Re: [Wireshark-dev] Missing character in Qt GUI

2015-10-14 Thread João Valverde 



On 10/14/2015 09:15 PM, Guy Harris wrote:


On Oct 14, 2015, at 12:23 PM, Joerg Mayer > wrote:


I currently have a missing character between source and destination
port in the
info column of udp and tcp. See attached screenshot.


I suspect your font doesn't support that glyph. In addition to what Guy 
said it is in a different unicode block than RIGHTWARDS ARROW, something 
I was not aware of until now.


I'll submit a change to revert it to RIGHTWARDS ARROW.


That's the Unicode LONG RIGHTWARDS ARROW character.

In TShark, it shows up as

   1   0.00 10.56.10.106 -> 10.56.10.222 UDP 40392⟶53 Len=43
   2   0.000784 10.56.10.222 -> 10.56.10.106 UDP 53⟶40392 Len=254
   3   5.140107 10.56.10.106 -> 10.56.10.222 UDP 40396⟶53 Len=33
   4   5.141221 10.56.10.222 -> 10.56.10.106 UDP 53⟶40396 Len=201

if you copy and paste from Terminal into this message, so it's there,
but it displays oddly in Terminal on OS X 10.10:


with the LONG RIGHTWARDS ARROW overlapping with the character after it.

If I replace it with the non-long RIGHTWARDS ARROW character, it works.

I've no idea why Qt isn't handling LONG RIGHTWARDS ARROW, but perhaps we
should use a NOT SO LONG RIGHTWARDS ARROW here; it has the disadvantage
that it's a bit small and the advantage that it's the same width as
other characters in the OS X fixed-width font I'm seeing and thus might
not upset Qt or whatever is happening.


___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
  mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe


___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Wireshark 2.0.0rc1 is now available

2015-10-14 Thread Gerald Combs 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I'm proud to announce the release of Wireshark 2.0.0rc1.


   This is the first release candidate for Wireshark 2.0.
 __

What is Wireshark?

   Wireshark is the world's most popular network protocol analyzer. It is
   used for troubleshooting, analysis, development and education.
 __

What's New

   Wireshark 2.0 features a new user interface which should provide a
   smoother, faster user experience.

  New and Updated Features

   The following features are new (or have been significantly updated)
   since version 1.99.9:
 * Qt port:
  + The LTE RLC Graph dialog has been added.
  + The LTE MAC Statistics dialog has been added.
  + The LTE RLC Statistics dialog has been added.
  + The IAX2 Analysis dialog has been added.
  + The Conversation Hash Tables dialog has been added.
  + The Dissector Tables dialog has been added.
  + The Supported Protocols dialog has been added.
  + You can now zoom the I/O and TCP Stream graph X and Y axes
independently.
  + The RTP Player dialog has been added.
  + Several memory leaks have been fixed.

   The following features are new (or have been significantly updated)
   since version 1.99.8:
 * Qt port:
  + The MTP3 statistics and summary dialogs have been added.
  + The WAP-WSP statistics dialog has been added.
  + The UDP multicast statistics dialog has been added.
  + The WLAN statistics dialog has been added.
  + The display filter macros dialog has been added.
  + The capture file properties dialog now includes packet
comments.
  + Many more statistics dialogs can be opened from the command
line via -z 
  + Most dialogs now have a cancellable progress bar.
  + Many packet list and packet detail context menus items have
been added.
  + Lua plugins can be reloaded from the Analyze menu.
  + Many bug fixes and improvements.

   The following features are new (or have been significantly updated)
   since version 1.99.7:
 * Qt port:
  + The Enabled Protocols dialog has been added.
  + Many statistics dialogs have been added, including Service
response time, DHCP/BOOTP, and ANSI.
  + The RTP Analysis dialog has been added.
  + Lua dialog support has been added.
  + You can now manually resolve addresses.
  + The Resolved Addresses dialog has been added.
  + The packet list scrollbar now has a minimap.
  + The capture interfaces dialog has been updated.
  + You can now colorize conversations.
  + Welcome screen behavior has been improved.
  + Plugin support has been improved.
  + Many dialogs should now more correctly minimize and maximize.
  + The reload button has been added back to the toolbar.
  + The "Decode As" dialog no longer saves decoding behavior.
  + You can now stop loading large capture files.
  + The Bluetooth HCI Summary has been added.

   The following features are new (or have been significantly updated)
   since version 1.99.6:
 * Qt port:
  + The Bluetooth Devices dialog has been added.
  + The wireless toolbar has been added.
  + Opening files via drag and drop is now supported.
  + The Capture Filter and Display Filter dialogs have been added.
  + The Display Filter Expression dialog has been added.
  + Conversation Filter menu items have been added.
  + You can change protocol preferences by right clicking on the
packet list and details.

