Give details about the conversation elements key and the pair of
address/port endpoints key, including a bunch of XXX comments about how
this should perhaps be cleaned up.
It's not a general key for looking up arbitrary conversations - that's
what an array of conversation elements is for - it's just a pair of
address/port endpoints. (It's not even hijacked for conversations
identified by a circuit ID any more.)
RFCs 5101/7011 make it clear that sequence numbers are uniquely
associated for each Observation Domain withing a Transport Session.
That means that the sequence number tracking should be conversation
data. (This is not quite right on SCTP, because "Each SCTP Stream
counts sequence numbers separately, while all messages in a TCP
connection or UDP session are considered to be part of the same
stream," but find_conversation_pinfo for SCTP gets a conversation
based on the association, and getting the stream id is not transparent.
It is closer to correct.)
This prevents warning about bad sequence numbers when there are
multiple Transport Sessions within a capture for the same
Observation Domain ID (most likely for the default value 0.)
Go ahead and make the other map with the stored sequence analysis
results that is keyed by frame number into proto data as well.
This patch allows to parse messages for the upcoming 2019 Amd1 version
that uses header version 4. Since the standard is not final yet, more
changes to fully support it are (probably) required.
In addition, this patch does not stop parsing, if the version is
unknown. Since the last releases were basically compatible, assuming
that the header can be parsed is the better choice.
While it is the correct action for a TCP end-point to stop
processing of the options when an EOL is found, a protocol
analyzer should at least ensure that there is no non-zero
data after it.
Use the variables WIRESHARK_QT{5,6}_PREFIX_PATH.
This allows having Qt5 and Qt6 paths configured isimultaneously and switch easily between them.
Use list(APPEND) to avoid clobbering other CMAKE_PREFIX_PATH paths.
Follow-up to b33210750c.
And change them to say "set" rather than "create"; they do more than
just allocate an array of conversation elements, they stuff a pointer to
that array into pinfo, which may affect what other dissectors do.
A conversation in Wireshark might have two endpoints or might have no
endpoints; few if any have one endpoint. Distinguish between
conversations and endpoints.
Since we require CMake version at least 3.7, we can use fixtures
to ensure that the unittests have been built before running
suite_unittests.
This only applies to running the tests via ctest (including
'[ninja|make] test'), not when running pytest directly.
Fix#17191
Our ubuntu container has Qt6 so use the default Qt version.
The APT packages are still using Qt5 at the moment. We may want to
migrate those to Qt6 in the future and choose a single Linux build
using Qt5.
PT_TCP and ENDPOINT_TCP happen to have the same numerical value, and
PT_UDP and ENDPOINT_UDP happen to have the same numerical value, but we
shouldn't cheat and just type-pun a PT_ value to an ENDPOINT_ value.
Instead, make the relevant structure members endpoinnt_type values and
assign them ENDPOINT_ values.
For a PDU where we haven't seen a request, response, or
header line yet, check to see if the header name is valid
before deciding that it is a header. Prevents many false
positives on continuation data that happens to have a line
end and a colon, where we couldn't do desegmentation for
some reason.
If we get a new contiguous fragment that is inserted into the
middle of a MSP in progress, we need to update maxnextseq by
looking at all the fragments part of that MSP that are now contiguous.
Related to #17406
One or both Qt version deps can be selected with a command line option.
If no option is given the script will select Qt6 for Ubuntu 22.04 or
later, Qt5 otherwise.
Similar is done for CGI, where LAC (%x)/CI (%u) is shown.
Let's do the same for SAI case, otherwise it's confusing since it first
looks as if LAC Cell Identifier was sent, but it is actually of type
SAI.