The "Import from Hex Dump" time delta for packets without a timestamp
was changed to be a nanosecond, but the time resolution for the file
created by import_text_dialog is the default, microseconds. Until
that is configurable, the time tick used needs to be microseconds like
it was before.
Clean up the code so that it's a little more consistent about when
and how the extra time tick is added, namely:
1. If there is no time format passed in.
2. If time format conversion for the packet fails for any reason.
We don't add an extra delta in other situations, e.g. if packets just
happen to have the same valid time value.
Fix#15562.
Qt's documentation recommends using CMAKE_PREFIX_PATH to designate your
Qt installation prefix: https://doc.qt.io/qt-5/cmake-get-started.html.
Do so in GitLab's CI and update the Developer's Guide.
Dissector names allow extension items to be given standard text names.
This also uses a protocol-in-name-only to avoid the frame.protocols field from containing ":tcpcl:tcpcl:tcpcl:..." for each extension dissection.
Update to reflect the transition from C99 to C11. Remove obsolete
comments and recommendations. Add a bit about transitioning to C
fixed width types.
Related to #17768.
_parse_time, which uses g_strlcpy, expects that end_field points
to the position after the end of the field (such as the \0.)
text_import_regex handles this correctly, but when importing from
hex dumps the last character of the timestamp was being cut off,
which makes a big difference when fractional seconds are not used.
C11 support requires a newer Windows SDK. Add version checks and
workarounds as needed. Remove a redundant CMAKE_C_COMPILER_ID check. Add
a description of C5105 to match our other warning adjustments.
In wtap_dump_init_dumper(), when constructing a dummy IDB for files
that don't have one, if the tsprecision value is anything other than
the default, then the OPT_IDB_TSRESOL option also needs to be set.
Without it, for a pcapng the timestamps will be written according to the
tsprecision and time_units_per_second values, but when it is read,
the values will be interpreted incorrectly.
It would probably be better if the consistency of these values were enforced.
In addition to setting tsprecision and time_units_per_second, add
the OPT_IDB_TSRESOL option as well, because pcapng expects that to
be set if tsprecision is anything other than the default.
Because we already have the length of the output string after
calling vsnprintf(), we should avoid calling wmem_strdup(), which
will ignore that and recompute the length.
Increase the buffer size to a value that seems reasonable to
minimize the chance of a second call to vsnprintf().
For historical reasons our logging inherited from GLib the logging of
some levels to stdout. Namely levels "info" and "debug" (to which we
added "noisy").
However this practice is discouraged because it mixes debug output
with application output for CLI tools and breaks many common usage
scenarios, like using tshark in pipes.
This change flips the logic on wslog to make logging to stderr the
default behavior.
Extcap subprocess have a hidden dependency on stdout so add that.
Some GUI users may also have a dependency on stdout. Because
GUI tools are unlikely to depend on stdout for programatic output
add another exception for wireshark GUI, to preserve backward
compatibility.
The type ssize_t is not available on Windows. Because this is
used in the public API we must provide a definition for it.
To avoid having to add a header to fix this use a size_t in
the API instead, and assign SIZE_MAX to represent a null
terminated string.
At least on Monterey, with Xcode 13.1, the linker whines that we weren't
granted the Sacred and Holy Right to link with the Python 2.7 framework.
As far as I know, we have no need to use that framework, so configure it
out.
Point it to fetch files from falcosecurity/libs repo.
Moreover, add support for blank spaces in param names.
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
Mainly:
* added 3 new procexit event params
* avoid sigsegv when sysdig event has
a number of params that is
greater of the wireshark one.
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
João Valverde