[Wireshark-bugs] [Bug 15847] New: Wireshark requested that I report a "PacketGetStats" error

2019-06-13 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15847

Bug ID: 15847
   Summary: Wireshark requested that I report a "PacketGetStats"
error
   Product: Wireshark
   Version: 3.0.2
  Hardware: x86
OS: Windows 10
Status: UNCONFIRMED
  Severity: Normal
  Priority: Low
 Component: Common utilities (libwsutil)
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: b_ja...@comcast.net
  Target Milestone: ---

Created attachment 17179
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17179=edit
Screenshot of Wireshark error message & request to report it

Build Information:

Version 3.0.2 (v3.0.2-0-g621ed351d5c9)

Copyright 1998-2019 Gerald Combs  and contributors.
License GPLv2+: GNU GPL version 2 or later
 This is free software;
see the source for copying conditions. There is NO warranty; not even for
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (32-bit) with Qt 5.12.3, with WinPcap SDK (WpdPack) 4.1.2, with GLib
2.52.2, with zlib 1.2.11, with SMI 0.4.8, with c-ares 1.14.0, with Lua 5.2.4,
with GnuTLS 3.6.3 and PKCS #11 support, with Gcrypt 1.8.3, with MIT Kerberos,
with MaxMind DB resolver, with nghttp2 1.14.0, with LZ4, with Snappy, with
libxml2 2.9.9, with QtMultimedia, with AirPcap, with SBC, with SpanDSP, with
bcg729.

Running on 32-bit Windows 10 (1903), build 18362, with Genuine Intel(R) CPU
T2060 @ 1.60GHz, with 2038 MB of physical memory, with locale English_United
States.1252, with Npcap version 0.995, based on libpcap version 1.9.1-PRE-GIT,
with GnuTLS 3.6.3, with Gcrypt 1.8.3, without AirPcap, binary plugins supported
(14 loaded). Built using Microsoft Visual Studio 2017 (VC++ 14.16, build
27030).


--
The message "Can't get packet-drop statistics: PacketGetStats error: The I/O
operation has been aborted because of either a thread exit or an application
request (995)" appeared while I was running a trace on a laptop, connected
using WiFi only, for packets to/from a specific MAC address.

Wireshark requested that I report it, so I am.

It's possible that the error was triggered by the laptop going to sleep
(because of no keyboard activity) but I can't say for certain when the error
message appeared. I had gone to another room to work on the network issue that
I'm investigating. The message was on the screen when I returned to the laptop
and woke it up.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15747] SCTP Analyse Association shows incorrect number of endpoint streams

2019-06-13 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15747

bea...@gmail.com changed:

   What|Removed |Added

 Status|UNCONFIRMED |RESOLVED
 Resolution|--- |FIXED

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15835] Implement Column Freezing in the Packet List View

2019-06-13 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15835

Jaap Keuter  changed:

   What|Removed |Added

 Ever confirmed|0   |1
 CC||rkn...@gmail.com
 Status|UNCONFIRMED |CONFIRMED

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15846] Update babel dissector with rf6126bis

2019-06-13 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15846

--- Comment #1 from Gerrit Code Review  ---
Change 33564 merged by Anders Broman:
babel: add support for babel rfc6126bis

https://code.wireshark.org/review/33564

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15842] USB Control OUT data dissection on USBPcap packets

2019-06-13 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15842

--- Comment #4 from Tomasz Mon  ---
The MBIM case is pretty confusing to me. How come did it dissect USBPcap
Control Data OUT? Also, does it dissect the SETUP bytes captured by usbmon?

The way I understand the code, dissect_usb_common() doesn't pass the
USB_CONTROL_STAGE_DATA to registered dissectors. Thus it is not dissected
through normal means.

dissect_usb_setup_request() creates the composite tvb that gets passed to
dissectors. The composite tvb consists of the 7 bytes of SETUP packet (omitting
the bmRequestType - which cannot be class/vendor specific) and the Data OUT.
The Data OUT is however, only present for Linux (as USBPcap SETUP packets have
always have 8 bytes of payload).

The "reassembly approach" would essentially involve creating the composite tvb
as done in dissect_usb_setup_request() for USBPcap. Is it possible for the
composite tvb to aggregate tvbs from different packets?

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15846] New: Update babel dissector with rf6126bis

2019-06-13 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15846

Bug ID: 15846
   Summary: Update babel dissector with rf6126bis
   Product: Wireshark
   Version: Git
  Hardware: x86
OS: Linux
Status: UNCONFIRMED
  Severity: Enhancement
  Priority: Low
 Component: Dissection engine (libwireshark)
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: etienne@marais.green
  Target Milestone: ---

Created attachment 17178
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17178=edit
babel_rfc6126bis pcap

Build Information:
cmake -G Ninja ../wireshark
cmake --build .


--
Give a babel_rfc6126bis.pcap to attach with babel changes. Move to rfc6126bis.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15787] Update Extreme Networks WASSP decoder

2019-06-13 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15787

Anders Broman  changed:

   What|Removed |Added

 Status|IN_PROGRESS |RESOLVED
 Resolution|--- |FIXED

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15790] RSL dissector fails to display SACCH INFO IE in RSL CHAN ACT

2019-06-13 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15790

Anders Broman  changed:

   What|Removed |Added

 Status|UNCONFIRMED |RESOLVED
 Resolution|--- |FIXED

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15842] USB Control OUT data dissection on USBPcap packets

2019-06-13 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15842

Pascal Quantin  changed:

   What|Removed |Added

 CC||pas...@wireshark.org

--- Comment #3 from Pascal Quantin  ---
Hi Tomasz,

I faced this usbmon/USBPcap behavior difference while developing the MBIM
dissector, and ended with a hack at the beginning of the dissect_mbim_control()
function in epan/dissectors/packet-mbim.c:

if (data) {
usb_trans_info_t *usb_trans_info = ((usb_conv_info_t
*)data)->usb_trans_info;
if (usb_trans_info && (usb_trans_info->setup.request == 0x00) &&
(USB_HEADER_IS_LINUX(usb_trans_info->header_type))) {
/* Skip Send Encapsulated Command header */
offset += 7;
tree = proto_tree_get_parent_tree(tree);
}
}

So presumably something similar will be required with the new USBPcap captures,
right? Unfortunately I do not have anymore access to a MBIM device to test.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15805] SCTP Analysis yields different results for first run and after file reload

2019-06-13 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15805

Anders Broman  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 Status|IN_PROGRESS |RESOLVED

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15818] Add support for CableLabs CL3 / Dual Channel Wi-Fi

2019-06-13 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15818

Anders Broman  changed:

   What|Removed |Added

 Status|IN_PROGRESS |RESOLVED
 Resolution|--- |FIXED

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15826] Please update tools/generate-sysdig-event.py to handle latest sysdig events

2019-06-13 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15826

Anders Broman  changed:

   What|Removed |Added

 Status|UNCONFIRMED |RESOLVED
 Resolution|--- |FIXED

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15842] USB Control OUT data dissection on USBPcap packets

2019-06-13 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15842

--- Comment #2 from Tomasz Mon  ---
After trying the reassembly solution, I came to conclusion that it is
non-trivial  chunk of unnecessary complexity. The solution involving USBPcap
change to add "control stages" that resemble usbmon seems far easier. I think
we can just live with the old captures being what they are and simply make the
handling easier for future captures - especially that USBPcap is still
supported on all Windows versions that its initial release.

The unfortunate part of such approach is that old Wireshark versions won't be
able to dissect the control packets captured with new USBPcap.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15843] Build fails on debian stretch: run/libspeexresampler.a(resample.c.o): undefined reference to symbol 'floor@@GLIBC_2.2.5'

2019-06-13 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15843

Anders Broman  changed:

   What|Removed |Added

 Status|UNCONFIRMED |RESOLVED
 Resolution|--- |FIXED

--- Comment #1 from Anders Broman  ---
Should be fixed in https://code.wireshark.org/review/#/c/33582/

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15805] SCTP Analysis yields different results for first run and after file reload

2019-06-13 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15805

--- Comment #1 from Gerrit Code Review  ---
Change 33426 merged by Anders Broman:
SCTP: fix to get proper direction of the stream

https://code.wireshark.org/review/33426

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15787] Update Extreme Networks WASSP decoder

2019-06-13 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15787

--- Comment #4 from Gerrit Code Review  ---
Change 33194 merged by Anders Broman:
update Extreme Networks WASSP decoder

https://code.wireshark.org/review/33194

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15747] SCTP Analyse Association shows incorrect number of endpoint streams

