This change improves sequence analysis and subdissector interfaces, adds
payload Decode As support for DTN and IPN services, and add heuristic
dissection for BTSD.
Add a command line option --log-fatal-domains= and environment variable
WIRESHARK_LOG_FATAL_DOMAINS that aborts the programs if a domain in
the list is logged to.
Negative matches for fatal log domains not implemented for now,
pending a relevant use-case.
Like wmem_map_remove(), this frees the key/value pair item
in the map but not the key or the value itself (which may
in fact be the same object.) Not generally a problem, as
they'll get freed by the pool. (If someone wants to manage
memory themselves, they should probably be using a GHashTable.)
Instead of having the UI have to know about each type of follow
stream, and how to retrieve its total number of streams, have
each follow type register a function that returns the total
number of stream. (The function can be NULL, for protocols like
SIP that do not use this.)
This gets us closer to making follow stream registration generic.
Rename dissector_handle_get_long_name() and
dissector_handle_get_short_name() to
dissector_handle_get_protocol_long_name() and
dissector_handle_get_protocol_short_name(), to clarify that they fetch
names for the protocol that the dissector dissects, not for the
dissector *itself*. Leave a deprecated
dissector_handle_get_short_name() wrapper, and export
dissector_handle_get_protocol_long_name(), as it's now used in some
dissectors.
Change some calls to dissector_handle_get_description() back to
dissector_handle_get_protocol_short_name(), as they appear to be made in
order to display a *protocol* name.
Rename some methods, variables, enums, and table column names to reflect
cases where the dissector description is being used.
It defaults to the short name of the protocol dissected by the
descriptor, but it's now possible to register a dissector with an
explicit description.
This is mainly for use in the Decode As UI. It handles the case where
the same protocol might have different "Decode As..."-specifiable
dissectors for different situations.
Add Percent-encoding to the list of encoding types that Show
Packet Bytes can handle.
There's a function added to glib 2.66 to handle this for arbitrary
bytes that might have internal nulls (and which allows the result
to be non UTF-8), but we don't require that version yet, so extend
the existing function.
Related to #1084
It's not a general key for looking up arbitrary conversations - that's
what an array of conversation elements is for - it's just a pair of
address/port endpoints. (It's not even hijacked for conversations
identified by a circuit ID any more.)
The "conversation table" mechanism supports two types of tables, one for
the "Conversations" menu item under "Statistics" and one for the
"Endpoints" menu item under "Statistics". The first of them shows
statistics for conversations at various layers of the networking stack;
the second of them shows statistics for endpoints at various layers of
the networking stack.
The latter is *not* a table of hosts; an endpoint might be a host,
identified by an address at some network level (MAC, IP, etc.), or it
might be a port on a host, identified by an address/port pair.
Some data types, function names, etc. use "host" or "hostlist" or other
terms that imply that an endpoint is a host; change them to speak of
endpoints rather than hosts, using names similar to the corresponding
functions for conversations.
Provide wrapper functions and typedefs for backwards source and binary
compatibility; mark them as deprecated in favor of the new names.
Clean up some comment errors found in the process.
Linux builds were left behind on the Qt transition, presumably because
our Ubuntu CI image does not support Qt6.
Enable Qt6 by default and explicitly disable it for slower or more
conservative Linux distros.
Drop experimental status for Qt6, because we are using it to build
official Windows and macOS releases.
The semantics behind ws_pipe_close() were broken since its introduction.
Forcing process termination on Windows, while simply setting variable on
other systems results in more OS specific code sprinkled all over the
place instead of less. Moreover ws_pipe_close() never handled standard
file handles. It is really hard to come up with sensible ws_pipe_close()
replacement, as process exit is actually asynchronous action. It is
recommended to register child watch using g_child_watch_add() instead.
Do not call ws_pipe_close() when deleting capture interface. Things will
break if extcap is still running when interface opts are being freed and
terminating process won't help.
Rework maxmind shutdown to rely on GIOChannel state. For unknown reason
TerminateProcess() is still needed on Windows. The actual root cause
should be identified and fixed instead of giving up hope that it will
ever work correctly on Windows. In other words, TerminateProcess()
should not be used as a pattern, but rather as a last resort.
Remove ws_read_string_from_pipe() as this function encourages bad design
and is no longer necessary. Extcap stderr is read only after the child
process has finished and thus the read will never block.
Close process information thread handle right away as we don't use it.
Remove unused ws_pipe_t member variables.
Run tests when nocheck is not set in DEB_BUILD_OPTIONS and skip
tests and building tests when nocheck is set.
Also make the check's style in sync with the official Debian package.
Register the data dissector to all dissector tables that support
Decode As. This provides a way to disable decoding for table
entries that have a default dissector registered to a value.
It is particularly useful when a dissector is registered by default
to several values (e.g. HTTP), to be able to disable decoding
for one port without disabling the dissector in general.
It is also useful to prevent payloads from being handed off
to heuristic dissectors, and is thus distinguished from the
fallback to data when no dissector is set. N.B.: that this has no
effect on dissectors that have a "Try heuristic sub-dissectors first"
preference set to TRUE.
It does not solve a second issue for table entries with a default
dissector - setting the dissector to "none" in order to force
payloads to be sent to heuristic dissectors without setting a
preference as above. (Note that in some cases one will wish to
send dissection on some ports to heuristics without enabling
heuristics first for _all_ ports.)
Fix#17518. Fix#15717. Related to #12098, which also needs the
last issue mentioned above addressed.
It's possible for a dissector to claim a frame without adding to
the tree or being added to frame.protocols (see !6669)
Log a debug message showing the pinfo layers and the dissector that
claimed the tvb (frame/packet).
Add a function to get the column text of the nth column, taking
into account whether the column is resolved or unresolved. Use
this function in the GUI, as well as in tshark, when writing
PSML, exporting dissection to PSML, etc., instead of accessing
col_data directly.
This removes the direct accesses of col_data from outside
column.c and column-utils.c
Fix#18168.
Because completed reassemblies are hashed in the reassembled_table for
all the frame numbers that contributed fragments,
fragment_get_reassembled_id() works wherever fragment_get_reassembled()
does, and also works where the fragment id is not the frame number.
However, since the reassembled_table hash key only depends on the
fragment id and the frame number, it only allows a frame to have
one reassembly with a given fragment id. Some protocols can have
more than one reassembly with a given fragment id (that differ on
addresses or other keys), such as GSM SMS, and the wrong reassembly
is retrieved on the second pass in those cases.
For this reason, we might want to add additional key elements to
reassembled_table, such as layer number. fragment_get_reassembled_id
already takes packet_info as a parameter and can accommodate that
without further changes, but fragment_get_reassembled cannot, so
remove the latter in favor of the former.
Commit 5cd591129f removes a number
of conversation related functions. Remove them from the debian
symbol list.
The commit also removed the implementation of conversation_hash_exact,
so remove the declaration from the header file.
Add conversation_new_full and find_conversation_full, which take
arbitrary element lists instead of fixed addresses and ports.
Update the comments in conversation.h to be more Doxygen-conformant.
Update README.dissector.
Use the new functionality to add initial conversation support to the
Falco Bridge dissector.
Add get_configuration_namespace() and use it in code that writes
"generated by" comments at the top of various configuration files.
Update our Logwolf colorfilters.
Convert our conversation protocols to a dynamic list and add
add_conversation_filter_protocol(). Use it in the Falco Bridge plugin to
add protocols with conversation filters.