Also fix packet-ieee1905.c to include packet-wifi-dpp.h for the definition
it needs.
Change-Id: Iebb290ffb3112161605d6065123cfc54b921f2eb
Reviewed-on: https://code.wireshark.org/review/38163
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The names for files extracted from data PDVs depend on information in the tags.
Need to read the tags for data PDVs if the Export Objects tap has a listener
even if there isn't a tree (so that tshark works) and need to send data to
Export Objects only after reading the tags (so that it works on the first pass).
This makes the tshark single pass behavior match wireshark GUI behavior.
Bug: 16771
Change-Id: I6cfa792e7b86f205290ff92c9f5e09fd94a25f9f
Reviewed-on: https://code.wireshark.org/review/38164
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Most of the detected non-contiguous mask bitmasks seem to be valid - they often
represent multiple unassigned/reserved bits that have been conflated into
one hf item.
A set of exceptions has been added to the script - a couple of genuine
buts will be addressed presently in a separate commit.
Change-Id: I87fcf6ee532819097c2daf20b4b1338abb4402d8
Reviewed-on: https://code.wireshark.org/review/38103
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Detected by check_typed_item_calls.py.
Change-Id: I08081c6619f3e1cd1b6733c8a2864bf9ac2a16aa
Reviewed-on: https://code.wireshark.org/review/38162
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Correct endianess for Max PDU field in LE Set CIG Parameters and LE
Create BIG Test Command. Correct endianes for BIS handle and remove
PHY field from LE Create BIG Sync Established Event.
Add SDU interval field to LE BIGInfo Advertising Report Event.
Change-Id: Ic276aceb5a2e1cd6e1c08ae20303bfbe6bdc1286
Signed-off-by: Allan Møller Madsen <almomadk@gmail.com>
Reviewed-on: https://code.wireshark.org/review/38157
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The Google/Apple Exposure Notification protocol is designed to aid
contact tracing efforts by allowing users to broadcast changing
identifiers, derived from longer-term (24 hour) keys; in the event that
a user receives a positive diagnosis, they upload their longer-term keys
to a key server, and all other users can use those long-term keys to
generate all the potential changing identifiers, and compare those to
their logs to determine if they were in contact with the infected user.
This protocol was developed in response to SARS-CoV-2, but is not
inherently limited to it.
This patch adds a "bluetooth.gaen" filter, with two data fields in the
periodic (changing identifier) broadcast:
- bluetooth.gaen.rpi: The Rolling Proximity Identifier
- bluetooth.gaen.aemd: The Associated Encrypted Metadata
Links to Protocol Documents:
- Google: https://www.google.com/covid19/exposurenotifications/
- Apple: https://www.apple.com/covid19/contacttracing
This change also adds the Bluetooth SIG-assigned 16-bit UUID for GAEN,
0xFD6F, to the list of Wireshark-recognizable 16-bit UUIDs.
These changes are licensed under the same license as Wireshark itself.
Change-Id: I3af14b225a35d0670433a9a89901d4d37895b3bd
Reviewed-on: https://code.wireshark.org/review/38064
Reviewed-by: Anders Broman <a.broman58@gmail.com>
new BMP Message type (Section 2.1).
o Type = TBD: Route Policy and Attribute Trace Message. (100)
new TLV types for the Route Policy and Attribute Trace Message (Section 2.3).
o Type = TBD1 (2 Byte): VRF/Table TLV. (0)
o Type = TBD2 (2 Byte): Policy TLV. (1)
o Type = TBD3 (2 Byte): Pre Policy Attribute TLV. (2)
o Type = TBD4 (2 Byte): Post Policy Attribute TLV. (3)
o Type = TBD5 (2 Byte): String TLV. (4)
Bug: 16749
Change-Id: I9858c94fb8fe5a9f3341204646030e59e13509bf
Reviewed-on: https://code.wireshark.org/review/37911
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Uli Heilmeier <openid@heilmeier.eu>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
tokens[] contains two tokens - the part of the identity before @ and the
part of the identity after @.
realm_tokens[] contain five tokens - the "."-separated parts of the part
of the identity after @.
The latter include "mncNNN" and "mncNNN".
This fixes a crash.
Change-Id: I4b13dd90977a626a823cb53958412301abf8addb
Reviewed-on: https://code.wireshark.org/review/38158
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
The IPv4 or IPv6 address was not added properly to the tree
Bug: 16777
Change-Id: Ic28138cc1d4c2dc350fb5ff95aa3a5496a293c91
Reviewed-on: https://code.wireshark.org/review/38153
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
Error: epan/dissectors/packet-docsis.c filter= docsis.ehdr.rsvd FT_UINT8 so field_width= 8 but mask is 0x3FFF which is 14 bits wide!
Error: epan/dissectors/packet-ixveriwave.c filter= ixveriwave.contextp.agc FT_BOOLEAN so field_width= 1 but mask is 0x0038 which is 3 bits wide!
N.B. The ixveriwave field was not in use, so was deleted.
Change-Id: Ife73eb9204f7339cc0fe2b4e991f0df553823ffe
Reviewed-on: https://code.wireshark.org/review/38140
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Make it more obvious that the time value is Zero.
Change-Id: Idca96185d869f10cf0d2b8ab6aaccb879dfc1ec2
Reviewed-on: https://code.wireshark.org/review/38135
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
FT_STRINGZ should be used *ONLY* if the string is *ALWAYS* supposed to
have a null terminator, either because the length isn't otherwise
specified, so that it can only be determined by finding the terminating
null character, or because a character count *and* a NULL terminator are
both used (yes, there appear to be some cases where that's true).
FT_STRINGZPAD is null-padded rather than null-terminated; this is
typically used for fixed-length fields that contain a string value that
might be shorter than the fixed length.
Change-Id: Ifdf421ca666482583a4dfc76167eae6dc473f48a
Reviewed-on: https://code.wireshark.org/review/38137
Reviewed-by: Guy Harris <gharris@sonic.net>
It's arguably an error, as an FT_STRINGZ requires at least one character
position for the terminating NUL, but the way to handle that is to give
it a string value of an empty string and add an expert info indicating
that the terminating NUL is missing. (The same should be done for
FT_STRINGZ fields with a specified non-zero length that don't have a NUL
in the last character position.)
Change-Id: Ie702bf44db36310f0f6e2625a3a64e6424167546
Reviewed-on: https://code.wireshark.org/review/38136
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
The documentation mentioned looks more like API/ABI documentation than
"data on the wire" documentation, but the strings all look like counted
strings, with no trwminating NUL. Use FT_STRING, not FT_STRINGZ.
Add a URL for the MQ PCF documentation and replace no-longer-working
URLs for the MQ documentation with a working URL.
Change-Id: Id656a3e6cd75bff34d1a5a650229b4ba749ef365
Reviewed-on: https://code.wireshark.org/review/38134
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Make sure to set the GSS Data subtree length properly when
the packet has been truncated so at least the rest of the
packet could be partially dissected.
Change-Id: I0b41137aea47c2512d15d28ed620542decd31904
Reviewed-on: https://code.wireshark.org/review/38086
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
- Add rfc8489 to differences table
- Add expert items for attributes exceeding packet length and attributes with trailing data
- Remove unused and "#if 0"ed attributes_properties_p (never used since added in 2009
Change-Id: If7f804a5ee8ea057765f2d55b04181c644cc3d0c
Reviewed-on: https://code.wireshark.org/review/38059
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In the main dissector, check the first 2/3 bytes for recognized
Byte-Order Marks (BOM) and decode if detected.
In the heuristic check, when unicode heuristics are enabled, check the
first 2 bytes for a recognized BOM instead of assuming UCS-2LE. (Still
falls back on that if no BOM detected.)
Bug: 9069
Change-Id: I7c6510221ef9257a9c3030715906e07b88af6aa7
Reviewed-on: https://code.wireshark.org/review/38076
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Update URL for the TACACS+ I-D - point to the IETF site.
Fix code indentation.
Use proto_tree_add_item_ret_uint() to get string lengths when adding
them to the protocol tree.
Put the username and password under the top-level tree item, rather than
at the top level themselves.
The username and password are counted strings, and are not
null-terminated; make them FT_STRING rather than FT_STRINGZ.
Change-Id: Ia974937ade5908f98c0b527586e8ac15c3ffb907
Reviewed-on: https://code.wireshark.org/review/38130
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
The PacketDiagram widget prints debugging information about items that
it skips and resizes. Make this conditional, similar to what we do
elsewhere.
Bug: 16769
Change-Id: Id7fbedbdac6096cbca8d997688d489eac4729f52
Reviewed-on: https://code.wireshark.org/review/38121
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Those routines do more checking than strtoul(), and get passed a pointer
to a guint32(), so you don't have to worry about 32-bit vs. 64-bit longs
(which causes warnings on macOS builds, courtesy of Apple throwing in
"narrowing 64-bit value to 32 bits" warnings when they introduced their
first 64-bit machines, to help developers 64-bitifying their
applications, causing macOS builds to fail).
If the checks fail, note that in the formatted value.
(XXX - assign units to the fields, so we don't have to add them in our
formatting?)
Change-Id: I35945a3f1eaedc88e5b2ebf500c06fb7cf022753
Reviewed-on: https://code.wireshark.org/review/38119
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Bug: 16764
Change-Id: Iff902150491c984d3069c1b83acef9c2c8ce12c7
Reviewed-on: https://code.wireshark.org/review/38106
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Export proto_item_set_bits_offset_len and fix
In file included from ../epan/dfilter/dfilter.h:18:
../epan/proto.h:1113:11: warning: parameter 'bits_offset' is already documented [-Wdocumentation]
* @param bits_offset The new length in bits.
^~~~~~~~~~~
../epan/proto.h:1112:5: note: previous documentation
* @param bits_offset The number of bits from the beginning of the field.
^ ~~~~~~~~~~~
Change-Id: Ib171ce38607b9656baea5eb7a3e6aee3b99ddbac
Reviewed-on: https://code.wireshark.org/review/38115
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
To quote RFC 4251, "The Secure Shell (SSH) Protocol Architecture",
section 5 "Data Type Representations Used in the SSH Protocols":
string
Arbitrary length binary string. Strings are allowed to contain
arbitrary binary data, including null characters and 8-bit
characters. They are stored as a uint32 containing its length
(number of bytes that follow) and zero (= empty string) or more
bytes that are the value of the string. Terminating null
characters are not used.
Strings are also used to store text. In that case, US-ASCII is
used for internal names, and ISO-10646 UTF-8 for text that might
be displayed to the user. The terminating null character SHOULD
NOT normally be stored in the string. For example: the US-ASCII
string "testing" is represented as 00 00 00 07 t e s t i n g. The
UTF-8 mapping does not alter the encoding of US-ASCII characters.
"Terminating null characters are not used." means "these aren't
null-terminated strings; FT_STRINGZ is for null-terminated strings, but
these are counted strings, for which FT_STRING si the right type.
Change-Id: I217d527847a20b640bf141a5d8d56f31456af04c
Reviewed-on: https://code.wireshark.org/review/38118
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
It's used in a number of source files; don't force each of them to test
GCRYPT_VERSION_NUMBER independently.
Make sure every file that uses HAVE_LIBGCRYPT_AEAD includes
wsutil/wsgcrypt.h.
Also do some other definitions that are based on the libgcrypt version
there as well.
This requires that the Qt UI code be given the include directory for
libgcrypt, as the follow stream code includes
epan/dissectors/packet-quic.h, which includes wsutil/wsgcrypt.h to get
HAVE_LIBGCRYPT_AEAD defined, and wsutil/wsgcrypt.h includes <gcrypt.h>.
Change-Id: I9cb50f411f5b2b6b9e28a38bfd901f4a66d9cc8f
Reviewed-on: https://code.wireshark.org/review/38116
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
http3_is_reserved_code() is only used if HAVE_LIBGCRYPT_AEAD is defined;
only define http3_is_reserved_code() if HAVE_LIBGCRYPT_AEAD is defind.
(Then there's the issue that HAVE_LIBGCRYPT_AEAD is *NOT* defined as a
result of CMake tests, it's defined in packet-tls-utils.c based on the
libgcrypt version, so it's not as if it can be used outside
packet-tls-utils.c, but that's another bug to fix.)
Change-Id: Ibecdf6e12fde27d75fcd7849ca0cd62f4129f5c2
Reviewed-on: https://code.wireshark.org/review/38114
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Replaced tvb_captured_length_remaining() with
tvb_reported_length_remaining().
Change-Id: I87c07488590cd82ca8a945ac6f13efa45807e55b
Reviewed-on: https://code.wireshark.org/review/37098
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Apparently, it's possile for ssh_keylog_compute_hash() to be called with
a struct ssh_flow_data structure with a null kex_e; if it is, give up on
computing the hash before we try dereferencing global_data->kex_e.
See, for example, the capture at
https://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=Example1.pcap
which crashed if I ran a TShark, built from the tip of the master branch::
TShark (Wireshark) 3.3.0 (v3.3.0rc0-1806-g79e43ef98d59)
Copyright 1998-2020 Gerald Combs <gerald@wireshark.org> and
contributors. License GPLv2+: GNU GPL version 2 or later
<https://www.gnu.org/licenses/gpl-2.0.html> This is free software; see
the source for copying conditions. There is NO warranty; not even for
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with libpcap (including remote capture support),
without POSIX capabilities, with GLib 2.37.6, with zlib 1.2.11, with SMI
0.4.8, with c-ares 1.15.0, with Lua 5.2.4, with GnuTLS 3.4.17, with
Gcrypt 1.7.7, with MIT Kerberos, with MaxMind DB resolver, with nghttp2
1.39.2, with brotli, with LZ4, with Zstandard, with Snappy, with libxml2
2.9.9.
Running on Mac OS X 10.15.6, build 19G73 (Darwin 19.6.0), with Intel(R)
Core(TM) i9-9980HK CPU @ 2.40GHz (with SSE4.2), with 65536 MB of
physical memory, with locale en_US.UTF-8, with libpcap version
1.10.0-PRE-GIT, with GnuTLS 3.4.17, with Gcrypt 1.7.7, with brotli
1.0.7, with zlib 1.2.11, binary plugins supported (0 loaded).
Built using clang 4.2.1 Compatible Apple LLVM 11.0.3 (clang-1103.0.32.62).
with "tshark -n -V -r Example1.pcap".
Change-Id: Icc534b488e5b486597162e54c725afb54ad61c05
Reviewed-on: https://code.wireshark.org/review/38113
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Add a new top-level view that shows each packet as a series of diagrams
similar to what you'd find in a networking textook or an RFC.
Add proto_item_set_bits_offset_len so that we can display some diagram
fields correctly.
Bugs / to do:
- Make this a separate dialog instead of a main window view?
- Handle bitfields / flags
Change-Id: Iba4897a5bf1dcd73929dde6210d5483cf07f54df
Reviewed-on: https://code.wireshark.org/review/37497
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
PAA is a variable length IE, but it is not extendable (see Table 8.1-1 in
3GPP TS 29.274). For a give type the length therefore has to match and
can not exceed the defined length.
Change-Id: Id65842a7f25018fd3864efd73f74ae583102a681
Reviewed-on: https://code.wireshark.org/review/37984
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
These are the final issues currently seen by check_typed_item_calls.py
Error: proto_tree_add_none_format(.., hf_authentication_parameter, ...) called at epan/dissectors/packet-obex.c:1840 with type FT_UINT8
(allowed types are {'FT_NONE'} )
Error: proto_tree_add_none_format(.., hf_authentication_parameter, ...) called at epan/dissectors/packet-obex.c:1887 with type FT_UINT8
(allowed types are {'FT_NONE'} )
Error: proto_tree_add_none_format(.., hf_session_parameter, ...) called at epan/dissectors/packet-obex.c:2058 with type FT_UINT8
(allowed types are {'FT_NONE'} )
Change-Id: If6772a72e01c7afd774a7b673d5775fd598bace3
Reviewed-on: https://code.wireshark.org/review/38095
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
This patches adds support to parse the TX flags of the radiotap header,
including a new DONT_ORDER Tx flag.
Bug: 16732
Change-Id: Ia57c079e020a32219a3e3fcfb7da5ef260360b7e
Reviewed-on: https://code.wireshark.org/review/37944
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Removed WLAN from the EAP identity fields because
it is additional and unnecessary. Added fields for
the full identity string and the identity type.
Removed the pseudo and reauth identity types by
collapsing all identity values into one field
(eap.identity) so the values may be filtered easier
by users in tshark and the GUI. Omitting
encrypted IMSI code until this patch and Change
37250 get merged since the encrypted IMSI logic
depends on these two patches.
Bug: 16537
Change-Id: If359756c1949aff2510b822b70e0e79df85213d0
Reviewed-on: https://code.wireshark.org/review/37257
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Id33135d82f30f0d88910b994492b4a64ac170d84
Reviewed-on: https://code.wireshark.org/review/38105
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Routine "dhcpv6_domain()" of packet-dhcpv6.c has the following
issues:
a. It is unaware of partial (relative) domain names which unlike
FQDNs must *not* be root terminated(0); otherwise, the resolver
interprets them as top-level domains (TLDs) such as "com." and
"org.".
b. Malformed errors are not thrown when they should be and when
thrown, it does so for the wrong reason.
c. No detail is provided as to the nature of a malformation.
d. The routine does not know the difference between an "empty"
and "root-only" domain name.
Routine "dhcpv6_option():
The meanings of flags octet of the in the OPTION_CLIENT_FQDN
option sent by the client are different that those of the server.
These differences are not reflected in the display. In addition,
the description of the 'N' bit is incorrect in either case. The
sender type must be determined in order to label them correctly
and to detect conflicts among them.
These changes fully address the above issues. Six types of
domain name errors are now detected. I believe the unusually
large amount of detailed comments with RFC references and
explanations were needed in this case due to the introduction
of concepts such as partial domain names that were not
recognized as such and thus improperly handled and labelled.
The subtree option headers have been converted from "Text only"
to named fields (dhcpv6.option.type_str). Example captures are
attached to the bug report.
Bug: 16627
Change-Id: I5ef3ee4261b9ab1f331ae2b9b0aa9e3d5e4a5566
Reviewed-on: https://code.wireshark.org/review/37678
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
"Save as" in Follow Stream saves whatever is displayed (except for
Raw), and has long always saved in UTF-8 encoding. (A few things are always
ASCII, which is still valid UTF-8.) The older description of "Show data as"
makes more sense here, as otherwise it implies data will be saved in the
original encoding instead of UTF-8. A checkbox or similar to save in the
original encoding instead of UTF-8 is a possible future enhancement.
Change-Id: I2d5016e9a974d5d614ff93eab0301ea0ce96108e
Reviewed-on: https://code.wireshark.org/review/37771
Reviewed-by: Guy Harris <gharris@sonic.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Gerald Combs