   The following features are new (or have been significantly updated)
   since version 1.99.4 and 1.99.5:
 * Qt port:
  + Capture restarts are now supported.
  + Menu items for plugins are now supported.
  + Extcap interfaces are now supported.
  + The Expert Information dialog has been added.
  + Display and capture filter completion is now supported.
  + Many bugs have been fixed.
  + Translations have been updated.

   The following features are new (or have been significantly updated)
   since version 1.99.3:
 * Qt port:
  + Several interface bugs have been fixed.
  + Translations have been updated.

   The following features are new (or have been significantly updated)
   since version 1.99.2:
 * Qt port:
  + Several bugs have been fixed.
  + You can now open a packet in a new window.
  + The Bluetooth ATT Server Attributes dialog has been added.
  + The Coloring Rules dialog has been added.
  + Many translations have been updated. Chinese, Italian and

[Wireshark-dev] Wireshark 1.12.8 is now available

2015-10-14 Thread Gerald Combs 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I'm proud to announce the release of Wireshark 1.12.8.

 __

What is Wireshark?

   Wireshark is the world's most popular network protocol analyzer. It is
   used for troubleshooting, analysis, development and education.
 __

What's New

  Bug Fixes

   The following vulnerabilities have been fixed.
 * [1]wnpa-sec-2015-30
   Pcapng file parser crash. Discovered by Dario Lombardo and Shannon
   Sabens. ([2]Bug 11455) [3]CVE-2015-7830

   The following bugs have been fixed:
 * Last Address field for IPv6 RPL routing header is interpreted
   incorrectly. ([4]Bug 10560)
 * Comparing two capture files crashes Wireshark when navigating the
   results. ([5]Bug 11098)
 * 802.11 frame is not correctly dissected if it contains HT Control.
   ([6]Bug 11351)
 * GVCP bit-fields not updated. ([7]Bug 11442)
 * Tshark crash when specifying ssl.keys_list on CLI. ([8]Bug 11443)
 * pcapng: SPB capture length is incorrectly truncated if IDB snaplen
   = 0. ([9]Bug 11483)
 * pcapng: NRB IPv4 address is endian swapped but shouldn't be.
   ([10]Bug 11484)
 * pcapng: NRB with options causes file read failure. ([11]Bug 11485)
 * pcapng: ISB without if_drop option is shown as max value. ([12]Bug
   11489)
 * UNISTIM dissector - Message length not included in offset for
   "Select Adjustable Rx Volume". ([13]Bug 11497)

  New and Updated Features

   There are no new features in this release.

  New Protocol Support

   There are no new protocols in this release.

  Updated Protocol Support

   DIAMETER, GVCP, IEEE 802.11, IPv6, and UNISTIM

  New and Updated Capture File Support

   pcapng
 __

Getting Wireshark

   Wireshark source code and installation packages are available from
   [14]https://www.wireshark.org/download.html.

  Vendor-supplied Packages

   Most Linux and Unix vendors supply their own Wireshark packages. You
   can usually install or upgrade Wireshark using the package management
   system specific to that platform. A list of third-party packages can be
   found on the [15]download page on the Wireshark web site.
 __

File Locations

   Wireshark and TShark look in several different locations for preference
   files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations
   vary from platform to platform. You can use About->Folders to find the
   default locations on your system.
 __

Known Problems

   Dumpcap might not quit if Wireshark or TShark crashes. ([16]Bug 1419)

   The BER dissector might infinitely loop. ([17]Bug 1516)

   Capture filters aren't applied when capturing from named pipes.
   ([18]Bug 1814)

   Filtering tshark captures with read filters (-R) no longer works.
   ([19]Bug 2234)

   The 64-bit Windows installer does not support Kerberos decryption.
   ([20]Win64 development page)

   Resolving ([21]Bug 9044) reopens ([22]Bug 3528) so that Wireshark no
   longer automatically decodes gzip data when following a TCP stream.

   Application crash when changing real-time option. ([23]Bug 4035)

   Hex pane display issue after startup. ([24]Bug 4056)

   Packet list rows are oversized. ([25]Bug 4357)

   Wireshark and TShark will display incorrect delta times in some cases.
   ([26]Bug 4985)
 __

Getting Help

   Community support is available on [27]Wireshark's Q site and on the
   wireshark-users mailing list. Subscription information and archives for
   all of Wireshark's mailing lists can be found on [28]the web site.

   Official Wireshark training and certification are available from
   [29]Wireshark University.
 __

Frequently Asked Questions

   A complete FAQ is available on the [30]Wireshark web site.
 __

   Last updated 2015-10-14 11:35:09 PDT

References

   1. https://www.wireshark.org/security/wnpa-sec-2015-30.html
   2. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11455
   3. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7830
   4. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10560
   5. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11098
   6. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11351
   7. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11442
   8. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11443
   9. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11483
  10. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11484
  11.

[Wireshark-dev] error: ‘qInitResources_about__init_variable__’ defined but not used [-Werror=unused-variable]

2015-10-14 Thread Gerlof Fokkema 
Hello all,

I'm trying to compile wireshark 1.99+ from git and have a few issues while
doing so.
The first issue was mentioned elsewhere on the mailing list already
(removing -Wc++-compat).

The second error however I don't see mentioned anywhere and occurs only
when compiling wireshark-qt:

In file included from ../../image/about.rcc.cpp:9:0:
../../image/about.rcc.cpp:1627:44: error:
‘qInitResources_about__init_variable__’ defined but not used
[-Werror=unused-variable]
Q_CONSTRUCTOR_FUNCTION(QT_MANGLE_NAMESPACE(qInitResources_about))
^
/usr/include/qt4/QtCore/qglobal.h:939:21: note: in definition of macro
‘Q_CONSTRUCTOR_FUNCTION0’
static const int AFUNC ## __init_variable__ = AFUNC();
^
../../image/about.rcc.cpp:1627:1: note: in expansion of macro
‘Q_CONSTRUCTOR_FUNCTION’
Q_CONSTRUCTOR_FUNCTION(QT_MANGLE_NAMESPACE(qInitResources_about))
^
../../image/about.rcc.cpp:1627:24: note: in expansion of macro
‘QT_MANGLE_NAMESPACE’
Q_CONSTRUCTOR_FUNCTION(QT_MANGLE_NAMESPACE(qInitResources_about))

The config.log file (building most recent git version, tried 1.99.9 as well
with the same result).
http://pastebin.com/sGKwiPeH

Any ideas on what causes this?

Kind regards,
Gerlof Fokkema
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Supported GnuTLS/glib/libgcrypt versions?

2015-10-14 Thread Peter Wu 
On Mon, Oct 12, 2015 at 02:02:18PM -0400, Jeff Morriss wrote:
> On 10/11/15 17:32, Peter Wu wrote:
> >Hi,
> >
> >Michal reported to me that a recent change in the SSL dissector was not
> >compatible with older GnuTLS versions[1].
> >
> >The changes introduced the use of functions gnutls_pubkey_import and
> >gnutls_pubkey_import_rsa_raw which were introduced with GnuTLS 2.12.0 in
> >2011-03-24 (2.11.3 development). Michal is using (RHEL6?) GnuTLS 2.8.5
> >(released in November 2009).
> >
> >Since the minimum Qt4 version for upcoming Wireshark 2.0 is already
> >higher than what RHEL6 ships, would you mind if the GnuTLS version is
> >also bumped?
> 
> Since GnuTLS is optional [and I don't do decryption very often ;-)] I don't
> really mind.  I can't say that I know how much the rest of the RHEL 6 world
> uses decryption though.

Looks like GnuTLS is only needed if you have to supply a RSA private
key. When using the SSL keylog file, having just libgcrypt is
sufficient. Currently the SSL dissector requires both to be present for
decryption, but that is an unnecessary restriction. I'll move code
around so that at least decryption with a SSL keylog file can be
supported.

> But you do raise a good point: I should start doing test compiles of the 2.0
> rc on RHEL 6.  I hadn't realized my users would have to continue using the
> Gtk+ GUI.  Too bad...

I have started testing with cmake + CentOS 6, it is not doing bad. At
least these fixes are needed to fix the build:
https://code.wireshark.org/review/10916
https://code.wireshark.org/review/11041

GnuTLS needs more work, for now it RHEL6 support for decryption with a
RSA private key will be dropped. Maybe I'll find a solution later.
The version check is updated at https://code.wireshark.org/review/11044.

> >Speaking of bumping library versions, can we also bump the glib and
> >libgcrypt versions? Current versions are glib 2.14 and libgcrypt
> >1.1.92. If we could go to glib 2.28 (Feb 2011) and gcrypt 1.5.0 (Jun
> >2011), it would enable us to use newer functions such as
> >g_list_free_full.
> 
> The glib change is OK for me (for RHEL 6) but it does appear to mean we'd
> lose support for all SLES versions; I'd tend to think that would be a bad
> thing.

I made a mistake, SLES 12 includes glib2 2.38.2, the wiki is now updated
to reflect that. For now the minimum gcrypt version is 1.4.2
(https://code.wireshark.org/review/11043).
-- 
Kind regards,
Peter Wu
https://lekensteyn.nl
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe