,7 @@ iseries_open (wtap * wth, int *err, gchar ** err_info) + wth->snapshot_length = 0; + wth->subtype_read = iseries_read; + wth->subtype_seek_read = iseries_seek_read; +- wth->tsprecision = WTAP_FILE_TSPREC_USEC; ++ wth->file_tsprec = WTAP_TSPREC_USEC; + + if (file_seek (wth->fh, 0, SEEK_SET, err) == -1) + { +@@ -290,7 +290,7 @@ iseries_open (wtap * wth, int *err, gchar ** err_info) + wth->snapshot_length = 0; + wth->subtype_read = iseries_read; + wth->subtype_seek_read = iseries_seek_read; +- wth->tsprecision = WTAP_FILE_TSPREC_USEC; ++ wth->file_tsprec = WTAP_TSPREC_USEC; + + if (file_seek (wth->fh, 0, SEEK_SET, err) == -1) + { +diff --git a/wiretap/k12.c b/wiretap/k12.c +index 85db119..5923eb9 100644 +--- a/wiretap/k12.c ++++ b/wiretap/k12.c +@@ -832,7 +832,7 @@ int k12_open(wtap *wth, int *err, gchar **err_info) { + wth->subtype_seek_read = k12_seek_read; + wth->subtype_close = k12_close; + wth->priv = (void *)file_data; +- wth->tsprecision = WTAP_FILE_TSPREC_NSEC; ++ wth->file_tsprec = WTAP_TSPREC_NSEC; + + return 1; + } +diff --git a/wiretap/k12text.l b/wiretap/k12text.l +index 817eb92..fdfd3a7 100644 +--- a/wiretap/k12text.l ++++ b/wiretap/k12text.l +@@ -351,7 +351,7 @@ k12text_open(wtap *wth, int *err, gchar **err_info _U_) + wth->snapshot_length = 0; + wth->subtype_read = k12text_read; + wth->subtype_seek_read = k12text_seek_read; +- wth->tsprecision = WTAP_FILE_TSPREC_NSEC; ++ wth->file_tsprec = WTAP_TSPREC_NSEC; + + return 1; + } +diff --git a/wiretap/lanalyzer.c b/wiretap/lanalyzer.c +index eb83872..35dad96 100644 +--- a/wiretap/lanalyzer.c ++++ b/wiretap/lanalyzer.c +@@ -348,7 +348,7 @@ int lanalyzer_open(wtap *wth, int *err, gchar **err_info) + wth->subtype_read = lanalyzer_read; + wth->subtype_seek_read = lanalyzer_seek_read; + wth->snapshot_length = 0; +- wth->tsprecision = WTAP_FILE_TSPREC_NSEC; ++ wth->file_tsprec = WTAP_TSPREC_NSEC; + + /* Read records until we find the start of packets */ + while (1) { +diff --git a/wiretap/libpcap.c b/wiretap/libpcap.c +index 47dafc7..5477073 100644 +--- a/wiretap/libpcap.c ++++ b/wiretap/libpcap.c +@@ -107,7 +107,7 @@ int libpcap_open(wtap *wth, int *err, gchar **err_info) + a program using either standard or ss990417 libpcap. */ + byte_swapped = FALSE; + modified = FALSE; +- wth->tsprecision = WTAP_FILE_TSPREC_USEC; ++ wth->file_tsprec = WTAP_TSPREC_USEC; + break; + + case PCAP_MODIFIED_MAGIC: +@@ -115,7 +115,7 @@ int libpcap_open(wtap *wth, int *err, gchar **err_info) + a program using either ss990915 or ss991029 libpcap. */ + byte_swapped = FALSE; + modified = TRUE; +- wth->tsprecision = WTAP_FILE_TSPREC_USEC; ++ wth->file_tsprec = WTAP_TSPREC_USEC; + break; + + case PCAP_SWAPPED_MAGIC: +@@ -124,7 +124,7 @@ int libpcap_open(wtap *wth, int *err, gchar **err_info) + ss990417 libpcap. */ + byte_swapped = TRUE; + modified = FALSE; +- wth->tsprecision = WTAP_FILE_TSPREC_USEC; ++ wth->file_tsprec = WTAP_TSPREC_USEC; + break; + + case PCAP_SWAPPED_MODIFIED_MAGIC: +@@ -133,7 +133,7 @@ int libpcap_open(wtap *wth, int *err, gchar **err_info) + or ss991029 libpcap. */ + byte_swapped = TRUE; + modified = TRUE; +- wth->tsprecision = WTAP_FILE_TSPREC_USEC; ++ wth->file_tsprec = WTAP_TSPREC_USEC; + break; + + case PCAP_NSEC_MAGIC: +@@ -142,7 +142,7 @@ int libpcap_open(wtap *wth, int *err, gchar **err_info) + except that the time stamps have nanosecond resolution. */ + byte_swapped = FALSE; + modified = FALSE; +- wth->tsprecision = WTAP_FILE_TSPREC_NSEC; ++ wth->file_tsprec = WTAP_TSPREC_NSEC; + break; + + case PCAP_SWAPPED_NSEC_MAGIC: +@@ -152,7 +152,7 @@ int libpcap_open(wtap *wth, int *err, gchar **err_info) + nanosecond resolution. */ + byte_swapped = TRUE; + modified = FALSE; +- wth->tsprecision = WTAP_FILE_TSPREC_NSEC; ++ wth->file_tsprec = WTAP_TSPREC_NSEC; + break; + + default: +@@ -311,7 +311,7 @@ int libpcap_open(wtap *wth, int *err, gchar **err_info) + * precision to nanosecond precision. + */ + wth->file_type = WTAP_FILE_PCAP_AIX; +- wth->tsprecision = WTAP_FILE_TSPREC_NSEC; ++ wth->file_tsprec = WTAP_TSPREC_NSEC; + return 1; + } + +@@ -400,7 +400,7 @@ int libpcap_open(wtap *wth, int *err, gchar **err_info) + * + * Try the standard format first. + */ +- if(wth->tsprecision == WTAP_FILE_TSPREC_NSEC) { ++ if(wth->file_tsprec == WTAP_TSPREC_NSEC) { + wth->file_type = WTAP_FILE_PCAP_NSEC; + } else { + wth->file_type = WTAP_FILE_PCAP; +@@ -662,7 +662,7 @@ static gboolean libpcap_read(wtap *wth, int *err, gchar **err_info, + /* Update the Timestamp, if not already done */ + if (wth->file_encap != WTAP_ENCAP_ERF) { + wth->phdr.ts.secs = hdr.hdr.ts_sec; +- if(wth->tsprecision == WTAP_FILE_TSPREC_NSEC) { ++ if(wth->file_tsprec == WTAP_TSPREC_NSEC) { + wth->phdr.ts.nsecs = hdr.hdr.ts_usec; + } else { + wth->phdr.ts.nsecs = hdr.hdr.ts_usec * 1000; +@@ -901,18 +901,18 @@ gboolean libpcap_dump_open(wtap_dumper *wdh, int *err) + case WTAP_FILE_PCAP_SS990417: /* modified, but with the old magic, sigh */ + case WTAP_FILE_PCAP_NOKIA: /* Nokia libpcap of some sort */ + magic = PCAP_MAGIC; +- wdh->tsprecision = WTAP_FILE_TSPREC_USEC; ++ wdh->tsprecision = WTAP_TSPREC_USEC; + break; + + case WTAP_FILE_PCAP_SS990915: /* new magic, extra crap */ + case WTAP_FILE_PCAP_SS991029: + magic = PCAP_MODIFIED_MAGIC; +- wdh->tsprecision = WTAP_FILE_TSPREC_USEC; ++ wdh->tsprecision = WTAP_TSPREC_USEC; + break; + + case WTAP_FILE_PCAP_NSEC: /* same as WTAP_FILE_PCAP, but nsec precision */ + magic = PCAP_NSEC_MAGIC; +- wdh->tsprecision = WTAP_FILE_TSPREC_NSEC; ++ wdh->tsprecision = WTAP_TSPREC_NSEC; + break; + + default: +@@ -966,7 +966,7 @@ static gboolean libpcap_dump(wtap_dumper *wdh, + phdrsize = pcap_get_phdr_size(wdh->encap, pseudo_header); + + rec_hdr.hdr.ts_sec = (guint32) phdr->ts.secs; +- if(wdh->tsprecision == WTAP_FILE_TSPREC_NSEC) { ++ if(wdh->tsprecision == WTAP_TSPREC_NSEC) { + rec_hdr.hdr.ts_usec = phdr->ts.nsecs; + } else { + rec_hdr.hdr.ts_usec = phdr->ts.nsecs / 1000; +diff --git a/wiretap/mime_file.c b/wiretap/mime_file.c +index 6c64d0e..d0aae88 100644 +--- a/wiretap/mime_file.c ++++ b/wiretap/mime_file.c +@@ -190,7 +190,7 @@ mime_file_open(wtap *wth, int *err, gchar **err_info) + + wth->file_type = WTAP_FILE_MIME; + wth->file_encap = WTAP_ENCAP_MIME; +- wth->tsprecision = WTAP_FILE_TSPREC_SEC; ++ wth->file_tsprec = WTAP_TSPREC_SEC; + wth->subtype_read = mime_read; + wth->subtype_seek_read = mime_seek_read; + wth->snapshot_length = 0; +diff --git a/wiretap/mp2t.c b/wiretap/mp2t.c +index 8496437..de057ba 100644 +--- a/wiretap/mp2t.c ++++ b/wiretap/mp2t.c +@@ -220,7 +220,7 @@ mp2t_open(wtap *wth, int *err, gchar **err_info) + + wth->file_type = WTAP_FILE_MPEG_2_TS; + wth->file_encap = WTAP_ENCAP_MPEG_2_TS; +- wth->tsprecision = WTAP_FILE_TSPREC_NSEC; ++ wth->file_tsprec = WTAP_TSPREC_NSEC; + wth->subtype_read = mp2t_read; + wth->subtype_seek_read = mp2t_seek_read; + wth->snapshot_length = 0; +diff --git a/wiretap/mpeg.c b/wiretap/mpeg.c +index 5c6710f..4545ffb 100644 +--- a/wiretap/mpeg.c ++++ b/wiretap/mpeg.c +@@ -299,7 +299,7 @@ good_magic: + + wth->file_type = WTAP_FILE_MPEG; + wth->file_encap = WTAP_ENCAP_MPEG; +- wth->tsprecision = WTAP_FILE_TSPREC_NSEC; ++ wth->file_tsprec = WTAP_TSPREC_NSEC; + wth->subtype_read = mpeg_read; + wth->subtype_seek_read = mpeg_seek_read; + wth->snapshot_length = 0; +diff --git a/wiretap/netmon.c b/wiretap/netmon.c +index e53bdfc..3b3ed46 100644 +--- a/wiretap/netmon.c ++++ b/wiretap/netmon.c +@@ -402,7 +402,7 @@ int netmon_open(wtap *wth, int *err, gchar **err_info) + * Version 1.x of the file format supports + * millisecond precision. + */ +- wth->tsprecision = WTAP_FILE_TSPREC_MSEC; ++ wth->file_tsprec = WTAP_TSPREC_MSEC; + break; + + case 2: +@@ -412,7 +412,7 @@ int netmon_open(wtap *wth, int *err, gchar **err_info) + * currently support that, so say + * "nanosecond precision" for now. + */ +- wth->tsprecision = WTAP_FILE_TSPREC_NSEC; ++ wth->file_tsprec = WTAP_TSPREC_NSEC; + break; + } + return 1; +diff --git a/wiretap/netscaler.c b/wiretap/netscaler.c +index ba1126c..617b17b 100644 +--- a/wiretap/netscaler.c ++++ b/wiretap/netscaler.c +@@ -651,7 +651,7 @@ int nstrace_open(wtap *wth, int *err, gchar **err_info) + nstrace->nstrace_buf_offset = 0; + } + +- wth->tsprecision = WTAP_FILE_TSPREC_NSEC; ++ wth->file_tsprec = WTAP_TSPREC_NSEC; + wth->phdr.ts.secs = nstrace->nspm_curtime; + wth->phdr.ts.nsecs = 0; + +diff --git a/wiretap/netscreen.c b/wiretap/netscreen.c +index ad218af..a029dd6 100644 +--- a/wiretap/netscreen.c ++++ b/wiretap/netscreen.c +@@ -184,7 +184,7 @@ int netscreen_open(wtap *wth, int *err, gchar **err_info) + wth->snapshot_length = 0; /* not known */ + wth->subtype_read = netscreen_read; + wth->subtype_seek_read = netscreen_seek_read; +- wth->tsprecision = WTAP_FILE_TSPREC_DSEC; ++ wth->file_tsprec = WTAP_TSPREC_DSEC; + + return 1; + } +diff --git a/wiretap/nettl.c b/wiretap/nettl.c +index 757ddaa..d881eeb 100644 +--- a/wiretap/nettl.c ++++ b/wiretap/nettl.c +@@ -287,7 +287,7 @@ int nettl_open(wtap *wth, int *err, gchar **err_info) + if (file_seek(wth->fh, FILE_HDR_SIZE, SEEK_SET, err) == -1) { + return -1; + } +- wth->tsprecision = WTAP_FILE_TSPREC_USEC; ++ wth->file_tsprec = WTAP_TSPREC_USEC; + + return 1; + } +diff --git a/wiretap/network_instruments.c b/wiretap/network_instruments.c +index 3640d28..9ba7100 100644 +--- a/wiretap/network_instruments.c ++++ b/wiretap/network_instruments.c +@@ -247,7 +247,7 @@ int network_instruments_open(wtap *wth, int *err, gchar **err_info) + wth->subtype_close = NULL; + wth->subtype_sequential_close = NULL; + wth->snapshot_length = 0; /* not available in header */ +- wth->tsprecision = WTAP_FILE_TSPREC_NSEC; ++ wth->file_tsprec = WTAP_TSPREC_NSEC; + wth->file_type = WTAP_FILE_NETWORK_INSTRUMENTS; + + /* reset the pointer to the first packet */ +diff --git a/wiretap/netxray.c b/wiretap/netxray.c +index c2af737..d4d2710 100644 +--- a/wiretap/netxray.c ++++ b/wiretap/netxray.c +@@ -495,12 +495,12 @@ int netxray_open(wtap *wth, int *err, gchar **err_info) + + case WTAP_FILE_NETXRAY_OLD: + ticks_per_sec = 1000.0; +- wth->tsprecision = WTAP_FILE_TSPREC_MSEC; ++ wth->file_tsprec = WTAP_TSPREC_MSEC; + break; + + case WTAP_FILE_NETXRAY_1_0: + ticks_per_sec = 1000.0; +- wth->tsprecision = WTAP_FILE_TSPREC_MSEC; ++ wth->file_tsprec = WTAP_TSPREC_MSEC; + break; + + case WTAP_FILE_NETXRAY_1_1: +@@ -511,7 +511,7 @@ int netxray_open(wtap *wth, int *err, gchar **err_info) + * and older versions of Windows Sniffer. + */ + ticks_per_sec = 1000000.0; +- wth->tsprecision = WTAP_FILE_TSPREC_USEC; ++ wth->file_tsprec = WTAP_TSPREC_USEC; + break; + + case WTAP_FILE_NETXRAY_2_00x: +@@ -668,9 +668,9 @@ int netxray_open(wtap *wth, int *err, gchar **err_info) + * XXX - Seems reasonable to use nanosecs only if TPS >= 10M + */ + if (ticks_per_sec >= 1e7) +- wth->tsprecision = WTAP_FILE_TSPREC_NSEC; ++ wth->file_tsprec = WTAP_TSPREC_NSEC; + else +- wth->tsprecision = WTAP_FILE_TSPREC_USEC; ++ wth->file_tsprec = WTAP_TSPREC_USEC; + break; + + default: +diff --git a/wiretap/ngsniffer.c b/wiretap/ngsniffer.c +index f15694f..4ada82d 100644 +--- a/wiretap/ngsniffer.c ++++ b/wiretap/ngsniffer.c +@@ -799,7 +799,7 @@ ngsniffer_open(wtap *wth, int *err, gchar **err_info) + * isn't stored in the capture file. + */ + +- wth->tsprecision = WTAP_FILE_TSPREC_NSEC; /* XXX */ ++ wth->file_tsprec = WTAP_TSPREC_NSEC; /* XXX */ + + return 1; + } +diff --git a/wiretap/packetlogger.c b/wiretap/packetlogger.c +index eece1a0..fcaedc9 100644 +--- a/wiretap/packetlogger.c ++++ b/wiretap/packetlogger.c +@@ -118,7 +118,7 @@ int packetlogger_open(wtap *wth, int *err, gchar **err_info) + + wth->file_type = WTAP_FILE_PACKETLOGGER; + wth->file_encap = WTAP_ENCAP_PACKETLOGGER; +- wth->tsprecision = WTAP_FILE_TSPREC_USEC; ++ wth->file_tsprec = WTAP_TSPREC_USEC; + + return 1; /* Our kind of file */ + } +diff --git a/wiretap/pcapng.c b/wiretap/pcapng.c +index f652057..338be96 100644 +--- a/wiretap/pcapng.c ++++ b/wiretap/pcapng.c +@@ -371,7 +371,6 @@ typedef struct wtapng_block_s { + const union wtap_pseudo_header *pseudo_header; + struct wtap_pkthdr *packet_header; + const guint8 *frame_buffer; +- int *file_encap; + } wtapng_block_t; + + /* Interface data in private struct */ +@@ -379,6 +378,7 @@ typedef struct interface_data_s { + int wtap_encap; + guint32 snap_len; + guint64 time_units_per_second; ++ int tsprecision; + } interface_data_t; + + typedef struct { +@@ -643,10 +643,12 @@ pcapng_read_section_header_block(FILE_T fh, gboolean first_block, + + /* "Interface Description Block" */ + static int +-pcapng_read_if_descr_block(FILE_T fh, pcapng_block_header_t *bh, pcapng_t *pn, +- wtapng_block_t *wblock, int *err, gchar **err_info) ++pcapng_read_if_descr_block(wtap *wth, FILE_T fh, pcapng_block_header_t *bh, ++ pcapng_t *pn, wtapng_block_t *wblock, int *err, ++ gchar **err_info) + { +- guint64 time_units_per_second = 1000000; /* default */ ++ guint64 time_units_per_second = 1000000; /* default = 10^6 */ ++ int tsprecision = WTAP_TSPREC_USEC; + int bytes_read; + int block_read; + int to_read, opt_cont_buf_len; +@@ -690,6 +692,7 @@ pcapng_read_if_descr_block(FILE_T fh, pcapng_block_header_t *bh, pcapng_t *pn, + + wblock->data.if_descr.wtap_encap = wtap_pcap_encap_to_wtap_encap(wblock->data.if_descr.link_type); + wblock->data.if_descr.time_units_per_second = time_units_per_second; ++ wblock->data.if_descr.tsprecision = tsprecision; + + pcapng_debug3("pcapng_read_if_descr_block: IDB link_type %u (%s), snap %u", + wblock->data.if_descr.link_type, +@@ -821,7 +824,20 @@ pcapng_read_if_descr_block(FILE_T fh, pcapng_block_header_t *bh, pcapng_t *pn, + } + wblock->data.if_descr.time_units_per_second = time_units_per_second; + wblock->data.if_descr.if_tsresol = if_tsresol; +- pcapng_debug2("pcapng_read_if_descr_block: if_tsresol %u, units/s %" G_GINT64_MODIFIER "u", wblock->data.if_descr.if_tsresol, wblock->data.if_descr.time_units_per_second); ++ if (time_units_per_second >= 1000000000) ++ tsprecision = WTAP_TSPREC_NSEC; ++ else if (time_units_per_second >= 1000000) ++ tsprecision = WTAP_TSPREC_USEC; ++ else if (time_units_per_second >= 1000) ++ tsprecision = WTAP_TSPREC_MSEC; ++ else if (time_units_per_second >= 100) ++ tsprecision = WTAP_TSPREC_CSEC; ++ else if (time_units_per_second >= 10) ++ tsprecision = WTAP_TSPREC_DSEC; ++ else ++ tsprecision = WTAP_TSPREC_SEC; ++ wblock->data.if_descr.tsprecision = tsprecision; ++ pcapng_debug3("pcapng_read_if_descr_block: if_tsresol %u, units/s %" G_GINT64_MODIFIER "u, tsprecision %d", wblock->data.if_descr.if_tsresol, wblock->data.if_descr.time_units_per_second, tsprecision); + } else { + pcapng_debug1("pcapng_read_if_descr_block: if_tsresol length %u not 1 as expected", oh.option_length); + } +@@ -883,12 +899,33 @@ pcapng_read_if_descr_block(FILE_T fh, pcapng_block_header_t *bh, pcapng_t *pn, + + g_free(option_content); + +- if (*wblock->file_encap == WTAP_ENCAP_UNKNOWN) { +- *wblock->file_encap = wblock->data.if_descr.wtap_encap; ++ /* ++ * If the per-file encapsulation isn't known, set it to this ++ * interface's encapsulation. ++ * ++ * If it *is* known, and it isn't this interface's encapsulation, ++ * set it to WTAP_ENCAP_PER_PACKET, as this file doesn't ++ * have a single encapsulation for all interfaces in the file, ++ * so it probably doesn't have a single encapsulation for all ++ * packets in the file. ++ */ ++ if (wth->file_encap == WTAP_ENCAP_UNKNOWN) { ++ wth->file_encap = wblock->data.if_descr.wtap_encap; + } else { +- if (*wblock->file_encap != wblock->data.if_descr.wtap_encap) { +- *wblock->file_encap = WTAP_ENCAP_PER_PACKET; +- } ++ if (wth->file_encap != wblock->data.if_descr.wtap_encap) { ++ wth->file_encap = WTAP_ENCAP_PER_PACKET; ++ } ++ } ++ ++ /* ++ * The same applies to the per-file time stamp resolution. ++ */ ++ if (wth->file_tsprec == WTAP_TSPREC_UNKNOWN) { ++ wth->file_tsprec = wblock->data.if_descr.tsprecision; ++ } else { ++ if (wth->file_tsprec != wblock->data.if_descr.tsprecision) { ++ wth->file_tsprec = WTAP_TSPREC_PER_PACKET; ++ } + } + + return block_read; +@@ -1065,6 +1102,7 @@ pcapng_read_packet_block(FILE_T fh, pcapng_block_header_t *bh, pcapng_t *pn, wta + pcap_get_phdr_size(int_data.wtap_encap, wblock->pseudo_header)); + wblock->packet_header->interface_id = wblock->data.packet.interface_id; + wblock->packet_header->pkt_encap = int_data.wtap_encap; ++ wblock->packet_header->pkt_tsprec = int_data.tsprecision; + + memset((void *)wblock->pseudo_header, 0, sizeof(union wtap_pseudo_header)); + pseudo_header_len = pcap_process_pseudo_header(fh, +@@ -1328,6 +1366,7 @@ pcapng_read_simple_packet_block(FILE_T fh, pcapng_block_header_t *bh, pcapng_t * + wblock->packet_header->presence_flags = WTAP_HAS_CAP_LEN|WTAP_HAS_INTERFACE_ID; + wblock->packet_header->interface_id = 0; + wblock->packet_header->pkt_encap = int_data.wtap_encap; ++ wblock->packet_header->pkt_tsprec = int_data.tsprecision; + wblock->packet_header->ts.secs = 0; + wblock->packet_header->ts.nsecs = 0; + wblock->packet_header->interface_id = 0; +@@ -1905,7 +1944,7 @@ pcapng_read_unknown_block(FILE_T fh, pcapng_block_header_t *bh, pcapng_t *pn _U_ + + + static int +-pcapng_read_block(FILE_T fh, gboolean first_block, pcapng_t *pn, wtapng_block_t *wblock, int *err, gchar **err_info) ++pcapng_read_block(wtap *wth, FILE_T fh, gboolean first_block, pcapng_t *pn, wtapng_block_t *wblock, int *err, gchar **err_info) + { + int block_read; + int bytes_read; +@@ -1953,7 +1992,7 @@ pcapng_read_block(FILE_T fh, gboolean first_block, pcapng_t *pn, wtapng_block_t + bytes_read = pcapng_read_section_header_block(fh, first_block, &bh, pn, wblock, err, err_info); + break; + case(BLOCK_TYPE_IDB): +- bytes_read = pcapng_read_if_descr_block(fh, &bh, pn, wblock, err, err_info); ++ bytes_read = pcapng_read_if_descr_block(wth, fh, &bh, pn, wblock, err, err_info); + break; + case(BLOCK_TYPE_PB): + bytes_read = pcapng_read_packet_block(fh, &bh, pn, wblock, err, err_info, FALSE); +@@ -2043,6 +2082,7 @@ pcapng_process_idb(wtap *wth, pcapng_t *pcapng, wtapng_block_t *wblock) + interface_data.wtap_encap = wblock->data.if_descr.wtap_encap; + interface_data.snap_len = wblock->data.if_descr.snap_len; + interface_data.time_units_per_second = wblock->data.if_descr.time_units_per_second; ++ interface_data.tsprecision = wblock->data.if_descr.tsprecision; + + g_array_append_val(pcapng->interface_data, interface_data); + pcapng->number_of_interfaces++; +@@ -2072,11 +2112,10 @@ pcapng_open(wtap *wth, int *err, gchar **err_info) + wblock.frame_buffer = NULL; + wblock.pseudo_header = NULL; + wblock.packet_header = NULL; +- wblock.file_encap = &wth->file_encap; + + pcapng_debug0("pcapng_open: opening file"); + /* read first block */ +- bytes_read = pcapng_read_block(wth->fh, TRUE, &pn, &wblock, err, err_info); ++ bytes_read = pcapng_read_block(wth, wth->fh, TRUE, &pn, &wblock, err, err_info); + if (bytes_read <= 0) { + pcapng_debug0("pcapng_open: couldn't read first SHB"); + *err = file_error(wth->fh, err_info); +@@ -2110,7 +2149,7 @@ pcapng_open(wtap *wth, int *err, gchar **err_info) + + wth->file_encap = WTAP_ENCAP_UNKNOWN; + wth->snapshot_length = 0; +- wth->tsprecision = WTAP_FILE_TSPREC_NSEC; ++ wth->file_tsprec = WTAP_TSPREC_NSEC; + pcapng = (pcapng_t *)g_malloc(sizeof(pcapng_t)); + wth->priv = (void *)pcapng; + *pcapng = pn; +@@ -2156,7 +2195,7 @@ pcapng_open(wtap *wth, int *err, gchar **err_info) + if (bh.block_type != BLOCK_TYPE_IDB) { + break; /* No more IDB:s */ + } +- bytes_read = pcapng_read_block(wth->fh, FALSE, &pn, &wblock, err, err_info); ++ bytes_read = pcapng_read_block(wth, wth->fh, FALSE, &pn, &wblock, err, err_info); + if (bytes_read == 0) { + pcapng_debug0("No more IDBs available..."); + break; +@@ -2200,14 +2239,13 @@ pcapng_read(wtap *wth, int *err, gchar **err_info, gint64 *data_offset) + wblock.frame_buffer = buffer_start_ptr(wth->frame_buffer); + wblock.pseudo_header = &wth->phdr.pseudo_header; + wblock.packet_header = &wth->phdr; +- wblock.file_encap = &wth->file_encap; + + pcapng->add_new_ipv4 = wth->add_new_ipv4; + pcapng->add_new_ipv6 = wth->add_new_ipv6; + + /* read next block */ + while (1) { +- bytes_read = pcapng_read_block(wth->fh, FALSE, pcapng, &wblock, err, err_info); ++ bytes_read = pcapng_read_block(wth, wth->fh, FALSE, pcapng, &wblock, err, err_info); + if (bytes_read <= 0) { + pcapng_debug1("pcapng_read: data_offset is finally %" G_GINT64_MODIFIER "d", *data_offset); + pcapng_debug0("pcapng_read: couldn't read packet block"); +@@ -2219,6 +2257,7 @@ pcapng_read(wtap *wth, int *err, gchar **err_info, gint64 *data_offset) + case(BLOCK_TYPE_SHB): + /* We don't currently support multi-section files. */ + wth->phdr.pkt_encap = WTAP_ENCAP_UNKNOWN; ++ wth->phdr.pkt_tsprec = WTAP_TSPREC_UNKNOWN; + *err = WTAP_ERR_UNSUPPORTED; + *err_info = g_strdup_printf("pcapng: multi-section files not currently supported."); + return FALSE; +@@ -2332,10 +2371,9 @@ pcapng_seek_read(wtap *wth, gint64 seek_off, + wblock.frame_buffer = pd; + wblock.pseudo_header = pseudo_header; + wblock.packet_header = &wth->phdr; +- wblock.file_encap = &wth->file_encap; + + /* read the block */ +- bytes_read = pcapng_read_block(wth->random_fh, FALSE, pcapng, &wblock, err, err_info); ++ bytes_read = pcapng_read_block(wth, wth->random_fh, FALSE, pcapng, &wblock, err, err_info); + if (bytes_read <= 0) { + *err = file_error(wth->random_fh, err_info); + pcapng_debug3("pcapng_seek_read: couldn't read packet block (err=%d, errno=%d, bytes_read=%d).", +diff --git a/wiretap/peekclassic.c b/wiretap/peekclassic.c +index e8b890e..8437d34 100644 +--- a/wiretap/peekclassic.c ++++ b/wiretap/peekclassic.c +@@ -354,7 +354,7 @@ peekclassic_open(wtap *wth, int *err, gchar **err_info) + } + + wth->snapshot_length = 0; /* not available in header */ +- wth->tsprecision = WTAP_FILE_TSPREC_USEC; ++ wth->file_tsprec = WTAP_TSPREC_USEC; + + return 1; + } +diff --git a/wiretap/peektagged.c b/wiretap/peektagged.c +index 7f178ae..712ea88 100644 +--- a/wiretap/peektagged.c ++++ b/wiretap/peektagged.c +@@ -338,7 +338,7 @@ int peektagged_open(wtap *wth, int *err, gchar **err_info) + wth->file_encap = file_encap; + wth->subtype_read = peektagged_read; + wth->subtype_seek_read = peektagged_seek_read; +- wth->tsprecision = WTAP_FILE_TSPREC_NSEC; ++ wth->file_tsprec = WTAP_TSPREC_NSEC; + + peektagged = (peektagged_t *)g_malloc(sizeof(peektagged_t)); + wth->priv = (void *)peektagged; +diff --git a/wiretap/pppdump.c b/wiretap/pppdump.c +index 239f1a8..e3d4165 100644 +--- a/wiretap/pppdump.c ++++ b/wiretap/pppdump.c +@@ -301,7 +301,7 @@ pppdump_open(wtap *wth, int *err, gchar **err_info) + wth->subtype_read = pppdump_read; + wth->subtype_seek_read = pppdump_seek_read; + wth->subtype_close = pppdump_close; +- wth->tsprecision = WTAP_FILE_TSPREC_DSEC; ++ wth->file_tsprec = WTAP_TSPREC_DSEC; + + state->seek_state = g_new(pppdump_t,1); + +diff --git a/wiretap/radcom.c b/wiretap/radcom.c +index 8e9b701..719d904 100644 +--- a/wiretap/radcom.c ++++ b/wiretap/radcom.c +@@ -167,7 +167,7 @@ int radcom_open(wtap *wth, int *err, gchar **err_info) + wth->subtype_read = radcom_read; + wth->subtype_seek_read = radcom_seek_read; + wth->snapshot_length = 0; /* not available in header, only in frame */ +- wth->tsprecision = WTAP_FILE_TSPREC_USEC; ++ wth->file_tsprec = WTAP_TSPREC_USEC; + + #if 0 + tm.tm_year = pletohs(&start_date.year)-1900; +diff --git a/wiretap/snoop.c b/wiretap/snoop.c +index d2f765b..2da076d 100644 +--- a/wiretap/snoop.c ++++ b/wiretap/snoop.c +@@ -433,7 +433,7 @@ int snoop_open(wtap *wth, int *err, gchar **err_info) + wth->subtype_seek_read = snoop_seek_read; + wth->file_encap = file_encap; + wth->snapshot_length = 0; /* not available in header */ +- wth->tsprecision = WTAP_FILE_TSPREC_USEC; ++ wth->file_tsprec = WTAP_TSPREC_USEC; + return 1; + } + +diff --git a/wiretap/tnef.c b/wiretap/tnef.c +index 3afd1d4..f352c24 100644 +--- a/wiretap/tnef.c ++++ b/wiretap/tnef.c +@@ -128,7 +128,7 @@ int tnef_open(wtap *wth, int *err, gchar **err_info) + + wth->subtype_read = tnef_read; + wth->subtype_seek_read = tnef_seek_read; +- wth->tsprecision = WTAP_FILE_TSPREC_SEC; ++ wth->file_tsprec = WTAP_TSPREC_SEC; + + return 1; + } +diff --git a/wiretap/toshiba.c b/wiretap/toshiba.c +index 07f00eb..f88474d 100644 +--- a/wiretap/toshiba.c ++++ b/wiretap/toshiba.c +@@ -213,7 +213,7 @@ int toshiba_open(wtap *wth, int *err, gchar **err_info) + wth->snapshot_length = 0; /* not known */ + wth->subtype_read = toshiba_read; + wth->subtype_seek_read = toshiba_seek_read; +- wth->tsprecision = WTAP_FILE_TSPREC_CSEC; ++ wth->file_tsprec = WTAP_TSPREC_CSEC; + + return 1; + } +diff --git a/wiretap/visual.c b/wiretap/visual.c +index 59400ba..a0f9852 100644 +--- a/wiretap/visual.c ++++ b/wiretap/visual.c +@@ -267,7 +267,7 @@ int visual_open(wtap *wth, int *err, gchar **err_info) + /* Set up the pointers to the handlers for this file type */ + wth->subtype_read = visual_read; + wth->subtype_seek_read = visual_seek_read; +- wth->tsprecision = WTAP_FILE_TSPREC_MSEC; ++ wth->file_tsprec = WTAP_TSPREC_MSEC; + + /* Add Visual-specific information to the wiretap struct for later use. */ + visual = (struct visual_read_info *)g_malloc(sizeof(struct visual_read_info)); +diff --git a/wiretap/vms.c b/wiretap/vms.c +index f5c440b..550a5ac 100644 +--- a/wiretap/vms.c ++++ b/wiretap/vms.c +@@ -253,7 +253,7 @@ int vms_open(wtap *wth, int *err, gchar **err_info) + wth->snapshot_length = 0; /* not known */ + wth->subtype_read = vms_read; + wth->subtype_seek_read = vms_seek_read; +- wth->tsprecision = WTAP_FILE_TSPREC_CSEC; ++ wth->file_tsprec = WTAP_TSPREC_CSEC; + + return 1; + } +diff --git a/wiretap/vwr.c b/wiretap/vwr.c +index 0f1dbc3..881ad64 100644 +--- a/wiretap/vwr.c ++++ b/wiretap/vwr.c +@@ -653,7 +653,7 @@ int vwr_open(wtap *wth, int *err, gchar **err_info) + wth->snapshot_length = 0; + wth->subtype_read = vwr_read; + wth->subtype_seek_read = vwr_seek_read; +- wth->tsprecision = WTAP_FILE_TSPREC_USEC; ++ wth->file_tsprec = WTAP_TSPREC_USEC; + + if (fpgaVer == vVW510021_W_FPGA) { + wth->file_type = WTAP_FILE_VWR_80211; +diff --git a/wiretap/wtap-int.h b/wiretap/wtap-int.h +index 1c17a42..15d5102 100644 +--- a/wiretap/wtap-int.h ++++ b/wiretap/wtap-int.h +@@ -69,11 +69,19 @@ struct wtap { + int file_encap; /* per-file, for those + * file formats that have + * per-file encapsulation +- * types +- */ +- int tsprecision; /* timestamp precision of the lower 32bits +- * e.g. WTAP_FILE_TSPREC_USEC ++ * types rather than per-packet ++ * encapsulation types + */ ++ int file_tsprec; /* per-file timestamp precision ++ * of the fractional part of ++ * the time stamp, for those ++ * file formats that have ++ * per-file timestamp ++ * precision rather than ++ * per-packet timestamp ++ * precision ++ * e.g. WTAP_TSPREC_USEC ++ */ + wtap_new_ipv4_callback_t add_new_ipv4; + wtap_new_ipv6_callback_t add_new_ipv6; + GPtrArray *fast_seek; +@@ -105,7 +113,7 @@ struct wtap_dumper { + subtype_close_func subtype_close; + + int tsprecision; /**< timestamp precision of the lower 32bits +- * e.g. WTAP_FILE_TSPREC_USEC ++ * e.g. WTAP_TSPREC_USEC + */ + struct addrinfo *addrinfo_list; + struct wtapng_section_s *shb_hdr; +diff --git a/wiretap/wtap.c b/wiretap/wtap.c +index ee0cbc2..69803d6 100644 +--- a/wiretap/wtap.c ++++ b/wiretap/wtap.c +@@ -95,9 +95,9 @@ wtap_file_encap(wtap *wth) + } + + int +-wtap_file_tsprecision(wtap *wth) ++wtap_file_tsprec(wtap *wth) + { +- return wth->tsprecision; ++ return wth->file_tsprec; + } + + wtapng_section_t * +@@ -862,6 +862,8 @@ wtap_read(wtap *wth, int *err, gchar **err_info, gint64 *data_offset) + * capture file type doesn't have to set it), and if it + * *is* WTAP_ENCAP_PER_PACKET, the caller needs to set it + * anyway. ++ * ++ * Do the same for the packet time stamp resolution. + */ + wth->phdr.pkt_encap = wth->file_encap; + +diff --git a/wiretap/wtap.h b/wiretap/wtap.h +index 36674e9..b49c280 100644 +--- a/wiretap/wtap.h ++++ b/wiretap/wtap.h +@@ -319,12 +319,14 @@ extern "C" { + #define WTAP_NUM_FILE_TYPES wtap_get_num_file_types() + + /* timestamp precision (currently only these values are supported) */ +-#define WTAP_FILE_TSPREC_SEC 0 +-#define WTAP_FILE_TSPREC_DSEC 1 +-#define WTAP_FILE_TSPREC_CSEC 2 +-#define WTAP_FILE_TSPREC_MSEC 3 +-#define WTAP_FILE_TSPREC_USEC 6 +-#define WTAP_FILE_TSPREC_NSEC 9 ++#define WTAP_TSPREC_UNKNOWN -2 ++#define WTAP_TSPREC_PER_PACKET -1 ++#define WTAP_TSPREC_SEC 0 ++#define WTAP_TSPREC_DSEC 1 ++#define WTAP_TSPREC_CSEC 2 ++#define WTAP_TSPREC_MSEC 3 ++#define WTAP_TSPREC_USEC 6 ++#define WTAP_TSPREC_NSEC 9 + + /* + * Maximum packet size we'll support. +@@ -866,7 +868,8 @@ struct wtap_pkthdr { + struct wtap_nstime ts; + guint32 caplen; /* data length in the file */ + guint32 len; /* data length on the wire */ +- int pkt_encap; ++ int pkt_encap; /* WTAP_ENCAP_ value for this packet */ ++ int pkt_tsprec; /* WTAP_TSPREC_ value for this packet */ + /* pcapng variables */ + guint32 interface_id; /* identifier of the interface. */ + /* options */ +@@ -1010,6 +1013,7 @@ typedef struct wtapng_iface_descriptions_s { + typedef struct wtapng_if_descr_s { + int wtap_encap; /**< link_type translated to wtap_encap */ + guint64 time_units_per_second; ++ int tsprecision; /**< WTAP_TSPREC_ value for this interface */ + + /* mandatory */ + guint16 link_type; +@@ -1214,7 +1218,7 @@ int wtap_file_type(wtap *wth); + WS_DLL_PUBLIC + int wtap_file_encap(wtap *wth); + WS_DLL_PUBLIC +-int wtap_file_tsprecision(wtap *wth); ++int wtap_file_tsprec(wtap *wth); + WS_DLL_PUBLIC + wtapng_section_t* wtap_file_get_shb_info(wtap *wth); + WS_DLL_PUBLIC diff --git a/SOURCES/wireshark-1.10.3-tls-ext-encrypt-then-mac.patch b/SOURCES/wireshark-1.10.3-tls-ext-encrypt-then-mac.patch new file mode 100644 index 0000000..bf3bcd9 --- /dev/null +++ b/SOURCES/wireshark-1.10.3-tls-ext-encrypt-then-mac.patch @@ -0,0 +1,24 @@ +diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c +index 8f85f11..a58ccfb 100644 +--- a/epan/dissectors/packet-ssl-utils.c ++++ b/epan/dissectors/packet-ssl-utils.c +@@ -1034,6 +1034,7 @@ const value_string tls_hello_extension_types[] = { + { 13, "signature_algorithms" }, /* RFC 5246 */ + { 14, "use_srtp" }, + { SSL_HND_HELLO_EXT_HEARTBEAT, "Heartbeat" }, /* RFC 6520 */ ++ { SSL_HND_HELLO_EXT_ENCRYPT_THEN_MAC_TYPE, "Encrypt then MAC" }, /* RFC 7366 */ + { SSL_HND_HELLO_EXT_EXTENDED_MASTER_SECRET_TYPE, "Extended Master Secret" }, /* https://tools.ietf.org/html/draft-ietf-tls-session-hash-01 */ + { 35, "SessionTicket TLS" }, /* RFC 4507 */ + { SSL_HND_HELLO_EXT_NPN, "next_protocol_negotiation"}, /* http://technotes.googlecode.com/git/nextprotoneg.html */ +diff --git a/epan/dissectors/packet-ssl-utils.h b/epan/dissectors/packet-ssl-utils.h +index 5968b8e..82dc39b 100644 +--- a/epan/dissectors/packet-ssl-utils.h ++++ b/epan/dissectors/packet-ssl-utils.h +@@ -153,6 +153,7 @@ + #define SSL_HND_HELLO_EXT_EC_POINT_FORMATS 0x000b + #define SSL_HND_HELLO_EXT_SIG_HASH_ALGS 0x000d + #define SSL_HND_HELLO_EXT_HEARTBEAT 0x000f ++#define SSL_HND_HELLO_EXT_ENCRYPT_THEN_MAC_TYPE 0x0016 + #define SSL_HND_HELLO_EXT_EXTENDED_MASTER_SECRET_TYPE 0x0017 + #define SSL_HND_HELLO_EXT_RENEG_INFO 0xff01 + #define SSL_HND_HELLO_EXT_NPN 0x3374 diff --git a/SOURCES/wireshark-1.10.3-tls-ext-master-secret.patch b/SOURCES/wireshark-1.10.3-tls-ext-master-secret.patch new file mode 100644 index 0000000..3427382 --- /dev/null +++ b/SOURCES/wireshark-1.10.3-tls-ext-master-secret.patch @@ -0,0 +1,127 @@ +diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c +index efb170a..8f85f11 100644 +--- a/epan/dissectors/packet-ssl-utils.c ++++ b/epan/dissectors/packet-ssl-utils.c +@@ -1034,6 +1034,7 @@ const value_string tls_hello_extension_types[] = { + { 13, "signature_algorithms" }, /* RFC 5246 */ + { 14, "use_srtp" }, + { SSL_HND_HELLO_EXT_HEARTBEAT, "Heartbeat" }, /* RFC 6520 */ ++ { SSL_HND_HELLO_EXT_EXTENDED_MASTER_SECRET_TYPE, "Extended Master Secret" }, /* https://tools.ietf.org/html/draft-ietf-tls-session-hash-01 */ + { 35, "SessionTicket TLS" }, /* RFC 4507 */ + { SSL_HND_HELLO_EXT_NPN, "next_protocol_negotiation"}, /* http://technotes.googlecode.com/git/nextprotoneg.html */ + { SSL_HND_HELLO_EXT_RENEG_INFO, "renegotiation_info" }, /* RFC 5746 */ +diff --git a/epan/dissectors/packet-ssl-utils.h b/epan/dissectors/packet-ssl-utils.h +index 1ba1598..5968b8e 100644 +--- a/epan/dissectors/packet-ssl-utils.h ++++ b/epan/dissectors/packet-ssl-utils.h +@@ -148,14 +148,15 @@ + #define PCT_ERR_SERVER_AUTH_FAILED 0x05 + #define PCT_ERR_SPECS_MISMATCH 0x06 + +-#define SSL_HND_HELLO_EXT_SERVER_NAME 0x0 +-#define SSL_HND_HELLO_EXT_ELLIPTIC_CURVES 0x000a +-#define SSL_HND_HELLO_EXT_EC_POINT_FORMATS 0x000b +-#define SSL_HND_HELLO_EXT_SIG_HASH_ALGS 0x000d +-#define SSL_HND_HELLO_EXT_HEARTBEAT 0x000f +-#define SSL_HND_HELLO_EXT_RENEG_INFO 0xff01 +-#define SSL_HND_HELLO_EXT_NPN 0x3374 +-#define SSL_HND_CERT_STATUS_TYPE_OCSP 1 ++#define SSL_HND_HELLO_EXT_SERVER_NAME 0x0 ++#define SSL_HND_HELLO_EXT_ELLIPTIC_CURVES 0x000a ++#define SSL_HND_HELLO_EXT_EC_POINT_FORMATS 0x000b ++#define SSL_HND_HELLO_EXT_SIG_HASH_ALGS 0x000d ++#define SSL_HND_HELLO_EXT_HEARTBEAT 0x000f ++#define SSL_HND_HELLO_EXT_EXTENDED_MASTER_SECRET_TYPE 0x0017 ++#define SSL_HND_HELLO_EXT_RENEG_INFO 0xff01 ++#define SSL_HND_HELLO_EXT_NPN 0x3374 ++#define SSL_HND_CERT_STATUS_TYPE_OCSP 1 + + /* + * Lookup tables +@@ -211,13 +212,16 @@ typedef struct _StringInfo { + #define DTLSV1DOT0_VERSION_NOT 0x100 + #define DTLSV1DOT2_VERSION 0xfefd + +-#define SSL_CLIENT_RANDOM (1<<0) +-#define SSL_SERVER_RANDOM (1<<1) +-#define SSL_CIPHER (1<<2) +-#define SSL_HAVE_SESSION_KEY (1<<3) +-#define SSL_VERSION (1<<4) +-#define SSL_MASTER_SECRET (1<<5) +-#define SSL_PRE_MASTER_SECRET (1<<6) ++#define SSL_CLIENT_RANDOM (1<<0) ++#define SSL_SERVER_RANDOM (1<<1) ++#define SSL_CIPHER (1<<2) ++#define SSL_HAVE_SESSION_KEY (1<<3) ++#define SSL_VERSION (1<<4) ++#define SSL_MASTER_SECRET (1<<5) ++#define SSL_PRE_MASTER_SECRET (1<<6) ++#define SSL_CLIENT_EXTENDED_MASTER_SECRET (1<<7) ++#define SSL_SERVER_EXTENDED_MASTER_SECRET (1<<8) ++ + + #define SSL_CIPHER_MODE_STREAM 0 + #define SSL_CIPHER_MODE_CBC 1 +diff --git a/epan/dissectors/packet-ssl.c b/epan/dissectors/packet-ssl.c +index 6f22158..d774929 100644 +--- a/epan/dissectors/packet-ssl.c ++++ b/epan/dissectors/packet-ssl.c +@@ -2396,7 +2396,8 @@ dissect_ssl3_hnd_hello_common(tvbuff_t *tvb, proto_tree *tree, + + static gint + dissect_ssl3_hnd_hello_ext(tvbuff_t *tvb, +- proto_tree *tree, guint32 offset, guint32 left) ++ proto_tree *tree, guint32 offset, guint32 left, ++ gboolean is_client, SslDecryptSession *ssl) + { + guint16 extension_length; + guint16 ext_type; +@@ -2459,6 +2460,10 @@ dissect_ssl3_hnd_hello_ext(tvbuff_t *tvb, + tvb, offset, 1, ENC_BIG_ENDIAN); + offset += ext_len; + break; ++ case SSL_HND_HELLO_EXT_EXTENDED_MASTER_SECRET_TYPE: ++ if (ssl) ++ ssl->state |= (is_client ? SSL_CLIENT_EXTENDED_MASTER_SECRET : SSL_SERVER_EXTENDED_MASTER_SECRET); ++ break; + default: + proto_tree_add_bytes_format(ext_tree, hf_ssl_handshake_extension_data, + tvb, offset, ext_len, NULL, +@@ -2673,7 +2678,7 @@ dissect_ssl3_hnd_hello_ext_ec_point_formats(tvbuff_t *tvb, + static void + dissect_ssl3_hnd_cli_hello(tvbuff_t *tvb, packet_info *pinfo, + proto_tree *tree, guint32 offset, guint32 length, +- SslDecryptSession*ssl) ++ SslDecryptSession *ssl) + { + /* struct { + * ProtocolVersion client_version; +@@ -2798,14 +2803,16 @@ dissect_ssl3_hnd_cli_hello(tvbuff_t *tvb, packet_info *pinfo, + if (length > offset - start_offset) + { + dissect_ssl3_hnd_hello_ext(tvb, tree, offset, +- length - (offset - start_offset)); ++ length - (offset - start_offset), TRUE, ++ ssl); + } + } + } + + static void + dissect_ssl3_hnd_srv_hello(tvbuff_t *tvb, +- proto_tree *tree, guint32 offset, guint32 length, SslDecryptSession *ssl) ++ proto_tree *tree, guint32 offset, guint32 length, ++ SslDecryptSession *ssl) + { + /* struct { + * ProtocolVersion server_version; +@@ -2873,7 +2880,8 @@ no_cipher: + if (length > offset - start_offset) + { + dissect_ssl3_hnd_hello_ext(tvb, tree, offset, +- length - (offset - start_offset)); ++ length - (offset - start_offset), FALSE, ++ ssl); + } + } + } diff --git a/SOURCES/wireshark-1.10.3-tls-hash-algs.patch b/SOURCES/wireshark-1.10.3-tls-hash-algs.patch new file mode 100644 index 0000000..6a0422a --- /dev/null +++ b/SOURCES/wireshark-1.10.3-tls-hash-algs.patch @@ -0,0 +1,129 @@ +diff --git a/epan/dissectors/packet-ssl-utils.h b/epan/dissectors/packet-ssl-utils.h +index aaadbe7..ccac6ae 100644 +--- a/epan/dissectors/packet-ssl-utils.h ++++ b/epan/dissectors/packet-ssl-utils.h +@@ -151,6 +151,7 @@ + #define SSL_HND_HELLO_EXT_SERVER_NAME 0x0 + #define SSL_HND_HELLO_EXT_ELLIPTIC_CURVES 0x000a + #define SSL_HND_HELLO_EXT_EC_POINT_FORMATS 0x000b ++#define SSL_HND_HELLO_EXT_SIG_HASH_ALGS 0x000d + #define SSL_HND_HELLO_EXT_HEARTBEAT 0x000f + #define SSL_HND_HELLO_EXT_RENEG_INFO 0xff01 + #define SSL_HND_HELLO_EXT_NPN 0x3374 +diff --git a/epan/dissectors/packet-ssl.c b/epan/dissectors/packet-ssl.c +index d75a3cc..b50ca22 100644 +--- a/epan/dissectors/packet-ssl.c ++++ b/epan/dissectors/packet-ssl.c +@@ -542,6 +542,9 @@ static gint dissect_ssl3_hnd_hello_ext_elliptic_curves(tvbuff_t *tvb, + static gint dissect_ssl3_hnd_hello_ext_ec_point_formats(tvbuff_t *tvb, + proto_tree *tree, guint32 offset); + ++static gint dissect_ssl3_hnd_hello_ext_sig_hash_algs(tvbuff_t *tvb, ++ proto_tree *tree, guint32 offset, guint32 ext_len); ++ + static gint dissect_ssl3_hnd_hello_ext_npn(tvbuff_t *tvb, + proto_tree *tree, guint32 offset, guint32 ext_len); + +@@ -674,6 +677,10 @@ static gint ssl_looks_like_valid_v2_handshake(tvbuff_t *tvb, + static gint ssl_looks_like_valid_pct_handshake(tvbuff_t *tvb, + const guint32 offset, + const guint32 record_length); ++ ++static gint dissect_ssl_hash_alg_list(tvbuff_t *tvb, proto_tree *tree, ++ guint32 offset, guint16 len); ++ + /********************************************************************* + * + * Main dissector +@@ -2439,6 +2446,9 @@ dissect_ssl3_hnd_hello_ext(tvbuff_t *tvb, + case SSL_HND_HELLO_EXT_EC_POINT_FORMATS: + offset = dissect_ssl3_hnd_hello_ext_ec_point_formats(tvb, ext_tree, offset); + break; ++ case SSL_HND_HELLO_EXT_SIG_HASH_ALGS: ++ offset = dissect_ssl3_hnd_hello_ext_sig_hash_algs(tvb, ext_tree, offset, ext_len); ++ break; + case SSL_HND_HELLO_EXT_NPN: + offset = dissect_ssl3_hnd_hello_ext_npn(tvb, ext_tree, offset, ext_len); + break; +@@ -2502,6 +2512,29 @@ dissect_ssl3_hnd_hello_ext_npn(tvbuff_t *tvb, + } + + static gint ++dissect_ssl3_hnd_hello_ext_sig_hash_algs(tvbuff_t *tvb, ++ proto_tree *tree, guint32 offset, guint32 ext_len) ++{ ++ guint16 sh_alg_length; ++ gint ret; ++ ++ sh_alg_length = tvb_get_ntohs(tvb, offset); ++ proto_tree_add_uint(tree, hf_ssl_handshake_sig_hash_alg_len, ++ tvb, offset, 2, sh_alg_length); ++ offset += 2; ++ if (ext_len<2 || sh_alg_length!=ext_len-2) { ++ /* ERROR: sh_alg_length must be 2 less than ext_len */ ++ return offset; ++ } ++ ++ ret = dissect_ssl_hash_alg_list(tvb, tree, offset, sh_alg_length); ++ if (ret >=0) ++ offset += ret; ++ ++ return offset; ++} ++ ++static gint + dissect_ssl3_hnd_hello_ext_reneg_info(tvbuff_t *tvb, + proto_tree *tree, guint32 offset, guint32 ext_len) + { +@@ -4957,6 +4990,51 @@ ssl_looks_like_valid_pct_handshake(tvbuff_t *tvb, const guint32 offset, + return ret; + } + ++/* dissect a list of hash algorithms, return the number of bytes dissected ++ * this is used for the signature algorithms extension and for the ++ * TLS1.2 certificate request */ ++static gint ++dissect_ssl_hash_alg_list(tvbuff_t *tvb, proto_tree *tree, ++ guint32 offset, guint16 len) ++{ ++ guint32 offset_start; ++ proto_tree *subtree, *alg_tree; ++ proto_tree *ti; ++ ++ offset_start = offset; ++ if (len==0) ++ return 0; ++ ++ ti = proto_tree_add_none_format(tree, ++ hf_ssl_handshake_sig_hash_algs, ++ tvb, offset, len, ++ "Signature Hash Algorithms (%u algorithm%s)", ++ len/2, ++ plurality(len/2, "", "s")); ++ subtree = proto_item_add_subtree(ti, ett_ssl_sig_hash_algs); ++ ++ if (len % 2) { ++ proto_tree_add_text(tree, tvb, offset, 2, ++ "Invalid Signature Hash Algorithm length: %d", len); ++ return offset-offset_start; ++ } ++ ++ while (len > 0) { ++ ti = proto_tree_add_item(subtree, hf_ssl_handshake_sig_hash_alg, ++ tvb, offset, 2, ENC_BIG_ENDIAN); ++ alg_tree = proto_item_add_subtree(ti, ett_ssl_sig_hash_alg); ++ ++ proto_tree_add_item(alg_tree, hf_ssl_handshake_sig_hash_hash, ++ tvb, offset, 1, ENC_BIG_ENDIAN); ++ proto_tree_add_item(alg_tree, hf_ssl_handshake_sig_hash_sig, ++ tvb, offset+1, 1, ENC_BIG_ENDIAN); ++ ++ offset += 2; ++ len -= 2; ++ } ++ return offset-offset_start; ++} ++ + /* UAT */ + + #ifdef HAVE_LIBGNUTLS diff --git a/SOURCES/wireshark-1.10.3-tls-key-exchange-msgs.patch b/SOURCES/wireshark-1.10.3-tls-key-exchange-msgs.patch new file mode 100644 index 0000000..29260dd --- /dev/null +++ b/SOURCES/wireshark-1.10.3-tls-key-exchange-msgs.patch @@ -0,0 +1,1469 @@ +diff --git a/epan/dissectors/packet-dtls.c b/epan/dissectors/packet-dtls.c +index 5e287e0..c43126d 100644 +--- a/epan/dissectors/packet-dtls.c ++++ b/epan/dissectors/packet-dtls.c +@@ -307,31 +307,31 @@ dtls_parse_old_keys(void) + /* record layer dissector */ + static gint dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo, + proto_tree *tree, guint32 offset, +- guint *conv_version, ++ SslSession *session, + SslDecryptSession *conv_data); + + /* change cipher spec dissector */ + static void dissect_dtls_change_cipher_spec(tvbuff_t *tvb, + proto_tree *tree, + guint32 offset, +- guint *conv_version, guint8 content_type); ++ SslSession *session, guint8 content_type); + + /* alert message dissector */ + static void dissect_dtls_alert(tvbuff_t *tvb, packet_info *pinfo, + proto_tree *tree, guint32 offset, +- guint *conv_version); ++ SslSession *session); + + /* handshake protocol dissector */ + static void dissect_dtls_handshake(tvbuff_t *tvb, packet_info *pinfo, + proto_tree *tree, guint32 offset, + guint32 record_length, +- guint *conv_version, ++ SslSession *session, + SslDecryptSession *conv_data, guint8 content_type); + + /* heartbeat message dissector */ + static void dissect_dtls_heartbeat(tvbuff_t *tvb, packet_info *pinfo, + proto_tree *tree, guint32 offset, +- guint *conv_version, guint32 record_length); ++ SslSession *session, guint32 record_length); + + + static void dissect_dtls_hnd_cli_hello(tvbuff_t *tvb, +@@ -363,7 +363,7 @@ static void dissect_dtls_hnd_cert_req(tvbuff_t *tvb, + static void dissect_dtls_hnd_finished(tvbuff_t *tvb, + proto_tree *tree, + guint32 offset, +- guint* conv_version); ++ SslSession *session); + + /* + * Support Functions +@@ -395,7 +395,7 @@ dissect_dtls(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) + guint32 offset; + gboolean first_record_in_frame; + SslDecryptSession *ssl_session; +- guint* conv_version; ++ SslSession *session; + Ssl_private_key_t *private_key; + + ti = NULL; +@@ -427,7 +427,7 @@ dissect_dtls(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) + + ssl_session = se_new0(SslDecryptSession); + ssl_session_init(ssl_session); +- ssl_session->version = SSL_VER_UNKNOWN; ++ ssl_session->session.version = SSL_VER_UNKNOWN; + conversation_add_proto_data(conversation, proto_dtls, ssl_session); + + /* we need to know witch side of conversation is speaking */ +@@ -454,7 +454,7 @@ dissect_dtls(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) + ssl_session->private_key = private_key->sexp_pkey; + } + } +- conv_version= & ssl_session->version; ++ session = &ssl_session->session; + + /* try decryption only the first time we see this packet + * (to keep cipher synchronized) */ +@@ -490,15 +490,15 @@ dissect_dtls(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) + /* first try to dispatch off the cached version + * known to be associated with the conversation + */ +- switch(*conv_version) { ++ switch(session->version) { + case SSL_VER_DTLS: + offset = dissect_dtls_record(tvb, pinfo, dtls_tree, +- offset, conv_version, ++ offset, session, + ssl_session); + break; + case SSL_VER_DTLS1DOT2: + offset = dissect_dtls_record(tvb, pinfo, dtls_tree, +- offset, conv_version, ++ offset, session, + ssl_session); + break; + +@@ -510,7 +510,7 @@ dissect_dtls(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) + { + /* looks like dtls */ + offset = dissect_dtls_record(tvb, pinfo, dtls_tree, +- offset, conv_version, ++ offset, session, + ssl_session); + } + else +@@ -622,7 +622,7 @@ decrypt_dtls_record(tvbuff_t *tvb, packet_info *pinfo, guint32 offset, + decoder = ssl->client; + } + +- if (!decoder && ssl->cipher != 0x0001 && ssl->cipher != 0x0002) { ++ if (!decoder && ssl->session.cipher != 0x0001 && ssl->session.cipher != 0x0002) { + ssl_debug_printf("decrypt_dtls_record: no decoder available\n"); + return ret; + } +@@ -650,7 +650,7 @@ decrypt_dtls_record(tvbuff_t *tvb, packet_info *pinfo, guint32 offset, + &dtls_compressed_data, &dtls_decrypted_data, &dtls_decrypted_data_avail) == 0) + ret = 1; + } +- else if (ssl->cipher == 0x0001 || ssl->cipher == 0x0002) { ++ else if (ssl->session.cipher == 0x0001 || ssl->session.cipher == 0x0002) { + /* Non-encrypting cipher RSA-NULL-MD5 or RSA-NULL-SHA */ + memcpy(dtls_decrypted_data.data, tvb_get_ptr(tvb, offset, record_length), record_length); + dtls_decrypted_data_avail = dtls_decrypted_data.data_len = record_length; +@@ -677,7 +677,7 @@ decrypt_dtls_record(tvbuff_t *tvb, packet_info *pinfo, guint32 offset, + static gint + dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo, + proto_tree *tree, guint32 offset, +- guint *conv_version, ++ SslSession *session, + SslDecryptSession* ssl) + { + +@@ -812,14 +812,14 @@ dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo, + * structure and print the column version + */ + next_byte = tvb_get_guint8(tvb, offset); +- if (*conv_version == SSL_VER_UNKNOWN ++ if (session->version == SSL_VER_UNKNOWN + && dtls_is_authoritative_version_message(content_type, next_byte)) + { + if (version == DTLSV1DOT0_VERSION || + version == DTLSV1DOT0_VERSION_NOT) + { + +- *conv_version = SSL_VER_DTLS; ++ session->version = SSL_VER_DTLS; + if (ssl) { + ssl->version_netorder = version; + ssl->state |= SSL_VERSION; +@@ -829,7 +829,7 @@ dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo, + if (version == DTLSV1DOT2_VERSION) + { + +- *conv_version = SSL_VER_DTLS1DOT2; ++ session->version = SSL_VER_DTLS1DOT2; + if (ssl) { + ssl->version_netorder = version; + ssl->state |= SSL_VERSION; +@@ -867,7 +867,7 @@ dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo, + case SSL_ID_CHG_CIPHER_SPEC: + col_append_str(pinfo->cinfo, COL_INFO, "Change Cipher Spec"); + dissect_dtls_change_cipher_spec(tvb, dtls_record_tree, +- offset, conv_version, content_type); ++ offset, session, content_type); + if (ssl) ssl_change_cipher(ssl, ssl_packet_from_server(ssl, dtls_associations, pinfo)); + break; + case SSL_ID_ALERT: +@@ -882,12 +882,10 @@ dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo, + /* try to retrieve and use decrypted alert record, if any. */ + decrypted = ssl_get_record_info(tvb, proto_dtls, pinfo, offset); + if (decrypted) { +- dissect_dtls_alert(decrypted, pinfo, dtls_record_tree, 0, +- conv_version); ++ dissect_dtls_alert(decrypted, pinfo, dtls_record_tree, 0, session); + add_new_data_source(pinfo, decrypted, "Decrypted SSL record"); + } else { +- dissect_dtls_alert(tvb, pinfo, dtls_record_tree, offset, +- conv_version); ++ dissect_dtls_alert(tvb, pinfo, dtls_record_tree, offset, session); + } + break; + } +@@ -908,11 +906,11 @@ dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo, + decrypted = ssl_get_record_info(tvb, proto_dtls, pinfo, offset); + if (decrypted) { + dissect_dtls_handshake(decrypted, pinfo, dtls_record_tree, 0, +- tvb_length(decrypted), conv_version, ssl, content_type); ++ tvb_length(decrypted), session, ssl, content_type); + add_new_data_source(pinfo, decrypted, "Decrypted SSL record"); + } else { + dissect_dtls_handshake(tvb, pinfo, dtls_record_tree, offset, +- record_length, conv_version, ssl, content_type); ++ record_length, session, ssl, content_type); + } + break; + } +@@ -935,7 +933,7 @@ dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo, + + proto_item_set_text(dtls_record_tree, + "%s Record Layer: %s Protocol: %s", +- val_to_str_const(*conv_version, ssl_version_short_names, "SSL"), ++ val_to_str_const(session->version, ssl_version_short_names, "SSL"), + val_to_str_const(content_type, ssl_31_content_type, "unknown"), + association?association->info:"Application Data"); + +@@ -988,11 +986,11 @@ dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo, + decrypted = ssl_get_record_info(tvb, proto_dtls, pinfo, offset); + if (decrypted) { + dissect_dtls_heartbeat(decrypted, pinfo, dtls_record_tree, 0, +- conv_version, record_length); ++ session, record_length); + add_new_data_source(pinfo, decrypted, "Decrypted SSL record"); + } else { + dissect_dtls_heartbeat(tvb, pinfo, dtls_record_tree, offset, +- conv_version, record_length); ++ session, record_length); + } + break; + } +@@ -1011,7 +1009,7 @@ dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo, + static void + dissect_dtls_change_cipher_spec(tvbuff_t *tvb, + proto_tree *tree, guint32 offset, +- guint* conv_version, guint8 content_type) ++ SslSession *session, guint8 content_type) + { + /* + * struct { +@@ -1023,7 +1021,7 @@ dissect_dtls_change_cipher_spec(tvbuff_t *tvb, + { + proto_item_set_text(tree, + "%s Record Layer: %s Protocol: Change Cipher Spec", +- val_to_str_const(*conv_version, ssl_version_short_names, "SSL"), ++ val_to_str_const(session->version, ssl_version_short_names, "SSL"), + val_to_str_const(content_type, ssl_31_content_type, "unknown")); + proto_tree_add_item(tree, hf_dtls_change_cipher_spec, tvb, + offset, 1, ENC_NA); +@@ -1034,7 +1032,7 @@ dissect_dtls_change_cipher_spec(tvbuff_t *tvb, + static void + dissect_dtls_alert(tvbuff_t *tvb, packet_info *pinfo, + proto_tree *tree, guint32 offset, +- guint* conv_version) ++ SslSession *session) + { + /* struct { + * AlertLevel level; +@@ -1087,7 +1085,7 @@ dissect_dtls_alert(tvbuff_t *tvb, packet_info *pinfo, + { + proto_item_set_text(tree, "%s Record Layer: Alert " + "(Level: %s, Description: %s)", +- val_to_str_const(*conv_version, ssl_version_short_names, "SSL"), ++ val_to_str_const(session->version, ssl_version_short_names, "SSL"), + level, desc); + proto_tree_add_item(ssl_alert_tree, hf_dtls_alert_message_level, + tvb, offset++, 1, ENC_BIG_ENDIAN); +@@ -1099,7 +1097,7 @@ dissect_dtls_alert(tvbuff_t *tvb, packet_info *pinfo, + { + proto_item_set_text(tree, + "%s Record Layer: Encrypted Alert", +- val_to_str_const(*conv_version, ssl_version_short_names, "SSL")); ++ val_to_str_const(session->version, ssl_version_short_names, "SSL")); + proto_item_set_text(ssl_alert_tree, + "Alert Message: Encrypted Alert"); + } +@@ -1111,7 +1109,7 @@ dissect_dtls_alert(tvbuff_t *tvb, packet_info *pinfo, + static void + dissect_dtls_handshake(tvbuff_t *tvb, packet_info *pinfo, + proto_tree *tree, guint32 offset, +- guint32 record_length, guint *conv_version, ++ guint32 record_length, SslSession *session, + SslDecryptSession* ssl, guint8 content_type) + { + /* struct { +@@ -1338,7 +1336,7 @@ dissect_dtls_handshake(tvbuff_t *tvb, packet_info *pinfo, + if (first_iteration) + { + proto_item_set_text(tree, "%s Record Layer: %s Protocol: %s%s", +- val_to_str_const(*conv_version, ssl_version_short_names, "SSL"), ++ val_to_str_const(session->version, ssl_version_short_names, "SSL"), + val_to_str_const(content_type, ssl_31_content_type, "unknown"), + (msg_type_str!=NULL) ? msg_type_str : + "Encrypted Handshake Message", +@@ -1347,7 +1345,7 @@ dissect_dtls_handshake(tvbuff_t *tvb, packet_info *pinfo, + else + { + proto_item_set_text(tree, "%s Record Layer: %s Protocol: %s%s", +- val_to_str_const(*conv_version, ssl_version_short_names, "SSL"), ++ val_to_str_const(session->version, ssl_version_short_names, "SSL"), + val_to_str_const(content_type, ssl_31_content_type, "unknown"), + "Multiple Handshake Messages", + (frag_str!=NULL) ? frag_str : ""); +@@ -1489,8 +1487,7 @@ dissect_dtls_handshake(tvbuff_t *tvb, packet_info *pinfo, + break; + + case SSL_HND_FINISHED: +- dissect_dtls_hnd_finished(sub_tvb, ssl_hand_tree, +- 0, conv_version); ++ dissect_dtls_hnd_finished(sub_tvb, ssl_hand_tree, 0, session); + break; + } + +@@ -1502,7 +1499,7 @@ dissect_dtls_handshake(tvbuff_t *tvb, packet_info *pinfo, + static void + dissect_dtls_heartbeat(tvbuff_t *tvb, packet_info *pinfo, + proto_tree *tree, guint32 offset, +- guint* conv_version, guint32 record_length) ++ SslSession *session, guint32 record_length) + { + /* struct { + * HeartbeatMessageType type; +@@ -1549,7 +1546,7 @@ dissect_dtls_heartbeat(tvbuff_t *tvb, packet_info *pinfo, + if (type && (payload_length <= record_length - 16 - 3)) { + proto_item_set_text(tree, "%s Record Layer: Heartbeat " + "%s", +- val_to_str_const(*conv_version, ssl_version_short_names, "SSL"), ++ val_to_str_const(session->version, ssl_version_short_names, "SSL"), + type); + proto_tree_add_item(dtls_heartbeat_tree, hf_dtls_heartbeat_message_type, + tvb, offset, 1, ENC_BIG_ENDIAN); +@@ -1571,7 +1568,7 @@ dissect_dtls_heartbeat(tvbuff_t *tvb, packet_info *pinfo, + } else { + proto_item_set_text(tree, + "%s Record Layer: Encrypted Heartbeat", +- val_to_str_const(*conv_version, ssl_version_short_names, "SSL")); ++ val_to_str_const(session->version, ssl_version_short_names, "SSL")); + proto_item_set_text(dtls_heartbeat_tree, + "Encrypted Heartbeat Message"); + } +@@ -1933,15 +1930,15 @@ dissect_dtls_hnd_srv_hello(tvbuff_t *tvb, + /* PAOLO: handle session cipher suite */ + if (ssl) { + /* store selected cipher suite for decryption */ +- ssl->cipher = tvb_get_ntohs(tvb, offset); +- if (ssl_find_cipher(ssl->cipher,&ssl->cipher_suite) < 0) { +- ssl_debug_printf("dissect_dtls_hnd_srv_hello can't find cipher suite %X\n", ssl->cipher); ++ ssl->session.cipher = tvb_get_ntohs(tvb, offset); ++ if (ssl_find_cipher(ssl->session.cipher,&ssl->cipher_suite) < 0) { ++ ssl_debug_printf("dissect_dtls_hnd_srv_hello can't find cipher suite %X\n", ssl->session.cipher); + goto no_cipher; + } + + ssl->state |= SSL_CIPHER; + ssl_debug_printf("dissect_dtls_hnd_srv_hello found cipher %X, state %X\n", +- ssl->cipher, ssl->state); ++ ssl->session.cipher, ssl->state); + + /* if we have restored a session now we can have enough material + * to build session key, check it out*/ +@@ -1963,7 +1960,7 @@ dissect_dtls_hnd_srv_hello(tvbuff_t *tvb, + no_cipher: + if (ssl) { + /* store selected compression method for decompression */ +- ssl->compression = tvb_get_guint8(tvb, offset+2); ++ ssl->session.compression = tvb_get_guint8(tvb, offset+2); + } + if (!tree) + return offset; +@@ -2223,7 +2220,7 @@ dissect_dtls_hnd_cert_req(tvbuff_t *tvb, + + static void + dissect_dtls_hnd_finished(tvbuff_t *tvb, proto_tree *tree, guint32 offset, +- guint* conv_version) ++ SslSession *session) + { + /* + * struct { +@@ -2237,7 +2234,7 @@ dissect_dtls_hnd_finished(tvbuff_t *tvb, proto_tree *tree, guint32 offset, + return; + } + +- switch(*conv_version) { ++ switch(session->version) { + case SSL_VER_DTLS: + proto_tree_add_item(tree, hf_dtls_handshake_finished, + tvb, offset, 12, ENC_NA); +diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c +index 68681f5..efb170a 100644 +--- a/epan/dissectors/packet-ssl-utils.c ++++ b/epan/dissectors/packet-ssl-utils.c +@@ -2358,13 +2358,13 @@ ssl_generate_keyring_material(SslDecryptSession*ssl_session) + + /* create both client and server ciphers*/ + ssl_debug_printf("ssl_generate_keyring_material ssl_create_decoder(client)\n"); +- ssl_session->client_new = ssl_create_decoder(&ssl_session->cipher_suite, ssl_session->compression, c_mk, c_wk, c_iv); ++ ssl_session->client_new = ssl_create_decoder(&ssl_session->cipher_suite, ssl_session->session.compression, c_mk, c_wk, c_iv); + if (!ssl_session->client_new) { + ssl_debug_printf("ssl_generate_keyring_material can't init client decoder\n"); + goto fail; + } + ssl_debug_printf("ssl_generate_keyring_material ssl_create_decoder(server)\n"); +- ssl_session->server_new = ssl_create_decoder(&ssl_session->cipher_suite, ssl_session->compression, s_mk, s_wk, s_iv); ++ ssl_session->server_new = ssl_create_decoder(&ssl_session->cipher_suite, ssl_session->session.compression, s_mk, s_wk, s_iv); + if (!ssl_session->server_new) { + ssl_debug_printf("ssl_generate_keyring_material can't init client decoder\n"); + goto fail; +diff --git a/epan/dissectors/packet-ssl-utils.h b/epan/dissectors/packet-ssl-utils.h +index ccac6ae..1ba1598 100644 +--- a/epan/dissectors/packet-ssl-utils.h ++++ b/epan/dissectors/packet-ssl-utils.h +@@ -304,6 +304,12 @@ typedef struct { + SslRecordInfo* handshake_data; + } SslPacketInfo; + ++typedef struct _SslSession { ++ gint cipher; ++ gint compression; ++ guint32 version; ++} SslSession; ++ + typedef struct _SslDecryptSession { + guchar _master_secret[48]; + guchar _session_id[256]; +@@ -320,8 +326,6 @@ typedef struct _SslDecryptSession { + guchar _client_data_for_iv[24]; + StringInfo client_data_for_iv; + +- gint cipher; +- gint compression; + gint state; + SslCipherSuite cipher_suite; + SslDecoder *server; +@@ -330,9 +334,9 @@ typedef struct _SslDecryptSession { + SslDecoder *client_new; + SSL_PRIVATE_KEY* private_key; + SSL_PSK_KEY* psk; +- guint32 version; + guint16 version_netorder; + StringInfo app_data_segment; ++ SslSession session; + + address srv_addr; + port_type srv_ptype; +diff --git a/epan/dissectors/packet-ssl.c b/epan/dissectors/packet-ssl.c +index b50ca22..6f22158 100644 +--- a/epan/dissectors/packet-ssl.c ++++ b/epan/dissectors/packet-ssl.c +@@ -507,7 +507,7 @@ ssl_association_info(void) + /* record layer dissector */ + static gint dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo, + proto_tree *tree, guint32 offset, +- guint *conv_version, guint conv_cipher, ++ SslSession *session, + gboolean *need_desegmentation, + SslDecryptSession *conv_data, + const gboolean first_record_in_frame); +@@ -516,24 +516,23 @@ static gint dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo, + static void dissect_ssl3_change_cipher_spec(tvbuff_t *tvb, + proto_tree *tree, + guint32 offset, +- guint *conv_version, const guint8 content_type); ++ SslSession *session, const guint8 content_type); + + /* alert message dissector */ + static void dissect_ssl3_alert(tvbuff_t *tvb, packet_info *pinfo, + proto_tree *tree, guint32 offset, +- guint *conv_version); ++ SslSession *session); + + /* handshake protocol dissector */ + static void dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo, + proto_tree *tree, guint32 offset, +- guint32 record_length, +- guint *conv_version, guint conv_cipher, ++ guint32 record_length, SslSession *session, + SslDecryptSession *conv_data, const guint8 content_type); + + /* heartbeat message dissector */ + static void dissect_ssl3_heartbeat(tvbuff_t *tvb, packet_info *pinfo, + proto_tree *tree, guint32 offset, +- guint *conv_version, guint32 record_length); ++ SslSession *session, guint32 record_length); + + /* hello extension dissector */ + static gint dissect_ssl3_hnd_hello_ext_elliptic_curves(tvbuff_t *tvb, +@@ -574,20 +573,22 @@ static void dissect_ssl3_hnd_cert(tvbuff_t *tvb, + static void dissect_ssl3_hnd_cert_req(tvbuff_t *tvb, + proto_tree *tree, + guint32 offset, packet_info *pinfo, +- const guint *conv_version); ++ SslSession *session); + + static void dissect_ssl3_hnd_srv_keyex_ecdh(tvbuff_t *tvb, +- proto_tree *tree, +- guint32 offset, guint32 length); +- ++ proto_tree *tree, ++ guint32 offset, guint32 length, ++ SslSession *session); + +-static void dissect_ssl3_hnd_srv_keyex_dh(tvbuff_t *tvb, +- proto_tree *tree, +- guint32 offset, guint32 length); ++static void dissect_ssl3_hnd_srv_keyex_dhe(tvbuff_t *tvb, ++ proto_tree *tree, ++ guint32 offset, guint32 length, ++ SslSession *session); + + static void dissect_ssl3_hnd_srv_keyex_rsa(tvbuff_t *tvb, + proto_tree *tree, +- guint32 offset, guint32 length); ++ guint32 offset, guint32 length, ++ SslSession *session); + + static void dissect_ssl3_hnd_cli_keyex_ecdh(tvbuff_t *tvb, + proto_tree *tree, +@@ -605,7 +606,7 @@ static void dissect_ssl3_hnd_cli_keyex_rsa(tvbuff_t *tvb, + static void dissect_ssl3_hnd_finished(tvbuff_t *tvb, + proto_tree *tree, + const guint32 offset, +- const guint *conv_version); ++ SslSession *session); + + static void dissect_ssl3_hnd_cert_status(tvbuff_t *tvb, + proto_tree *tree, +@@ -620,7 +621,7 @@ static void dissect_ssl3_hnd_cert_status(tvbuff_t *tvb, + /* record layer dissector */ + static gint dissect_ssl2_record(tvbuff_t *tvb, packet_info *pinfo, + proto_tree *tree, guint32 offset, +- guint *conv_version, ++ SslSession *session, + gboolean *need_desegmentation, + SslDecryptSession *ssl, gboolean first_record_in_frame); + +@@ -701,8 +702,7 @@ dissect_ssl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) + gboolean first_record_in_frame; + gboolean need_desegmentation; + SslDecryptSession *ssl_session; +- guint *conv_version; +- guint conv_cipher; ++ SslSession *session; + + ti = NULL; + ssl_tree = NULL; +@@ -736,11 +736,10 @@ dissect_ssl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) + else { + ssl_session = (SslDecryptSession *)se_alloc0(sizeof(SslDecryptSession)); + ssl_session_init(ssl_session); +- ssl_session->version = SSL_VER_UNKNOWN; ++ ssl_session->session.version = SSL_VER_UNKNOWN; + conversation_add_proto_data(conversation, proto_ssl, ssl_session); + } +- conv_version =& ssl_session->version; +- conv_cipher = ssl_session->cipher; ++ session = &ssl_session->session; + + /* try decryption only the first time we see this packet + * (to keep cipher synchronized) */ +@@ -789,11 +788,11 @@ dissect_ssl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) + /* first try to dispatch off the cached version + * known to be associated with the conversation + */ +- switch (*conv_version) { ++ switch (session->version) { + case SSL_VER_SSLv2: + case SSL_VER_PCT: + offset = dissect_ssl2_record(tvb, pinfo, ssl_tree, +- offset, conv_version, ++ offset, session, + &need_desegmentation, + ssl_session, + first_record_in_frame); +@@ -810,7 +809,7 @@ dissect_ssl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) + if (ssl_is_v2_client_hello(tvb, offset)) + { + offset = dissect_ssl2_record(tvb, pinfo, ssl_tree, +- offset, conv_version, ++ offset, session, + &need_desegmentation, + ssl_session, + first_record_in_frame); +@@ -818,8 +817,7 @@ dissect_ssl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) + else + { + offset = dissect_ssl3_record(tvb, pinfo, ssl_tree, +- offset, conv_version, +- conv_cipher, ++ offset, session, + &need_desegmentation, + ssl_session, + first_record_in_frame); +@@ -834,7 +832,7 @@ dissect_ssl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) + { + /* looks like sslv2 or pct client hello */ + offset = dissect_ssl2_record(tvb, pinfo, ssl_tree, +- offset, conv_version, ++ offset, session, + &need_desegmentation, + ssl_session, + first_record_in_frame); +@@ -843,8 +841,7 @@ dissect_ssl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) + { + /* looks like sslv3 or tls */ + offset = dissect_ssl3_record(tvb, pinfo, ssl_tree, +- offset, conv_version, +- conv_cipher, ++ offset, session, + &need_desegmentation, + ssl_session, + first_record_in_frame); +@@ -867,7 +864,7 @@ dissect_ssl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) + + /* Set the protocol column */ + col_set_str(pinfo->cinfo, COL_PROTOCOL, +- val_to_str_const(*conv_version, ssl_version_short_names, "SSL")); ++ val_to_str_const(session->version, ssl_version_short_names, "SSL")); + } + break; + } +@@ -1434,8 +1431,7 @@ dissect_ssl_payload(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *t + *********************************************************************/ + static gint + dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo, +- proto_tree *tree, guint32 offset, +- guint *conv_version, guint conv_cipher, ++ proto_tree *tree, guint32 offset, SslSession *session, + gboolean *need_desegmentation, + SslDecryptSession *ssl, const gboolean first_record_in_frame) + { +@@ -1473,7 +1469,7 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo, + available_bytes = tvb_length_remaining(tvb, offset); + + /* TLS 1.0/1.1 just ignores unknown records - RFC 2246 chapter 6. The TLS Record Protocol */ +- if ((*conv_version==SSL_VER_TLS || *conv_version==SSL_VER_TLSv1DOT1 || *conv_version==SSL_VER_TLSv1DOT2) && ++ if ((session->version==SSL_VER_TLS || session->version==SSL_VER_TLSv1DOT1 || session->version==SSL_VER_TLSv1DOT2) && + (available_bytes >=1 ) && !ssl_is_valid_content_type(tvb_get_guint8(tvb, offset))) { + proto_tree_add_text(tree, tvb, offset, available_bytes, "Ignored Unknown Record"); + /* on second and subsequent records per frame +@@ -1483,7 +1479,7 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo, + col_append_str(pinfo->cinfo, COL_INFO, ", "); + } + col_append_str(pinfo->cinfo, COL_INFO, "Ignored Unknown Record"); +- col_set_str(pinfo->cinfo, COL_PROTOCOL, val_to_str_const(*conv_version, ssl_version_short_names, "SSL")); ++ col_set_str(pinfo->cinfo, COL_PROTOCOL, val_to_str_const(session->version, ssl_version_short_names, "SSL")); + return offset + available_bytes; + } + +@@ -1568,7 +1564,7 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo, + + /* Set the protocol column */ + col_set_str(pinfo->cinfo, COL_PROTOCOL, +- val_to_str_const(*conv_version, ssl_version_short_names, "SSL")); ++ val_to_str_const(session->version, ssl_version_short_names, "SSL")); + + return offset + 5 + record_length; + } +@@ -1614,51 +1610,51 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo, + * structure and print the column version + */ + next_byte = tvb_get_guint8(tvb, offset); +- if (*conv_version == SSL_VER_UNKNOWN ++ if (session->version == SSL_VER_UNKNOWN + && ssl_is_authoritative_version_message(content_type, next_byte)) + { + if (version == SSLV3_VERSION) + { +- *conv_version = SSL_VER_SSLv3; ++ session->version = SSL_VER_SSLv3; + if (ssl) { + ssl->version_netorder = version; + ssl->state |= SSL_VERSION; + ssl_debug_printf("dissect_ssl3_record found version 0x%04X -> state 0x%02X\n", ssl->version_netorder, ssl->state); + } +- /*ssl_set_conv_version(pinfo, ssl->version);*/ ++ /*ssl_set_conv_version(pinfo, ssl->session.version);*/ + } + else if (version == TLSV1_VERSION) + { + +- *conv_version = SSL_VER_TLS; ++ session->version = SSL_VER_TLS; + if (ssl) { + ssl->version_netorder = version; + ssl->state |= SSL_VERSION; + ssl_debug_printf("dissect_ssl3_record found version 0x%04X(TLS 1.0) -> state 0x%02X\n", ssl->version_netorder, ssl->state); + } +- /*ssl_set_conv_version(pinfo, ssl->version);*/ ++ /*ssl_set_conv_version(pinfo, ssl->session.version);*/ + } + else if (version == TLSV1DOT1_VERSION) + { + +- *conv_version = SSL_VER_TLSv1DOT1; ++ session->version = SSL_VER_TLSv1DOT1; + if (ssl) { + ssl->version_netorder = version; + ssl->state |= SSL_VERSION; + ssl_debug_printf("dissect_ssl3_record found version 0x%04X(TLS 1.1) -> state 0x%02X\n", ssl->version_netorder, ssl->state); + } +- /*ssl_set_conv_version(pinfo, ssl->version);*/ ++ /*ssl_set_conv_version(pinfo, ssl->session.version);*/ + } + else if (version == TLSV1DOT2_VERSION) + { + +- *conv_version = SSL_VER_TLSv1DOT2; ++ session->version = SSL_VER_TLSv1DOT2; + if (ssl) { + ssl->version_netorder = version; + ssl->state |= SSL_VERSION; + ssl_debug_printf("dissect_ssl3_record found version 0x%04X(TLS 1.2) -> state 0x%02X\n", ssl->version_netorder, ssl->state); + } +- /*ssl_set_conv_version(pinfo, ssl->version);*/ ++ /*ssl_set_conv_version(pinfo, ssl->session.version);*/ + } + } + +@@ -1670,7 +1666,7 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo, + } + + col_set_str(pinfo->cinfo, COL_PROTOCOL, +- val_to_str_const(*conv_version, ssl_version_short_names, "SSL")); ++ val_to_str_const(session->version, ssl_version_short_names, "SSL")); + + /* + * now dissect the next layer +@@ -1685,7 +1681,7 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo, + ssl_debug_printf("dissect_ssl3_change_cipher_spec\n"); + col_append_str(pinfo->cinfo, COL_INFO, "Change Cipher Spec"); + dissect_ssl3_change_cipher_spec(tvb, ssl_record_tree, +- offset, conv_version, content_type); ++ offset, session, content_type); + if (ssl) ssl_change_cipher(ssl, ssl_packet_from_server(ssl, ssl_associations, pinfo)); + break; + case SSL_ID_ALERT: +@@ -1701,9 +1697,9 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo, + decrypted = ssl_get_record_info(tvb, proto_ssl, pinfo, offset); + if (decrypted) { + add_new_data_source(pinfo, decrypted, "Decrypted SSL record"); +- dissect_ssl3_alert(decrypted, pinfo, ssl_record_tree, 0, conv_version); ++ dissect_ssl3_alert(decrypted, pinfo, ssl_record_tree, 0, session); + } else { +- dissect_ssl3_alert(tvb, pinfo, ssl_record_tree, offset, conv_version); ++ dissect_ssl3_alert(tvb, pinfo, ssl_record_tree, offset, session); + } + break; + } +@@ -1726,10 +1722,11 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo, + /* add desegmented data to the data source list */ + add_new_data_source(pinfo, decrypted, "Decrypted SSL record"); + dissect_ssl3_handshake(decrypted, pinfo, ssl_record_tree, 0, +- tvb_length(decrypted), conv_version, conv_cipher, ssl, content_type); ++ tvb_length(decrypted), session, ++ ssl, content_type); + } else { + dissect_ssl3_handshake(tvb, pinfo, ssl_record_tree, offset, +- record_length, conv_version, conv_cipher, ssl, content_type); ++ record_length, session, ssl, content_type); + } + break; + } +@@ -1755,7 +1752,7 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo, + + proto_item_set_text(ssl_record_tree, + "%s Record Layer: %s Protocol: %s", +- val_to_str_const(*conv_version, ssl_version_short_names, "SSL"), ++ val_to_str_const(session->version, ssl_version_short_names, "SSL"), + val_to_str_const(content_type, ssl_31_content_type, "unknown"), + association?association->info:"Application Data"); + +@@ -1778,9 +1775,9 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo, + decrypted = ssl_get_record_info(tvb, proto_ssl, pinfo, offset); + if (decrypted) { + add_new_data_source(pinfo, decrypted, "Decrypted SSL record"); +- dissect_ssl3_heartbeat(decrypted, pinfo, ssl_record_tree, 0, conv_version, record_length); ++ dissect_ssl3_heartbeat(decrypted, pinfo, ssl_record_tree, 0, session, record_length); + } else { +- dissect_ssl3_heartbeat(tvb, pinfo, ssl_record_tree, offset, conv_version, record_length); ++ dissect_ssl3_heartbeat(tvb, pinfo, ssl_record_tree, offset, session, record_length); + } + break; + } +@@ -1799,7 +1796,7 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo, + static void + dissect_ssl3_change_cipher_spec(tvbuff_t *tvb, + proto_tree *tree, guint32 offset, +- guint *conv_version, const guint8 content_type) ++ SslSession *session, const guint8 content_type) + { + /* + * struct { +@@ -1811,7 +1808,7 @@ dissect_ssl3_change_cipher_spec(tvbuff_t *tvb, + { + proto_item_set_text(tree, + "%s Record Layer: %s Protocol: Change Cipher Spec", +- val_to_str_const(*conv_version, ssl_version_short_names, "SSL"), ++ val_to_str_const(session->version, ssl_version_short_names, "SSL"), + val_to_str_const(content_type, ssl_31_content_type, "unknown")); + proto_tree_add_item(tree, hf_ssl_change_cipher_spec, tvb, + offset++, 1, ENC_NA); +@@ -1822,7 +1819,7 @@ dissect_ssl3_change_cipher_spec(tvbuff_t *tvb, + static void + dissect_ssl3_alert(tvbuff_t *tvb, packet_info *pinfo, + proto_tree *tree, guint32 offset, +- guint *conv_version) ++ SslSession *session) + { + /* struct { + * AlertLevel level; +@@ -1872,7 +1869,7 @@ dissect_ssl3_alert(tvbuff_t *tvb, packet_info *pinfo, + { + proto_item_set_text(tree, "%s Record Layer: Alert " + "(Level: %s, Description: %s)", +- val_to_str_const(*conv_version, ssl_version_short_names, "SSL"), ++ val_to_str_const(session->version, ssl_version_short_names, "SSL"), + level, desc); + proto_tree_add_item(ssl_alert_tree, hf_ssl_alert_message_level, + tvb, offset++, 1, ENC_BIG_ENDIAN); +@@ -1884,7 +1881,7 @@ dissect_ssl3_alert(tvbuff_t *tvb, packet_info *pinfo, + { + proto_item_set_text(tree, + "%s Record Layer: Encrypted Alert", +- val_to_str_const(*conv_version, ssl_version_short_names, "SSL")); ++ val_to_str_const(session->version, ssl_version_short_names, "SSL")); + proto_item_set_text(ssl_alert_tree, + "Alert Message: Encrypted Alert"); + } +@@ -1896,7 +1893,7 @@ dissect_ssl3_alert(tvbuff_t *tvb, packet_info *pinfo, + static void + dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo, + proto_tree *tree, guint32 offset, +- guint32 record_length, guint *conv_version, guint conv_cipher, ++ guint32 record_length, SslSession *session, + SslDecryptSession *ssl, const guint8 content_type) + { + /* struct { +@@ -1981,7 +1978,7 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo, + if (first_iteration) + { + proto_item_set_text(tree, "%s Record Layer: %s Protocol: %s", +- val_to_str_const(*conv_version, ssl_version_short_names, "SSL"), ++ val_to_str_const(session->version, ssl_version_short_names, "SSL"), + val_to_str_const(content_type, ssl_31_content_type, "unknown"), + (msg_type_str!=NULL) ? msg_type_str : + "Encrypted Handshake Message"); +@@ -1989,7 +1986,7 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo, + else + { + proto_item_set_text(tree, "%s Record Layer: %s Protocol: %s", +- val_to_str_const(*conv_version, ssl_version_short_names, "SSL"), ++ val_to_str_const(session->version, ssl_version_short_names, "SSL"), + val_to_str_const(content_type, ssl_31_content_type, "unknown"), + "Multiple Handshake Messages"); + } +@@ -2048,15 +2045,15 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo, + break; + + case SSL_HND_SERVER_KEY_EXCHG: { +- switch (ssl_get_keyex_alg(conv_cipher)) { ++ switch (ssl_get_keyex_alg(session->cipher)) { + case KEX_DH: +- dissect_ssl3_hnd_srv_keyex_dh(tvb, ssl_hand_tree, offset, length); ++ dissect_ssl3_hnd_srv_keyex_dhe(tvb, ssl_hand_tree, offset, length, session); + break; + case KEX_RSA: +- dissect_ssl3_hnd_srv_keyex_rsa(tvb, ssl_hand_tree, offset, length); ++ dissect_ssl3_hnd_srv_keyex_rsa(tvb, ssl_hand_tree, offset, length, session); + break; + case KEX_ECDH: +- dissect_ssl3_hnd_srv_keyex_ecdh(tvb, ssl_hand_tree, offset, length); ++ dissect_ssl3_hnd_srv_keyex_ecdh(tvb, ssl_hand_tree, offset, length, session); + break; + default: + break; +@@ -2065,7 +2062,7 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo, + break; + + case SSL_HND_CERT_REQUEST: +- dissect_ssl3_hnd_cert_req(tvb, ssl_hand_tree, offset, pinfo, conv_version); ++ dissect_ssl3_hnd_cert_req(tvb, ssl_hand_tree, offset, pinfo, session); + break; + + case SSL_HND_SVR_HELLO_DONE: +@@ -2077,7 +2074,7 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo, + break; + + case SSL_HND_CLIENT_KEY_EXCHG: +- switch (ssl_get_keyex_alg(conv_cipher)) { ++ switch (ssl_get_keyex_alg(session->cipher)) { + case KEX_DH: + dissect_ssl3_hnd_cli_keyex_dh(tvb, ssl_hand_tree, offset, length); + break; +@@ -2098,7 +2095,7 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo, + if (!ssl) + break; + +- cipher_num = ssl->cipher; ++ cipher_num = ssl->session.cipher; + + if (cipher_num == 0x8a || cipher_num == 0x8b || cipher_num == 0x8c || cipher_num == 0x8d) + { +@@ -2174,7 +2171,7 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo, + * (it's the encrypted len and should be equal to record len - 2) + * in case of rsa1024 that would be 128 + 2 = 130; for psk not necessary + */ +- if (ssl->cipher_suite.kex==KEX_RSA && (ssl->version == SSL_VER_TLS||ssl->version == SSL_VER_TLSv1DOT1||ssl->version == SSL_VER_TLSv1DOT2)) ++ if (ssl->cipher_suite.kex==KEX_RSA && (ssl->session.version == SSL_VER_TLS||ssl->session.version == SSL_VER_TLSv1DOT1||ssl->session.version == SSL_VER_TLSv1DOT2)) + { + encrlen = tvb_get_ntohs(tvb, offset); + skip = 2; +@@ -2214,8 +2211,7 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo, + break; + + case SSL_HND_FINISHED: +- dissect_ssl3_hnd_finished(tvb, ssl_hand_tree, +- offset, conv_version); ++ dissect_ssl3_hnd_finished(tvb, ssl_hand_tree, offset, session); + break; + + case SSL_HND_CERT_STATUS: +@@ -2236,7 +2232,7 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo, + static void + dissect_ssl3_heartbeat(tvbuff_t *tvb, packet_info *pinfo, + proto_tree *tree, guint32 offset, +- guint *conv_version, guint32 record_length) ++ SslSession *session, guint32 record_length) + { + /* struct { + * HeartbeatMessageType type; +@@ -2283,7 +2279,7 @@ dissect_ssl3_heartbeat(tvbuff_t *tvb, packet_info *pinfo, + if (type && (payload_length <= record_length - 16 - 3)) { + proto_item_set_text(tree, "%s Record Layer: Heartbeat " + "%s", +- val_to_str_const(*conv_version, ssl_version_short_names, "SSL"), ++ val_to_str_const(session->version, ssl_version_short_names, "SSL"), + type); + proto_tree_add_item(tls_heartbeat_tree, hf_ssl_heartbeat_message_type, + tvb, offset, 1, ENC_BIG_ENDIAN); +@@ -2305,7 +2301,7 @@ dissect_ssl3_heartbeat(tvbuff_t *tvb, packet_info *pinfo, + } else { + proto_item_set_text(tree, + "%s Record Layer: Encrypted Heartbeat", +- val_to_str_const(*conv_version, ssl_version_short_names, "SSL")); ++ val_to_str_const(session->version, ssl_version_short_names, "SSL")); + proto_item_set_text(tls_heartbeat_tree, + "Encrypted Heartbeat Message"); + } +@@ -2840,15 +2836,15 @@ dissect_ssl3_hnd_srv_hello(tvbuff_t *tvb, + /* PAOLO: handle session cipher suite */ + if (ssl) { + /* store selected cipher suite for decryption */ +- ssl->cipher = tvb_get_ntohs(tvb, offset); +- if (ssl_find_cipher(ssl->cipher,&ssl->cipher_suite) < 0) { +- ssl_debug_printf("dissect_ssl3_hnd_srv_hello can't find cipher suite 0x%X\n", ssl->cipher); ++ ssl->session.cipher = tvb_get_ntohs(tvb, offset); ++ if (ssl_find_cipher(ssl->session.cipher,&ssl->cipher_suite) < 0) { ++ ssl_debug_printf("dissect_ssl3_hnd_srv_hello can't find cipher suite 0x%X\n", ssl->session.cipher); + goto no_cipher; + } + + ssl->state |= SSL_CIPHER; + ssl_debug_printf("dissect_ssl3_hnd_srv_hello found CIPHER 0x%04X -> state 0x%02X\n", +- ssl->cipher, ssl->state); ++ ssl->session.cipher, ssl->state); + + /* if we have restored a session now we can have enough material + * to build session key, check it out*/ +@@ -2867,7 +2863,7 @@ no_cipher: + + if (ssl) { + /* store selected compression method for decryption */ +- ssl->compression = tvb_get_guint8(tvb, offset); ++ ssl->session.compression = tvb_get_guint8(tvb, offset); + } + /* and the server-selected compression method */ + proto_tree_add_item(tree, hf_ssl_handshake_comp_method, +@@ -2975,7 +2971,7 @@ dissect_ssl3_hnd_cert(tvbuff_t *tvb, + static void + dissect_ssl3_hnd_cert_req(tvbuff_t *tvb, + proto_tree *tree, guint32 offset, packet_info *pinfo, +- const guint *conv_version) ++ SslSession *session) + { + /* + * enum { +@@ -3066,7 +3062,7 @@ dissect_ssl3_hnd_cert_req(tvbuff_t *tvb, + } + } + +- switch (*conv_version) { ++ switch (session->version) { + case SSL_VER_TLSv1DOT2: + sh_alg_length = tvb_get_ntohs(tvb, offset); + proto_tree_add_uint(tree, hf_ssl_handshake_sig_hash_alg_len, +@@ -3170,74 +3166,77 @@ dissect_ssl3_hnd_cert_req(tvbuff_t *tvb, + } + + static void ++dissect_ssl3_hnd_srv_keyex_sig(tvbuff_t *tvb, proto_tree *tree, ++ guint32 offset, SslSession *session) ++{ ++ gint sig_len; ++ proto_item *ti_algo; ++ proto_tree *ssl_algo_tree; ++ ++ switch (session->version) { ++ case SSL_VER_TLSv1DOT2: ++ case SSL_VER_DTLS1DOT2: ++ ti_algo = proto_tree_add_item(tree, hf_ssl_handshake_sig_hash_alg, tvb, ++ offset, 2, ENC_BIG_ENDIAN); ++ ssl_algo_tree = proto_item_add_subtree(ti_algo, ett_ssl_sig_hash_alg); ++ ++ /* SignatureAndHashAlgorithm { hash, signature } */ ++ proto_tree_add_item(ssl_algo_tree, hf_ssl_handshake_sig_hash_hash, tvb, ++ offset, 1, ENC_BIG_ENDIAN); ++ proto_tree_add_item(ssl_algo_tree, hf_ssl_handshake_sig_hash_sig, tvb, ++ offset + 1, 1, ENC_BIG_ENDIAN); ++ offset += 2; ++ break; ++ ++ default: ++ break; ++ } ++ ++ /* Sig */ ++ sig_len = tvb_get_ntohs(tvb, offset); ++ proto_tree_add_item(tree, hf_ssl_handshake_server_keyex_sig_len, tvb, ++ offset, 2, ENC_BIG_ENDIAN); ++ proto_tree_add_item(tree, hf_ssl_handshake_server_keyex_sig, tvb, ++ offset + 2, sig_len, ENC_NA); ++} ++ ++static void + dissect_ssl3_hnd_srv_keyex_ecdh(tvbuff_t *tvb, proto_tree *tree, +- guint32 offset, guint32 length) ++ guint32 offset, guint32 length, ++ SslSession *session) + { +- gint curve_type, curve_type_offset; +- gint named_curve, named_curve_offset; +- gint point_len, point_len_offset; +- gint sig_len, sig_len_offset; ++ gint curve_type; ++ gint point_len; + proto_item *ti_ecdh; + proto_tree *ssl_ecdh_tree; +- guint32 orig_offset; + +- orig_offset = offset; ++ ti_ecdh = proto_tree_add_text(tree, tvb, offset, length, ++ "EC Diffie-Hellman Server Params"); ++ ssl_ecdh_tree = proto_item_add_subtree(ti_ecdh, ett_ssl_keyex_params); + +- curve_type_offset = offset; ++ /* curve_type */ + curve_type = tvb_get_guint8(tvb, offset); ++ proto_tree_add_item(ssl_ecdh_tree, hf_ssl_handshake_server_keyex_curve_type, tvb, ++ offset, 1, ENC_BIG_ENDIAN); ++ offset++; + if (curve_type != 3) + return; /* only named_curves are supported */ +- offset += 1; +- if ((offset - orig_offset) > length) { +- return; +- } + +- named_curve_offset = offset; +- named_curve = tvb_get_ntohs(tvb, offset); ++ /* case curve_type == named_curve; namedcurve */ ++ proto_tree_add_item(ssl_ecdh_tree, hf_ssl_handshake_server_keyex_named_curve, tvb, ++ offset, 2, ENC_BIG_ENDIAN); + offset += 2; +- if ((offset - orig_offset) > length) { +- return; +- } + +- point_len_offset = offset; ++ /* point */ + point_len = tvb_get_guint8(tvb, offset); +- if ((offset + point_len - orig_offset) > length) { +- return; +- } ++ proto_tree_add_item(ssl_ecdh_tree, hf_ssl_handshake_server_keyex_point_len, tvb, ++ offset, 1, ENC_BIG_ENDIAN); ++ proto_tree_add_item(ssl_ecdh_tree, hf_ssl_handshake_server_keyex_point, tvb, ++ offset + 1, point_len, ENC_NA); + offset += 1 + point_len; + +- sig_len_offset = offset; +- sig_len = tvb_get_ntohs(tvb, offset); +- offset += 2 + sig_len; +- if ((offset - orig_offset) != length) { +- /* Lengths don't line up (wasn't what we expected?) */ +- return; +- } +- +- ti_ecdh = proto_tree_add_text(tree, tvb, orig_offset, +- (offset - orig_offset), "EC Diffie-Hellman Server Params"); +- ssl_ecdh_tree = proto_item_add_subtree(ti_ecdh, ett_ssl_keyex_params); +- +- /* curve_type */ +- proto_tree_add_uint(ssl_ecdh_tree, hf_ssl_handshake_server_keyex_curve_type, +- tvb, curve_type_offset, 1, curve_type); +- +- /* named_curve */ +- proto_tree_add_uint(ssl_ecdh_tree, hf_ssl_handshake_server_keyex_named_curve, +- tvb, named_curve_offset, 2, named_curve); +- +- /* point */ +- proto_tree_add_uint(ssl_ecdh_tree, hf_ssl_handshake_server_keyex_point_len, +- tvb, point_len_offset, 1, point_len); +- proto_tree_add_item(ssl_ecdh_tree, hf_ssl_handshake_server_keyex_point, +- tvb, point_len_offset+1, point_len, ENC_NA); +- +- /* Sig */ +- proto_tree_add_uint(ssl_ecdh_tree, hf_ssl_handshake_server_keyex_sig_len, +- tvb, sig_len_offset, 2, sig_len); +- proto_tree_add_item(ssl_ecdh_tree, hf_ssl_handshake_server_keyex_sig, +- tvb, sig_len_offset + 2, sig_len, ENC_NA); +- ++ /* signature */ ++ dissect_ssl3_hnd_srv_keyex_sig(tvb, ssl_ecdh_tree, offset, session); + } + + static void +@@ -3271,139 +3270,80 @@ dissect_ssl3_hnd_cli_keyex_ecdh(tvbuff_t *tvb, proto_tree *tree, + } + + static void +-dissect_ssl3_hnd_srv_keyex_dh(tvbuff_t *tvb, proto_tree *tree, +- guint32 offset, guint32 length) ++dissect_ssl3_hnd_srv_keyex_dhe(tvbuff_t *tvb, proto_tree *tree, ++ guint32 offset, guint32 length, ++ SslSession *session) + { +- gint p_len, p_len_offset; +- gint g_len, g_len_offset; +- gint ys_len, ys_len_offset; +- gint sig_len, sig_len_offset; ++ gint p_len, g_len, ys_len; + proto_item *ti_dh; + proto_tree *ssl_dh_tree; +- guint32 orig_offset; + +- orig_offset = offset; ++ ti_dh = proto_tree_add_text(tree, tvb, offset, length, ++ "Diffie-Hellman Server Params"); ++ ssl_dh_tree = proto_item_add_subtree(ti_dh, ett_ssl_keyex_params); + +- p_len_offset = offset; ++ /* p */ + p_len = tvb_get_ntohs(tvb, offset); ++ proto_tree_add_item(ssl_dh_tree, hf_ssl_handshake_server_keyex_p_len, tvb, ++ offset, 2, ENC_BIG_ENDIAN); ++ proto_tree_add_item(ssl_dh_tree, hf_ssl_handshake_server_keyex_p, tvb, ++ offset + 2, p_len, ENC_NA); + offset += 2 + p_len; +- if ((offset - orig_offset) > length) { +- return; +- } + +- g_len_offset = offset; ++ /* g */ + g_len = tvb_get_ntohs(tvb, offset); ++ proto_tree_add_item(ssl_dh_tree, hf_ssl_handshake_server_keyex_g_len, tvb, ++ offset, 2, ENC_BIG_ENDIAN); ++ proto_tree_add_item(ssl_dh_tree, hf_ssl_handshake_server_keyex_g, tvb, ++ offset + 2, g_len, ENC_NA); + offset += 2 + g_len; +- if ((offset - orig_offset) > length) { +- return; +- } + +- ys_len_offset = offset; ++ /* Ys */ + ys_len = tvb_get_ntohs(tvb, offset); ++ proto_tree_add_uint(ssl_dh_tree, hf_ssl_handshake_server_keyex_ys_len, tvb, ++ offset, 2, ys_len); ++ proto_tree_add_item(ssl_dh_tree, hf_ssl_handshake_server_keyex_ys, tvb, ++ offset + 2, ys_len, ENC_NA); + offset += 2 + ys_len; +- if ((offset - orig_offset) > length) { +- return; +- } +- +- sig_len_offset = offset; +- sig_len = tvb_get_ntohs(tvb, offset); +- offset += 2 + sig_len; +- if ((offset - orig_offset) != length) { +- /* Lengths don't line up (wasn't what we expected?) */ +- return; +- } +- +- ti_dh = proto_tree_add_text(tree, tvb, orig_offset, +- (offset - orig_offset), "Diffie-Hellman Server Params"); +- ssl_dh_tree = proto_item_add_subtree(ti_dh, ett_ssl_keyex_params); +- +- /* p */ +- proto_tree_add_uint(ssl_dh_tree, hf_ssl_handshake_server_keyex_p_len, +- tvb, p_len_offset, 2, p_len); +- proto_tree_add_item(ssl_dh_tree, hf_ssl_handshake_server_keyex_p, +- tvb, p_len_offset + 2, p_len, ENC_NA); +- +- /* g */ +- proto_tree_add_uint(ssl_dh_tree, hf_ssl_handshake_server_keyex_g_len, +- tvb, g_len_offset, 2, g_len); +- proto_tree_add_item(ssl_dh_tree, hf_ssl_handshake_server_keyex_g, +- tvb, g_len_offset + 2, g_len, ENC_NA); +- +- /* Ys */ +- proto_tree_add_uint(ssl_dh_tree, hf_ssl_handshake_server_keyex_ys_len, +- tvb, ys_len_offset, 2, ys_len); +- proto_tree_add_item(ssl_dh_tree, hf_ssl_handshake_server_keyex_ys, +- tvb, ys_len_offset + 2, ys_len, ENC_NA); +- +- /* Sig */ +- proto_tree_add_uint(ssl_dh_tree, hf_ssl_handshake_server_keyex_sig_len, +- tvb, sig_len_offset, 2, sig_len); +- proto_tree_add_item(ssl_dh_tree, hf_ssl_handshake_server_keyex_sig, +- tvb, sig_len_offset + 2, sig_len, ENC_NA); + ++ /* signature */ ++ dissect_ssl3_hnd_srv_keyex_sig(tvb, ssl_dh_tree, offset, session); + } + + /* Only used in RSA-EXPORT cipher suites */ + static void + dissect_ssl3_hnd_srv_keyex_rsa(tvbuff_t *tvb, proto_tree *tree, +- guint32 offset, guint32 length) ++ guint32 offset, guint32 length, ++ SslSession *session) + { +- gint modulus_len, modulus_len_offset; +- gint exponent_len, exponent_len_offset; +- gint sig_len, sig_len_offset; ++ gint modulus_len, exponent_len; + proto_item *ti_rsa; + proto_tree *ssl_rsa_tree; +- guint32 orig_offset; +- +- orig_offset = offset; +- +- modulus_len_offset = offset; +- modulus_len = tvb_get_ntohs(tvb, offset); +- offset += 2 + modulus_len; +- if ((offset - orig_offset) > length) { +- return; +- } +- +- exponent_len_offset = offset; +- exponent_len = tvb_get_ntohs(tvb, offset); +- offset += 2 + exponent_len; +- if ((offset - orig_offset) > length) { +- return; +- } +- +- sig_len_offset = offset; +- sig_len = tvb_get_ntohs(tvb, offset); +- offset += 2 + sig_len; +- if ((offset - orig_offset) != length) { +- /* Lengths don't line up (wasn't what we expected?) */ +- return; +- } + +- ti_rsa = proto_tree_add_text(tree, tvb, orig_offset, +- (offset - orig_offset), "RSA-EXPORT Server Params"); ++ ti_rsa = proto_tree_add_text(tree, tvb, offset, length, ++ "RSA_EXPORT Server Params"); + ssl_rsa_tree = proto_item_add_subtree(ti_rsa, ett_ssl_keyex_params); + + /* modulus */ +- proto_tree_add_uint(ssl_rsa_tree, hf_ssl_handshake_server_keyex_modulus_len, +- tvb, modulus_len_offset, 2, modulus_len); ++ modulus_len = tvb_get_ntohs(tvb, offset); ++ proto_tree_add_item(ssl_rsa_tree, hf_ssl_handshake_server_keyex_modulus_len, ++ tvb, offset, 2, ENC_BIG_ENDIAN); + proto_tree_add_item(ssl_rsa_tree, hf_ssl_handshake_server_keyex_modulus, +- tvb, modulus_len_offset + 2, modulus_len, ENC_NA); ++ tvb, offset + 2, modulus_len, ENC_NA); ++ offset += 2 + modulus_len; + + /* exponent */ +- proto_tree_add_uint(ssl_rsa_tree, hf_ssl_handshake_server_keyex_exponent_len, +- tvb, exponent_len_offset, 2, exponent_len); ++ exponent_len = tvb_get_ntohs(tvb, offset); ++ proto_tree_add_item(ssl_rsa_tree, hf_ssl_handshake_server_keyex_exponent_len, ++ tvb, offset, 2, ENC_BIG_ENDIAN); + proto_tree_add_item(ssl_rsa_tree, hf_ssl_handshake_server_keyex_exponent, +- tvb, exponent_len_offset + 2, exponent_len, ENC_NA); +- +- /* Sig */ +- proto_tree_add_uint(ssl_rsa_tree, hf_ssl_handshake_server_keyex_sig_len, +- tvb, sig_len_offset, 2, sig_len); +- proto_tree_add_item(ssl_rsa_tree, hf_ssl_handshake_server_keyex_sig, +- tvb, sig_len_offset + 2, sig_len, ENC_NA); ++ tvb, offset + 2, exponent_len, ENC_NA); ++ offset += 2 + exponent_len; + ++ /* signature */ ++ dissect_ssl3_hnd_srv_keyex_sig(tvb, ssl_rsa_tree, offset, session); + } + +- + static void + dissect_ssl3_hnd_cli_keyex_dh(tvbuff_t *tvb, proto_tree *tree, + guint32 offset, guint32 length) +@@ -3468,7 +3408,7 @@ dissect_ssl3_hnd_cli_keyex_rsa(tvbuff_t *tvb, proto_tree *tree, + static void + dissect_ssl3_hnd_finished(tvbuff_t *tvb, + proto_tree *tree, const guint32 offset, +- const guint *conv_version) ++ SslSession *session) + { + /* For TLS: + * struct { +@@ -3488,7 +3428,7 @@ dissect_ssl3_hnd_finished(tvbuff_t *tvb, + return; + } + +- switch (*conv_version) { ++ switch (session->version) { + case SSL_VER_TLS: + case SSL_VER_TLSv1DOT1: + case SSL_VER_TLSv1DOT2: +@@ -3568,7 +3508,7 @@ dissect_ssl3_hnd_cert_status(tvbuff_t *tvb, proto_tree *tree, + /* record layer dissector */ + static gint + dissect_ssl2_record(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, +- guint32 offset, guint *conv_version, ++ guint32 offset, SslSession *session, + gboolean *need_desegmentation, + SslDecryptSession *ssl, gboolean first_record_in_frame) + { +@@ -3684,19 +3624,19 @@ dissect_ssl2_record(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, + /* if we get a server_hello or later handshake in v2, then set + * this to sslv2 + */ +- if (*conv_version == SSL_VER_UNKNOWN) ++ if (session->version == SSL_VER_UNKNOWN) + { + if (ssl_looks_like_valid_pct_handshake(tvb, + (initial_offset + + record_length_length), + record_length)) { +- *conv_version = SSL_VER_PCT; +- /*ssl_set_conv_version(pinfo, ssl->version);*/ ++ session->version = SSL_VER_PCT; ++ /*ssl_set_conv_version(pinfo, ssl->session.version);*/ + } + else if (msg_type >= 2 && msg_type <= 8) + { +- *conv_version = SSL_VER_SSLv2; +- /*ssl_set_conv_version(pinfo, ssl->version);*/ ++ session->version = SSL_VER_SSLv2; ++ /*ssl_set_conv_version(pinfo, ssl->session.version);*/ + } + } + +@@ -3705,20 +3645,20 @@ dissect_ssl2_record(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, + * (e.g., on a client hello) + */ + col_set_str(pinfo->cinfo, COL_PROTOCOL, +- (*conv_version == SSL_VER_PCT) ? "PCT" : "SSLv2"); ++ (session->version == SSL_VER_PCT) ? "PCT" : "SSLv2"); + + /* see if the msg_type is valid; if not the payload is + * probably encrypted, so note that fact and bail + */ + msg_type_str = try_val_to_str(msg_type, +- (*conv_version == SSL_VER_PCT) ++ (session->version == SSL_VER_PCT) + ? pct_msg_types : ssl_20_msg_types); + if (!msg_type_str +- || ((*conv_version != SSL_VER_PCT) && ++ || ((session->version != SSL_VER_PCT) && + !ssl_looks_like_valid_v2_handshake(tvb, initial_offset + + record_length_length, + record_length)) +- || ((*conv_version == SSL_VER_PCT) && ++ || ((session->version == SSL_VER_PCT) && + !ssl_looks_like_valid_pct_handshake(tvb, initial_offset + + record_length_length, + record_length))) +@@ -3726,7 +3666,7 @@ dissect_ssl2_record(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, + if (ssl_record_tree) + { + proto_item_set_text(ssl_record_tree, "%s Record Layer: %s", +- (*conv_version == SSL_VER_PCT) ++ (session->version == SSL_VER_PCT) + ? "PCT" : "SSLv2", + "Encrypted Data"); + +@@ -3751,7 +3691,7 @@ dissect_ssl2_record(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, + if (ssl_record_tree) + { + proto_item_set_text(ssl_record_tree, "%s Record Layer: %s", +- (*conv_version == SSL_VER_PCT) ++ (session->version == SSL_VER_PCT) + ? "PCT" : "SSLv2", + msg_type_str); + } +@@ -3804,13 +3744,13 @@ dissect_ssl2_record(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, + if (ssl_record_tree) + { + proto_tree_add_item(ssl_record_tree, +- (*conv_version == SSL_VER_PCT) ++ (session->version == SSL_VER_PCT) + ? hf_pct_msg_type : hf_ssl2_msg_type, + tvb, offset, 1, ENC_BIG_ENDIAN); + } + offset += 1; /* move past msg_type byte */ + +- if (*conv_version != SSL_VER_PCT) ++ if (session->version != SSL_VER_PCT) + { + /* dissect the message (only handle client hello right now) */ + switch (msg_type) { +@@ -4580,7 +4520,7 @@ void ssl_set_master_secret(guint32 frame_num, address *addr_srv, address *addr_c + } else { + ssl = (SslDecryptSession *)se_alloc0(sizeof(SslDecryptSession)); + ssl_session_init(ssl); +- ssl->version = SSL_VER_UNKNOWN; ++ ssl->session.version = SSL_VER_UNKNOWN; + conversation_add_proto_data(conversation, proto_ssl, ssl); + } + +@@ -4589,31 +4529,31 @@ void ssl_set_master_secret(guint32 frame_num, address *addr_srv, address *addr_c + ssl_set_server(ssl, addr_srv, ptype, port_srv); + + /* version */ +- if ((ssl->version==SSL_VER_UNKNOWN) && (version!=SSL_VER_UNKNOWN)) { ++ if ((ssl->session.version==SSL_VER_UNKNOWN) && (version!=SSL_VER_UNKNOWN)) { + switch (version) { + case SSL_VER_SSLv3: +- ssl->version = SSL_VER_SSLv3; ++ ssl->session.version = SSL_VER_SSLv3; + ssl->version_netorder = SSLV3_VERSION; + ssl->state |= SSL_VERSION; + ssl_debug_printf("ssl_set_master_secret set version 0x%04X -> state 0x%02X\n", ssl->version_netorder, ssl->state); + break; + + case SSL_VER_TLS: +- ssl->version = SSL_VER_TLS; ++ ssl->session.version = SSL_VER_TLS; + ssl->version_netorder = TLSV1_VERSION; + ssl->state |= SSL_VERSION; + ssl_debug_printf("ssl_set_master_secret set version 0x%04X -> state 0x%02X\n", ssl->version_netorder, ssl->state); + break; + + case SSL_VER_TLSv1DOT1: +- ssl->version = SSL_VER_TLSv1DOT1; ++ ssl->session.version = SSL_VER_TLSv1DOT1; + ssl->version_netorder = TLSV1DOT1_VERSION; + ssl->state |= SSL_VERSION; + ssl_debug_printf("ssl_set_master_secret set version 0x%04X -> state 0x%02X\n", ssl->version_netorder, ssl->state); + break; + + case SSL_VER_TLSv1DOT2: +- ssl->version = SSL_VER_TLSv1DOT2; ++ ssl->session.version = SSL_VER_TLSv1DOT2; + ssl->version_netorder = TLSV1DOT2_VERSION; + ssl->state |= SSL_VERSION; + ssl_debug_printf("ssl_set_master_secret set version 0x%04X -> state 0x%02X\n", ssl->version_netorder, ssl->state); +@@ -4623,12 +4563,12 @@ void ssl_set_master_secret(guint32 frame_num, address *addr_srv, address *addr_c + + /* cipher */ + if (cipher > 0) { +- ssl->cipher = cipher; +- if (ssl_find_cipher(ssl->cipher,&ssl->cipher_suite) < 0) { +- ssl_debug_printf("ssl_set_master_secret can't find cipher suite 0x%X\n", ssl->cipher); ++ ssl->session.cipher = cipher; ++ if (ssl_find_cipher(ssl->session.cipher,&ssl->cipher_suite) < 0) { ++ ssl_debug_printf("ssl_set_master_secret can't find cipher suite 0x%X\n", ssl->session.cipher); + } else { + ssl->state |= SSL_CIPHER; +- ssl_debug_printf("ssl_set_master_secret set CIPHER 0x%04X -> state 0x%02X\n", ssl->cipher, ssl->state); ++ ssl_debug_printf("ssl_set_master_secret set CIPHER 0x%04X -> state 0x%02X\n", ssl->session.cipher, ssl->state); + } + } + diff --git a/SOURCES/wireshark-1.10.x-disable-warning-dialog.patch b/SOURCES/wireshark-1.10.x-disable-warning-dialog.patch new file mode 100644 index 0000000..6d1c0cc --- /dev/null +++ b/SOURCES/wireshark-1.10.x-disable-warning-dialog.patch @@ -0,0 +1,95 @@ +diff --git a/ui/gtk/main.c b/ui/gtk/main.c +index 82cff80..0137c3b 100644 +--- a/ui/gtk/main.c ++++ b/ui/gtk/main.c +@@ -2043,50 +2043,6 @@ read_configuration_files(char **gdp_path, char **dp_path) + return prefs_p; + } + +-/* Check if there's something important to tell the user during startup. +- * We want to do this *after* showing the main window so that any windows +- * we pop up will be above the main window. +- */ +-static void +-#ifdef _WIN32 +-check_and_warn_user_startup(gchar *cf_name) +-#else +-check_and_warn_user_startup(gchar *cf_name _U_) +-#endif +-{ +- gchar *cur_user, *cur_group; +- gpointer priv_warning_dialog; +- +- /* Tell the user not to run as root. */ +- if (running_with_special_privs() && recent.privs_warn_if_elevated) { +- cur_user = get_cur_username(); +- cur_group = get_cur_groupname(); +- priv_warning_dialog = simple_dialog(ESD_TYPE_WARN, ESD_BTN_OK, +- "Running as user \"%s\" and group \"%s\".\n" +- "This could be dangerous.\n\n" +- "If you're running Wireshark this way in order to perform live capture, " +- "you may want to be aware that there is a better way documented at\n" +- "http://wiki.wireshark.org/CaptureSetup/CapturePrivileges", cur_user, cur_group); +- g_free(cur_user); +- g_free(cur_group); +- simple_dialog_check_set(priv_warning_dialog, "Don't show this message again."); +- simple_dialog_set_cb(priv_warning_dialog, priv_warning_dialog_cb, NULL); +- } +- +-#ifdef _WIN32 +- /* Warn the user if npf.sys isn't loaded. */ +- if (!get_stdin_capture() && !cf_name && !npf_sys_is_running() && recent.privs_warn_if_no_npf && get_os_major_version() >= 6) { +- priv_warning_dialog = simple_dialog(ESD_TYPE_WARN, ESD_BTN_OK, +- "The NPF driver isn't running. You may have trouble\n" +- "capturing or listing interfaces."); +- simple_dialog_check_set(priv_warning_dialog, "Don't show this message again."); +- simple_dialog_set_cb(priv_warning_dialog, npf_warning_dialog_cb, NULL); +- } +-#endif +- +-} +- +- + /* And now our feature presentation... [ fade to music ] */ + int + main(int argc, char *argv[]) +@@ -3039,7 +2995,6 @@ main(int argc, char *argv[]) + up on top of us. */ + if (cf_name) { + show_main_window(TRUE); +- check_and_warn_user_startup(cf_name); + if (rfilter != NULL) { + if (!dfilter_compile(rfilter, &rfcode)) { + bad_dfilter_alert_box(top_level, rfilter); +@@ -3117,7 +3072,6 @@ main(int argc, char *argv[]) + dfilter_free(rfcode); + cfile.rfcode = NULL; + show_main_window(FALSE); +- /* Don't call check_and_warn_user_startup(): we did it above */ + main_set_for_capture_in_progress(FALSE); + set_capture_if_dialog_for_capture_in_progress(FALSE); + } +@@ -3134,7 +3088,6 @@ main(int argc, char *argv[]) + } + /* "-k" was specified; start a capture. */ + show_main_window(FALSE); +- check_and_warn_user_startup(cf_name); + + /* If no user interfaces were specified on the command line, + copy the list of selected interfaces to the set of interfaces +@@ -3152,7 +3105,6 @@ main(int argc, char *argv[]) + } + } else { + show_main_window(FALSE); +- check_and_warn_user_startup(cf_name); + main_set_for_capture_in_progress(FALSE); + set_capture_if_dialog_for_capture_in_progress(FALSE); + } +@@ -3163,7 +3115,6 @@ main(int argc, char *argv[]) + } + #else /* HAVE_LIBPCAP */ + show_main_window(FALSE); +- check_and_warn_user_startup(cf_name); + main_set_for_capture_in_progress(FALSE); + set_capture_if_dialog_for_capture_in_progress(FALSE); + #endif /* HAVE_LIBPCAP */ diff --git a/SOURCES/wireshark-1.10.x-ftbfs-glib2.patch b/SOURCES/wireshark-1.10.x-ftbfs-glib2.patch new file mode 100644 index 0000000..5fa4f75 --- /dev/null +++ b/SOURCES/wireshark-1.10.x-ftbfs-glib2.patch @@ -0,0 +1,31 @@ +diff --git a/CMakeLists.txt b/CMakeLists.txt +index e6b8e46..f308c12 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -183,7 +183,6 @@ if(ENABLE_EXTRA_GCC_CHECKS) # This overrides -Werror + endif() + + add_definitions( +- -DG_DISABLE_DEPRECATED + -DG_DISABLE_SINGLE_INCLUDES + ) + +diff --git a/configure.ac b/configure.ac +index cf593db..4e2f0d2 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1474,14 +1474,6 @@ then + fi + AC_SUBST(MOC) + +-# Error out if a glib header other than a "top level" header +-# (glib.h, glib-object.h, gio.h) or certain other headers( e.g.,gmodule.h) +-# is used. +-CPPFLAGS="-DG_DISABLE_SINGLE_INCLUDES $CPPFLAGS" +- +-# Error out on the usage of deprecated glib functions +-CPPFLAGS="-DG_DISABLE_DEPRECATED $CPPFLAGS" +- + # + # Check whether GLib modules are supported, to determine whether we + # can support plugins. diff --git a/SOURCES/wireshark-1.10.x-remove-last-data-source.patch b/SOURCES/wireshark-1.10.x-remove-last-data-source.patch new file mode 100644 index 0000000..e7533fd --- /dev/null +++ b/SOURCES/wireshark-1.10.x-remove-last-data-source.patch @@ -0,0 +1,54 @@ +diff --git a/epan/dissectors/packet-tcp.c b/epan/dissectors/packet-tcp.c +index e9af5f8..d994233 100644 +--- a/epan/dissectors/packet-tcp.c ++++ b/epan/dissectors/packet-tcp.c +@@ -1924,6 +1924,7 @@ again: + * being a new higher-level PDU that also + * needs desegmentation). + */ ++ remove_last_data_source(pinfo); + fragment_set_partial_reassembly(&tcp_reassembly_table, + pinfo, msp->first_frame, NULL); + +diff --git a/epan/packet.c b/epan/packet.c +index 44b953f..509fb22 100644 +--- a/epan/packet.c ++++ b/epan/packet.c +@@ -237,9 +237,24 @@ add_new_data_source(packet_info *pinfo, tvbuff_t *tvb, const char *name) + src = (struct data_source *)g_malloc(sizeof(struct data_source)); + src->tvb = tvb; + src->name = g_strdup(name); ++ /* This could end up slow, but we should never have that many data ++ * sources so it probably doesn't matter */ + pinfo->data_src = g_slist_append(pinfo->data_src, src); + } + ++void ++remove_last_data_source(packet_info *pinfo) ++{ ++ struct data_source *src; ++ GSList *last; ++ ++ last = g_slist_last(pinfo->data_src); ++ src = (struct data_source *)last->data; ++ pinfo->data_src = g_slist_delete_link(pinfo->data_src, last); ++ g_free(src->name); ++ g_slice_free(struct data_source, src); ++} ++ + const char* + get_data_source_name(const struct data_source *src) + { +diff --git a/epan/packet.h b/epan/packet.h +index e1a195b..f90199d 100644 +--- a/epan/packet.h ++++ b/epan/packet.h +@@ -408,6 +408,8 @@ final_registration_all_protocols(void); + */ + WS_DLL_PUBLIC void add_new_data_source(packet_info *pinfo, tvbuff_t *tvb, + const char *name); ++/* Removes the last-added data source, if it turns out it wasn't needed */ ++WS_DLL_PUBLIC void remove_last_data_source(packet_info *pinfo); + + + /* diff --git a/SOURCES/wireshark-1.10.x-resolv-error-string.patch b/SOURCES/wireshark-1.10.x-resolv-error-string.patch new file mode 100644 index 0000000..8246302 --- /dev/null +++ b/SOURCES/wireshark-1.10.x-resolv-error-string.patch @@ -0,0 +1,22 @@ +diff --git a/tshark.c b/tshark.c +index f930f9d..e3ac6c6 100644 +--- a/tshark.c ++++ b/tshark.c +@@ -294,7 +294,7 @@ print_usage(gboolean print_ver) + fprintf(output, " -R packet Read filter in Wireshark display filter syntax\n"); + fprintf(output, " -Y packet displaY filter in Wireshark display filter syntax\n"); + fprintf(output, " -n disable all name resolutions (def: all enabled)\n"); +- fprintf(output, " -N enable specific name resolution(s): \"mntC\"\n"); ++ fprintf(output, " -N enable specific name resolution(s): \"mnNtC\"\n"); + fprintf(output, " -d %s ...\n", decode_as_arg_template); + fprintf(output, " \"Decode As\", see the man page for details\n"); + fprintf(output, " Example: tcp.port==8888,http\n"); +@@ -1357,7 +1357,7 @@ main(int argc, char *argv[]) + if (badopt != '\0') { + cmdarg_err("-N specifies unknown resolving option '%c';", + badopt); +- cmdarg_err_cont( " Valid options are 'm', 'n', 't', and 'C'"); ++ cmdarg_err_cont( " Valid options are 'm', 'n', 'N', 't', and 'C'"); + return 1; + } + break; diff --git a/SOURCES/wireshark-1.2.4-enable_lua.patch b/SOURCES/wireshark-1.2.4-enable_lua.patch new file mode 100644 index 0000000..e3f7448 --- /dev/null +++ b/SOURCES/wireshark-1.2.4-enable_lua.patch @@ -0,0 +1,13 @@ +diff --git a/epan/wslua/template-init.lua b/epan/wslua/template-init.lua +index eda33ca..008e875 100644 +--- a/epan/wslua/template-init.lua ++++ b/epan/wslua/template-init.lua +@@ -43,7 +43,7 @@ if running_superuser then + local disabled_lib = {} + setmetatable(disabled_lib,{ __index = function() error("this package ".. hint) end } ); + +- dofile = function() error("dofile " .. hint) end ++-- dofile = function() error("dofile " .. hint) end + loadfile = function() error("loadfile " .. hint) end + loadlib = function() error("loadlib " .. hint) end + require = function() error("require " .. hint) end diff --git a/SOURCES/wireshark-1.6.0-soname.patch b/SOURCES/wireshark-1.6.0-soname.patch new file mode 100644 index 0000000..6b266bd --- /dev/null +++ b/SOURCES/wireshark-1.6.0-soname.patch @@ -0,0 +1,17 @@ +Load correct shared object name in python. +This fixes following error message shown by wireshark/tshark when wireshark-devel +was not installed: + libwireshark.so: cannot open shared object file: No such file or directory + +diff -up wireshark-1.6.0/epan/wspython/wspy_libws.py.soname wireshark-1.6.0/epan/wspython/wspy_libws.py +--- wireshark-1.6.0/epan/wspython/wspy_libws.py.soname 2011-06-09 14:40:04.562726728 +0200 ++++ wireshark-1.6.0/epan/wspython/wspy_libws.py 2011-06-09 14:40:09.775467946 +0200 +@@ -35,7 +35,7 @@ def get_libws_libname(): + elif system == "Windows": + return 'libwireshark.dll' + else: +- return 'libwireshark.so' ++ return 'libwireshark.so.2' + + def get_libws_handle(): + global __libwireshark diff --git a/SOURCES/wireshark-1.6.1-group-msg.patch b/SOURCES/wireshark-1.6.1-group-msg.patch new file mode 100644 index 0000000..d24e7df --- /dev/null +++ b/SOURCES/wireshark-1.6.1-group-msg.patch @@ -0,0 +1,51 @@ +Customize 'permission denied' error. + +Add Fedora-specific message to error output when dumpcap cannot be started +because of permissions. + +diff --git a/capture_sync.c b/capture_sync.c +index 8c49ed2..65e242d 100644 +--- a/capture_sync.c ++++ b/capture_sync.c +@@ -369,6 +369,7 @@ sync_pipe_start(capture_options *capture_opts, capture_session *cap_session) + gchar *signal_pipe_name; + #else + char errmsg[1024+1]; ++ const char *securitymsg = ""; + int sync_pipe[2]; /* pipe used to send messages from child to parent */ + enum PIPES { PIPE_READ, PIPE_WRITE }; /* Constants 0 and 1 for PIPE_READ and PIPE_WRITE */ + #endif +@@ -639,8 +640,10 @@ sync_pipe_start(capture_options *capture_opts, capture_session *cap_session) + dup2(sync_pipe[PIPE_WRITE], 2); + ws_close(sync_pipe[PIPE_READ]); + execv(argv[0], argv); +- g_snprintf(errmsg, sizeof errmsg, "Couldn't run %s in child process: %s", +- argv[0], g_strerror(errno)); ++ if (errno == EPERM || errno == EACCES) ++ securitymsg = "\nAre you a member of the 'wireshark' group? Try running\n'usermod -a -G wireshark _your_username_' as root."; ++ g_snprintf(errmsg, sizeof errmsg, "Couldn't run %s in child process: %s%s", ++ argv[0], g_strerror(errno), securitymsg); + sync_pipe_errmsg_to_parent(2, errmsg, ""); + + /* Exit with "_exit()", so that we don't close the connection +@@ -732,6 +735,7 @@ sync_pipe_open_command(char** argv, int *data_read_fd, + PROCESS_INFORMATION pi; + #else + char errmsg[1024+1]; ++ const char *securitymsg = ""; + int sync_pipe[2]; /* pipe used to send messages from child to parent */ + int data_pipe[2]; /* pipe used to send data from child to parent */ + #endif +@@ -866,8 +870,10 @@ sync_pipe_open_command(char** argv, int *data_read_fd, + ws_close(sync_pipe[PIPE_READ]); + ws_close(sync_pipe[PIPE_WRITE]); + execv(argv[0], argv); +- g_snprintf(errmsg, sizeof errmsg, "Couldn't run %s in child process: %s", +- argv[0], g_strerror(errno)); ++ if (errno == EPERM || errno == EACCES) ++ securitymsg = "\nAre you a member of the 'wireshark' group? Try running\n'usermod -a -G wireshark _your_username_' as root."; ++ g_snprintf(errmsg, sizeof errmsg, "Couldn't run %s in child process: %s%s", ++ argv[0], g_strerror(errno), securitymsg); + sync_pipe_errmsg_to_parent(2, errmsg, ""); + + /* Exit with "_exit()", so that we don't close the connection diff --git a/SOURCES/wireshark-1.8.10-segfault-cve-2013-4075.patch b/SOURCES/wireshark-1.8.10-segfault-cve-2013-4075.patch new file mode 100644 index 0000000..3dcf631 --- /dev/null +++ b/SOURCES/wireshark-1.8.10-segfault-cve-2013-4075.patch @@ -0,0 +1,32 @@ +From 85441817e9068de1267e945cfee1f8080c402fa7 Mon Sep 17 00:00:00 2001 +From: Martin Sehnoutka +Date: Mon, 13 Mar 2017 10:38:54 +0100 +Subject: [PATCH] Backport dissect_gmr1_bcch modifications from upstream. + +--- + epan/dissectors/packet-gmr1_bcch.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/epan/dissectors/packet-gmr1_bcch.c b/epan/dissectors/packet-gmr1_bcch.c +index f522bd2..6e9a6ed 100644 +--- a/epan/dissectors/packet-gmr1_bcch.c ++++ b/epan/dissectors/packet-gmr1_bcch.c +@@ -1048,6 +1048,7 @@ dissect_gmr1_bcch(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) + if (is_si1) { + SystemInformation1_t *data; + data = ep_new(SystemInformation1_t); ++ data->SegmentType = array_length(SI1_SegmentChoice) - 1; + csnStreamDissector(bcch_tree, &ar, CSNDESCR(SystemInformation1_t), tvb, data, ett_gmr1_bcch); + col_append_fstr( + pinfo->cinfo, COL_INFO, +@@ -1057,6 +1058,7 @@ dissect_gmr1_bcch(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) + } else { + SystemInformation2_t *data; + data = ep_new(SystemInformation2_t); ++ data->SegmentType = array_length(SI2_SegmentChoice) - 1; + csnStreamDissector(bcch_tree, &ar, CSNDESCR(SystemInformation2_t), tvb, data, ett_gmr1_bcch); + col_append_fstr( + pinfo->cinfo, COL_INFO, +-- +2.9.3 + diff --git a/SOURCES/wireshark-1.8.x-dcom-string-overrun.patch b/SOURCES/wireshark-1.8.x-dcom-string-overrun.patch new file mode 100644 index 0000000..37ba79f --- /dev/null +++ b/SOURCES/wireshark-1.8.x-dcom-string-overrun.patch @@ -0,0 +1,13 @@ +diff --git a/plugins/profinet/packet-dcom-cba.c b/plugins/profinet/packet-dcom-cba.c +index 967b8e6..cbb628c 100644 +--- a/plugins/profinet/packet-dcom-cba.c ++++ b/plugins/profinet/packet-dcom-cba.c +@@ -553,7 +553,7 @@ dissect_ICBAPhysicalDevice_get_LogicalDevice_rqst(tvbuff_t *tvb, int offset, + packet_info *pinfo, proto_tree *tree, guint8 *drep) + { + guint32 u32Pointer; +- gchar szStr[1000]; ++ gchar szStr[1000] = ""; + guint32 u32MaxStr = sizeof(szStr); + dcerpc_info *info = (dcerpc_info *) pinfo->private_data; + gchar *call; diff --git a/SOURCES/wireshark-autoconf.m4 b/SOURCES/wireshark-autoconf.m4 new file mode 100644 index 0000000..d8015d8 --- /dev/null +++ b/SOURCES/wireshark-autoconf.m4 @@ -0,0 +1,101 @@ +dnl AM_PATH_WIRESHARK([MINIMUM-VERSION, [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND]]]) +dnl Test for wireshark development files, and define WIRESHARK_CFLAGS, +dnl WIRESHARK_LIBS and WIRESHARK_VERSION. +dnl +AC_DEFUN([AM_PATH_WIRESHARK],[ + AC_ARG_WITH(wireshark-prefix, + [ --with-wireshark-prefix=PFX Prefix where wireshark libraries are installed (optional)], + wireshark_config_prefix="$withval", wireshark_config_prefix="") + + wireshark_found=no + if test "$wireshark_config_prefix" != "" ; then + AM_PATH_GLIB_2_0(,,,[gmodule]) + WIRESHARK_CFLAGS="-DWS_VAR_IMPORT=extern -DWS_MSVC_NORETURN= -I$wireshark_config_prefix/include/wireshark -I$wireshark_config_prefix/include/wireshark/epan -I/usr/include/wireshark -I/usr/include/wireshark/epan $GLIB_CFLAGS" + WIRESHARK_LIBS="-L$wireshark_config_prefix/lib -lwireshark -lwiretap $GLIB_LIBS" + wireshark_found=yes + else + PKG_PROG_PKG_CONFIG() + PKG_CHECK_MODULES(WIRESHARK, wireshark, wireshark_found=yes) + fi + + ac_save_CFLAGS="$CFLAGS" + ac_save_CLIBS="$LIBS" + CFLAGS="$CFLAGS $WIRESHARK_CFLAGS" + LIBS="$WIRESHARK_LIBS $LIBS" + min_wireshark_version=ifelse([$1], ,0.0.0,[$1]) + if test $wireshark_found = yes; then + AC_MSG_CHECKING(for wireshark version >= $min_wireshark_version) + wireshark_found=no + AC_TRY_RUN([ +#include +#include +#include +#include +#include +#include + +int +main() + +{ + int ws_major_version, ws_minor_version, ws_micro_version; + int major, minor, micro; + char **tmp_version; + + tmp_version = (char *) strdup("$min_wireshark_version"); + major = 0; + minor = 0; + micro = 0; + sscanf(tmp_version, "%d.%d.%d", &major, &minor, µ); + free(tmp_version); + tmp_version = (char *) epan_get_version(); + sscanf(tmp_version, "%d.%d.%d", + &ws_major_version, &ws_minor_version, &ws_micro_version); + + if (ws_major_version > major || + (ws_major_version == major && ws_minor_version > minor) || + (ws_major_version == major && ws_minor_version == minor && + ws_micro_version >= micro)) + return 0; + + printf("\n*** An old version of wireshark (%d.%d.%d) was found.\n", + ws_major_version, ws_minor_version, ws_micro_version); + printf("*** You need a version of wireshark not older than %d.%d.%d. ", + major, minor, micro); + return 1; +} + ], wireshark_found=yes) + fi + + if test "$wireshark_found" != no; then + AC_LANG_PUSH(C) + AC_LINK_IFELSE([AC_LANG_PROGRAM([ +#include +#include +#include +#include +#include +#include +], [puts(epan_get_version());])], [WIRESHARK_VERSION=`./conftest$ac_exeext`], +wireshark_found=no) + + AC_LANG_POP + fi + + CFLAGS="$ac_save_CFLAGS" + LIBS="$ac_save_LIBS" + + if test "$wireshark_found" != no; then + AC_MSG_RESULT(yes) + ifelse([$2],, :, [$2]) + else + AC_MSG_RESULT(no) + WIRESHARK_CFLAGS="" + WIRESHARK_LIBS="" + WIRESHARK_VERSION="" + ifelse([$3], , :, [$3]) + fi + AC_SUBST(WIRESHARK_CFLAGS) + AC_SUBST(WIRESHARK_LIBS) + AC_SUBST(WIRESHARK_VERSION) +]) diff --git a/SOURCES/wireshark-libtool-pie.patch b/SOURCES/wireshark-libtool-pie.patch new file mode 100644 index 0000000..95cc088 --- /dev/null +++ b/SOURCES/wireshark-libtool-pie.patch @@ -0,0 +1,11 @@ +diff -up wireshark-1.6.8/ltmain.sh.pie wireshark-1.6.8/ltmain.sh +--- wireshark-1.6.8/ltmain.sh.pie 2012-05-23 10:05:07.900326513 +0200 ++++ wireshark-1.6.8/ltmain.sh 2012-05-23 10:05:11.786312666 +0200 +@@ -3488,7 +3488,6 @@ static const void *lt_preloaded_setup() + symtab_cflags= + for arg in $LTCFLAGS; do + case $arg in +- -pie | -fpie | -fPIE) ;; + *) func_append symtab_cflags " $arg" ;; + esac + done diff --git a/SOURCES/wireshark-mime-package.xml b/SOURCES/wireshark-mime-package.xml new file mode 100644 index 0000000..c78ba48 --- /dev/null +++ b/SOURCES/wireshark-mime-package.xml @@ -0,0 +1,9 @@ + + + + Packet Capture + + + + + diff --git a/SOURCES/wireshark.console b/SOURCES/wireshark.console new file mode 100644 index 0000000..2a976f5 --- /dev/null +++ b/SOURCES/wireshark.console @@ -0,0 +1,4 @@ +USER=root +PROGRAM=/usr/sbin/wireshark +SESSION=true +FALLBACK=true diff --git a/SOURCES/wireshark.desktop b/SOURCES/wireshark.desktop new file mode 100644 index 0000000..caf2793 --- /dev/null +++ b/SOURCES/wireshark.desktop @@ -0,0 +1,14 @@ +[Desktop Entry] +Name=Wireshark Network Analyzer +Name[fi]=Wireshark +Name[sv]=Wireshark +Comment=Wireshark traffic and network analyzer +Comment[fi]=Verkkoanalysaattori +Comment[sv]=Nätverkstrafikanalysator +TryExec=wireshark +Exec=wireshark %f +Icon=wireshark +Terminal=false +Type=Application +Categories=X-Red-Hat-Extra;Network;GTK; +MimeType=application/x-pcap; diff --git a/SOURCES/wiresharkdoc-16x16.png b/SOURCES/wiresharkdoc-16x16.png new file mode 100644 index 0000000..50acd67 Binary files /dev/null and b/SOURCES/wiresharkdoc-16x16.png differ diff --git a/SPECS/wireshark.spec b/SPECS/wireshark.spec new file mode 100644 index 0000000..3536930 --- /dev/null +++ b/SPECS/wireshark.spec @@ -0,0 +1,1128 @@ +%global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib(1))") + +%global with_adns 0 +%global with_lua 1 +%global with_gtk2 1 + +%if 0%{?rhel} != 0 +#RHEL: + %global with_portaudio 0 + %global with_GeoIP 0 + %if 0%{?rhel} <= 6 + # RHEL6: use GTK2 + %global with_gtk2 1 + %endif +%else + %global with_portaudio 1 + %global with_GeoIP 1 +%endif + + +Summary: Network traffic analyzer +Name: wireshark +Version: 1.10.14 +Release: 16%{?dist} +License: GPL+ +Group: Applications/Internet +Source0: http://wireshark.org/download/src/%{name}-%{version}.tar.bz2 +Source2: wireshark.console +Source3: wireshark.desktop +Source4: wireshark-autoconf.m4 +Source5: wireshark-mime-package.xml +Source6: wiresharkdoc-16x16.png +Source7: wiresharkdoc-32x32.png +Source8: wiresharkdoc-48x48.png +Source9: wiresharkdoc-256x256.png +Source10: config.h + +Patch1: wireshark-1.2.4-enable_lua.patch +Patch2: wireshark-libtool-pie.patch +Patch3: wireshark-1.6.1-group-msg.patch +Patch4: wireshark-1.6.0-soname.patch +Patch5: wireshark-1.8.x-dcom-string-overrun.patch +Patch6: wireshark-1.10.0-CVE-2013-3557.patch +Patch7: wireshark-1.10.x-disable-warning-dialog.patch +Patch8: wireshark-1.10.x-resolv-error-string.patch +Patch9: wireshark-1.10.x-remove-last-data-source.patch +Patch10: wireshark-1.10.x-ftbfs-glib2.patch +Patch11: wireshark-1.10.10-CVE-2014-6425.patch +Patch12: wireshark-1.10.10-CVE-2014-6426.patch +Patch13: wireshark-1.10.3-nanosecond-timestamps.patch +Patch14: wireshark-1.10.3-dtls-elliptic-curves.patch +Patch15: wireshark-1.10.3-tls-hash-algs.patch +Patch16: wireshark-1.10.3-tls-key-exchange-msgs.patch +Patch17: wireshark-1.10.3-tls-ext-master-secret.patch +Patch18: wireshark-1.10.3-tls-ext-encrypt-then-mac.patch +Patch19: wireshark-1.10.14-tls-cert-verify-msgs.patch +Patch20: wireshark-1.10.14-CVE-2015-3810.patch +Patch21: wireshark-1.10.14-CVE-2015-3813.patch +Patch22: wireshark-1.10.14-CVE-2015-6243.patch +Patch23: wireshark-1.10.14-tvbuff.patch +# Depends on Patch23 +Patch24: wireshark-1.10.14-CVE-2015-6244.patch +Patch25: wireshark-1.10.14-CVE-2015-6245.patch +Patch26: wireshark-1.10.14-CVE-2015-6246.patch +Patch27: wireshark-1.10.14-CVE-2015-6248.patch +Patch28: wireshark-1.10.14-gdk-pixbuf-deprecated-segfault.patch +Patch29: wireshark-1.10.14-CVE-2015-3182.patch +Patch30: wireshark-1.10.14-display-data-len.patch +Patch31: wireshark-1.10.14-read-from-stdin.patch +Patch32: wireshark-1.8.10-segfault-cve-2013-4075.patch +Patch33: wireshark-1.10.14-default-snaplen.patch +Patch34: wireshark-1.10.14-buffer-size.patch +Patch35: wireshark-1.10.14-drop-count.patch +Patch36: wireshark-1.10.14-af-vsock-support.patch + +Url: http://www.wireshark.org/ +BuildRequires: libpcap-devel >= 0.9 +BuildRequires: libsmi-devel +BuildRequires: zlib-devel, bzip2-devel +BuildRequires: openssl-devel +BuildRequires: glib2-devel +BuildRequires: elfutils-devel, krb5-devel +BuildRequires: python, pcre-devel, libselinux +BuildRequires: gnutls-devel +BuildRequires: desktop-file-utils +BuildRequires: xdg-utils +BuildRequires: flex, bison, python, python-devel +BuildRequires: libcap-devel +BuildRequires: perl-podlators +BuildRequires: libgcrypt-devel +%if %{with_GeoIP} +BuildRequires: GeoIP-devel +%endif +%if %{with_adns} +BuildRequires: adns-devel +%else +BuildRequires: c-ares-devel +%endif +%if %{with_portaudio} +BuildRequires: portaudio-devel +%endif +%if %{with_lua} +BuildRequires: lua-devel +%endif +%if %{with_gtk2} +BuildRequires: gtk2-devel +%else +BuildRequires: gtk3-devel +%endif + +# Temporary hack - wireshark-1.8.0 is not compilable with upstream +# Makefile.in / configure, they need to be regenerated +BuildRequires: libtool, automake, autoconf + +Requires(pre): shadow-utils +%if %{with_adns} +Requires: adns +%endif + +%package gnome +Summary: Gnome desktop integration for wireshark +Group: Applications/Internet +Requires: wireshark = %{version}-%{release} +Requires: xdg-utils +Requires: hicolor-icon-theme +%if %{with_gtk2} +Requires: gtk2 +%else +Requires: gtk3 +%endif +%if %{with_portaudio} +Requires: portaudio +%endif +%if %{with_GeoIP} +Requires: GeoIP +%endif + +%package devel +Summary: Development headers and libraries for wireshark +Group: Development/Libraries +Requires: %{name} = %{version}-%{release} glibc-devel glib2-devel + + +%description +Wireshark is a network traffic analyzer for Unix-ish operating systems. + +This package lays base for libpcap, a packet capture and filtering +library, contains command-line utilities, contains plugins and +documentation for wireshark. A graphical user interface is packaged +separately to GTK+ package. + +%description gnome +Contains wireshark for Gnome 3 and desktop integration file + +%description devel +The wireshark-devel package contains the header files, developer +documentation, and libraries required for development of wireshark scripts +and plugins. + + +%prep +%setup -q -n %{name}-%{version} + +%if %{with_lua} +%patch1 -p1 -b .enable_lua +%endif + +%patch2 -p1 -b .v4cleanup +%patch3 -p1 -b .group-msg +%patch4 -p1 -b .soname +%patch5 -p1 -b .dcom-overrun +%patch6 -p1 -b .cve-2013-3557 +%patch7 -p1 -b .disable-warning-dialog +%patch8 -p1 -b .resolv-error-string +%patch9 -p1 -b .remove-last-data-source +%patch10 -p1 -b .ftbfs-glib2 +%patch11 -p1 -b .cve.2014-6425 +%patch12 -p1 -b .cve.2014-6426 +%patch13 -p1 -b .nanosecond-timestamps +%patch14 -p1 -b .dtls-elliptic-curves +%patch15 -p1 -b .tls-hash-algs +%patch16 -p1 -b .tls-key-exchange-msgs +%patch17 -p1 -b .tls-master-secret +%patch18 -p1 -b .tls-encrypt-then-mac +%patch19 -p1 -b .tls-cert-verify-msgs +%patch20 -p1 -b .cve-2015-3810 +%patch21 -p1 -b .cve-2015-3813 +%patch22 -p1 -b .cve-2015-6243 +%patch23 -p1 -b .tvbuff +%patch24 -p1 -b .cve-2015-6244 +%patch25 -p1 -b .cve-2015-6245 +%patch26 -p1 -b .cve-2015-6246 +%patch27 -p1 -b .cve-2015-6248 +%patch28 -p1 -b .gdk-deprecated +%patch29 -p1 -b .cve-2015-3182 +%patch30 -p1 -b .display-data-len +%patch31 -p1 -b .read-from-stdin +%patch32 -p1 -b .segfault-cve-2013-4075 +%patch33 -p1 -b .default-snaplen +%patch34 -p1 -b .buffer-size +%patch35 -p1 -b .drop-count +%patch36 -p1 -b .af-vsock + +%build +%ifarch s390 s390x sparcv9 sparc64 +export PIECFLAGS="-fPIE" +%else +export PIECFLAGS="-fpie" +%endif + +export RELRO="-Wl,-z,relro,-z,now" + +# -fstack-protector-strong replaced -fstack-protector-all +export CFLAGS="$RPM_OPT_FLAGS $CPPFLAGS $PIECFLAGS $RELRO -D_LARGEFILE64_SOURCE" +export CXXFLAGS="$RPM_OPT_FLAGS $CPPFLAGS $PIECFLAGS $RELRO -D_LARGEFILE64_SOURCE" +export LDFLAGS="$LDFLAGS -pie" + +# Temporary hack - wireshark-1.8.0 is not compilable with upstream +# Makefile.in / configure, they need to be regenerated +./autogen.sh + +%configure \ + --bindir=%{_sbindir} \ + --enable-ipv6 \ + --with-libsmi \ + --with-gnu-ld \ + --with-pic \ +%if %{with_gtk2} + --with-gtk2 \ +%else + --with-gtk3 \ +%endif +%if %{with_adns} + --with-adns \ +%else + --with-adns=no \ +%endif +%if %{with_lua} + --with-lua \ +%else + --with-lua=no \ +%endif +%if %{with_portaudio} + --with-portaudio \ +%else + --with-portaudio=no \ +%endif +%if %{with_GeoIP} + --with-geoip \ +%else + --with-geoip=no \ +%endif + --with-ssl \ + --disable-warnings-as-errors \ + --with-python \ + --with-plugins=%{_libdir}/%{name}/plugins/%{version} \ + --with-dumpcap-group="wireshark" \ + --enable-setcap-install \ + --enable-airpcap + +#remove rpath +sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool +sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool + +make %{?_smp_mflags} + +%install +# The evil plugins hack +perl -pi -e 's|-L../../epan|-L../../epan/.libs|' plugins/*/*.la + +make DESTDIR=$RPM_BUILD_ROOT install + +# Install python stuff. +mkdir -p $RPM_BUILD_ROOT%{python_sitearch} +install -m 644 tools/wireshark_be.py tools/wireshark_gen.py $RPM_BUILD_ROOT%{python_sitearch} + +desktop-file-install \ + --dir ${RPM_BUILD_ROOT}%{_datadir}/applications \ + --add-category X-Fedora \ + %{SOURCE3} + +mkdir -p $RPM_BUILD_ROOT/%{_datadir}/icons/hicolor/{16x16,32x32,48x48,64x64,256x256}/apps + +install -m 644 image/wsicon16.png $RPM_BUILD_ROOT/%{_datadir}/icons/hicolor/16x16/apps/wireshark.png +install -m 644 image/wsicon32.png $RPM_BUILD_ROOT/%{_datadir}/icons/hicolor/32x32/apps/wireshark.png +install -m 644 image/wsicon48.png $RPM_BUILD_ROOT/%{_datadir}/icons/hicolor/48x48/apps/wireshark.png +install -m 644 image/wsicon64.png $RPM_BUILD_ROOT/%{_datadir}/icons/hicolor/64x64/apps/wireshark.png +install -m 644 image/wsicon256.png $RPM_BUILD_ROOT/%{_datadir}/icons/hicolor/256x256/apps/wireshark.png + +#install devel files (inspired by debian/wireshark-dev.header-files) +install -d -m 0755 $RPM_BUILD_ROOT/%{_includedir}/wireshark +IDIR="${RPM_BUILD_ROOT}%{_includedir}/wireshark" +mkdir -p "${IDIR}/epan" +mkdir -p "${IDIR}/epan/crypt" +mkdir -p "${IDIR}/epan/ftypes" +mkdir -p "${IDIR}/epan/dfilter" +mkdir -p "${IDIR}/epan/dissectors" +mkdir -p "${IDIR}/wiretap" +mkdir -p "${IDIR}/wsutil" +install -m 644 color.h register.h "${IDIR}/" +install -m 644 cfile.h file.h "${IDIR}/" +install -m 644 packet-range.h print.h "${IDIR}/" +install -m 644 epan/*.h "${IDIR}/epan/" +install -m 644 epan/crypt/*.h "${IDIR}/epan/crypt" +install -m 644 epan/ftypes/*.h "${IDIR}/epan/ftypes" +install -m 644 epan/dfilter/*.h "${IDIR}/epan/dfilter" +install -m 644 epan/dissectors/*.h "${IDIR}/epan/dissectors" +install -m 644 wiretap/*.h "${IDIR}/wiretap" +install -m 644 wsutil/*.h "${IDIR}/wsutil" +install -m 644 ws_symbol_export.h "${IDIR}/" +%ifarch %{ix86} +# Due to NEED_8_BYTE_ALIGNMENT defined only for x86 +install -m 644 config.h "${IDIR}/config-x86.h" +%else +%ifarch s390 ppc +install -m 644 config.h "${IDIR}/config-32.h" +%else +install -m 644 config.h "${IDIR}/config-64.h" +%endif +%endif +install -m 644 -T %{SOURCE10} "${IDIR}/config.h" + +# Create pkg-config control file. +mkdir -p "${RPM_BUILD_ROOT}%{_libdir}/pkgconfig" +cat > "${RPM_BUILD_ROOT}%{_libdir}/pkgconfig/wireshark.pc" <<- "EOF" + prefix=%{_prefix} + exec_prefix=%{_prefix} + libdir=%{_libdir} + includedir=%{_includedir} + + Name: %{name} + Description: Network Traffic Analyzer + Version: %{version} + Requires: glib-2.0 gmodule-2.0 + Libs: -L${libdir} -lwireshark -lwiretap + Cflags: -DWS_VAR_IMPORT=extern -DHAVE_STDARG_H -DWS_MSVC_NORETURN= -I${includedir}/wireshark -I${includedir}/wireshark/epan +EOF + +# Install the autoconf macro. +mkdir -p "${RPM_BUILD_ROOT}%{_datadir}/aclocal" +cp "%{SOURCE4}" "${RPM_BUILD_ROOT}%{_datadir}/aclocal/wireshark.m4" + +# Install desktop stuff +mkdir -p $RPM_BUILD_ROOT/%{_datadir}/{icons/gnome/{16x16,32x32,48x48,256x256}/mimetypes,mime/packages} +install -m 644 -T %{SOURCE5} $RPM_BUILD_ROOT/%{_datadir}/mime/packages/wireshark.xml +install -m 644 -T %{SOURCE6} $RPM_BUILD_ROOT/%{_datadir}/icons/gnome/16x16/mimetypes/application-x-pcap.png +install -m 644 -T %{SOURCE7} $RPM_BUILD_ROOT/%{_datadir}/icons/gnome/32x32/mimetypes/application-x-pcap.png +install -m 644 -T %{SOURCE8} $RPM_BUILD_ROOT/%{_datadir}/icons/gnome/48x48/mimetypes/application-x-pcap.png +install -m 644 -T %{SOURCE9} $RPM_BUILD_ROOT/%{_datadir}/icons/gnome/256x256/mimetypes/application-x-pcap.png + +# Remove .la files +rm -f $RPM_BUILD_ROOT/%{_libdir}/%{name}/plugins/%{version}/*.la + +# Remove .la files in libdir +rm -f $RPM_BUILD_ROOT/%{_libdir}/*.la + +# add wspy_dissectors directory for plugins +mkdir -p $RPM_BUILD_ROOT/%{_libdir}/%{name}/python/%{version}/wspy_dissectors + +%pre +getent group wireshark >/dev/null || groupadd -r wireshark + +%post -p /sbin/ldconfig + +%postun -p /sbin/ldconfig + +%post gnome +update-desktop-database &> /dev/null ||: +update-mime-database %{_datadir}/mime &> /dev/null || : +touch --no-create %{_datadir}/icons/gnome &>/dev/null || : +touch --no-create %{_datadir}/icons/hicolor &>/dev/null || : + +%postun gnome +update-desktop-database &> /dev/null ||: +update-mime-database %{_datadir}/mime &> /dev/null || : +if [ $1 -eq 0 ] ; then + touch --no-create %{_datadir}/icons/gnome &>/dev/null + gtk-update-icon-cache %{_datadir}/icons/gnome &>/dev/null || : + + touch --no-create %{_datadir}/icons/hicolor &>/dev/null + gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : +fi + +%posttrans +gtk-update-icon-cache %{_datadir}/icons/gnome &>/dev/null || : +gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : + +%files +%doc AUTHORS COPYING ChangeLog INSTALL NEWS README* +%{_sbindir}/editcap +%{_sbindir}/tshark +%{_sbindir}/mergecap +%{_sbindir}/text2pcap +%{_sbindir}/dftest +%{_sbindir}/capinfos +%{_sbindir}/randpkt +%{_sbindir}/reordercap +%attr(0750, root, wireshark) %caps(cap_net_raw,cap_net_admin=ep) %{_sbindir}/dumpcap +%{_sbindir}/rawshark +%{python_sitearch}/*.py* +%{_libdir}/lib*.so.* +%{_libdir}/wireshark +%{_mandir}/man1/editcap.* +%{_mandir}/man1/tshark.* +%{_mandir}/man1/mergecap.* +%{_mandir}/man1/text2pcap.* +%{_mandir}/man1/capinfos.* +%{_mandir}/man1/dumpcap.* +%{_mandir}/man4/wireshark-filter.* +%{_mandir}/man1/rawshark.* +%{_mandir}/man1/dftest.* +%{_mandir}/man1/randpkt.* +%{_mandir}/man1/reordercap.* +%{_datadir}/wireshark +%if %{with_lua} +%exclude %{_datadir}/wireshark/init.lua +%endif + + +%files gnome +%{_datadir}/applications/wireshark.desktop +%{_datadir}/icons/hicolor/16x16/apps/wireshark.png +%{_datadir}/icons/hicolor/32x32/apps/wireshark.png +%{_datadir}/icons/hicolor/48x48/apps/wireshark.png +%{_datadir}/icons/hicolor/64x64/apps/wireshark.png +%{_datadir}/icons/hicolor/256x256/apps/wireshark.png +%{_datadir}/icons/gnome/16x16/mimetypes/application-x-pcap.png +%{_datadir}/icons/gnome/32x32/mimetypes/application-x-pcap.png +%{_datadir}/icons/gnome/48x48/mimetypes/application-x-pcap.png +%{_datadir}/icons/gnome/256x256/mimetypes/application-x-pcap.png +%{_datadir}/mime/packages/wireshark.xml +%{_sbindir}/wireshark +%{_mandir}/man1/wireshark.* + +%files devel +%doc doc/README.* +%config(noreplace) %{_datadir}/wireshark/init.lua +%{_includedir}/wireshark +%{_libdir}/lib*.so +%{_libdir}/pkgconfig/* +%{_datadir}/aclocal/* + +%changelog +* Thu Jun 21 2018 Michal Ruprich - 1.10.14-16 +- Resolves: #1464395 - RFE: AF_VSOCK support in Wireshark + +* Wed May 09 2018 Martin Sehnoutka - 1.10.14-15 +- include drop count information in pcapng capture files + +* Thu May 04 2017 Martin Sehnoutka - 1.10.14-14 +- Change buffer size in man pages +- Related: #1359974 + +* Fri Apr 21 2017 Martin Sehnoutka - 1.10.14-13 +- Require exact version of Wireshark as a dependency for devel subpackage + +* Mon Apr 03 2017 Martin Sehnoutka - 1.10.14-12 +- Fix wrong snaplen in man pages and help +- Make the capture buffer bigger to prevent dropping packages + +* Mon Mar 13 2017 Martin Sehnoutka - 1.10.14-11 +- Backport upstream changes for CVE-2013-4075 + +* Thu Aug 18 2016 Martin Sehnoutka - 1.10.14-10 +- Rebuild package +- Related to: #1233966 + +* Wed Jul 27 2016 Martin Sehnoutka - 1.10.14-9 +- Resolves: #1233966 support for reading from stdin/pipes + +* Tue Jul 26 2016 Martin Sehnoutka - 1.10.14-8 +- Resolves: #1337695 tshark failing to display data.len + +* Tue Oct 6 2015 Peter Hatina - 1.10.14-7 +- Rebase some tvbuff API from upstream to 1.10.14 +- Fixes crash when tvb_length_remaining() is used +- Related: CVE-2015-6244 + +* Mon Oct 5 2015 Peter Hatina - 1.10.14-6 +- Security patch +- Resolves: CVE-2015-3182 + +* Thu Oct 1 2015 Peter Hatina - 1.10.14-5 +- Fix crash caused by -DGDK_PIXBUF_DEPRECATED on startup +- Resolves: rhbz#1267959 + +* Tue Sep 22 2015 Peter Hatina - 1.10.14-4 +- Security patches +- Resolves: CVE-2015-6243 + CVE-2015-6244 + CVE-2015-6245 + CVE-2015-6246 + CVE-2015-6248 + +* Fri Aug 7 2015 Peter Hatina - 1.10.14-3 +- Security patches +- Resolves: CVE-2015-3810 + CVE-2015-3813 + +* Mon Jul 6 2015 Peter Hatina - 1.10.14-2 +- Add certificate verify message decoding in TLS extension +- Resolves: #1239150 + +* Thu Jul 2 2015 Peter Hatina - 1.10.14-1 +- Upgrade to 1.10.14 +- Resolves: #1238676 + +* Tue Jun 2 2015 Peter Hatina - 1.10.3-20 +- add master secret extension decoding in TLS extension +- add encrypt-then-mac extension decoding in TLS extension +- Resolves: #1222901 + +* Tue Jun 2 2015 Peter Hatina - 1.10.3-19 +- create pcap file if -F pcap specified +- Resolves: #1227199 + +* Wed May 20 2015 Peter Hatina - 1.10.3-18 +- add key exchange algorithms decoding in TLS extension +- Resolves: #1222600 + +* Mon May 18 2015 Peter Hatina - 1.10.3-17 +- add signature algorithms decoding in TLS extension +- Resolves: #1221701 + +* Wed May 6 2015 Peter Hatina - 1.10.3-16 +- add relro check +- Resolves: #1092532 + +* Tue Apr 21 2015 Peter Hatina - 1.10.3-15 +- add elliptic curves decoding in DTLS HELLO +- Resolves: #1131202 + +* Tue Apr 21 2015 Peter Hatina - 1.10.3-14 +- introduced nanosecond time precision +- Resolves: #1213339 + +* Mon Oct 13 2014 Peter Hatina - 1.10.3-13 +- security patches +- Resolves: #1148267 + +* Fri Oct 3 2014 Peter Hatina - 1.10.3-12 +- security patches +- Resolves: CVE-2014-6421 + CVE-2014-6423 + CVE-2014-6424 + CVE-2014-6425 + CVE-2014-6426 + CVE-2014-6427 + CVE-2014-6428 + CVE-2014-6429 + +* Thu Aug 28 2014 Peter Hatina - 1.10.3-11 +- fix FTBFS due to glib2-2.40 +- Resolves: #1132673 + +* Mon Mar 10 2014 Peter Hatina - 1.10.3-10 +- fix missing tshark's name resolving flag in help message +- Related: #1004250 + +* Mon Mar 10 2014 Peter Hatina - 1.10.3-9 +- security patches +- Resolves: CVE-2014-2281 + CVE-2014-2282 + CVE-2014-2283 + CVE-2014-2299 + +* Fri Jan 31 2014 Peter Hatina - 1.10.3-8 +- remove last data source due to HTTP dissector, which was + spewing too much output +- Related: #1011339 + +* Fri Jan 24 2014 Daniel Mach - 1.10.3-7 +- Mass rebuild 2014-01-24 + +* Mon Jan 13 2014 Peter Hatina - 1.10.3-6 +- stack-protector-all replaced by stack-protector-strong +- Resolves: #1048907 + +* Fri Dec 27 2013 Daniel Mach - 1.10.3-5 +- Mass rebuild 2013-12-27 + +* Thu Dec 19 2013 Peter Hatina 1.10.3-4 +- security patches +- Resolves: CVE-2013-7112 + CVE-2013-7113 + CVE-2013-7114 + +* Wed Dec 11 2013 Peter Hatina 1.10.3-3 +- fix tshark's name resolving flags error string +- Resolves: #1004250 + +* Tue Nov 5 2013 Peter Hatina 1.10.3-2 +- harden dumpcap capabilities +- Resolves: #1022378 + +* Tue Nov 5 2013 Peter Hatina 1.10.3-1 +- upgrade to 1.10.3 +- see http://www.wireshark.org/docs/relnotes/wireshark-1.10.3.html +- Resolves: #1026649 + CVE-2013-6336 + CVE-2013-6337 + CVE-2013-6338 + CVE-2013-6339 + CVE-2013-6340 + +* Tue Sep 24 2013 Peter Hatina 1.10.2-6 +- fix memory leak when reassemblying a packet +- Resolves: #1011339 + +* Thu Sep 19 2013 Peter Hatina 1.10.2-5 +- fix config.h conflict +- Resolves: #881273 + +* Fri Sep 13 2013 Peter Hatina 1.10.2-4 +- fix desktop file entries + +* Fri Sep 13 2013 Peter Hatina 1.10.2-3 +- fix description, Gnome 3 + +* Fri Sep 13 2013 Peter Hatina 1.10.2-2 +- new sources + +* Thu Sep 12 2013 Peter Hatina 1.10.2-1 +- upgrade to 1.10.2 +- see http://www.wireshark.org/docs/relnotes/wireshark-1.10.2.html + +* Tue Sep 10 2013 Peter Hatina 1.10.0-9 +- security patches +- Resolves: CVE-2013-4927 + CVE-2013-4931 + CVE-2013-4932 + CVE-2013-4933 + CVE-2013-4934 + CVE-2013-4935 + CVE-2013-4936 + CVE-2013-4083 + CVE-2013-3557 + +* Mon Sep 9 2013 Peter Hatina 1.10-0-8 +- fix missing ws_symbol_export.h + +* Fri Jul 26 2013 Peter Hatina 1.10.0-7 +- fix tap iostat overflow + +* Fri Jul 26 2013 Peter Hatina 1.10.0-6 +- fix sctp bytes graph crash + +* Fri Jul 26 2013 Peter Hatina 1.10.0-5 +- fix string overrin in plugins/profinet + +* Fri Jul 26 2013 Peter Hatina 1.10.0-4 +- fix pod2man encoding issues + +* Fri Jul 26 2013 Peter Hatina 1.10.0-3 +- fix BuildRequires - libgcrypt-devel + +* Mon Jun 17 2013 Peter Hatina 1.10.0-2 +- fix flow graph crash + +* Mon Jun 17 2013 Peter Hatina 1.10.0-1 +- upgrade to 1.10.0 +- see http://www.wireshark.org/docs/relnotes/wireshark-1.10.0.html + +* Wed Mar 27 2013 Peter Hatina 1.8.6-4 +- fix capture crash (#894753) + +* Tue Mar 19 2013 Peter Hatina 1.8.6-3 +- fix dns resolving crash (#908211) + +* Mon Mar 18 2013 Peter Hatina 1.8.6-2 +- return to gtk2, stable branch 1.8 is not gtk3 ready + +* Tue Mar 12 2013 Peter Hatina 1.8.6-1 +- upgrade to 1.8.6 +- see http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html + +* Sun Feb 10 2013 Parag Nemade - 1.8.5-3 +- Remove vendor tag from desktop file as per https://fedorahosted.org/fesco/ticket/1077 + +* Tue Feb 05 2013 Peter Hatina - 1.8.5-2 +- fix gtk3 layout issues +- NOTE: there may be some windows with broken layouts left + +* Thu Jan 31 2013 Peter Hatina - 1.8.5-1 +- upgrade to 1.8.5 +- see http://www.wireshark.org/docs/relnotes/wireshark-1.8.5.html + +* Mon Dec 03 2012 Peter Hatina - 1.8.4-1 +- upgrade to 1.8.4 +- see http://www.wireshark.org/docs/relnotes/wireshark-1.8.4.html + +* Tue Oct 16 2012 Peter Hatina - 1.8.3-2 +- backport dissector table fix +- TODO: remove this after new release + +* Thu Oct 11 2012 Peter Hatina - 1.8.3-1 +- upgrade to 1.8.3 +- see http://www.wireshark.org/docs/relnotes/wireshark-1.8.3.html + +* Tue Sep 4 2012 Jan Safranek - 1.8.2-3 +- added back compatibility with RHEL6 +- GeoIP build dependency made also conditional on with_GeoIP variable + +* Wed Aug 29 2012 Jan Safranek - 1.8.2-2 +- fixed "libwireshark.so.1: cannot open shared object file" error + message on startup + +* Thu Aug 16 2012 Jan Safranek - 1.8.2-1 +- upgrade to 1.8.2 +- see http://www.wireshark.org/docs/relnotes/wireshark-1.8.2.html + +* Fri Jul 27 2012 Fedora Release Engineering - 1.8.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Tue Jul 24 2012 Jan Safranek - 1.8.1-1 +- upgrade to 1.8.1 +- see http://www.wireshark.org/docs/relnotes/wireshark-1.8.1.html + +* Mon Jun 25 2012 Jan Safranek - 1.8.0 +- upgrade to 1.8.0 +- see http://www.wireshark.org/docs/relnotes/wireshark-1.8.0.html + +* Wed May 23 2012 Jan Safranek - 1.6.8-1 +- upgrade to 1.6.8 +- see http://www.wireshark.org/docs/relnotes/wireshark-1.6.8.html + +* Mon May 21 2012 Jan Safranek - 1.6.7-2 +- Removed dependency on GeoIP on RHEL. + +* Tue Apr 10 2012 Jan Safranek - 1.6.7-1 +- upgrade to 1.6.7 +- see http://www.wireshark.org/docs/relnotes/wireshark-1.6.7.html + +* Wed Mar 28 2012 Jan Safranek - 1.6.6-1 +- upgrade to 1.6.6 +- see http://www.wireshark.org/docs/relnotes/wireshark-1.6.6.html + +* Fri Mar 9 2012 Jan Safranek - 1.6.5-2 +- fixed wireshark crashing when using combo box in import dialog (#773290) +- added AES support into netlogon dissector + +* Wed Jan 11 2012 Jan Safranek - 1.6.5-1 +- upgrade to 1.6.5 +- see http://www.wireshark.org/docs/relnotes/wireshark-1.6.5.html + +* Fri Dec 2 2011 Jan Safranek - 1.6.4-1 +- upgrade to 1.6.4 +- see http://www.wireshark.org/docs/relnotes/wireshark-1.6.4.html +- build with c-ares and libpcap (#759305) +- fixed display of error message boxes on startup in gnome3 (#752559) + +* Mon Nov 14 2011 Jan Safranek - 1.6.3-2 +- added dependency on shadow-utils (#753293) +- removed usermode support + +* Wed Nov 2 2011 Jan Safranek - 1.6.3-1 +- upgrade to 1.6.3 +- see http://www.wireshark.org/docs/relnotes/wireshark-1.6.3.html + +* Wed Oct 26 2011 Fedora Release Engineering - 1.6.2-5 +- Rebuilt for glibc bug#747377 + +* Fri Oct 21 2011 Jan Safranek - 1.6.2-4 +- updated autoconf macros and pkgconfig file in wireshark-devel to reflect + current config.h (#746655) + +* Mon Oct 17 2011 Steve Dickson - 1.6.2-3 +- Fixed a regression introduce by upstream patch r38306 + which caused v4.1 traffic not to be displayed. +- Added v4 error status to packet detail window. + +* Tue Sep 13 2011 Jan Safranek - 1.6.2-2 +- fixed spelling of the security message (#737270) + +* Fri Sep 9 2011 Jan Safranek - 1.6.2-1 +- upgrade to 1.6.2 +- see http://www.wireshark.org/docs/relnotes/wireshark-1.6.2.html + + +* Thu Jul 21 2011 Jan Safranek - 1.6.1-1 +- upgrade to 1.6.1 +- see http://www.wireshark.org/docs/relnotes/wireshark-1.6.1.html + +* Thu Jun 16 2011 Jan Safranek - 1.6.0-4 +- fixed previous incomplete fix + +* Thu Jun 16 2011 Jan Safranek - 1.6.0-3 +- fixed Fedora-specific message when user is not part of 'wireshark' group + - now it does not contain '<' and '>' characters (#713545) + +* Thu Jun 9 2011 Jan Safranek - 1.6.0-2 +- added wspy_dissectors directory to the package + - other packages can add Python plugins there + - as side effect, removed following message: + [Errno 2] No such file or directory: '/usr/lib64/wireshark/python/1.6.0/wspy_dissectors' +- enabled zlib support + +* Wed Jun 8 2011 Jan Safranek - 1.6.0-1 +- upgrade to 1.6.0 +- see http://www.wireshark.org/docs/relnotes/wireshark-1.6.0.html + +* Thu Jun 2 2011 Jan Safranek - 1.4.7-1 +- upgrade to 1.4.7 +- see http://www.wireshark.org/docs/relnotes/wireshark-1.4.7.html + +* Thu May 19 2011 Steve Dickson - 1.4.6-3 +- Improved the NFS4.1 patcket dissectors + +* Sat May 07 2011 Christopher Aillon - 1.4.6-2 +- Update icon cache scriptlet + +* Tue Apr 19 2011 Jan Safranek - 1.4.6-1 +- upgrade to 1.4.6 +- see http://www.wireshark.org/docs/relnotes/wireshark-1.4.6.html + +* Mon Apr 18 2011 Jan Safranek - 1.4.5-1 +- upgrade to 1.4.5 +- see http://www.wireshark.org/docs/relnotes/wireshark-1.4.5.html + +* Sun Apr 03 2011 Cosimo Cecchi - 1.4.4-2 +- Use hi-res icons + +* Thu Mar 3 2011 Jan Safranek - 1.4.4-1 +- upgrade to 1.4.4 +- see http://www.wireshark.org/docs/relnotes/wireshark-1.4.4.html + +* Mon Feb 07 2011 Fedora Release Engineering - 1.4.3-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Mon Jan 17 2011 Jan Safranek - 1.4.3-2 +- create the 'wireshark' group as system, not user +- add few additional header files to -devel subpackage (#671997) + +* Thu Jan 13 2011 Jan Safranek - 1.4.3-1 +- upgrade to 1.4.3 +- see http://www.wireshark.org/docs/relnotes/wireshark-1.4.3.html + +* Wed Jan 5 2011 Jan Safranek - 1.4.2-5 +- fixed buffer overflow in ENTTEC dissector (#666897) + +* Wed Dec 15 2010 Jan Safranek - 1.4.2-4 +- added epan/dissectors/*.h to -devel subpackage (#662969) + +* Mon Dec 6 2010 Jan Safranek - 1.4.2-3 +- fixed generation of man pages again (#635878) + +* Fri Nov 26 2010 Jan Safranek - 1.4.2-2 +- rework the Wireshark security (#657490). Remove the console helper and + allow only members of new 'wireshark' group to capture the packets. + +* Mon Nov 22 2010 Jan Safranek - 1.4.2-1 +- upgrade to 1.4.2 +- see http://www.wireshark.org/docs/relnotes/wireshark-1.4.2.html + +* Mon Nov 1 2010 Jan Safranek - 1.4.1-2 +- temporarily disable zlib until + https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4955 is resolved (#643461) + +* Fri Oct 22 2010 Jan Safranek - 1.4.1-1 +- upgrade to 1.4.1 +- see http://www.wireshark.org/docs/relnotes/wireshark-1.4.1.html +- Own the %%{_libdir}/wireshark dir (#644508) +- associate *.pcap files with wireshark (#641163) + +* Wed Sep 29 2010 jkeating - 1.4.0-2 +- Rebuilt for gcc bug 634757 + +* Fri Sep 24 2010 Jan Safranek - 1.4.0-2 +- fixed generation of man pages (#635878) + +* Tue Aug 31 2010 Jan Safranek - 1.4.0-1 +- upgrade to 1.4.0 +- see http://www.wireshark.org/docs/relnotes/wireshark-1.4.0.html + +* Fri Jul 30 2010 Jan Safranek - 1.2.10-1 +- upgrade to 1.2.10 +- see http://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html + +* Fri Jul 30 2010 Jan Safranek - 1.2.9-4 +- Rebuilt again for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild + +* Thu Jul 22 2010 Jan Safranek - 1.2.9-3 +- removing useless LDFLAGS (#603224) + +* Thu Jul 22 2010 David Malcolm - 1.2.9-2 +- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild + +* Fri Jun 11 2010 Radek Vokal - 1.2.9-1 +- upgrade to 1.2.9 +- see http://www.wireshark.org/docs/relnotes/wireshark-1.2.9.html + +* Mon May 17 2010 Radek Vokal - 1.2.8-4 +- removing traling bracket from python_sitearch (#592391) + +* Fri May 7 2010 Radek Vokal - 1.2.8-3 +- fix patched applied without fuzz=0 + +* Thu May 6 2010 Radek Vokal - 1.2.8-2 +- use sitearch instead of sitelib to avoid pyo and pyc conflicts + +* Thu May 6 2010 Radek Vokal - 1.2.8-1 +- upgrade to 1.2.8 +- see http://www.wireshark.org/docs/relnotes/wireshark-1.2.8.html + +* Tue Apr 6 2010 Radek Vokal - 1.2.7-2 +- rebuild with GeoIP support (needs to be turned on in IP protocol preferences) + +* Fri Apr 2 2010 Radek Vokal - 1.2.7-1 +- upgrade to 1.2.7 +- see http://www.wireshark.org/docs/relnotes/wireshark-1.2.7.html + +* Wed Mar 24 2010 Radek Vokal - 1.2.6-3 +- bring back -pie + +* Tue Mar 16 2010 Jeff Layton - 1.2.6-2 +- add patch to allow decode of NFSv4.0 callback channel +- add patch to allow decode of more SMB FIND_FILE infolevels + +* Fri Jan 29 2010 Radek Vokal - 1.2.6-1 +- upgrade to 1.2.6 +- see http://www.wireshark.org/docs/relnotes/wireshark-1.2.6.html + +* Wed Jan 20 2010 Radek Vokal - 1.2.5-5 +- minor spec file tweaks for better svn checkout support (#553500) + +* Tue Jan 05 2010 Radek Vokál - 1.2.5-4 +- init.lua is present always and not only when lua support is enabled + +* Tue Jan 05 2010 Radek Vokál - 1.2.5-3 +- fix file list, init.lua is only in -devel subpackage (#552406) + +* Fri Dec 18 2009 Patrick Monnerat 1.2.5-2 +- Autoconf macro for plugin development. + +* Fri Dec 18 2009 Radek Vokal - 1.2.5-1 +- upgrade to 1.2.5 +- fixes security vulnaribilities, see http://www.wireshark.org/security/wnpa-sec-2009-09.html + +* Thu Dec 17 2009 Radek Vokal - 1.2.4-3 +- split -devel package (#547899, #203642, #218451) +- removing root warning dialog (#543709) + +* Mon Dec 14 2009 Radek Vokal - 1.2.4-2 +- enable lua support - http://wiki.wireshark.org/Lua +- attempt to fix filter crash on 64bits + +* Wed Nov 18 2009 Radek Vokal - 1.2.4-1 +- upgrade to 1.2.4 +- http://www.wireshark.org/docs/relnotes/wireshark-1.2.4.html + +* Fri Oct 30 2009 Radek Vokal - 1.2.3-1 +- upgrade to 1.2.3 +- http://www.wireshark.org/docs/relnotes/wireshark-1.2.3.html + +* Mon Sep 21 2009 Radek Vokal - 1.2.2-1 +- upgrade to 1.2.2 +- http://www.wireshark.org/docs/relnotes/wireshark-1.2.2.html + +* Mon Sep 14 2009 Bill Nottingham - 1.2.1-5 +- do not use portaudio in RHEL + +* Fri Aug 28 2009 Radek Vokal - 1.2.1-4 +- yet anohter rebuilt + +* Fri Aug 21 2009 Tomas Mraz - 1.2.1-3 +- rebuilt with new openssl + +* Mon Jul 27 2009 Fedora Release Engineering - 1.2.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Wed Jul 22 2009 Radek Vokal - 1.2.1 +- upgrade to 1.2.1 +- http://www.wireshark.org/docs/relnotes/wireshark-1.2.1.html + +* Tue Jun 16 2009 Radek Vokal - 1.2.0 +- upgrade to 1.2.0 +- http://www.wireshark.org/docs/relnotes/wireshark-1.2.0.html + +* Fri May 22 2009 Radek Vokal - 1.1.4-0.pre1 +- update to latest development build + +* Thu Mar 26 2009 Radek Vokal - 1.1.3-1 +- upgrade to 1.1.3 + +* Thu Mar 26 2009 Radek Vokal - 1.1.2-4.pre1 +- fix libsmi support + +* Wed Feb 25 2009 Fedora Release Engineering - 1.1.2-3.pre1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Mon Feb 16 2009 Radek Vokal - 1.1.2-2.pre1 +- add netdump support + +* Sun Feb 15 2009 Steve Dickson - 1.1.2-1.pre1 +- NFSv4.1: Add support for backchannel decoding + +* Mon Jan 19 2009 Radek Vokal - 1.1.2-0.pre1 +- upgrade to latest development release +- added support for portaudio (#480195) + +* Sun Jan 18 2009 Tomas Mraz - 1.1.1-0.pre1.2 +- rebuild with new openssl + +* Sat Nov 29 2008 Ignacio Vazquez-Abrams - 1.1.1-0.pre1.1 +- Rebuild for Python 2.6 + +* Thu Nov 13 2008 Radek Vokál 1.1.1-0.pre1 +- upgrade to 1.1.1 development branch + +* Wed Sep 10 2008 Radek Vokál 1.0.3-1 +- upgrade to 1.0.3 +- Security-related bugs in the NCP dissector, zlib compression code, and Tektronix .rf5 file parser have been fixed. +- WPA group key decryption is now supported. +- A bug that could cause packets to be wrongly dissected as "Redback Lawful Intercept" has been fixed. + +* Mon Aug 25 2008 Radek Vokál 1.0.2-3 +- fix requires for wireshark-gnome + +* Thu Jul 17 2008 Steve Dickson 1.0.2-2 +- Added patches to support NFSv4.1 + +* Fri Jul 11 2008 Radek Vokál 1.0.2-1 +- upgrade to 1.0.2 + +* Tue Jul 8 2008 Radek Vokál 1.0.1-1 +- upgrade to 1.0.1 + +* Sun Jun 29 2008 Dennis Gilmore 1.0.0-3 +- add sparc arches to -fPIE +- rebuild for new gnutls + +* Tue Apr 1 2008 Radek Vokál 1.0.0-2 +- fix BuildRequires - python, yacc, bison + +* Tue Apr 1 2008 Radek Vokál 1.0.0-1 +- April Fools' day upgrade to 1.0.0 + +* Tue Feb 19 2008 Fedora Release Engineering - 0.99.7-3 +- Autorebuild for GCC 4.3 + +* Wed Dec 19 2007 Radek Vokál 0.99.7-2 +- fix crash in unprivileged mode (#317681) + +* Tue Dec 18 2007 Radek Vokál 0.99.7-1 +- upgrade to 0.99.7 + +* Fri Dec 7 2007 Radek Vokál 0.99.7-0.pre2.1 +- rebuilt for openssl + +* Mon Nov 26 2007 Radek Vokal 0.99.7-0.pre2 +- switch to libsmi from net-snmp +- disable ADNS due to its lack of Ipv6 support +- 0.99.7 prerelease 2 + +* Tue Nov 20 2007 Radek Vokal 0.99.7-0.pre1 +- upgrade to 0.99.7 pre-release + +* Wed Sep 19 2007 Radek Vokál 0.99.6-3 +- fixed URL + +* Thu Aug 23 2007 Radek Vokál 0.99.6-2 +- rebuilt + +* Mon Jul 9 2007 Radek Vokal 0.99.6-1 +- upgrade to 0.99.6 final + +* Fri Jun 15 2007 Radek Vokál 0.99.6-0.pre2 +- another pre-release +- turn on ADNS support + +* Wed May 23 2007 Radek Vokál 0.99.6-0.pre1 +- update to pre1 of 0.99.6 release + +* Mon Feb 5 2007 Radek Vokál 0.99.5-1 +- multiple security issues fixed (#227140) +- CVE-2007-0459 - The TCP dissector could hang or crash while reassembling HTTP packets +- CVE-2007-0459 - The HTTP dissector could crash. +- CVE-2007-0457 - On some systems, the IEEE 802.11 dissector could crash. +- CVE-2007-0456 - On some systems, the LLT dissector could crash. + +* Mon Jan 15 2007 Radek Vokal 0.99.5-0.pre2 +- another 0.99.5 prerelease, fix build bug and pie flags + +* Tue Dec 12 2006 Radek Vokal 0.99.5-0.pre1 +- update to 0.99.5 prerelease + +* Thu Dec 7 2006 Jeremy Katz - 0.99.4-5 +- rebuild for python 2.5 + +* Tue Nov 28 2006 Radek Vokal 0.99.4-4 +- rebuilt for new libpcap and net-snmp + +* Thu Nov 23 2006 Radek Vokal 0.99.4-3 +- add htmlview to Buildrequires to be picked up by configure scripts (#216918) + +* Tue Nov 7 2006 Radek Vokal 0.99.4-2.fc7 +- Requires: net-snmp for the list of MIB modules + +* Wed Nov 1 2006 Radek Vokál 0.99.4-1 +- upgrade to 0.99.4 final + +* Tue Oct 31 2006 Radek Vokál 0.99.4-0.pre2 +- upgrade to 0.99.4pre2 + +* Tue Oct 10 2006 Radek Vokal 0.99.4-0.pre1 +- upgrade to 0.99.4-0.pre1 + +* Fri Aug 25 2006 Radek Vokál 0.99.3-1 +- upgrade to 0.99.3 +- Wireshark 0.99.3 fixes the following vulnerabilities: +- the SCSI dissector could crash. Versions affected: CVE-2006-4330 +- the IPsec ESP preference parser was susceptible to off-by-one errors. CVE-2006-4331 +- a malformed packet could make the Q.2931 dissector use up available memory. CVE-2006-4333 + +* Tue Jul 18 2006 Radek Vokál 0.99.2-1 +- upgrade to 0.99.2 + +* Wed Jul 12 2006 Jesse Keating - 0.99.2-0.pre1.1 +- rebuild + +* Tue Jul 11 2006 Radek Vokál 0.99.2-0.pre1 +- upgrade to 0.99.2pre1, fixes (#198242) + +* Tue Jun 13 2006 Radek Vokal 0.99.1-0.pre1 +- spec file changes + +* Fri Jun 9 2006 Radek Vokal 0.99.1pre1-1 +- initial build for Fedora Core