[Wireshark-bugs] [Bug 14701] Wireshark hangs when opening certain files if it's been configured to use the new GeoIP databases.

2018-12-03 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14701

Christopher Maynard  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 Status|CONFIRMED   |RESOLVED

--- Comment #33 from Christopher Maynard  ---
(In reply to Gerald Combs from comment #32)
> This sounds like WinPcap behaving badly on Windows 10, which shouldn't be
> related to this problem. I ran into this issue periodically on the Windows
> builders after upgrading them to Server 2016. Switching to Npcap seems to
> have fixed the problem.

OK, good to know.

> I was able to replicate the issue here. Reverting g4154e35cde fixed the
> problem, so I've done so in master.

Yes, it's working as expected again.  I think we can close this bug now.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15322] Wireshark stack corruption in cdma2k_message_ACTIVE_SET_RECORD_FIELDS

2018-12-03 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15322

Pascal Quantin  changed:

   What|Removed |Added

  Group|private |

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14701] Wireshark hangs when opening certain files if it's been configured to use the new GeoIP databases.

2018-12-03 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14701

--- Comment #32 from Gerald Combs  ---
(In reply to Christopher Maynard from comment #31)
> Just double-clicking Wireshark.exe from the build directory causes problems
> too.  
> 
> Initially I accidentally double-clicked Wireshark.exe twice and started two
> separate instances.  Both were stuck initializing interfaces and had to be
> killed; however, killing them left Dumpcap.exe remnants running that could
> not be killed, at least not from either Task Manager or by attempting to use
> taskkill.exe from a command prompt, even one run as administrator.  I
> rebooted to the computer so Wireshark could be run and successfully
> initialize interfaces again.

This sounds like WinPcap behaving badly on Windows 10, which shouldn't be
related to this problem. I ran into this issue periodically on the Windows
builders after upgrading them to Server 2016. Switching to Npcap seems to have
fixed the problem.


> After the reboot, I tested it again, but I made sure I only started a single
> instance of Wireshark.  When Wireshark exited, the Wireshark Debug Console
> Window that had been opened did not terminate and Task Manager still showed:
> 
> v Wireshark (4)
>   Console Window Host
>   Console Window Host
>   mmdbresolve.exe
>   Wireshark
> 
> After a Ctrl-C of the Debug Console Window, all Wireshark processes were
> cleaned up.  So, it seems that having a Debug Console Window opened causes
> problems upon program termination.  To test this, I changed the preference
> so it would not be opened and everything worked as expected except for when
> it was started in a batch file - mmdbresolve.exe and Wireshark.exe were
> still running and a Ctrl-C was still needed, but this time Ctrl-C did not
> terminate the batch file and the entire command prompt window had to be
> killed.

I was able to replicate the issue here. Reverting g4154e35cde fixed the
problem, so I've done so in master.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15324] Support for Elasticsearch 5+ protocol

2018-12-03 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15324

--- Comment #4 from David Turner  ---
Created attachment 16771
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=16771&action=edit
Another pcap example

The previous packet capture did not include any examples containing response
headers. Here is a capture from 6.5.1 that does.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14701] Wireshark hangs when opening certain files if it's been configured to use the new GeoIP databases.

2018-12-03 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14701

--- Comment #31 from Christopher Maynard  ---
Just double-clicking Wireshark.exe from the build directory causes problems
too.  

Initially I accidentally double-clicked Wireshark.exe twice and started two
separate instances.  Both were stuck initializing interfaces and had to be
killed; however, killing them left Dumpcap.exe remnants running that could not
be killed, at least not from either Task Manager or by attempting to use
taskkill.exe from a command prompt, even one run as administrator.  I rebooted
to the computer so Wireshark could be run and successfully initialize
interfaces again.

