This adds support to Wireshark for custom context menus for packets, so
that when a packet's context menu is opened (e.g., by right-clicking),
Wireshark can support doing things like "run a program" or
"open a URL" with a field from the packet as a parameter. Note that
this is similar to ArcSight's integration commands feature.
For example, it could be used like the following:
```
ROBTEX_URL = "https://www.robtex.com/dns-lookup/"
local function search_robtex(...)
local fields = {...};
for i, field in ipairs( fields ) do
if (field.name == 'http.host') then
browser_open_url(ROBTEX_URL .. field.value)
break
end
end
end
register_packet_menu("Search host in Robtex", search_robtex, "http.host");
```
Fixes issue #14998
Add fragment_add_check_with_fallback() and use it in USBLL dissector
instead of fragment_add_check() to avoid last fragment retransmissions
from being treated as separate transfers. With this change, the last
fragment retransmissions are correctly grouped together with the rest
of the transfer.
Only skip single fragment reassembly if retransmission is not possible
at the protocol level, i.e. for SETUP DATA0 (when it is not merged with
OUT data) and for isochronous transfers. The reassembly must not be
skipped for other transfers (especially for full-speed bulk) because
otherwise it wouldn't be possible to group retransmissions together with
the first data packet.
Do not use DATA0/DATA1 tracking for isochronous transfers. Isochronous
data cannot be retransmitted because there are no handshakes (there is
no ACK nor NAK after isochronous data packets).
This change improves sequence analysis and subdissector interfaces, adds
payload Decode As support for DTN and IPN services, and add heuristic
dissection for BTSD.
Add a command line option --log-fatal-domains= and environment variable
WIRESHARK_LOG_FATAL_DOMAINS that aborts the programs if a domain in
the list is logged to.
Negative matches for fatal log domains not implemented for now,
pending a relevant use-case.
Like wmem_map_remove(), this frees the key/value pair item
in the map but not the key or the value itself (which may
in fact be the same object.) Not generally a problem, as
they'll get freed by the pool. (If someone wants to manage
memory themselves, they should probably be using a GHashTable.)
Instead of having the UI have to know about each type of follow
stream, and how to retrieve its total number of streams, have
each follow type register a function that returns the total
number of stream. (The function can be NULL, for protocols like
SIP that do not use this.)
This gets us closer to making follow stream registration generic.
Rename dissector_handle_get_long_name() and
dissector_handle_get_short_name() to
dissector_handle_get_protocol_long_name() and
dissector_handle_get_protocol_short_name(), to clarify that they fetch
names for the protocol that the dissector dissects, not for the
dissector *itself*. Leave a deprecated
dissector_handle_get_short_name() wrapper, and export
dissector_handle_get_protocol_long_name(), as it's now used in some
dissectors.
Change some calls to dissector_handle_get_description() back to
dissector_handle_get_protocol_short_name(), as they appear to be made in
order to display a *protocol* name.
Rename some methods, variables, enums, and table column names to reflect
cases where the dissector description is being used.
It defaults to the short name of the protocol dissected by the
descriptor, but it's now possible to register a dissector with an
explicit description.
This is mainly for use in the Decode As UI. It handles the case where
the same protocol might have different "Decode As..."-specifiable
dissectors for different situations.
Add lricon.svg and lriconinst.svg, which provide the core graphic
element for the various Logray icons. Add lricon*.png, which were
created using the templates at
https://developer.apple.com/design/resources/. Add Logray.icns,
logray.ico, and lograyinst.ico, and use them in various packaging
resources.
Add Percent-encoding to the list of encoding types that Show
Packet Bytes can handle.
There's a function added to glib 2.66 to handle this for arbitrary
bytes that might have internal nulls (and which allows the result
to be non UTF-8), but we don't require that version yet, so extend
the existing function.
Related to #1084
It's not a general key for looking up arbitrary conversations - that's
what an array of conversation elements is for - it's just a pair of
address/port endpoints. (It's not even hijacked for conversations
identified by a circuit ID any more.)
The "conversation table" mechanism supports two types of tables, one for
the "Conversations" menu item under "Statistics" and one for the
"Endpoints" menu item under "Statistics". The first of them shows
statistics for conversations at various layers of the networking stack;
the second of them shows statistics for endpoints at various layers of
the networking stack.
The latter is *not* a table of hosts; an endpoint might be a host,
identified by an address at some network level (MAC, IP, etc.), or it
might be a port on a host, identified by an address/port pair.
Some data types, function names, etc. use "host" or "hostlist" or other
terms that imply that an endpoint is a host; change them to speak of
endpoints rather than hosts, using names similar to the corresponding
functions for conversations.
Provide wrapper functions and typedefs for backwards source and binary
compatibility; mark them as deprecated in favor of the new names.
Clean up some comment errors found in the process.
Linux builds were left behind on the Qt transition, presumably because
our Ubuntu CI image does not support Qt6.
Enable Qt6 by default and explicitly disable it for slower or more
conservative Linux distros.
Drop experimental status for Qt6, because we are using it to build
official Windows and macOS releases.
libbrotlidec and libbrotlicommon show up in `otool -L` without any path
information on the macOS builders, similar to what's described at
https://github.com/google/brotli/issues/934
Try to work around this in osx-app.sh.
The semantics behind ws_pipe_close() were broken since its introduction.
Forcing process termination on Windows, while simply setting variable on
other systems results in more OS specific code sprinkled all over the
place instead of less. Moreover ws_pipe_close() never handled standard
file handles. It is really hard to come up with sensible ws_pipe_close()
replacement, as process exit is actually asynchronous action. It is
recommended to register child watch using g_child_watch_add() instead.
Do not call ws_pipe_close() when deleting capture interface. Things will
break if extcap is still running when interface opts are being freed and
terminating process won't help.
Rework maxmind shutdown to rely on GIOChannel state. For unknown reason
TerminateProcess() is still needed on Windows. The actual root cause
should be identified and fixed instead of giving up hope that it will
ever work correctly on Windows. In other words, TerminateProcess()
should not be used as a pattern, but rather as a last resort.
Remove ws_read_string_from_pipe() as this function encourages bad design
and is no longer necessary. Extcap stderr is read only after the child
process has finished and thus the read will never block.
Close process information thread handle right away as we don't use it.
Remove unused ws_pipe_t member variables.
Move Acknowledgements to a separate file to enable some code
simplification and improve maintenance and discoverability
for acknowlegements.
Convert the Acknowledgements file to Github flavored markdown
and display it in rich text using QTextBrowser.
Add Acknowledgements.md to NSIS installer
Moshe Kaplan