Signal PDUs over SOME/IP can be dissected since Wireshark 3.6 directly.
The workaround for SOME/IP to support signal dissection (legacy data
types) is therefore not needed anymore and is removed to cleanup the
dissector code.
This patch might make it necessary to regenerate the Wirehark config.
The Fibex-Converter was already updated.
If there are multiple Client Initial messages before the first server
response (e.g., a long fragmented TLS Client Hello), we won't recognize
the client ID from the server connection and we need to look it up
in the list of initial connections.
When parsing wlan header above capwap, first two bytes are swapped (fcf
and flag). the offset was handled incorrectly, causing wireshark to
display incorrect fcf data in the tree summery and completely wrong
flags information (in the case of swap, the flags point to the same
byte as the fcf)
Similar to TCP, properly display what frame a fragmented
TLS message was reassembled_in for the first fragment on
a second pass. Also similar to TCP, don't bother to add the
reassembled_in field for fragments that are reassembled
in the same frame.
Several more dissectors define their own "round up the length
to a 4 byte word boundary" macros. Use the new common macro
in wsutil/ws_roundup.h instead.
If nameservers use a different default port than 53, Wireshark
is not able to resolve, as it always assumes the default port.
This allows to configure both tcp/udp ports for name resolutions,
with the udp port being asked first and tcp only used for fallback
Implements #18214
Create the command value string when loading the dictionary and
assign it to the command code field when registering it. This
makes it behave like any other value_string for adding to a custom
column (allowing resolved and unresolved), etc.
It could be changed to use a wmem_array instead of a GArray, as is
currently done with the AVPs.
Fix#16833. (Note that solving the analogous issue for the AVP
code text is more complicated, since the interpretation depends
on the vendor ID.)
Passing a literal value to abs() on the LHS segfaults, because it
is incorrectly assumed to be a valid field.
We need to check if we actually have a field. While at it improve
the diagnostic of literals.
The following changes are part of this patch:
- Make signed integer for analog default
- Analog Sample Time 0 is reserved now
- Updating Data Flags TX for CAN, CAN-FD, LIN, FlexRay, UART
- Show Parity Bits of LIN
- Expert Warning, when FlexRay Header CRC overflows into reserved bits
This patch adds IDs and Names for:
- New UDS Services (0x29, 0x84, 0x86, 0x87)
- New ReadDTCInformation SubFunctions
- New Negative Response Codes
This patch does not dissection support for the new UDS Services.
There's some code intended to decode an older Internet Draft version
of Diameter, before December 2002. It's supposed to be set by an
obsolete enum preference, but due to a misunderstanding, it's
been dead code for the last 15 years. No one has complained in that
time, so instead of bringing the preference back and resurrecting
it, remove it and shrink the memory usage of the diameter dissector.
Related to #16833, as it will make adding the command code value
string simpler.
Register the data dissector to all dissector tables that support
Decode As. This provides a way to disable decoding for table
entries that have a default dissector registered to a value.
It is particularly useful when a dissector is registered by default
to several values (e.g. HTTP), to be able to disable decoding
for one port without disabling the dissector in general.
It is also useful to prevent payloads from being handed off
to heuristic dissectors, and is thus distinguished from the
fallback to data when no dissector is set. N.B.: that this has no
effect on dissectors that have a "Try heuristic sub-dissectors first"
preference set to TRUE.
It does not solve a second issue for table entries with a default
dissector - setting the dissector to "none" in order to force
payloads to be sent to heuristic dissectors without setting a
preference as above. (Note that in some cases one will wish to
send dissection on some ports to heuristics without enabling
heuristics first for _all_ ports.)
Fix#17518. Fix#15717. Related to #12098, which also needs the
last issue mentioned above addressed.
Non-blocking reads were used to workaround Windows pipe handle leaks.
Now that the underlying issue is fixed (i.e. Wireshark no longer leaks
child process stdin/stdout/stderr handles), we can use blocking reads.
Using blocking reads is the main performance improvement. Reading more
than one byte at a time gives additional 15% performance improvement (on
top of enormous speedup due to blocking reads).
Avoid stdin and stdout file descriptor race conditions by closing the
descriptors only after the respective threads exit.
dfvm.c:206:1: warning: no previous prototype for function 'dfvm_value_tostr'
dfvm.c:550:1: warning: no previous prototype for function 'filter_finfo_fvalues'
dfvm.c:645:1: warning: no previous prototype for function 'filter_refs_fvalues'
lpcre2.c:506:13: warning: no previous prototype for function 'luaopen_rex_pcre2'
lpcre2_f.c:207:5: warning: no previous prototype for function 'Lpcre2_config'
lpcre2_f.c:234:5: warning: no previous prototype for function 'Lpcre2_get_flags'
ftype-double.c:89:1: warning: no previous prototype for function 'val_unary_minus'
ftype-double.c:96:1: warning: no previous prototype for function 'val_add'
ftype-double.c:103:1: warning: no previous prototype for function 'val_subtract'
ftype-double.c:110:1: warning: no previous prototype for function 'val_multiply'
ftype-double.c:117:1: warning: no previous prototype for function 'val_divide'
ftype-integer.c:670:1: warning: no previous prototype for function 'uint_bitwise_and'
ftype-integer.c:677:1: warning: no previous prototype for function 'uint_is_zero'
ftype-integer.c:683:1: warning: no previous prototype for function 'uint_is_negative'
ftype-integer.c:689:1: warning: no previous prototype for function 'uint_unary_minus'
ftype-integer.c:704:1: warning: no previous prototype for function 'uint64_bitwise_and'
ftype-integer.c:711:1: warning: no previous prototype for function 'uint64_is_zero'
ftype-integer.c:717:1: warning: no previous prototype for function 'uint64_is_negative'
ftype-integer.c:723:1: warning: no previous prototype for function 'uint64_unary_minus'
ftype-integer.c:738:1: warning: no previous prototype for function 'sint_bitwise_and'
ftype-integer.c:745:1: warning: no previous prototype for function 'sint_is_zero'
ftype-integer.c:751:1: warning: no previous prototype for function 'sint_is_negative'
ftype-integer.c:757:1: warning: no previous prototype for function 'sint_unary_minus
ftype-integer.c:764:1: warning: no previous prototype for function 'sint64_bitwise_and'
ftype-integer.c:771:1: warning: no previous prototype for function 'sint64_is_zero'
ftype-integer.c:777:1: warning: no previous prototype for function 'sint64_is_negative'
ftype-integer.c:783:1: warning: no previous prototype for function 'sint64_unary_minus'
packet-bpv6.c:2182:1: warning: no previous prototype for function 'proto_register_bpv6'
packet-bpv6.c:2766:1: warning: no previous prototype for function 'proto_reg_handoff_bpv6'
packet-bpv7.c:1978:6: warning: no previous prototype for function 'proto_register_bpv7'
packet-bpv7.c:2037:6: warning: no previous prototype for function 'proto_reg_handoff_bpv7'
packet-realtek.c:349:1: warning: no previous prototype for function 'proto_register_realtek'
packet-realtek.c:436:1: warning: no previous prototype for function 'proto_reg_handoff_realtek'
packet-tcpcl.c:2147:1: warning: no previous prototype for function 'proto_register_tcpclv3'
packet-tcpcl.c:2211:1: warning: no previous prototype for function 'proto_reg_handoff_tcpclv3'
A "proto_tree_add..._ret_..." routine *must* return the value through
the pointer, even if no protocol tree is being built, as there's no
guarantee that a protocol tree will be built under all circumstances
(for example, if the dissection is only being done to generate the
column values, no column is a custom column, there are no coloring
rules, etc., so that none of the named field values are of interest, and
the protocol tree isn't going to be displayed, no protocol tree will be
built).
Fixes#18203.
packet-thrift.h:118:15: warning: parameter 'thrift_opt' not found in the function declaration
packet-thrift.h:119:15: warning: parameter 'is_field' not found in the function declaration
packet-thrift.h:121:15: warning: parameter 'field_id' not found in the function declaration
packet-thrift.h:122:15: warning: parameter 'hf_id' not found in the function declaration
packet-thrift.h:124:15: warning: parameter 'encoding' not found in the function declaration
packet-thrift.h:167:15: warning: parameter 'elt' not found in the function declaration
packet-thrift.h:169:15: warning: parameter 'seq' not found in the function declaration