After the reboot, I tested it again, but I made sure I only started a single
instance of Wireshark.  When Wireshark exited, the Wireshark Debug Console
Window that had been opened did not terminate and Task Manager still showed:

v Wireshark (4)
  Console Window Host
  Console Window Host
  mmdbresolve.exe
  Wireshark

After a Ctrl-C of the Debug Console Window, all Wireshark processes were
cleaned up.  So, it seems that having a Debug Console Window opened causes
problems upon program termination.  To test this, I changed the preference so
it would not be opened and everything worked as expected except for when it was
started in a batch file - mmdbresolve.exe and Wireshark.exe were still running
and a Ctrl-C was still needed, but this time Ctrl-C did not terminate the batch
file and the entire command prompt window had to be killed.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15324] Support for Elasticsearch 5+ protocol

2018-12-03 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15324

--- Comment #3 from David Turner  ---
Created attachment 16770
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=16770&action=edit
Example pcap capture

I attach a `tcpdump` capture containing traffic between two Elasticsearch nodes
of the following versions, respectively:

1. 2.4.6
2. 5.6.13
3. 6.2.4
4. 6.3.2

I do not currently have the capacity to try and resolve this myself, sorry.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15324] Support for Elasticsearch 5+ protocol

2018-12-03 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15324

Alexis La Goutte  changed:

   What|Removed |Added

 CC||alexis.lagou...@gmail.com
 Ever confirmed|0   |1
 Status|UNCONFIRMED |INCOMPLETE

--- Comment #2 from Alexis La Goutte  ---
Hi David,

do you plan to add this new field for Elasticsearch ?

Can you attach some pcap with this new field ?

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15324] Support for Elasticsearch 5+ protocol

2018-12-03 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15324

--- Comment #1 from David Turner  ---
Apologies, the links I gave to the Elasticsearch source were not permalinks, so
will likely not survive for long. Here are better links:

https://github.com/elastic/elasticsearch/blob/b5cae0af58caaae726c6d980665ac95282e77bfb/server/src/main/java/org/elasticsearch/common/util/concurrent/ThreadContext.java#L583-L589

https://github.com/elastic/elasticsearch/blob/b5cae0af58caaae726c6d980665ac95282e77bfb/server/src/main/java/org/elasticsearch/transport/TcpTransport.java#L790-L792

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15324] Support for Elasticsearch 5+ protocol

2018-12-03 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15324

David Turner  changed:

   What|Removed |Added

 CC||david.tur...@elastic.co

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15324] New: Support for Elasticsearch 5+ protocol

2018-12-03 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15324

Bug ID: 15324
   Summary: Support for Elasticsearch 5+ protocol
   Product: Wireshark
   Version: unspecified
  Hardware: x86
OS: Mac OS X 10.4
Status: UNCONFIRMED
  Severity: Enhancement
  Priority: Low
 Component: Dissection engine (libwireshark)
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: david.tur...@elastic.co
  Target Milestone: ---

Build Information:
Version 2.4.3 (v2.4.3-0-g368ba1e)

Copyright 1998-2017 Gerald Combs  and contributors.
License GPLv2+: GNU GPL version 2 or later

This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with Qt 5.3.2, with libpcap, without POSIX capabilities, with
GLib 2.36.0, with zlib 1.2.5, with SMI 0.4.8, with c-ares 1.12.0, with Lua
5.2.4, with GnuTLS 3.4.17, with Gcrypt 1.7.7, with MIT Kerberos, with GeoIP,
with nghttp2 1.14.0, with LZ4, with Snappy, with libxml2 2.9.4, with
QtMultimedia, without AirPcap, with SBC, without SpanDSP.

Running on Mac OS X 10.14.1, build 18B75 (Darwin 18.2.0), with Intel(R)
Core(TM)
i7-7820HQ CPU @ 2.90GHz (with SSE4.2), with 16384 MB of physical memory, with
locale C, with libpcap version 1.8.1 -- Apple version 79.200.4, with GnuTLS
3.4.17, with Gcrypt 1.7.7, with zlib 1.2.11.

Built using llvm-gcc 4.2.1 (Based on Apple Inc. build 5658) (LLVM build
2336.9.00).

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
Today, Wireshark can dissect a few fields from the wire protocol that
Elasticsearch used prior to version 5. There were changes to the wire protocol
in version 5 and again in version 6.3.

In version 5 (`version >= 599`) in both requests and responses, immediately
after the 4-byte version field was added the thread context:

https://github.com/elastic/elasticsearch/blob/master/server/src/main/java/org/elasticsearch/common/util/concurrent/ThreadContext.java#L583-L589

The thread context comprises two structures: headers from the request and
headers for the response. The headers from the request is a list of pairs of
strings; the headers for the response is a list of pairs of (string,
list-of-string), and each list is prefixed with its number of items. The
`read_vint()` and `read_vstring()` functions in
`epan/dissectors/packet-elasticsearch.c` look suitable for reading the basic
elements of these structures.

In version 6.3 (`version >= 6030099`), in requests only, immediately after the
thread context described above comes the features list. This is a list of
strings (again, prefixed by its length):

https://github.com/elastic/elasticsearch/blob/master/server/src/main/java/org/elasticsearch/transport/TcpTransport.java#L790-L792

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14381] cannot find any Mongo Wire Protocol (MONGO) package

2018-12-03 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14381

--- Comment #10 from Peter Wu  ---
Derick has attached captures and key log files in bug 14275 by the way.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15163] Make Wireshark builds reproducible

2018-12-03 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15163

--- Comment #4 from Peter Wu  ---
FYI, CMake 3.14 gains a "CMAKE_BUILD_RPATH_USE_ORIGIN" property to enforce
relative RPATHs:
https://gitlab.kitware.com/cmake/cmake/merge_requests/2456

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15323] New: GUI bug: Apply as Filter greyed out.

2018-12-03 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15323

Bug ID: 15323
   Summary: GUI bug: Apply as Filter greyed out.
   Product: Wireshark
   Version: 2.6.5
  Hardware: x86
OS: Windows 7
Status: UNCONFIRMED
  Severity: Normal
  Priority: Low
 Component: Qt UI
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: niels.j.lar...@gmail.com
  Target Milestone: ---

Build Information:
Version 2.6.5 (v2.6.5-0-gf766965a) 
Copyright 1998-2018 Gerald Combs  and contributors.
License GPLv2+: GNU GPL version 2 or later
 This is free software;
see the source for copying conditions. There is NO warranty; not even for
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 
Compiled (64-bit) with Qt 5.9.7, with WinPcap (4_1_3), with GLib 2.42.0, with
zlib 1.2.11, with SMI 0.4.8, with c-ares 1.14.0, with Lua 5.2.4, with GnuTLS
3.4.11, with Gcrypt 1.7.6, with MIT Kerberos, with MaxMind DB resolver, with
nghttp2 1.14.0, with LZ4, with Snappy, with libxml2 2.9.4, with QtMultimedia,
with AirPcap, with SBC, with SpanDSP, with bcg729. 
Running on 64-bit Windows 7 Service Pack 1, build 7601, with Intel(R) Core(TM)
i7-6600U CPU @ 2.60GHz (with SSE4.2), with 32167 MB of physical memory, with
locale English_United Kingdom.1252, with WinPcap version 4.1.3 (packet.dll
version 4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b (20091008),
with GnuTLS 3.4.11, with Gcrypt 1.7.6, without AirPcap, binary plugins
supported (14 loaded). Built using Microsoft Visual Studio 2017 (VC++ 14.12,
build 25835). 
Wireshark is Open Source Software released under the GNU General Public
License. 
Check the man page and http://www.wireshark.org for more information
--
Pre-select "[Stream Index: ]" field in the "Packet Details"/TCP section for a
random packet.
Select a new packet in the Packet List.
Right-click "[Stream Index: ] and select the sub-menus for "Apply as Filter" or
"Prepare as Filter" in order to filter on the selected Stream.
Now all options are greyed out i.e. "Selected"/"Not Selected" etc. and any
filtering is thus not possible.

If you select other fields in the TCP section for a random packet *before*
right-clicking "[Stream Index: ]" the options are *not* greyed out and
filtering can be executed.
It works with the described workaround, but is certainly not intuitive.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe