RTP is commonly multiplexed on the same UDP 5-tuple with STUN, DTLS, and
other protocols including ZRTP. RFC 7983 gives current best practices for
dealing with the multiplexing that doesn't involve assuming that version
0 packets are always the same protocol. Implement that for the "what to do
if RTP packets have the wrong version number" preference and set it as the
default.
Only use this setting when RTP is being dissected non-heuristically
(leave heuristic dissections to the other protocol's heuristic
dissector.)
This avoids a problem of the STUN heuristic dissector setting itself
to be the new dissector for an RTP conversation (cf issue #18148).
This also allows dissection of TURN ChannelData multiplexed on the
same 5-tuple as RTP set up by, e.g., SDP.
Fix#18832
Put the "attempt to compile a filter string as a capture filter" code
into a common routine, and, if the attempt succeeds, free up the
generated capture filter code.
Fixes#18837.
The ShowAs enum should stay in the same order as the Items
are added to the ShowAs combobox, because setCurrentIndex()
is used with the enum values, e.g. when setting the value to
"Show As Image" when the bytes are an image.
Fixup c9e08b7be3
Copy+paste afa2579124 to fix
wireshark/ui/logray/logray_main_window_slots.cpp:1564:40: error: attempt to use a deleted function
stats_tree_action->setData(cfg->abbr);
^
Qt/6.4.2/macos/lib/QtCore.framework/Headers/qvariant.h:199:5: note: 'QVariant<char *, false>' has been explicitly marked deleted here
QVariant(T) = delete;
^
Use a pointer to the growing array of NRBs from the source
file, as with DSBs, so as to handle reading NRBs in the middle
of a file in one-pass mode.
Write NRBs when reading a file with editcap, or in tshark when
not dissecting packets and writing our own NRB. Continue not
to write the NRB if we're supplying our own list of address info
instead.
If we have already read the entire source file in (such as in
two-pass tshark), move all the NRBs to the beginning of the file
before packets, as done with DSBs.
When merging files with mergecap, write both sets of NRBs. (There
is no attempt to merge the NRBs by looking for common entries.)
Check for name resolution data in the middle of dumping a file,
not just at the end, and check for DSBs at the end of a file,
after all the packets. This means that Wireshark no longer writes
the NRB at the very end of the file after all the packets (which
is worse for future one-pass reads), and DSBs after all packets
are preserved.
Ping #15502
Dumpcap depends on wsutil.so. The path to the shared library
is encoded in the RPATH (or RUNPATH) property of ELF binaries.
This is currently an absolute path on most Unixy systems.
Dumpcap could not be made to work with a relative RPATH because it
uses elevated privileges and some loaders will ignore relative
RPATHs and non-standard paths under those circumstances, because of
(justified) security concerns.
To enable relocation of the program we link dumpcap statically
with wsutil instead.
This provides a fully working relocatable installation on Linux
and other platforms that support relative RPATHs.
Make sure init_plugin_dir and get_doc_dir uses the same logic as
get_datafile_dir. Update each so that the xxx_DATA_DIR and
xxx_PLUGIN_DIR environment variables take precedence.
CMake's ENABLE_APPLICATION_BUNDLE determines whether or not we're using
an application bundle layout, so check for it instead of __APPLE__.
Make copies of our top-level packages instead of symlinking them. Blind
attempt at fixing #18830.
Switch to UDZO for our application disk images as recommended in
https://developer.apple.com/forums/thread/128166
[skip ci]
It is fine to dissect and cache columns data during color dissection if
it won't evict already cached data. There is rather high probability of
using the column data because color information is dissected in order.
Dependent frames list order does not matter and thus significantly
faster data structure can be used. Replace the list with hash table to
avoid excessive CPU usage when opening files containing reassembled
packets consisting of large number of fragments.
Invalidate endpoint info on SET ADDRESS to prevent reassembly and/or
retransmission detection across reset boundary.
Leave endpoint info intact when assigning default address (0) to avoid
issues related to unknown control endpoint max packet size. Only control
transfers are allowed to address 0 so this should pose no issues.
Add support for CB_RECALL_ANY operation as given in the following:
RFC 5661 Network File System (NFS) Version 4 Minor Version 1 Protocol.
RFC 8435 Parallel NFS (pNFS) Flexible File Layout.
Opcode: CB_RECALL_ANY (8)
Objects to keep: 0
Number of masks: 1
Type mask: 0x00000001 (Read Delegation)
Type: Read Delegation (0)