[Wireshark-bugs] [Bug 12904] File | File Set | List Files dialog is blank

2016-09-18 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12904

--- Comment #4 from Gerrit Code Review  ---
Change 17791 had a related patch set uploaded by Pascal Quantin:
Qt: fix file set menus when stopping a capture or opening a capture after
startup

https://code.wireshark.org/review/17791

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12898] Export packet dissections Option disabled after capturing traffic

2016-09-18 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12898

--- Comment #6 from Gerrit Code Review  ---
Change 17790 merged by Pascal Quantin:
Qt: fix some menus activation when stopping a capture

https://code.wireshark.org/review/17790

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12898] Export packet dissections Option disabled after capturing traffic

2016-09-18 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12898

--- Comment #5 from Gerrit Code Review  ---
Change 17790 had a related patch set uploaded by Pascal Quantin:
Qt: fix some menus activation when stopping a capture

https://code.wireshark.org/review/17790

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12071] Capture File Properties under Statistics Grayed Out after Stopping a Capture

2016-09-18 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12071

--- Comment #5 from Gerrit Code Review  ---
Change 17790 had a related patch set uploaded by Pascal Quantin:
Qt: fix some menus activation when stopping a capture

https://code.wireshark.org/review/17790

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12904] File | File Set | List Files dialog is blank

2016-09-18 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12904

--- Comment #3 from Gerrit Code Review  ---
Change 17785 merged by Alexis La Goutte:
Qt: fix file set menus when stopping a capture or opening a capture after
startup

https://code.wireshark.org/review/17785

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12904] File | File Set | List Files dialog is blank

2016-09-18 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12904

Gerrit Code Review  changed:

   What|Removed |Added

 Status|UNCONFIRMED |RESOLVED
 Resolution|--- |FIXED

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12071] Capture File Properties under Statistics Grayed Out after Stopping a Capture

2016-09-18 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12071

--- Comment #4 from Gerrit Code Review  ---
Change 17784 merged by Alexis La Goutte:
Qt: fix some menus activation when stopping a capture

https://code.wireshark.org/review/17784

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12898] Export packet dissections Option disabled after capturing traffic

2016-09-18 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12898

--- Comment #4 from Gerrit Code Review  ---
Change 17784 merged by Alexis La Goutte:
Qt: fix some menus activation when stopping a capture

https://code.wireshark.org/review/17784

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12898] Export packet dissections Option disabled after capturing traffic

2016-09-18 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12898

Gerrit Code Review  changed:

   What|Removed |Added

 Status|CONFIRMED   |RESOLVED
 Resolution|--- |FIXED

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12071] Capture File Properties under Statistics Grayed Out after Stopping a Capture

2016-09-18 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12071

Gerrit Code Review  changed:

   What|Removed |Added

 Status|CONFIRMED   |RESOLVED
 Resolution|--- |FIXED

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12905] Buildbot crash output: randpkt-2016-09-16-10425.pcap

2016-09-18 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12905

Guy Harris  changed:

   What|Removed |Added

 Status|CONFIRMED   |RESOLVED
 Resolution|--- |DUPLICATE

--- Comment #1 from Guy Harris  ---


*** This bug has been marked as a duplicate of bug 12797 ***

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12797] Buildbot crash output: randpkt-2016-08-31-7311.pcap

2016-09-18 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12797

--- Comment #30 from Guy Harris  ---
*** Bug 12905 has been marked as a duplicate of this bug. ***

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12797] Buildbot crash output: randpkt-2016-08-31-7311.pcap

2016-09-18 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12797

--- Comment #29 from Guy Harris  ---
*** Bug 12912 has been marked as a duplicate of this bug. ***

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12912] Buildbot crash output: randpkt-2016-09-17-20562.pcap

2016-09-18 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12912

Guy Harris  changed:

   What|Removed |Added

 Status|CONFIRMED   |RESOLVED
 Resolution|--- |DUPLICATE

--- Comment #1 from Guy Harris  ---


*** This bug has been marked as a duplicate of bug 12797 ***

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12825] Buildbot crash output: fuzz-2016-09-04-21710.pcap

2016-09-18 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12825

--- Comment #3 from Guy Harris  ---
*** Bug 12920 has been marked as a duplicate of this bug. ***

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12920] Buildbot crash output: fuzz-2016-09-17-5537.pcap

2016-09-18 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12920

Guy Harris  changed:

   What|Removed |Added

 Status|CONFIRMED   |RESOLVED
 Resolution|--- |DUPLICATE

--- Comment #1 from Guy Harris  ---


*** This bug has been marked as a duplicate of bug 12825 ***

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12897] Buildbot crash output: fuzz-2016-09-14-1584.pcap

2016-09-18 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12897

Guy Harris  changed:

   What|Removed |Added

 Status|CONFIRMED   |RESOLVED
 Resolution|--- |DUPLICATE

--- Comment #1 from Guy Harris  ---


*** This bug has been marked as a duplicate of bug 12825 ***

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12825] Buildbot crash output: fuzz-2016-09-04-21710.pcap

2016-09-18 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12825

--- Comment #2 from Guy Harris  ---
*** Bug 12897 has been marked as a duplicate of this bug. ***

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12886] Buildbot crash output: fuzz-2016-09-11-21126.pcap

2016-09-18 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12886

Guy Harris  changed:

   What|Removed |Added

 Status|CONFIRMED   |RESOLVED
 Resolution|--- |DUPLICATE

--- Comment #1 from Guy Harris  ---


*** This bug has been marked as a duplicate of bug 12825 ***

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12825] Buildbot crash output: fuzz-2016-09-04-21710.pcap

2016-09-18 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12825

--- Comment #1 from Guy Harris  ---
*** Bug 12886 has been marked as a duplicate of this bug. ***

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12882] TCP packets sometimes are incorrectly parsed as TDS (or other corruptions)

2016-09-18 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12882

Guy Harris  changed:

   What|Removed |Added

 Status|UNCONFIRMED |CONFIRMED
 Ever confirmed|0   |1

--- Comment #4 from Guy Harris  ---
At least part of the problem is that the *second* packet looks "enough like" a
TDS packet, so it marks the entire TCP connection as carrying TDS - but it
doesn't say "the stuff before this doesn't look like TDS, so if it really *is*
TDS, it's probably the middle and end of a TDS packet, so don't try to dissect
it", or something such as that.  That's the problem with byte-stream protocols
such as TCP.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12882] TCP packets sometimes are incorrectly parsed as TDS (or other corruptions)

2016-09-18 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12882

--- Comment #3 from Guy Harris  ---
(In reply to Uxorious from comment #2)

> Maybe the heuristic detection should be off by default as most people will
> not be encountering TDS packets?

Or maybe the heuristic should be strengthened, if possible, so that it gets
fewer false positives.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12882] TCP packets sometimes are incorrectly parsed as TDS (or other corruptions)

2016-09-18 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12882

--- Comment #2 from Uxorious  ---
Thanks for the clarification.

Maybe the heuristic detection should be off by default as most people will not
be encountering TDS packets?

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12920] New: Buildbot crash output: fuzz-2016-09-17-5537.pcap

2016-09-18 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12920

Bug ID: 12920
   Summary: Buildbot crash output: fuzz-2016-09-17-5537.pcap
   Product: Wireshark
   Version: unspecified
  Hardware: x86-64
   URL: https://www.wireshark.org/download/automated/captures/
fuzz-2016-09-17-5537.pcap
OS: Ubuntu
Status: CONFIRMED
  Severity: Major
  Priority: High
 Component: Dissection engine (libwireshark)
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: buildbot-do-not-re...@wireshark.org

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2016-09-17-5537.pcap

stderr:
Input file: /home/wireshark/menagerie/menagerie/5750-avdtp_test.cap

Build host information:
Linux wsbb04 4.4.0-34-generic #53-Ubuntu SMP Wed Jul 27 16:06:39 UTC 2016
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:Ubuntu
Description:Ubuntu 16.04.1 LTS
Release:16.04
Codename:xenial

Buildbot information:
BUILDBOT_REPOSITORY=ssh://wireshark-build...@code.wireshark.org:29418/wireshark
BUILDBOT_WORKERNAME=clang-code-analysis
BUILDBOT_BUILDNUMBER=3694
BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-master/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_GOT_REVISION=ede1af20ba483dd7b6b35d3bd1eabe5cc463592c

Return value:  1

Dissector bug:  0

Valgrind error count:  0



Git commit
commit ede1af20ba483dd7b6b35d3bd1eabe5cc463592c
Author: Martin Kaiser 
Date:   Sat Sep 17 18:46:26 2016 +0200

eap: make eap_identity_prefix a numeric item

This used to be string item, its value was not 0-terminated. This
resulted in out-of-bounds mem acceess when eap_identity_prefix was used
by proto_tree_add_string_format().

==14744== Conditional jump or move depends on uninitialised value(s)
==14744==at 0x4C294F8: strlen (mc_replace_strmem.c:390)
==14744==by 0xC19C97F: g_strdup (gstrfuncs.c:355)
==14744==by 0x739CA75: string_fvalue_set_string (ftype-string.c:51)
==14744==by 0x67136A9: proto_tree_add_string (proto.c:3515)
==14744==by 0x6713870: proto_tree_add_string_format (proto.c:3547)
==14744==by 0x69BB494: dissect_eap (packet-eap.c:838)
==14744==by 0x66FD0B4: call_dissector_work (packet.c:649)

As the content is a number anyway, the simplest solution is to make
eap_identity_prefix a numeric item and use
proto_tree_add_uint_format_value().

Bug: 12913
Change-Id: I907b1d3555a96e9662b1d8253d17d35adfdada48
Reviewed-on: https://code.wireshark.org/review/17760
Reviewed-by: Guy Harris 


=
==7255==ERROR: AddressSanitizer: global-buffer-overflow on address
0x7fe65ce86646 at pc 0x004947dd bp 0x7fffdf4cfdb0 sp 0x7fffdf4cf560
READ of size 7 at 0x7fe65ce86646 thread T0
#0 0x4947dc 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark+0x4947dc)
#1 0x7fe65b573a3d 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7c03a3d)
#2 0x7fe65b569b35 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7bf9b35)
#3 0x7fe65b2638bc 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78f38bc)
#4 0x7fe65b26172c 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78f172c)
#5 0x7fe65b52c996 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7bbc996)
#6 0x7fe65b2638bc 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78f38bc)
#7 0x7fe65b26358a 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78f358a)
#8 0x7fe65b8fe651 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7f8e651)
#9 0x7fe65b2638bc 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78f38bc)
#10 0x7fe65b26358a 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78f358a)
#11 0x7fe65b4c3ac9 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7b53ac9)
#12 0x7fe65b2638bc 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78f38bc)
#13 0x7fe65b26358a 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78f358a)
#14 0x7fe65b80f6cf 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7e9f6cf)
#15 0x7fe65b2638bc

[Wireshark-bugs] [Bug 12831] Fails to compile against Heimdal 1.5.3

2016-09-18 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12831

Edwin Groothuis  changed:

   What|Removed |Added

 CC||wiresh...@mavetju.org

--- Comment #1 from Edwin Groothuis  ---
Same as on FreeBSD 10.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12874] Unable to dissect SPDY streams after a protocol switch in plain text

2016-09-18 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12874

Peter Wu  changed:

   What|Removed |Added

 Status|UNCONFIRMED |CONFIRMED
 CC||alexis.lagou...@gmail.com,
   ||pe...@lekensteyn.nl
 Ever confirmed|0   |1

--- Comment #5 from Peter Wu  ---
With the above patch SPDY dissector is invoked automatically. The latest
version (3.1) seems not to be supported though, I get a header decompression
failure.

Alexis? Spec is at
https://www.chromium.org/spdy/spdy-protocol/spdy-protocol-draft3-1

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12874] Unable to dissect SPDY streams after a protocol switch in plain text

2016-09-18 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12874

--- Comment #4 from Gerrit Code Review  ---
Change 17786 had a related patch set uploaded by Peter Wu:
http: add spdy Upgrade support

https://code.wireshark.org/review/17786

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12855] Follow TCP Stream shows duplicate stream data

2016-09-18 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12855

--- Comment #7 from Michael Mann  ---
(In reply to Pascal Quantin from comment #6)
> For both cases, 2.0.5 behavior seems better (as discussed in Gerrit I'm not
> a fan of the reassembly happening despite missing packets).
> Maybe that's why previous code was not simple ;)
> IMHO the Follow TCP stream feature should not rely on the upper dissector
> having TCP reassembly activated / supported or not.
> Not sure how to move forward. Obviously the current handling needs more
> work, and the previous code was working fine for those use cases. Should we
> revert the change until a more solid version is available? Michael, what's
> your opinion?

I'd really not like to revert if we can avoid it.  My two big issues with the
previous implementation are:
1. Duplicate logic of TCP behavior/dissector.
2. Use of temporary file to collect streams (which doesn't perform as well as
the tap interface)

While the TCP dissector isn't my favorite to modify, I really didn't like
having TCP logic in 2 places.  It sounds like both have their bugs, but I'd
like to continue trying to fix the bugs of the new implementation.
There are certainly some good "test cases" here, but should we start with
trying to compile as many "test cases" as possible (and maybe add them to the
test suite)?  From there we could compare the output and fix the differences in
the new implementation.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12907] Option 82 suboption 12 is displayed as Unknown in linux version of tshark

2016-09-18 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12907

Gerrit Code Review  changed:

   What|Removed |Added

 Status|CONFIRMED   |RESOLVED
 Resolution|--- |FIXED

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12898] Export packet dissections Option disabled after capturing traffic

2016-09-18 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12898

--- Comment #3 from Gerrit Code Review  ---
Change 17784 had a related patch set uploaded by Pascal Quantin:
Qt: fix some menus activation when stopping a capture

https://code.wireshark.org/review/17784

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12071] Capture File Properties under Statistics Grayed Out after Stopping a Capture

2016-09-18 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12071

--- Comment #3 from Gerrit Code Review  ---
Change 17784 had a related patch set uploaded by Pascal Quantin:
Qt: fix some menus activation when stopping a capture

https://code.wireshark.org/review/17784

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12904] File | File Set | List Files dialog is blank

2016-09-18 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12904

--- Comment #2 from Gerrit Code Review  ---
Change 17785 had a related patch set uploaded by Pascal Quantin:
Qt: fix file set menus when stopping a capture or opening a capture after
startup

https://code.wireshark.org/review/17785

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12184] MATE AVPL match modes "Loose" and "Every" do not work correctly

2016-09-18 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12184

--- Comment #8 from Peter Wu  ---
Hmm, I am still not fully certain how multiple AVPs with the same name have to
be handled (for matching data AVPs and returning results).

In plugins/mate/examples/web.mate there is this snippet (old syntax):
Action=Transform; Name=rm_client_from_dns_resp; Mode=Replace; Match=Every;
dns_resp=1; client_addr; .dns_resp=1;

Here you can see that the intention of "Every" is that every condition
(dns_resp=1, client_addr) must match and that it is replaced by (dns_resp=1)
(effectively dropping client_addr).

In mms.mate we can see a case where "Loose" with zero conditions is allowed, it
is expected to match (and apply the replacement). Rewritten to the new syntax
(for clarity) it becomes:

Transform mms_start {
// yes, really no attributes and apparently no value for the AVP
either?
Match Loose () Insert (mms_start);
}
Pdu mmse_over_wsp_pdu Proto wsp Transport ip {
// (Match omitted)
Transform mms_start;
}

In the same file we find (translated and annotated):

Transform rm_client_from_http_resp1 {
// If "http_rq" is set, match and return from this transform.
Match Strict (http_rq) Insert ();
// could probably be "Strict" as well?
Match Every (addr) Insert (not_rq);
}
Transform rm_client_from_http_resp2 {
// huh, why add not_rq above and replace it here? Why not just:
// Match Strict (addr) Insert (ue); above?
Match Strict (not_rq) Replace (ue);
}
Pdu mmse_over_http ... {
Extract addr From ip.addr;
Extract http_rq From http.request;
...
Transform rm_client_from_http_resp1;
Transform rm_client_from_http_resp2;
}

In matelib/radius.mate:

Transform radius_same_port {
// If there are already two ports, do nothing
Match Strict (radius_port, radius_port) Insert ();
// else add a new port?
Match Every (radius_port) Insert (radius_port=0);
}
Pdu radius_pdu Proto radius Transport udp/ip {
Match radius_addr From ip.addr;
Match radius_port From udp.port;
Match radius_id From radius.id;
Match radius_code From radius.code;
Transform radius_same_port;
}
Gop radius_req On radius_pdu (radius_id, radius_addr, radius_addr,
radius_port, radius_port) {
// not sure if right syntax
Start (radius_code|1|4|7);
Stop (radius_code|2|3|5|8|9);
}

None of these examples really help understanding what should be done for Match
(what to return for a match).

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12184] MATE AVPL match modes "Loose" and "Every" do not work correctly

2016-09-18 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12184

--- Comment #7 from Peter Wu  ---
I have pushed some buggy WIP to implement the (wrong) idea following the
updated wiki/bug comments, it will be modified as things become clearer.

The current code has one fatal flaw, it compares attributes by their memory
address. Should we have data (a=1,b=2) then it is possible that Loose (b=2)
does not match depending on whether  <  or  >  (where '&' denotes
address-of operator). After fixing this, the Loose case seems fixed.
(Additionally, I no longer return an empty list if the match fails, it now
returns NULL (=failed match)).

From
https://wiki.wireshark.org/Mate/Reference?action=recall=27#Attribute.2FValue_Pair_List_.28AVPL.29
:
>> PDUS, GoPs and GoGs use an AVPL to contain the tracing information.
>> An AVPL is an unsorted set of AVPs that can be matched against other AVPLs.

All matching functions however expect sorted AVPLs (this is enforced at
insertion time). Perhaps it refers to the MATE configuration file where
"Gop sess On pdu_name (a, a, b)" is the same as
"Gop sess On pdu_name (a, b, a)".

"Strict" seems to have a totally diferent meaning than assumed before.
Apparently it only consumes the first AVP from the data AVPL (such that it
cannot be matched by other conditions). With this assumption,
"Match Strict (a, a)" would fail on (a=1), but succeed on (a=1,a=2).

The current (modified) wording of the wiki is contradictory (or at least
confusing). The original revision says:
>> "Every" Match: Will match if none of the AVPs of the operator AVPL fails to
>> match a present AVP in the operand AVPL, even if not all of the operator's
>> AVPs have a match. If it matches it will return an AVPL containing all AVPs
>> from the operand AVPL that did match one AVP in the operator AVPL.

I think this is the same as the "Strict" behavior I described before.

Maybe you could jump on #wireshark on Freenode IRC for some faster feedback?

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12184] MATE AVPL match modes "Loose" and "Every" do not work correctly

2016-09-18 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12184

--- Comment #6 from Gerrit Code Review  ---
Change 1 had a related patch set uploaded by Peter Wu:
[WIP] mate: document more parts, try to fix matching logic

https://code.wireshark.org/review/1

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12640] SSL Protocol Preferences do not save RSA key

2016-09-18 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12640

--- Comment #5 from Gerrit Code Review  ---
Change 17738 merged by Peter Wu:
Qt: allow file dialogs to mark an UAT as dirty

https://code.wireshark.org/review/17738

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12640] SSL Protocol Preferences do not save RSA key

2016-09-18 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12640

Gerrit Code Review  changed:

   What|Removed |Added

 Status|CONFIRMED   |RESOLVED
 Resolution|--- |FIXED

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12184] MATE AVPL match modes "Loose" and "Every" do not work correctly

2016-09-18 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12184

--- Comment #5 from Pavel Sindelka  ---
(In reply to Peter Wu from comment #4)
> What about adding this to
> https://wiki.wireshark.org/Mate/Reference#Every_Match
> 
>...
> 
> The description on the wiki (while it might technically correct) is hard to
> parse. Your comment is already an improvement, ...

To the best of my memory, I was only changing the syntax of the examples, and
replacing Luis' "operator" and "operand" names by "configuration AVP(L)" and
"data AVP(L)" respectively. So I didn't dare to add my own examples or change
the wording towards a more precise one back then, fearing that I didn't
understand the author's intention deep enough.

But luckily there is a better memory than mine - the wiki's own one. Revision
27 is the last one before I've started editing it. So I can see now that I may
have shifted the meaning of Strict a bit.

The original text was:
>> A Strict match will return if and only if every AVP in the operator has at
>> least one match in the operand and none fails.

My edit has changed it to:
>> A Strict match between AVPLs succeeds if and only if every AVP in the
>> configuration AVPL has at least one counterpart in the data AVPL and none
>> of the AVP matches fails. The result AVPL contains all the data AVPs that
>> matched.

My current understanding of how it should work is that for Strict to succeed,
two (different from each other by definition) values of the same attribute may
be present in the data AVPL, but it is enough that only one of them matches the
condition associated to that attribute in configuration. The fact that the
other value does not match the condition doesn't prevent Strict from
succeeding, yet this instance of that attribute will not be part of the result
AVPL.

If this is also what the current code says, I will make the Wiki clear (and add
some examples). The "and none fails" part makes me uncertain whether this was
author's intention. But where two instances of the same attribute are part of
GoP's key AVPL, each of the values in the GoP's key matches only one of the
values in the candidate PDU's AVPL and the Strict match is still considered
successful, so I guess such reading is correct.

> ..., but for the comment in the source code I will be writing:
> 
> There is a match if and only if for all conditions, either
> (1) there are no data avps with the same attribute name or
> (2) there exists a data avp with the same attribute name which matches.
> (If there are no conditions, the result will be a match.)

Especially the last line confirms that we share the some doubt in the Every
case. The way Every is described on the Wiki, this statement is true. But while
it is unlikely someone would use any type of match with an empty list of
conditions, people might be surprised that condition (a=1,b=2) matches data
(c=3,d=4,e=5) although it yields no result AVPL. So the question is whether an
Every match with an empty result AVPL should really be considered successful or
not.

So yes, I will add more examples to the Wiki, but we must first be sure that
they match the real behaviour.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12907] Option 82 suboption 12 is displayed as Unknown in linux version of tshark

2016-09-18 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12907

--- Comment #3 from Gerrit Code Review  ---
Change 17775 had a related patch set uploaded by Martin Kaiser:
bootp: dissect option 82, sub-option 12 (Relay Agent Identifier)

https://code.wireshark.org/review/17775

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12184] MATE AVPL match modes "Loose" and "Every" do not work correctly

2016-09-18 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12184

--- Comment #4 from Peter Wu  ---
What about adding this to https://wiki.wireshark.org/Mate/Reference#Every_Match

(a=1, a=2) Match Every (a=1) ==> (a=1)
(a=1, a=2) Match Every (a=1, a=2) ==> (a=1, a=2)
(a=1, a=2) Match Every (a=1, a=3) ==> No match  // a found, but not a=3
(a=1, a=2) Match Every (a!1) ==> (a=2)
(a=1, a=2) Match Every (b?) ==> ()  // match with empty result

The description on the wiki (while it might technically correct) is hard to
parse. Your comment is already and improvement, but for the comment in the
source code I will be writing:

There is a match if and only if for all conditions, either
(1) there are no data avps with the same attribute name or
(2) there exists a data avp with the same attribute name which matches.
(If there are no conditions, the result will be a match.)

Alternatively, it is important to note that "Every" refers to the condition and
not "every" (compatible) data avp. "Every" condition must match (but if there
is no compatible data to test against, it will still be considered a match).

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12846] Live capture from USBPcap fails immediately

2016-09-18 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12846

--- Comment #9 from Gerrit Code Review  ---
Change 17774 merged by Pascal Quantin:
extcap: fix management of multicheck and saved non boolean arguments

https://code.wireshark.org/review/17774

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12846] Live capture from USBPcap fails immediately

2016-09-18 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12846

--- Comment #8 from Gerrit Code Review  ---
Change 17774 had a related patch set uploaded by Pascal Quantin:
extcap: fix management of multicheck and saved non boolean arguments

https://code.wireshark.org/review/17774

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12846] Live capture from USBPcap fails immediately

2016-09-18 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12846

--- Comment #7 from Gerrit Code Review  ---
Change 17773 merged by Roland Knall:
extcap: fix management of multicheck and saved non boolean arguments

https://code.wireshark.org/review/17773

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12846] Live capture from USBPcap fails immediately

2016-09-18 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12846

Gerrit Code Review  changed:

   What|Removed |Added

 Status|CONFIRMED   |RESOLVED
 Resolution|--- |FIXED

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12184] MATE AVPL match modes "Loose" and "Every" do not work correctly

2016-09-18 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12184

Peter Wu  changed:

   What|Removed |Added

 Status|CONFIRMED   |IN_PROGRESS

--- Comment #3 from Peter Wu  ---
I made a small mistake in describing Strict, it additionally needs the
condition that all values must match.

Effectively Strict is the same as Every, with the additional requirement that
conditions must apply to at least one data AVP. This matches with your data
example.

Currently in progress of reverse-engineering, documenting and modifying the
functional code.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12184] MATE AVPL match modes "Loose" and "Every" do not work correctly

2016-09-18 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12184

--- Comment #2 from Pavel Sindelka  ---
(In reply to Peter Wu from comment #1)

Seems it is going to be a language issue, as I've never used English to discuss
matters of mathematics.

For Every and Strict, I've either misunderstood Luis or you, or maybe you've
just swapped the mapping between the names and the descriptions in your
Comment?

Loose is fine - there is at least one matching data AVP for at least one of the
conditions in the list, here we agree.

To me, what Luis wrote about "Every" means that "for each attribute on the
condition list which exists at least once also in the data list, at least one
of the values of that attribute on the data list must match the condition for
that attribute. Any attribute on the condition list which has no counterpart on
the data list is ignored".

So using the set theory vernacular, you examine the conditions only on the
intersection of the two lists, except that it is hard to talk about an
intersection here: if you take the complete elements, they are different in the
two sets so the intersection is always empty, if you take just their
"attribute" part, some elements may exist twice in each of the operand sets
which I doubt is compatible with set theory - at least it makes it impossible
to represent sets of finite counts of elements as bitmaps).

So let's describe it algorithmically instead: you set the "total result" bit to
1 and start a foreach walk through the list of conditions. For each condition
on the list, you first check whether there is any compatible data element
available; if not, you do nothing and move to the next condition. If data
elements compatible with that condition are available, you set the "local
result" bit to 0 and examine all of them for a match (i.e. you must not stop
the evaluation on first match). For each compatible data element which matches,
you "or" the local result with 1 and mark that data element as part of the
result list. When finished, you "and" the "total result" bit with the value of
the "local result". If the "total result" becomes 0, you may break the outer
foreach because if the total result is "no match", nobody cares about the match
list.

For Strict, at least one compatible data attribute must exist for each
condition, and at least one of all the compatible data attributes must match
its condition.

I haven't dug too deep in this case, but theoretically you can have the
following:

data list: (a=10, a=12, a=20)
conditions list: (a<15)

In this case, a Strict match succeeds, and the result list is (a=10, a=12)

If you'd add (b=7) to the conditions list, a Strict match would fail on the
same data list, while an Every match would still succeed, yielding the same
result list. Every would still succeed if you'd add b=7 to the data list, but
it would fail if you'd add b=10 instead.

Just for the case, two conditions dealing with the same attribute may exist on
the conditions list, so it may look like this:
(a<11,a>15)

Both Every and Strict would match on the data list above, yielding a result
list (a=10,a=20) and both would fail if you'd remove any of (a=10, a=20) from
the data list; a Loose match with the same conditions and data would still
succeed if you'd remove either a=10 or a=20 from the original list but fail if
you'd remove both.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12846] Live capture from USBPcap fails immediately

2016-09-18 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12846

--- Comment #6 from Gerrit Code Review  ---
Change 17773 had a related patch set uploaded by Pascal Quantin:
extcap: fix management of multicheck and saved non boolean arguments

https://code.wireshark.org/review/17773

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12898] Export packet dissections Option disabled after capturing traffic

2016-09-18 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12898

Pascal Quantin  changed:

   What|Removed |Added

 Status|UNCONFIRMED |CONFIRMED
 CC||pascal.quan...@gmail.com
Summary|Export packet dissections   |Export packet dissections
   |Option always (?) disabled  |Option disabled after
   ||capturing traffic
 Ever confirmed|0   |1

--- Comment #2 from Pascal Quantin  ---
AS noted in bug 12919, applying a display filter also enables the menu.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12882] TCP packets sometimes are incorrectly parsed as TDS (or other corruptions)

2016-09-18 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12882

Pascal Quantin  changed:

   What|Removed |Added

 CC||pascal.quan...@gmail.com

--- Comment #1 from Pascal Quantin  ---
THis is because TDS protocol registers an heuristic dissector that considers
your packet as matching a TDS like packet.
TO get rid of it, simply deactivate the heuristic dissector. Go to Analyze ->
Enabled Protocols -> uncheck tds_tcp checkbox.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12898] Export packet dissections Option always (?) disabled

2016-09-18 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12898

Pascal Quantin  changed:

   What|Removed |Added

 CC||d...@cubic.org

--- Comment #1 from Pascal Quantin  ---
*** Bug 12919 has been marked as a duplicate of this bug. ***

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12919] Linux QT Wireshark can not save PDML file if no display filter is applied

2016-09-18 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12919

Pascal Quantin  changed:

   What|Removed |Added

 Status|UNCONFIRMED |RESOLVED
 CC||pascal.quan...@gmail.com
 Resolution|--- |DUPLICATE

--- Comment #2 from Pascal Quantin  ---


*** This bug has been marked as a duplicate of bug 12898 ***

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12919] Linux QT Wireshark can not save PDML file if no display filter is applied

2016-09-18 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12919

--- Comment #1 from Dirk  ---
checked today's build of GIT master branch, same problem on QT version.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe