Add DissectorTable.try_heuristics(name, tvb, pinfo, tree). Previously,
there was no way for a Lua plugin to run an existing heuristic
dissector.
Based on Gerrit change 18718. Closes#17220.
disabled RichText in regex text input, to prevent invisible
formatting from getting passed to the regex engine
fixed a issue where fields matched by duplicate groups would
not be parsed
Added documentation on the Regular Expression import mode
Added documentation for the associated ui-fields
Updated the screenshot for the import-from-hexdump dialog
Added a screenshot of the Regular expression mode tab
Updated the documentation for the updated Timestamp format
Added an entry in the release notes about this new/updated feature
Modularized the parser backend slightly to have the needed hooks
Modified the timestamp format slightly to enable arbitrary postion for
second fractions
Added a regex based seeking parser for textfiles as frontend alternative
to text_import_scanner.l
Regex is using the GLib implementation
Supported frame-data formats are bin, hex, oct and base64
Regex based importing UI
Fixed Meory-leak in ImportTextDialog::exec()
A new tab was added to the text_import ui to accomodate the new fields
Hints are available and styled accordingly
Update display name of the nordic_ble dissector to the release used
by nordic semiconductor for the development tool on the homepage.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Introduce a new TCP preference to allow the user to choose the
precedence between Fast Retransmission or Out-Of-Order. When
performing the SEQ analysis, ambiguous packets will be considered
with the chosen priority, helping in the final interpretation.
Closes#15987
This patch adds a dissector for PDUs based on signals. On CAN,
FlexRay, etc. data is transported in PDUs that are based on
signals. These signals are typically an arbitrary number of bits.
This dissector allows:
- Parsing configured signals (shortened datatypes too)
- Scaling and moving signals values (compu scale)
- Naming signal values (compu consts)
- Filtering on the scaled and raw value
The dissector supports:
- Signal PDUs over CAN
- Signal PDUs over FlexRay
- Signal PDUs over SOME/IP
- Signal PDUs over PDU-Transport
Add --ifname and --ifdescr to allow the name and description for an
interface or pipe to be set; this overrides the specified name or
reported description for an interface, and overrides the pipe path name
and provides a description for a pipe.
Provide those arguments when capturing from an extcap program.
This is mainly for extcaps, so you have something more meaningful than
some random path name as the interface name and something descriptive
for the description.
- gvsp: Fixed some GenDC container header related endianess bugs
(flipped bits in dissector)
- gvsp: Added support for GenDC meta-data decoding
- gvsp, u3v: Added support for all newly defined pixel formats
- its: Removed redundant code (possible search and replace error)
Now we ignore random packets and also correctly recognize server
responses in cases where the client uses the same port numbers as
the server for its TFTP or other conversations
As of now a plugin subdissector can register itself for byte or string type only.
This change adds an option to allow a plugin to register a subdissector for any protbuf field.
this subdissector will be able to dissect a protobuf field on top of the existing dissector for that field.
As of now a plugin subdissector can register itself for byte or string type only.
This change adds an option to allow a plugin to register a subdissector for any protbuf field.
this subdissector will be able to dissect a protobuf field on top of the existing dissector for that field.
Changes:
- all waveforms has common scale therefore louder/quiter signal is visible
- when stream/streams are deleted from view, Y axis is rescaled and
waveforms are rearranged to reuse empty space
SASL Buffer starts after the SASL Buffer Length field. Therefore
we should only mark the bytes without the Length field.
Sample capture can be found in wireshark/wireshark#15128
As of now GTP dissector provides option to decode T-PDU data ether, async, and with some heuristics.
But there is no option present to decode a new protocol with a plugin.
This change adds an option to decode T-PDU data with a plugin, to help develop and test new protocols that are
encapsulated as GTP T-PDU data.
* Since c3342930 we don't free anymore the entries in the files hashtables.
The cleanest solution is probably to convert these hashtables into two
wmem_map_t structures and let the wmem core handling any cleanup.
* b0f5b2c174 added supported for chained compression; the uncompressed
tvb must be freed
guint64 is *not* guaranteed to be an unsigned long int; on an ILP32
platform, it *can't* be a long, as that's only 32 bits. Use
G_GUINT64_FORMAT to format guint64 values.
The Linux kernel includes a module called psample which sends sampled
packets to user-space over generic netlink.
This patch adds a dissector for these netlink packets.
The dissector is expected to be invoked by the generic netlink dissector and
during its hand off routine it adds an entry in the 'genl.family' dissector
table.
The various netlink attributes are dissected by calling
dissect_netlink_attributes(), in a similar fashion to the rtnetlink and
net_dm dissectors. The sampled packet itself is encoded in the netlink
attribute 'PSAMPLE_ATTR_DATA' and dissected by invoking a dissector from the
'sll.ltype' dissector table based on the packet's protocol which is
encoded in the 'PSAMPLE_ATTR_PROTO' attribute.
Signed-off-by: Amit Cohen <amcohen@nvidia.com>
Legend and it's elements were shown only when first waveform requires it.
Patch fixes it and all legend elements are shown when required by any
waveform.
The existing stuff doesn't appear to work (I tried it on 32-bit Ubuntu
18.04, and it did *not* add any flags to the compilation, as it appeared
not to conclude that they were necessary, even though they were).
Pull in the stuff from libpcap, which *does* appear to work. (it does
so in my 32-bit Ubuntu testing).
This should fix#17301.
While we're at it, fix cppcheck.sh so that it doesn't attempt to run
cppcheck on files that have been deleted.
Extended sequence number added to info structures.
Extended timestamp (from 32 to 64 bit) calculation added and added to
info structures.
Both values simpifies calculations in rest of the code - we don't have
to care about wraparound. Code will be adapted later.
It is invalid to assume that every unknown and/or vendor specific
traffic is IPPUSB. If a vendor specific class is indeed IPPUSB then
the dissector should be selected based on VID/PID.
The way IPPUSB was registering caused packets from devices without
corresponding dissector in Wireshark (majority of the devices in the
wild) being dissected as IPPUSB and shown as Malformed Packets. For
example the Silicon Labs CP210x UART Bridge was dissected as IPPUSB.
Visual waveform is derived from decoded audio. When audio is decoded
incorrectly, waveform now shows it.
E.g. on issue 14401 is now audio play aligned with waveform, but it
exhibits that decoded audio is incorrect - about two times longer than
pcap!
Changes:
- samplefile_ renamed to sample_file_
- tempfile_ is renamed to temp_file_
- decode() is separated to decodeAudio and decodeVisual
- Frame info stores frame len and frame_num for every frame. We must hold
it per frame as it may change in time. Info is stored in separate temp file
as waveform samples.
Now that FT_PCRE is gone, a GRegex is not a valid value for a field. (A
field can be a *string* field whose value is supposed to be a PCRE, but
that's just FT_STRING/FT_STRINGZ/FT_STRINGZPAD/FT_STRINGZTRUNC, and the
value is the string text.)
In rare circumstances Spurious Retransmissions are not detected
and the SEQ analysis would instead conclude with a Fast Retransmit
or an Out-Of-Order. As Spurious Retransmissions are more certain
than the latter ones, their respective precedences are changed.
The documentation is updated accordingly. Closes#13863.