Extract Method for multiple message parsing for tpdus to simplify things for future bug fixes and to make the code logic clearer.
Encapsulate the following functions:
dissect_gtp_tpdu_by_handle
dissect_gtp_tpdu_as_pdcp_lte_info
dissect_gtp_tpsu_as_pdcp_nr_info
Note: The original code function is not changed.
Check for null conversations in conversation_add_proto_data,
conversation_get_proto_data, and conversation_delete_proto_data.
Document them as well. Ping #18043.
Sparklines should display to the user, which interfaces are active
and ready for capture. Additionally it should be easy to find active
interfaces, without filtering first.
This change reorders the interface list, in order to sort active
interfaces on top, as well as hide information if no packet has been
received on that interface, to ensure that the user can find active
interfaces faster, making it easier to capture on systems where
the interfaces have very generic names.
The interface context menu has been amended to allow interfaces to be
hidden/unhidden from the main interface list as well
Skip non protocols in process_tree before calling process_node(), and
in process_node() before calling itself recursively, instead of at
the beginning of process_node(), decreaing the number of recursive
calls.
This reduces possible stack overflows in cases arising from dissectors
that call proto_item_get_parent(), which can result in many top level
non protocol items due to items not properly being faked. (#8069)
Use proto_register_is_protocol for the test instead of testing for
a name, which has not been a useful test for some time.
Add some comments about possibly wanting to skip PINOs that have
field_type FT_BYTES if they end up being toplevel items, and about
possibly wanting to descend into the tree to pick up protocols not
at the top level.
Libgcrypt 1.8.x is required for a large amount of decryption
support and is the current LTS version of libgcrypt. The 1.6 and
1.7 series have been end-of-life since 2017-06-30 and 2019-06-30,
respectively.
The Linux distributions that have versions of libgcrypt before 1.8.0
are nearing or at end of support (RHEL7, SLES 12, Debian stretch,
Ubuntu 16.04LTS) and can be supported by the Wireshark 3.6 LTS release
series.
Remove an enormous amount of ifdefs based on libgcrypt versions
1.6.0, 1.7.0, and 1.8.0. There will be a second pass for the
commons defines HAVE_LIBGCRYPT_AEAD, HAVE_LIBGCRYPT_CHACHA20, and
HAVE_LIBGCRYPT_CHACHA20_POLY1305, which are now always defined.
The ISAKMP dissector has some comments noting that some workarounds
were used for libgcrypt 1.6 that aren't needed with 1.7; perhaps
that could be updated now.
The minimum required version of Qt is now 5.9, and thus the
minimum required version of macOS is 10.10 (Yosemite). Update
that in macos-setup, and remove various version checks and older
packages needed for Mountain Lion and Mavericks.
Also update the default version of Qt installed to 5.12.12, the
last release in the Qt 5.12 LTS series (and the last version with
an offline installer.)
Increase the minimum required version of Qt from 5.6 to the next
LTS version, 5.9. The various Linux distributions that have not
released an update to 5.9 or later (SLES 12, Debian stretch) are
nearing end of support, and can be supported by the Wireshark 3.6 LTS
release.
Qt 5.9 requires macOS 10.0, so make that the minimum macOS version
as well.
Remove unneeded version checks (except from QCustomPlot).
If we're faking items, then proto_[item|tree]_get_parent[_nth] return
the parent of the faked item, which may not be what we want. We have
no way of knowing if the logical item meant was the faked item itself
or one of its children that share the same proto_item when faked.
Thus we don't know if we should return the proto_item itself or its
parent when called on a possibly faked item. Most of the time we will
be adding new items to what we return here, which means not faking items
that could be faked (since we might be returning the root node, which
doesn't have a field_info), hurting performance (see #8069).
It can also have some unusual effects on the protocol hierarchy stats,
particularly if we change things so that non-visible items can change
their length, which has a similar issue. (#17877)
Convert our conversation protocols to a dynamic list and add
add_conversation_filter_protocol(). Use it in the Falco Bridge plugin to
add protocols with conversation filters.
Use proto_registrar_is_protocol instead of directly comparing
hfinfo->parent to -1 when determining if the field info is related
to a protocol or not.
This avoids adding the special case text only field, which does not
have a parent protocol id, to the protocol hierarchy. These fields are
merely strings on the GUI tree, not actual protocols.
They were checking for --help in an unusual manner that failed when
run with no arguments.
I've checked that --help works for each script, and that debian-setup.sh
actually works.
NOTE: bsd-setup.sh and rpm-setup.sh seem to have sometimes-broken
formatting, because they try to pass escape sequences to echo, which
POSIX says is implementation-defined (except on XSI-conformant systems).
These changes were mostly made using the following script, with a
manual fix in bsd-setup.sh because it isn't using "switch case".
```python
#!/bin/env python3
import sys
import re
usage_p = re.compile(r'^if \[ "\$1" = "--help" \]\nthen\n((?:\t(?:printf|echo) .*\n)*)\texit 1\nfi$',
re.MULTILINE)
case_p = re.compile(r'(^\tcase \$arg in$)',
re.MULTILINE)
root_check_p = re.compile(r'(\n# Check if the user is root(?:\n|.)*?fi\n)',
re.MULTILINE)
done_p = re.compile(r'(^done\n)',
re.MULTILINE)
def fix_setup(name: str):
assert name.endswith('-setup.sh')
with open(name, 'r') as fin:
s = fin.read()
s = usage_p.sub(r'function print_usage() {\n\1}', s)
s = case_p.sub(r'''\1
\t\t--help)
\t\t\tprint_usage
\t\t\texit 0
\t\t\t;;''', s)
m1 = root_check_p.search(s)
if m1:
root_check = m1[0]
s = root_check_p.sub('', s)
pos = done_p.search(s).end() # type: ignore[union-attr]
s = s[:pos] + root_check + s[pos:]
with open(name, 'w') as fout:
fout.write(s)
if __name__ == '__main__':
for name in sys.argv[1:]:
fix_setup(name)
```
This allows writing moderately complex expressions, for example
a float epsilon test (#16483):
Filter: {abs(_ws.ftypes.double - 1) / max(abs(_ws.ftypes.double), abs(1))} < 0.01
Syntax tree:
0 TEST_LT:
1 OP_DIVIDE:
2 FUNCTION(abs#1):
3 OP_SUBTRACT:
4 FIELD(_ws.ftypes.double)
4 FVALUE(1 <FT_DOUBLE>)
2 FUNCTION(max#2):
3 FUNCTION(abs#1):
4 FIELD(_ws.ftypes.double)
3 FUNCTION(abs#1):
4 FVALUE(1 <FT_DOUBLE>)
1 FVALUE(0.01 <FT_DOUBLE>)
Instructions:
00000 READ_TREE _ws.ftypes.double -> reg#1
00001 IF_FALSE_GOTO 3
00002 SUBRACT reg#1 - 1 <FT_DOUBLE> -> reg#2
00003 STACK_PUSH reg#2
00004 CALL_FUNCTION abs(reg#2) -> reg#0
00005 STACK_POP 1
00006 IF_FALSE_GOTO 24
00007 READ_TREE _ws.ftypes.double -> reg#1
00008 IF_FALSE_GOTO 9
00009 STACK_PUSH reg#1
00010 CALL_FUNCTION abs(reg#1) -> reg#4
00011 STACK_POP 1
00012 IF_FALSE_GOTO 13
00013 STACK_PUSH reg#4
00014 STACK_PUSH 1 <FT_DOUBLE>
00015 CALL_FUNCTION abs(1 <FT_DOUBLE>) -> reg#5
00016 STACK_POP 1
00017 IF_FALSE_GOTO 18
00018 STACK_PUSH reg#5
00019 CALL_FUNCTION max(reg#5, reg#4) -> reg#3
00020 STACK_POP 2
00021 IF_FALSE_GOTO 24
00022 DIVIDE reg#0 / reg#3 -> reg#6
00023 ANY_LT reg#6 < 0.01 <FT_DOUBLE>
00024 RETURN
We now use a stack to pass arguments to the function. The
stack is implemented as a list of lists (list of registers).
Arguments may still be non-existent to functions (this is
a feature). Functions must check for nil arguments (NULL lists)
and handle that case.
It's somewhat complicated to allow literal values and test compatibility
for different types, both because of lack of type information with
unparsed/literal and also because it is an underdeveloped area in the
code. In my limited testing it was good enough and useful, further
enhancements are left for future work.
Gerald Combs