2019-06-13 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15747

--- Comment #2 from Gerrit Code Review  ---
Change 33054 merged by Anders Broman:
[SCTP] ui: fix Analyse Association with correct number of endpoint streams

https://code.wireshark.org/review/33054

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15839] Wireshark could not create debian package

2019-06-13 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15839

Balint Reczey  changed:

   What|Removed |Added

 Status|UNCONFIRMED |INCOMPLETE
 Ever confirmed|0   |1

--- Comment #3 from Balint Reczey  ---
(In reply to furkan from comment #2)
> (In reply to Alexis La Goutte from comment #1)
> > Hi,
> > 
> > What release of debian(ubuntu ?) do you are using ?
> 
> Hi, 
> 
> I am using ubuntu 16.04 and gcc 5.4.0

Well you may have a better chance with Ubuntu 18.04 or later, but I'll look
into backporting when 3.0.1 is accepted to Debian experimental.

>From the error you attached it looks like
https://code.wireshark.org/review/33297 already fixed your issue, please give a
try to latest master.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15845] New: Problems with sshdump "Error by extcap pipe: sh: sudo: command not found"

2019-06-13 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15845

Bug ID: 15845
   Summary: Problems with sshdump "Error by extcap pipe: sh: sudo:
command not found"
   Product: Wireshark
   Version: 2.6.8
  Hardware: x86-64
OS: Ubuntu
Status: UNCONFIRMED
  Severity: Major
  Priority: Low
 Component: Extras
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: wallischlu...@gmail.com
  Target Milestone: ---

Build Information:
Wireshark 2.6.8 (Git v2.6.8 packaged as 2.6.8-1~ubuntu18.04.0)

Copyright 1998-2019 Gerald Combs  and contributors.
License GPLv2+: GNU GPL version 2 or later

This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with Qt 5.9.5, with libpcap, with POSIX capabilities (Linux),
with libnl 3, with GLib 2.56.2, with zlib 1.2.11, with SMI 0.4.8, with c-ares
1.14.0, with Lua 5.2.4, with GnuTLS 3.5.18, with Gcrypt 1.8.1, with MIT
Kerberos, with MaxMind DB resolver, with nghttp2 1.30.0, with LZ4, with Snappy,
with libxml2 2.9.4, with QtMultimedia, with SBC, with SpanDSP, without bcg729.

Running on Linux 4.15.0-50-generic, with Intel(R) Core(TM) i5-6500 CPU @
3.20GHz
(with SSE4.2), with 15930 MB of physical memory, with locale de_DE.UTF-8, with
libpcap version 1.8.1, with GnuTLS 3.5.18, with Gcrypt 1.8.1, with zlib 1.2.11,
binary plugins supported (0 loaded).

Built using gcc 7.3.0.

--
When i'm trying to run following wireshark command in python:
subprocess.call(["wireshark", "-i", "sshdump",
 "-o", "extcap.sshdump.remoteusername:" + pbx_username,
 "-o", "extcap.sshdump.remotehost:" + pbx_addr,
 "-o", "extcap.sshdump.sshkey:" + sshkey_path,
 "-o", "extcap.sshdump.remotefilter:" + remote_filter,
 "-o", "extcap.sshdump.remotesudo:false",
 "-o", "extcap.sshdump.remotenoprom:false",
 "-k"])
i receive following error message:
Error by extcap pipe: sh: sudo: command not found

If i do not try to start the capture immediately (no "-k" option) i can start
the dump via opening the interface settings and then pressing the start button.
-> my values for remoteusername, remotehost, sshkey and remotefilter seem to
work

The start capture button (blue fin) also raises the above mentioned error.

If i check the remotesudo option in the interface settings i get the same
error.
could it be that with autostart/bluefin-button this option is ignored or always
true?

MFG
Lukas

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15839] Wireshark could not create debian package

2019-06-13 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15839

--- Comment #2 from furkan  ---
(In reply to Alexis La Goutte from comment #1)
> Hi,
> 
> What release of debian(ubuntu ?) do you are using ?

Hi, 

I am using ubuntu 16.04 and gcc 5.4.0

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15844] tshark and editcap: An error occurred while writing to the file "output, pcapng": Internal error.

2019-06-13 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15844

--- Comment #2 from Jim Young  ---
Created attachment 17177
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17177=edit
Pcapng file where second IDB was moved from block #10 to block #4

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15844] tshark and editcap: An error occurred while writing to the file "output, pcapng": Internal error.

2019-06-13 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15844

--- Comment #1 from Jim Young  ---
Created attachment 17176
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17176=edit
reorderTake1 command file with xxd commands

Source the command file reorderTake1 and pipe the output to xxd -p -r to
produce the file reorderTake1.pcapng

> $ source reorderTake1 | xxd -p -r >reorderTake1.pcapng

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15844] New: tshark and editcap: An error occurred while writing to the file "output, pcapng": Internal error.

2019-06-13 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15844

Bug ID: 15844
   Summary: tshark and editcap:  An error occurred while writing
to the file "output,pcapng": Internal error.
   Product: Wireshark
   Version: Git
  Hardware: x86
OS: Mac OS X 10.4
Status: UNCONFIRMED
  Severity: Normal
  Priority: Low
 Component: Capture file support (libwiretap)
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: jyo...@gsu.edu
  Target Milestone: ---

Created attachment 17175
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17175=edit
Example of tcpdump files with noncontiguous IDBs

Build Information:
Version 3.1.0rc0-968-ge44d4e740edf (v3.1.0rc0-968-ge44d4e740edf) 
Copyright 1998-2019 Gerald Combs  and contributors.
License GPLv2+: GNU GPL version 2 or later
 This is free software;
see the source for copying conditions. There is NO warranty; not even for
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 
Compiled (64-bit) with Qt 5.12.1, with libpcap, without POSIX capabilities,
with GLib 2.37.6, with zlib 1.2.11, with SMI 0.4.8, with c-ares 1.15.0, with
Lua 5.2.4, with GnuTLS 3.4.17, with Gcrypt 1.7.7, with MIT Kerberos, with
MaxMind DB resolver, with nghttp2 1.21.0, with brotli, with LZ4, with Snappy,
with libxml2 2.9.9, with QtMultimedia, with SpeexDSP (using bundled resampler),
with SBC, with SpanDSP, with bcg729. 
Running on Mac OS X 10.13.6, build 17G7024 (Darwin 17.7.0), with Intel(R)
Core(TM) i7-4980HQ CPU @ 2.80GHz (with SSE4.2), with 16384 MB of physical
memory, with locale en_US.UTF-8, with light display mode, with HiDPI, with
libpcap version 1.8.1 -- Apple version 79.20.1, with GnuTLS 3.4.17, with Gcrypt
1.7.7, with brotli 1.0.7, with zlib 1.2.11, binary plugins supported (14
loaded). Built using clang 4.2.1 Compatible Apple LLVM 10.0.1
(clang-1001.0.46.4). 
Wireshark is Open Source Software released under the GNU General Public
License. 
Check the man page and https://www.wireshark.org for more information. 
--
tshark and editcap when used to create new pcapng from existing pcpang files,
will generate a truncated and malformed pcapng file if they encounter
noncontiguous IDBs while processing the input file.

> $ tshark -r original.pcapng -w output.pcapng
> tshark: An error occurred while writing to the file "output,pcapng": Internal 
> error.
> $ 

> $ editcap original.pcapng output.pcapng
> editcap: An error occurred while writing to the file "output.pcapng": 
> Internal error.
> $ 

See attached original.pcapng file.

Long version:

On a macOS I used Apple's tcpdump with their proprietary pktap interface to
create a multi-interface pcpang file:

> $ sudo tcpdump -i pktap,en0,vmnet6 -w original.pcapng icmp
> tcpdump: data link type PKTAP
> tcpdump: listening on pktap,en0,vmnet6, link-type PKTAP (Apple DLT_PKTAP), 
> capture size 262144 bytes
> ^C12 packets captured
> 331 packets received by filter
> 0 packets dropped by kernel
> $ 

The internal pcapng block structure of the original.pcapng appears as follows:

> $ ngd -qD original.pcapng 
> +++Quiet Summary
> +++Reading from original.pcapng
> +++This machine is little-endian.
> +++The following section is little-endian.
> : Block #1: Section Header Block (0x0a0d0d0a), Total Length (header) 
> = 156 (0x009c), Body at offset 0008, Trailer at offset 0098, next 
> (if any) at offset 009c
> 009c: Block #2: Interface Description Block (0x0001), Total Length 
> (header) = 32 (0x0020), Body at offset 00a4, Trailer at offset 
> 00b8, next (if any) at offset 00bc
> 00bc: Block #3: Darwin Process Event Block (0x8001), Total Length 
> (header) = 56 (0x0038), Body at offset 00c4, Trailer at offset 
> 00f0, next (if any) at offset 00f4
> 00f4: Block #4: Enhanced Packet Block (0x0006), Total Length (header) 
> = 160 (0x00a0), Body at offset 00fc, Trailer at offset 0190, next 
> (if any) at offset 0194
> 0194: Block #5: Enhanced Packet Block (0x0006), Total Length (header) 
> = 152 (0x0098), Body at offset 019c, Trailer at offset 0228, next 
> (if any) at offset 022c
> 022c: Block #6: Enhanced Packet Block (0x0006), Total Length (header) 
> = 160 (0x00a0), Body at offset 0234, Trailer at offset 02c8, next 
> (if any) at offset 02cc
> 02cc: Block #7: Enhanced Packet Block (0x0006), Total Length (header) 
> = 152 (0x0098), Body at offset 02d4, Trailer at offset 0360, next 
> (if any) at offset 0364
> 0364: Block #8: Enhanced Packet Block (0x0006), Total Length (header) 
> = 160 (0x00a0), Body at offset 036c, Trailer at offset 0400, next 
> (if any) at offset 0404
> 0404: Block #9: Enhanced Packet Block (0x0006), Total Length (header) 
> = 152 (0x0098), Body at

[Wireshark-bugs] [Bug 15839] Wireshark could not create debian package

2019-06-13 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15839

Alexis La Goutte  changed:

   What|Removed |Added

 CC||alexis.lagou...@gmail.com,
   ||bal...@balintreczey.hu

--- Comment #1 from Alexis La Goutte  ---
Hi,

What release of debian(ubuntu ?) do you are using ?

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15843] Build fails on debian stretch: run/libspeexresampler.a(resample.c.o): undefined reference to symbol 'floor@@GLIBC_2.2.5'

2019-06-13 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15843

Alexis La Goutte  changed:

   What|Removed |Added

 CC||alexis.lagou...@gmail.com,
   ||bal...@balintreczey.hu

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15843] New: Build fails on debian stretch: run/libspeexresampler.a(resample.c.o): undefined reference to symbol 'floor@@GLIBC_2.2.5'

2019-06-13 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15843

Bug ID: 15843
   Summary: Build fails on debian stretch:
run/libspeexresampler.a(resample.c.o): undefined
reference to symbol 'floor@@GLIBC_2.2.5'
   Product: Wireshark
   Version: Git
  Hardware: x86-64
OS: Linux
Status: UNCONFIRMED
  Severity: Major
  Priority: Low
 Component: Build process
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: osm...@sysmocom.de
  Target Milestone: ---

Build Information:
Paste the COMPLETE build information from "Help->About Wireshark", "wireshark
-v", or "tshark -v".
--
Trying to build current master, c6ebd5bf36adf525846c398bb4d146d255ffbf8d in
Debian stretch fails with:

[ 95%] Linking C executable run/sharkd   
[ 95%] Building C object plugins/epan/irda/CMakeFiles/irda.dir/plugin.c.o
[ 95%] Building C object
plugins/epan/ethercat/CMakeFiles/ethercat.dir/packet-nv.c.o
/usr/bin/ld: run/libspeexresampler.a(resample.c.o): undefined reference to
symbol 'floor@@GLIBC_2.2.5'
//lib/x86_64-linux-gnu/libm.so.6: error adding symbols: DSO missing from
command line
collect2: error: ld returned 1 exit status   
CMakeFiles/sharkd.dir/build.make:176: recipe for target 'run/sharkd' failed
make[2]: *** [run/sharkd] Error 1   
CMakeFiles/Makefile2:891: recipe for target 'CMakeFiles/sharkd.dir/all' failed


This seems to be a regression, building an older commit, e.g.
80ed3a5b2694fea1bc1cf7b9b7ee0363da2fad45, works fine.

I have verified with docker, that this also happens on a fresh debian system:

$ docker run -i -t --rm debian:9
# echo "deb-src http://ftp.de.debian.org/debian/ stretch main" >>
/etc/apt/sources.list
# apt update
# apt install git
# apt build-dep wireshark
# git clone --depth=1 "https://code.wireshark.org/review/wireshark.git;
# cd wireshark
# mkdir -p cmake-build-dir
# cd cmake-build-dir
# cmake .. -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=/usr/local
# make -j5

>From reading this thread, it seems that it is not linking against libm:
https://stackoverflow.com/q/30013845

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15842] USB Control OUT data dissection on USBPcap packets

2019-06-13 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15842

--- Comment #1 from Tomasz Mon  ---
Actually, the reassemble idea is probably the way to go. That is, leave USBPcap
intact and instead solve the issue compeltely in Wireshark.

That is, the USB dissector when dissecting USBPcap pseudoheader would:
1. If the SETUP indicates from Device to Host direction, then pass the data to
subdissectors as it is now
2. If the SETUP indicates from Host to Device direction (and wLength > 0), then
only dissect the 8 setup data bytes using generic terms (bmRequestType,
bRequest, wValue, wIndex, wLength) and mark the packet for reassembly.
3. When OUT DATA packet is seen, reassemble it with the SETUP packet, and pass
combined SETUP + Data OUT for full dissection
4. Handle IN DATA and Status as is.

While it might seem complicated, if we are going to get hardware USB sniffer
dissection at some point, we would have to do even more reassembly in such case
(Data is split in 8/1023/1024 bytes chunks for Low/Full/High speed).

The convention of "SETUP + OUT DATA" and "IN DATA" for subdissectors is pretty
much the only sensible solution. Subdissector should not really have to care of
the underlying pcap format, only about the actual meaning of data. By combining
the "SETUP + OUT DATA" the subdissectors avoid unnecessary complexity (to know
the meaning of DATA you have to know the matching SETUP).

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15842] New: USB Control OUT data dissection on USBPcap packets

2019-06-13 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15842

Bug ID: 15842
   Summary: USB Control OUT data dissection on USBPcap packets
   Product: Wireshark
   Version: Git
  Hardware: All
OS: All
Status: UNCONFIRMED
  Severity: Normal
  Priority: Low
 Component: Dissection engine (libwireshark)
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: deso...@gmail.com
  Target Milestone: ---

Build Information:
Paste the COMPLETE build information from "Help->About Wireshark", "wireshark
-v", or "tshark -v".
--
USBPcap generates two or three packets per USB control transfer. The packets
are:
1. Setup stage, always 8 bytes of payload (USBPCAP_CONTROL_STAGE_SETUP = 0)
2. Optional Data stage - variable number of bytes, either from host to device
or from device to host (USBPCAP_CONTROL_STAGE_DATA = 1)
3. Status packet - always captured when the IRP travels from PDO to FDO
(equivalent of URB_COMPLETE on Linux). This packet contains the IRP status
code. (USBPCAP_CONTROL_STAGE_STATUS = 2)


On Linux, usbmon does generate two packets per USB control transfer. The
packets payloads are:
1. Setup + Optional Data OUT (URB_SUBMIT)
2. Optional Data IN (URB_COMPLETE)

Some dissectors, eg. DFU assumes that Control OUT data always is in the same
tvb as Setup packet.


It would be possible to modify USBPcap to behave more like usbmon. This can be
made by eg. adding USBPCAP_CONTROL_STAGE_URB_SUBMIT = 3,
URBPCAP_CONTROL_STAGE_URB_COMPLETE = 4 which would resemble the way the payload
is captured in usbmon. This however, would have effect only on the new
captures.

The reason why I ask on Wireshark bugzilla, is what to do with old captures?
If new USBPcap release gets the proposed USBPCAP_CONTROL_STAGE_URB_SUBMIT and
URBPCAP_CONTROL_STAGE_URB_COMPLETE, should the USB dissector be updated with
them and the existing (0, 1, 2) left intact? Or in case if old capture is
loaded, then should Wireshark USB dissector combine the (0+1 if 1 is OUT) and
(1 if 1 is IN + 2) and pass such merged data to subdissectors?

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 11743] Add FTDI USB dissector

2019-06-13 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11743

--- Comment #5 from Tomasz Mon  ---
Created attachment 17174
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17174=edit
TTL-232R-3V3 capture using USBPcap. Control transfers sent when opening port in
KiTTY 115200 8N1.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15658] "Telephony" -> "VOIP Calls" -> "Flow Sequences" don't scale properly on a 4K Monitor

2019-06-13 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15658

Brian Bang Tanggaard  changed:

   What|Removed |Added

 CC||b...@vincentz.dk

--- Comment #4 from Brian Bang Tanggaard  ---
I got the problem as well, have always been like this

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe