[Wireshark-bugs] [Bug 14029] trustd and socketfilterfw high CPU usage when using wireshark >= 2.4.0

2017-12-06 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14029

--- Comment #5 from Guy Harris  ---
(In reply to Guy Harris from comment #4)
> For what it's worth, this is build 16G1036 rather than 16G29, so the
> security update *might* have made a difference.

And my firewall isn't on, so *that* might have made a difference.

Some people have defined insanity as "doing the same thing over and over again,
but expecting different results"; perhaps Wireshark is behaving insanely when
it comes to trying to open capture devices, provoking excessive CPU usage when
the firewall is off and provoking excessive CPU usage *on the part of the
firewall* when it's on.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14029] trustd and socketfilterfw high CPU usage when using wireshark >= 2.4.0

2017-12-06 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14029

--- Comment #4 from Guy Harris  ---
(In reply to Guy Harris from comment #3)
> (In reply to Ivan from comment #2)
> > Update.
> > 
> > As much as I didn't want to do it but I installed
> > org.wireshark.ChmodBPF.plist and it fixed the issue.
> 
> If I either change the permissions of all the /dev/bpf* devices to
> rw---, or change the group that owns them to wheel and then run
> Wireshark, I don't see trust or socketfilterfw taking much CPU, but I *do*
> see Wireshark taking about 15% of the CPU, which it doesn't do if it has the
> ability to open BPF devices.  Those might be related.

For what it's worth, this is build 16G1036 rather than 16G29, so the security
update *might* have made a difference.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14029] trustd and socketfilterfw high CPU usage when using wireshark >= 2.4.0

2017-12-06 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14029

--- Comment #3 from Guy Harris  ---
(In reply to Ivan from comment #2)
> Update.
> 
> As much as I didn't want to do it but I installed
> org.wireshark.ChmodBPF.plist and it fixed the issue.

If I either change the permissions of all the /dev/bpf* devices to rw---,
or change the group that owns them to wheel and then run Wireshark, I don't see
trust or socketfilterfw taking much CPU, but I *do* see Wireshark taking about
15% of the CPU, which it doesn't do if it has the ability to open BPF devices. 
Those might be related.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 11844] mouse focus does not align with hex display

2017-12-06 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11844

--- Comment #1 from Gerrit Code Review  ---
Change 24717 had a related patch set uploaded by Gerald Combs:
Qt: Use QTextLayout in ByteViewText.

https://code.wireshark.org/review/24717

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14029] trustd and socketfilterfw high CPU usage when using wireshark >= 2.4.0

2017-12-06 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14029

--- Comment #2 from Ivan  ---
Update.

As much as I didn't want to do it but I installed org.wireshark.ChmodBPF.plist
and it fixed the issue.

So the bug here is that starting from 2.4.0 wireshark is unusable without
installing org.wireshark.ChmodBPF.plist.

Even if you don't try to capture anything and just want to read pcap files.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14261] Kerberos dissector: kdc-options bits 14 and 16 are backwards

2017-12-06 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14261

Thomas Maslen  changed:

   What|Removed |Added

 CC||thomas.mpp.mas...@gmail.com

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14261] New: Kerberos dissector: kdc-options bits 14 and 16 are backwards

2017-12-06 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14261

Bug ID: 14261
   Summary: Kerberos dissector:  kdc-options bits 14 and 16 are
backwards
   Product: Wireshark
   Version: 2.4.2
  Hardware: All
OS: All
Status: UNCONFIRMED
  Severity: Normal
  Priority: Low
 Component: Dissection engine (libwireshark)
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: thomas.mpp.mas...@gmail.com
  Target Milestone: ---

Build Information:
Version 2.4.2 (v2.4.2-0-gb6c63ae086)

Copyright 1998-2017 Gerald Combs  and contributors.
License GPLv2+: GNU GPL version 2 or later

This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with Qt 5.6.3, with WinPcap (4_1_3), with GLib 2.42.0, with
zlib 1.2.8, with SMI 0.4.8, with c-ares 1.12.0, with Lua 5.2.4, with GnuTLS
3.4.11, with Gcrypt 1.7.6, with MIT Kerberos, with GeoIP, with nghttp2 1.14.0,
with LZ4, with Snappy, with libxml2 2.9.4, with QtMultimedia, with AirPcap,
with
SBC, with SpanDSP.

Running on 64-bit Windows 10, build 10586, with Intel(R) Core(TM) i7-6820HQ CPU
@ 2.70GHz (with SSE4.2), with 16147 MB of physical memory, with locale
English_United States.1252, with WinPcap version 4.1.2 (packet.dll version
4.1.0.2001), based on libpcap version 1.0 branch 1_0_rel0b (20091008), with
GnuTLS 3.4.11, with Gcrypt 1.7.6, without AirPcap.

Built using Microsoft Visual C++ 14.0 build 24215

--
In epan/dissectors/asn1/kerberos/k5.asn the definition for KDCOptions has:

 375 request-anonymous(14),
 376 canonicalize(15),
 377 constrained-delegation(16), -- ms extension


Bit 15 (canonicalize) is fine, but bits 14 and 16 are backwards:

Per section 3 of RFC 8062

https://tools.ietf.org/html/rfc8062#section-3

(and RFC 6112 before it), the bit for "anonymous" should be bit 16.

And per section 2.2.3 of [MS-SFU]

https://msdn.microsoft.com/en-us/library/cc246090.aspx

the bit for constrained delegation should be bit 14.


The definition for TicketFlags also looks a bit dodgy:

 357 anonymous-14(14),
 358 enc-pa-rep(15),
 359 anonymous(16)

Bits 15 and 16 are fine, but bit 14 looks pretty suspect to me (though
probably harmless).


For comparison, here are the ASN.1 definitions used by Heimdal Kerberos:

https://github.com/heimdal/heimdal/blob/master/lib/asn1/krb5.asn1#L330

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14260] .csv export exports "\t" rather then translating \t to ascii horizontal tab

2017-12-06 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14260

Guy Harris  changed:

   What|Removed |Added

Summary|.csv export exports "\t"|.csv export exports "\t"
   |rather then translating \t  |rather then translating \t
   |to ascii vertical tab   |to ascii horizontal tab

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14260] New: .csv export exports "\t" rather then translating \t to ascii vertical tab

2017-12-06 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14260

Bug ID: 14260
   Summary: .csv export exports "\t" rather then translating \t to
ascii vertical tab
   Product: Wireshark
   Version: 2.4.2
  Hardware: x86-64
OS: Windows 7
Status: UNCONFIRMED
  Severity: Minor
  Priority: Low
 Component: GTK+ UI
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: haijo.wieren...@googlemail.com
  Target Milestone: ---

Build Information:
Version 2.4.2 (v2.4.2-0-gb6c63ae086)

Copyright 1998-2017 Gerald Combs  and contributors.
License GPLv2+: GNU GPL version 2 or later

This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with Qt 5.6.3, with WinPcap (4_1_3), with GLib 2.42.0, with
zlib 1.2.8, with SMI 0.4.8, with c-ares 1.12.0, with Lua 5.2.4, with GnuTLS
3.4.11, with Gcrypt 1.7.6, with MIT Kerberos, with GeoIP, with nghttp2 1.14.0,
with LZ4, with Snappy, with libxml2 2.9.4, with QtMultimedia, with AirPcap,
with
SBC, with SpanDSP.

Running on 64-bit Windows 7 Service Pack 1, build 7601, withIntel(R)
Core(TM) i7-3520M CPU @ 2.90GHz (with SSE4.2), with 8123 MB of physical memory,
with locale English_United Kingdom.1252, with WinPcap version 4.1.3 (packet.dll
version 4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b (20091008),
with GnuTLS 3.4.11, with Gcrypt 1.7.6, without AirPcap.

Built using Microsoft Visual C++ 14.0 build 24215

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
When exporting a wireshark capture as an .csv file I notes that
the information colum string did not contain the ASCII translate horizonal tab
character instead it wrote '\t'

Note that the: GUI the data in info colum looks good and is tab aligned but
when exported it shows a '\t'.


The \t was used to format a string in wireshark LUA:

pinfo.cols.info  = format( " OM %-18s\t0x%08x\tLIST 0x%08x ", om_msg_id_string,
msg_time, open_req_time )

This is resulting .CSV:
"9","2017-11-03
12:48:43.722628","114","Private_c0:14:62","AlliedTe_dc:66:8c","Comex-DT","","0.005833","","","","
OM SCAN_UPDATE_XDATA \t0x\tLIST 0xbb3d0b7b\t   11/03/17
12:48:42.9510"

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14241] BGP: IPv6 NLRI is received with Add-path ID, then Wire shark is not able to decode the packet correctly

2017-12-06 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14241

Vincent Bernat  changed:

   What|Removed |Added

 CC||ber...@luffy.cx

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe