RPM 4.11.2 introduced build failures on "wrong" version formatting,
including everything with a double dash. This broke a lot of
packages, so many distributions turned it off by default, but
some don't. Make sure it's off, because build from git versions
have dashes. Fixes the Rocky 9 CI build.
Note that we try to work around this by replacing the dashes in
our version number with underscores, but RPM will still complain
about an invalid version in the dependency it generates from our
pkg-config file.
Run tests when nocheck is not set in DEB_BUILD_OPTIONS and skip
tests and building tests when nocheck is set.
Also make the check's style in sync with the official Debian package.
Register the data dissector to all dissector tables that support
Decode As. This provides a way to disable decoding for table
entries that have a default dissector registered to a value.
It is particularly useful when a dissector is registered by default
to several values (e.g. HTTP), to be able to disable decoding
for one port without disabling the dissector in general.
It is also useful to prevent payloads from being handed off
to heuristic dissectors, and is thus distinguished from the
fallback to data when no dissector is set. N.B.: that this has no
effect on dissectors that have a "Try heuristic sub-dissectors first"
preference set to TRUE.
It does not solve a second issue for table entries with a default
dissector - setting the dissector to "none" in order to force
payloads to be sent to heuristic dissectors without setting a
preference as above. (Note that in some cases one will wish to
send dissection on some ports to heuristics without enabling
heuristics first for _all_ ports.)
Fix#17518. Fix#15717. Related to #12098, which also needs the
last issue mentioned above addressed.
It's possible for a dissector to claim a frame without adding to
the tree or being added to frame.protocols (see !6669)
Log a debug message showing the pinfo layers and the dissector that
claimed the tvb (frame/packet).
Add a function to get the column text of the nth column, taking
into account whether the column is resolved or unresolved. Use
this function in the GUI, as well as in tshark, when writing
PSML, exporting dissection to PSML, etc., instead of accessing
col_data directly.
This removes the direct accesses of col_data from outside
column.c and column-utils.c
Fix#18168.
Switch to the name "Logray" for the log analyzer. Rays are biological
cousins of sharks and more people like the name "Logray" in a completely
unscientific survey here. Apologies for any inconvenience this might
cause.
Because completed reassemblies are hashed in the reassembled_table for
all the frame numbers that contributed fragments,
fragment_get_reassembled_id() works wherever fragment_get_reassembled()
does, and also works where the fragment id is not the frame number.
However, since the reassembled_table hash key only depends on the
fragment id and the frame number, it only allows a frame to have
one reassembly with a given fragment id. Some protocols can have
more than one reassembly with a given fragment id (that differ on
addresses or other keys), such as GSM SMS, and the wrong reassembly
is retrieved on the second pass in those cases.
For this reason, we might want to add additional key elements to
reassembled_table, such as layer number. fragment_get_reassembled_id
already takes packet_info as a parameter and can accommodate that
without further changes, but fragment_get_reassembled cannot, so
remove the latter in favor of the former.
It would be really nice if the PortableApps package builder exited
with an error to stdio instead of opening an dialog in a CI builder's
inaccessible UI session.
[skip ci]
In commit 8c7e3f0d30, the config.nsh.in
was renamed as wireshark-config.nsh.in, and the config.nsh was renamed
as wireshark-config.nsh as well, but the wireshark-common.nsh still
includes the config.nsh, which will cause the packaging failed.
Commit 5cd591129f removes a number
of conversation related functions. Remove them from the debian
symbol list.
The commit also removed the implementation of conversation_hash_exact,
so remove the declaration from the header file.
Create Logwolf-specific copies of the various Wireshark NSIS config files
and modify them to install and uninstall Logwolf. There are still a bunch
of rough edges, but the installer works for a test capture I have here.
Rename the following build targets, similar to the recent macOS target
name changes:
nsis_package_prep to wireshark_nsis_prep
nsis_package to wireshark_nsis
Rename some NSIS files to reflect that they're specific to Wireshark.
Update the documentation and CI configurations.
Rename the following build targets:
app_bundle to wireshark_app_bundle
dmg_package_prep to wireshark_dmg_prep
dmg_package to wireshark_dmg
Add logwolf_app_bundle, logwolf_dmg_prep, and logwolf_dmg targets and
packaging assets. Update the documentation.
We need to add a set of Logwolf version variables to CMake and
make-version.pl. Add a static logwolf-version attribute to
attributes.adoc in the mean time.
Add conversation_new_full and find_conversation_full, which take
arbitrary element lists instead of fixed addresses and ports.
Update the comments in conversation.h to be more Doxygen-conformant.
Update README.dissector.
Use the new functionality to add initial conversation support to the
Falco Bridge dissector.
Users might want to download a source tarball and build an RPM
package from it.
Have git-export-release.sh use git-archive's 'export-subst' feature
so that it can detect whether it is being run from a git repository
versus run from source extracted from a tarball produced by git-archive.
In the latter case, produce a helpful console message telling the
user to copy the downloaded tarball into the binary directory so
that the rpm-package target can succeed. Also update the Developer's
Guide to suggest this as well.
We could try to create our own archive using tar, but there are
several possible gotchas, such as in-source builds, excluding a build
directory that is a subdirectory of the source dir, excluding unknown
different build directories from previous builds, dealing with different
options in different versions of tar, etc. This is good enough for
the common case, and anyone who wants something more complicated can
hopefully create their own tarball.
Fix#15167
Add get_configuration_namespace() and use it in code that writes
"generated by" comments at the top of various configuration files.
Update our Logwolf colorfilters.
Tarballs created by git archive have the commit ID stored in their
header. Only preserve a preexisting tarball if that commit ID matches
that of the current commit, even if the versions match.
Fix the creation of a temporary commit for when the working directory
does not match the tree. (When git diff-index is called without
--quiet or --exit-code, the exit code is success even when there
are differences). Use git stash create, as it is intended for scripts
like this; it creates a temporary stash not stored in the ref namespace
which does not require being popped later, and does nothing and outputs
the empty string instead of a commit ID if there are no local changes.
This helps when generating tarballs or building rpm packages repeatedly
out of a changing working tree.
Fix some deprecated and obsolete syntax from the rpm specfile that
modern distributions complain about:
Don't specify the BuildRoot
Don't have a %clean section
Don't remove the BuildRoot at the start of %install
Don't repeat Name in summary
Version the Obsoletes
Have a %build section
Escape macros in changelog
Remove comment about user setting _smp_mflags since rpm does that
automatically better now
Be consistent about spaces and tabs (tabs are used)
SUSE 15.1 moved to out of source builds, and sets a builddir
appropriately, but it makes some decisions about automatically
entering the build dir when building or installing that are
handled by the distribution's various Make and Ninja macros
differently than other distributions and later SUSE releases.
Work around it, so that both ninja and make builds work on
SUSE 15.1 (both OpenSUSE and SLES)
Related to #17910
Update glib and cmake requirements in the rpm spec, and also remove
some RHEL 7 conditions associated with them, since the versions of
glib and cmake in RHEL 7 are too old to be supported.
Convert our conversation protocols to a dynamic list and add
add_conversation_filter_protocol(). Use it in the Falco Bridge plugin to
add protocols with conversation filters.
In conversation_filter.h, add a separate log_conv_filter_list. Use it in
register_log_conversation_filter and add conversation_filter_from_log.
It looks like we no longer use find_conversation_filter externally, so
remove it from the API.
Add location tracking as a column offset and length from offset
to the scanner. Our input is a single line only so we don't need
to track line offset.
Record that information in the syntax tree. Return the error location
in dfilter_compile(). Use it in dftest to mark the location of the
error in the filter string. Later it would be nice to use the location
in the GUI as well.
$ dftest "ip.proto == aaaaaa and tcp.port == 123"
Filter: ip.proto == aaaaaa and tcp.port == 123
dftest: "aaaaaa" cannot be found among the possible values for ip.proto.
ip.proto == aaaaaa and tcp.port == 123
^~~~~~
Add argument to dfilter_compile_real() to save syntax tree text
representation.
Use it with dftest to print syntax tree.
Misc debug output format improvements.
Rename init_progfile_dir to configuration_init. Add an argument which
specifies our configuration namespace, which can be "Wireshark"
(default) or "Logwolf".
Add a separate UI application named "Logshark". It's currently a very
thin superclass of Wireshark, but that will change over time. Based on
work by Loris Degioanni.
This replaces the current macro reference system with
a completely different implementation. Instead of a macro a reference
is a syntax element. A reference is a constant that can be filled
in the dfilter code after compilation from an existing protocol tree.
It is best understood as a field value that can be read from a fixed
tree that is not the frame being filtered. Usually this fixed tree
is the currently selected frame when the filter is applied. This
allows comparing fields in the filtered frame with fields in the
selected frame.
Because the field reference syntax uses the same sigil notation
as a macro we have to use a heuristic to distinguish them:
if the name has a dot it is a field reference, otherwise
it is a macro name.
The reference is synctatically validated at compile time.
There are two main advantages to this implementation (and a couple of
minor ones):
The protocol tree for each selected frame is only walked if we have a
display filter and if the display filter uses references. Also only the
actual reference values are copied, intead of loading the entire tree
into a hash table (in textual form even).
The other advantage is that the reference is tested like a protocol
field against all the values in the selected frame (if there is more
than one).
Currently the reference fields are not "primed" during dissection, so
the entire tree is walked to find a particular reference (this is
similar to the previous implementation).
If the display filter contains a valid reference and the reference is
not loaded at the time the filter is run the result is the same as a
non existing field for a regular READ_TREE instruction.
Fixes#17599.
This allows the "needs to be reloaded" indication to be set in the close
process, as is the case for ERF; having a routine that returns the value
of that indication is not useful if it gets seet in the close process,
as the handle for the wtap_dumper is no longer valid after
wtap_dump_close() finishes.
We also get rid of wtap_dump_get_needs_reload(), as callers should get
that information via the added argument to wtap_dump_close().
Fixes#17989.
Create a Wireshark.dSYM bundle for our debugging symbols. Create a
separate .dmg for the dSYM bundle, similar to what we do for Windows.
`dwarfdump --uuid run/Wireshark.dSYM` returns what app
This reduces the size of the application bundle and .dmg quite a bit
(sizes measured with `du -sm`):
51 Wireshark 3.7.0 Intel 64.dmg
81 Wireshark dSYM 3.7.0 Intel 64.dmg
182 Wireshark.app
262 Wireshark.dSYM
Allow export PDU taps to be registered with a wiretap encapsulation
instead of always using WTAP_ENCAP_WIRESHARK_UPPER_PDU. This allows
creating normal capture files that aren't tied to wireshark without
having to do a "editcap -C -L -T", as well as creating files in
formats other than pcapng and pcap with tshark.
Provide a couple sample implementations in Ethernet (WTAP_ENCAP_ETHERNET)
and IP (v4 and v6, WTAP_ENCAP_RAW_IP) that are the most common use cases.
(I can imagine a few others; WTAP_ENCAP_MPEG_2_TS could probably be
useful, for example.) Fixes#15141
It creates bluetooth_data_t what is The Center of the Bluetooth World in Wireshark,
most important is that bluetooth_data_t must provide shared trees (resources) to enable
dissection for non trivial relations in Bluetooth, for example mapping BDADDR to name.
Issue: 17570
Change-Id: Ice17b804ab6d4dcf0f77f1b2356a6712ce7e64b1
We keep our various packaging assets in the "packaging" directory. Move
the Debian assets there. dpkg-buildpackage doesn't seem appear to have a
"debian directory path" option, but symlinking worked in my test
container.
RHEL 8 and derivatives have supported the various CMake macros since
8.4 (June 2021, see https://access.redhat.com/errata/RHEA-2021:1747)
Use them there as well, so that we have a unified spec file for all
recent distributions (with the older RHEL/CentOS 7 and SLES 12 being
the only exceptions.)
Fedora and SUSE 15 use out of source builds by default, but store
the build directory in differently named macros. Define one macro
for the build directory that has the appropriate value (which will
be "." for any distribution that doesn't have either macro, and
thus presumably does in-source builds.) This fixes building and
installing the guides with any of the supported distributions.
Also, since RHEL/CentOS 7 doesn't have a special CMake macro, it
needs to set the install prefix when calling cmake.
Also, fix a comment warning by escaping the percent sign.
If we're building with ninja, we need to require it.
While CentOS/RHEL/Rocky 8 doesn't have a asciidoctor package
(so we install it separately), we can add a BuildRequires on
the file that RubyGems creates for other rpm based distributions.
There's a couple places where /usr/local is hardcoded in the
spec file that need to be replaced with %{_prefix} in order for
RPMs to build correctly on OpenSUSE with prefixes other than
/usr/local
The BuildRequires and Requires for the -qt subpackage need to
go into its %package section, not its %description section.
The dependencies were not being enforced, but instead being added
to the description of the GUI package.