[Wireshark-bugs] [Bug 16061] doc/README.dissector: proto_tree_add_bitmask_len() prototype is outdated

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16061

Peter Wu  changed:

   What|Removed |Added

 CC||pe...@lekensteyn.nl
 Resolution|--- |FIXED
 Status|INCOMPLETE  |RESOLVED

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16061] doc/README.dissector: proto_tree_add_bitmask_len() prototype is outdated

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16061

--- Comment #3 from Gerrit Code Review  ---
Change 34567 merged by Peter Wu:
README.dissector: fix proto_tree_add_bitmask_len signature

https://code.wireshark.org/review/34567

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12804] Large SSL/TLS keylog file results in even more memory usage

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12804

Peter Wu  changed:

   What|Removed |Added

 Status|UNCONFIRMED |CONFIRMED
 Ever confirmed|0   |1

--- Comment #14 from Peter Wu  ---
Tomasz' fix for Bug 16059 might actually address the root cause of this bug.
Tomasz, should I close this bug as a duplicate of the other?

The key log file is not expected to contain duplicates, so the existing use of
wmem_file_scoped memory seemed fine. If that is somehow changed, then all users
of the returned memory must be audited to avoid use-after-frees when hashtable
entries are overwritten.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16060] Wireshark CMake configuration points to wrong plugin install dir

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16060

João Valverde  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 Status|CONFIRMED   |RESOLVED

--- Comment #5 from João Valverde  ---
(In reply to Jonatan Hatakeyama Zeidler from comment #3)
> Should I test this patch? Are there instructions available on how to build a
> test deb package?

I merged the patch into the oldstable branch. The other branches don't have
this issue AFAIK.

This was fixed in v2.6.12rc0-6-gd0569a45 and will be available in the next
Wireshark release (2.6.12). I don't know when/if the fix will be available
upstream.

You can download an updated tarball (when it becomes available) from
https://www.wireshark.org/download/automated/src. If you do test it please
report back.

Unfortunately there isn't any documentation on how to build a Wireshark Debian
package that I'm aware of. You'll have to follow some other tutorial for that
if you are not familiar with how dpkg-buildpackage works.

If you have any more questions or issues feel free to ask.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16060] Wireshark CMake configuration points to wrong plugin install dir

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16060

--- Comment #4 from Gerrit Code Review  ---
Change 34574 merged by João Valverde:
Debian: Fix WiresharkConfig.cmake

https://code.wireshark.org/review/34574

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16060] Wireshark CMake configuration points to wrong plugin install dir

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16060

--- Comment #3 from Jonatan Hatakeyama Zeidler  ---
Should I test this patch? Are there instructions available on how to build a
test deb package?

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16050] Wireshark 3.0.4 does not start on macOS 10.13 after an upgrade from 3.0.3

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16050

Gerald Combs  changed:

   What|Removed |Added

 Status|CONFIRMED   |RESOLVED
 Resolution|--- |FIXED

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16052] Upgrade from Wireshark 3.0.2/3.0.3 to 3.0.4/later is confusing and may not complete properly

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16052

Gerald Combs  changed:

   What|Removed |Added

 Status|UNCONFIRMED |RESOLVED
 Resolution|--- |FIXED

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12804] Large SSL/TLS keylog file results in even more memory usage

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12804

Tomasz Mon  changed:

   What|Removed |Added

 CC||deso...@gmail.com

--- Comment #13 from Tomasz Mon  ---
(In reply to Patrick from comment #5)
> I think it might be loading that once for each ssl packet. 

This is indeed the case on Windows. This triggers the really high memory usage
in hash tables. See 16059 for discussion on the reason why it reloads the file
on each ssl packet. The fix to 16059 significantly reduces the impact of
underlying root cause of this bug.

Simply providing a key/value destory func like:
>+static void free_wmem_file_scope(gpointer data)
>+{
>+wmem_free(wmem_file_scope(), data);
>+}

and using it to create hash tables in packet-tls-utils.c like:
>mk_map->session = g_hash_table_new_full(ssl_hash, ssl_equal, 
> free_wmem_file_scope, free_wmem_file_scope);

is not solving the issue as the obsolete entries (that were passed to
free_wmem_file_scope) are interleaved with other allocations that cannot be
freed until the file gets closed.

The solution would be to not use the file scope here, but a standard
g_malloc()/g_free() and provide g_free as the key and value destory notify to
g_hash_table_new_full() (that could be used instead of g_hash_table_new()).

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] Info on arbitrary endpoints

[Matt Zand]

I am looking at general conversations, guides or docs to handle  arbitrary
endpoints, presumably not necessarily in the form of an AT_ address plus a
PT_ numeric port ID.



I appreciate your help,

-- 
Cheers,

Matt Zand
Cell: 202-420-9192
Work: 240-200-6131
High School Technology Services 
DC Web Makers 
Coding Bootcamps 
___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16060] Wireshark CMake configuration points to wrong plugin install dir

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16060

--- Comment #2 from Gerrit Code Review  ---
Change 34574 had a related patch set uploaded by João Valverde:
Debian: Fix WiresharkConfig.cmake

https://code.wireshark.org/review/34574

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16059] TLS decryption is very slow on Windows when using a large PMS file compared to linux/macOS

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16059

--- Comment #21 from Tomasz Mon  ---
(In reply to Gerrit Code Review from comment #20)
> Change 34573 had a related patch set uploaded by Tomasz Moń:
> Win32: Do not reload TLS keylog file on each packet
> 
> https://code.wireshark.org/review/34573

This completely fixes the speed issue observed on Windows. When I looked at the
Universal CRT source code, the profiling result is no longer suprising (the
file was reloaded *a lot*). Basically the regex instead of being executed O(N)
was executed O(N*M) where N is number of lines in pms file and M is number of
TLS packets in capture file.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16059] TLS decryption is very slow on Windows when using a large PMS file compared to linux/macOS

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16059

--- Comment #20 from Gerrit Code Review  ---
Change 34573 had a related patch set uploaded by Tomasz Moń:
Win32: Do not reload TLS keylog file on each packet

https://code.wireshark.org/review/34573

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16059] TLS decryption is very slow on Windows when using a large PMS file compared to linux/macOS

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16059

Tomasz Mon  changed:

   What|Removed |Added

 Status|CONFIRMED   |IN_PROGRESS

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16063] New: deleting a colum produces a crash

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16063

Bug ID: 16063
   Summary: deleting a colum produces a crash
   Product: Wireshark
   Version: 3.0.4
  Hardware: x86
OS: macOS 10.14
Status: UNCONFIRMED
  Severity: Major
  Priority: Low
 Component: Qt UI
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: andr...@fink.org
  Target Milestone: ---

Created attachment 17343
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17343=edit
crashreport

Build Information:
Wireshark 3.0.4 (v3.0.4-0-g71591544b8d6)

Copyright 1998-2019 Gerald Combs  and contributors.
License GPLv2+: GNU GPL version 2 or later

This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with Qt 5.12.3, with libpcap, without POSIX capabilities,
with
GLib 2.37.6, with zlib 1.2.11, with SMI 0.4.8, with c-ares 1.15.0, with Lua
5.2.4, with GnuTLS 3.4.17, with Gcrypt 1.7.7, with MIT Kerberos, with MaxMind
DB
resolver, with nghttp2 1.39.2, with LZ4, with Snappy, with libxml2 2.9.9, with
QtMultimedia, with SBC, with SpanDSP, with bcg729.

Running on Mac OS X 10.14.6, build 18G95 (Darwin 18.7.0), with Intel(R)
Core(TM)
i7-8700B CPU @ 3.20GHz (with SSE4.2), with 65536 MB of physical memory, with
locale C/UTF-8/C/C/C/C, with libpcap version 1.8.1 -- Apple version 79.250.1,
with GnuTLS 3.4.17, with Gcrypt 1.7.7, with zlib 1.2.11, binary plugins
supported (0 loaded).

Built using clang 4.2.1 Compatible Apple LLVM 10.0.1 (clang-1001.0.46.4).
--
reproduceable crash.

1. open a pcap file
2. it shows colum "Affected Pointcode" (from MTP3 or M3UA) which is always
empty.
3. rightclick on that colum and select "Remove colum".
4. App Crashes...

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16062] Wiretap does not write "drop_count" in pcapng format.

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16062

--- Comment #1 from Michal Ruprich  ---
Created attachment 17341
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17341=edit
main.cpp - used to read the created pcapng file

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16062] Wiretap does not write "drop_count" in pcapng format.

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16062

--- Comment #2 from Michal Ruprich  ---
Created attachment 17342
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17342=edit
Patch for the pcapng.c file in wiretap

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16062] New: Wiretap does not write "drop_count" in pcapng format.

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16062

Bug ID: 16062
   Summary: Wiretap does not write "drop_count" in pcapng format.
   Product: Wireshark
   Version: 3.0.3
  Hardware: x86
OS: Linux
Status: UNCONFIRMED
  Severity: Major
  Priority: Low
 Component: Capture file support (libwiretap)
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: michalrupr...@gmail.com
  Target Milestone: ---

Created attachment 17340
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17340=edit
pcapng.cc - used to create a pcapng file with wiretap

Build Information:
Wireshark 3.0.3 (Git commit 6130b92b0ec6)

Copyright 1998-2019 Gerald Combs  and contributors.
License GPLv2+: GNU GPL version 2 or later

This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with Qt 5.11.3, with libpcap, with POSIX capabilities
(Linux),
with libnl 3, with GLib 2.58.3, with zlib 1.2.11, with SMI 0.4.8, with c-ares
1.13.0, without Lua, with GnuTLS 3.6.7 and PKCS #11 support, with Gcrypt 1.8.4,
with MIT Kerberos, with MaxMind DB resolver, with nghttp2 1.39.2, with LZ4,
without Snappy, with libxml2 2.9.8, with QtMultimedia, without SBC, without
SpanDSP, without bcg729.

Running on Linux 5.2.11-100.fc29.x86_64, with Intel(R) Core(TM) i7-6600U CPU @
2.60GHz (with SSE4.2), with 11423 MB of physical memory, with locale
en_US.UTF-8, with libpcap version 1.9.0-PRE-GIT (with TPACKET_V3), with GnuTLS
3.6.7, with Gcrypt 1.8.4, with zlib 1.2.11, binary plugins supported (0
loaded).

Built using gcc 8.3.1 20190223 (Red Hat 8.3.1-2).
--
When using wiretap to create a pcapng file, the drop_count field from the
wtap_packet_header in wiretap/wtap.h is not being dumped to the file in
pcapng_write_enhanced_packet_block function. Function pcapng_read_packet_block,
on the other hand, is prepared to print that value if it is present in the
file:

wblock->rec->presence_flags |= WTAP_HAS_DROP_COUNT;


Steps to reproduce:
1. Download the attached pcapng.cc and build it
# gcc pcapng.cc -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include
-I/usr/local/include -I/usr/include -I/usr/include/wireshark -lwiretap -lstdc++
-g -o create_packet

2. Download the attached main.cpp and built it
# gcc main.cpp -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include
-I/usr/local/include -I/usr/include -I/usr/include/wireshark -lwiretap -lstdc++
-g -o read_count

3. Run the create_packet
# ./create_packet a.pcapng

4. Run the read_count
# ./read_count a.pcapng

Actual results:
Test wiretap drop_count: a.pcapng

drop count: (no drop count)

Expected results:
Test wiretap drop_count: b.pcapng

drop count: 10


I am adding a patch that adds the drop_count field to the
pcapng_write_enhanced_packet_block.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe