According to the Bluetooth Core Specification v5.3, Volume 2, Part C,
Section 5.1, the Name_Offset parameter of the LMP_NAME_RES PDU should be at
offset 2 in the payload and Name_Length should be at offset 3.
Set some models to have the Traffic Tab or Traffic Type List
that creates them as parent, so that they will be deleted
properly. Setting a model does not cause it to be deleted
unless it is parented, because models can be shared among
multiple views. Since these models are only used by the
one view, parenting them is fine.
Add functions to PacketListRecord to invalidate a single record's
colorization and column strings, used for a record is modified in a
way that needs to trigger redrawing, but we don't need to redraw
all packets.
Move the functionality for adding, deleting, and setting frame comments
into PacketListModel, operating on QModelIndexes (or on all physical
rows in the case of deleting all comments from a file.) Trigger
recolorization of any record with an updated comment.
Only set a block as modified when deleting comments if we actually
deleted comments. This avoids marking a file as modified if we
delete all comments from all frames, or all comments from selected
frames, when those comments do not actually have frames.
If cf_set_modified_block is used to modify a block that is already
modified, it can't update the comment count. In that case, return
false and have the callers update the comment count. (It already
has a return value, which is always true.) This avoids having the
GUI warning about saving into a format that doesn't support comments
when comments have been added and then removed.
Note that, unlike with time references and time shifts, there
are no fields (and hence no columns nor color filters) that depend
on whether other fields have comments. If for some reason some
were added, then the model data for all frames would have to be
updated instead. Since there aren't, we don't need to
redrawVisiblePackets, but we do need to drawCurrentPacket to ensure
the packet details are redissected.
Fix#12519
Store the field filter strings in a wmem_map pointing to the
field flags for each string. This allows specifying multiple
filter options (-j or -J) on the command line, including some
of both.
Fix#17470
The kernel unfortunately doesn't indicate which payload type
it is. In particular, it might be an Ethernet packet or an IP one,
depending on how the SKB has been generated.
We work around this issue by guessing if the packet contains the
EtherType at the right offset to be an Ethernet packet, and decode
accordingly the payload.
Don't call resize in applyRecentColumnWidths(). It doesn't seem
to be necessary in Qt5 or Qt6 to stretch the packet list last column
when the main window is wider than the total columns, and it doesn't
seem to be necessary to get the horizontal scroll bar to appear if
the columns are wider than the window frame either.
(When adding and removing columns, resizing the main window, etc.,
the columns all behave as expected, including if the wide Info
column is removed).
Resizing the packet list makes the scrollbar (and minimap) disappear.
It reappears when selecting another packet, but since it's not
necessary to resize, don't.
Fix#13597
If MSP_FLAGS_REASSEMBLE_ENTIRE_SEGMENT is set (because the dissector
asked for one more segment) but the new segment didn't result in
a completed reassembly (because it overlapped and didn't add new
data), don't clear the REASSEMBLE_ENTIRE_SEGMENT flag.
Related to #18411
If we have payload on TCP with a single octet that is not printable ASCII,
just reject it rather than waiting for the next CRLF line end (and
marking it as Continuation Data then). It is more likely to be a TCP Keep
Alive at the beginning of a capture file or connection.
At best, this change means that a correct SIP request or response is
interpreted rather than marking as Continuation Data. At worst,
Continuation Data has one less non printable octet at the beginning.
Fix#18411.
The `color_t_to_rgb` method returns an unsigned int, taking a 32-bit
color code and reducing it to an integer. Sharkd displays these as hex
colors.
However, if this color is missing a Red or Green component, the hex
output is missing the zero-padding for those parts of the color,
resulting in the wrong or invalid hex code.
This patch simply pads the output with zeros.
Dumpcap depends on wsutil.so. The path to the shared library
is encoded in the RPATH (or RUNPATH) property of ELF binaries.
This is currently an absolute path on most Unixy systems.
Dumpcap could not be made to work with a relative RPATH because it
uses elevated privileges and some loaders will ignore relative
RPATHs and non-standard paths under those circumstances, because of
(justified) security concerns.
To enable relocation of the program we link dumpcap statically
with wsutil instead.
This provides a fully working relocatable installation on Linux
and other platforms that support relative RPATHs.
This prevents checking sse4.2 compiler flag in non-x86 architectures.
Also set COMPILE_CAN_HANDLE_SSE4_2 and SSE4_2_FLAG variables to false
and empty values respectively to skip subsequent checks.
When device responds with STALL, the host will clear the halt using
ClearFeature(ENDPOINT_HALT) request. The request always results in data
toggle being reinitialized to DATA0. Because USBLL dissector does not
track all control transfers, it is unaware of the expected data toggle
change and thus would treat next DATA0 packet as retransmission if the
last data packet before STALL was DATA0.
USB transfer never spans across STALL, i.e. data packet after STALL
cannot be retransmission nor continuation of any earlier transfer.
Avoid continuing reassembly after a STALL by clearing active transfer
information from endpoint info on every STALL handshake.
Dumpcap depends on wsutil.so. The path to the shared library
is encoded in the RPATH (or RUNPATH) property of ELF binaries.
This is currently an absolute path on most Unixy systems.
Dumpcap could not be made to work with a relative RPATH because it
uses elevated privileges and some loaders will ignore relative
RPATHs and non-standard paths under those circumstances, because of
(justified) security concerns.
To enable relocation of the program we link dumpcap statically
with wsutil instead.
This provides a fully working relocatable installation on Linux
and other platforms that support relative RPATHs.
Move the top-level user-guide.adoc and developer-guide.adoc to their
respective source directores. This is in preparation for a future
toolchain revamp.
Move the wsug_graphics directory to wsug_src/images and wsdg_graphics
directory to wsdg_src/images. Copy common_graphics/* to the each images
directory and remove common_graphics. We only have five admonition
graphics; duplicating them lets us remove some build config overhead.
Rename wsluarm.adoc to wsdg_src/wsdg_lua_support.adoc.
Remove a dummy file.
Tested visually and by enabling `--failure-level=WARN`.
Add a drop-down combobox for UATs, including User DLTs, that
have a choice of dissectors. Make the combobox editable, which
will provide suggestions, and pass things through to the existing
UAT validation for dissectors. (It's a very long list, especially
with 1717 entries, including 530 just from various BT GATT UUIDs,
so being able to still type it in seems useful.)
Dissectors are not protocols. Rename the UAT field from PROTO to
DISSECTOR where used. Update the column names and long descriptions
to use dissector instead of protocol in dissectors that used this.
There may at some point be UATs that want protocols instead of
dissectors, but that's not what the current behavior does and
none of the current dissectors that use the existing types want.
Update the documentation to use "dissector" instead of "protocol."
Put the names of the actual current three Ethernet dissectors.
Clarify that the "ip" dissector actually tries IPv4 and IPv6,
instead of just IPv4.
UAT entries are backwards and forwards compatible with versions
without this change.
Fix#18836.
wscbor_skip_next_item should not return to the beginning offset
if there are errors, because this makes wscbor_skip_if_errors
do the opposite of what it claims. In the case where the errors
involve having far too many items in a list, this can cause
memory exhaustion or infinite loops.
Fix#18782. Fix#18840.
Mass Storage Bulk Only Transport prohibits ending data transfers with
zero length packet. This is generally not problematic when capturing at
OS URB level, but it does raise issues when capturing at USB Link Layer.
USBLL dissector has no idea where the transfer ends. It will concatenate
SCSI Data IN with CSW and SCSI Data OUT with next CBW whenever SCSI Data
length is multiple of bulk endpoint max packet size (virtually all Read
and Write commands because most common sector sizes are 512 and 4096).
CBW and CSW always end transfer reassembly because they must start at
packet boundary and their size is not equal to bulk max packet size.
Merging Data IN with CSW poses no problems at all. The only end user
visible difference is that Data IN and CSW appear in single packet (the
packet where reassembly ends).
Merging Data OUT with next CBW is ok for practical purposes, because
host periodically issues TEST UNIT READY (which does not have data
transfer and thus is not subject to the issue). While the CSW (and thus
SCSI status) will appear before Data OUT (and next CBW), the packets
will be correctly linked.
Workaround USBLL reassembly limitation by anticipating that SCSI Data
can be concatenated with Bulk Only Transport wrappers. Proper solution
would involve implementing a framework to allow USB class dissectors to
signal expected transfer length on Bulk IN or Bulk OUT endpoint whenever
CBW is encountered.
Gulshan Singh