When selecting a dissector in the Decode As dialog box, the combo box of
dissectors is sorted by the ASCII of the dissector description (or protocol
name). That's not very user-friendly because it's case-sensitive; protocols
starting with a lowercase letter appear at the end of the list.
Put the dissectors in a QList and sort the list using localeAwareCompare,
instead of using a QMap and relying on its implicit sorting by key. This
sorts them case-insensitively, and makes it easier for the user to find
protocols in the list.
Remove follow_type_t and use proto IDs in its place, since
follow streams are registered via proto ID. Add looking up
registered follow stream types by proto ID, and creating
FollowStreamDialog using proto ID.
Dynamically create the Follow actions based on the registered
follow streams.
Dissectors, including plugins, can now self-contain everything
necessary in order to add follow support (though shortcuts,
overriding the menu name, and special handling for "is the
protocol in the frame" still requires a few manual changes.)
The Conversation (and Endpoints) Dialog no longer need to know
anything special about whether UDP and TCP can be followed.
For example, this means that DCCP streams can automatically be
followed from the Conversation window.
The LISP Canonical Address Format has a payload length indicator.
Use that to create a payload tvb and don't dissect outside the
payload length. With fuzzed and malformed packets, this was causing
the same bytes to be dissected many times, particularly in the
recursive address types.
A LCAF would be dissected outside the payload region, but then
elsewhere the offset was only advanced by the payload length.
Fix#18900
On truncated TLS records, just fail when attempting to decrypt or
calculate the handshake hash instead of raising an BoundsError.
The appropriate exception will be raised later when fields are
actually added to the tree.
This only makes a difference on the first pass, especially with
unencrypted initial handshake messages, as we don't try to decrypt
or calculate the hash on the second pass.
Fix#18896
This is a dissector for the GSM "Layer 2 Relay Character Oriented
Protocol" as used in non-transparent CSD (Circuit Switched Data)
calls in GSM and UMTS cellular networks.
This protocol is used in the user plane of non-transparent CSD (Circuit
Switched Data) calls in GSM networks. RLP frames are sent over the Um
air interface, and are sent as modified V.110 frames over 64k TDM
channels in the back-haul/core network. For modern implementations,
this means in RFC4040 RTP CLEARMODE.
As there's no V.110 decoder in wireshark, we cannot connect the RLP
decoder to that. However, we hook it up to the GSMTAP dissector to
enable other software to pass the decoded RLP frames into wireshark.
This changes the tree received by registered vendor dissectors (the
OUI isn't part of the dissected tree anymore). Thankfully there are
currently no dissector registered.
When right-clicking an item in the packet details and using "Colorize
with Filter", the colour may be applied using the wrong filter.
The code currently only updates the filter used for "Colorize with
Filter" if the packet details are visible and has focus. This is not
the case when you switch from one packet to another (at least by
clicking the other frame in the packet list).
The patch moves the emit of fieldFilterChanged() up to where the
filed_filter is identified. This seems the least intrusive.
Commit e921b804d0 removed the
user data parameter from logging, so remove it here.
Explain how the debugging defines work.
If DEBUG_DUMPCAP is defined and dumpcap is a capture child, don't send
logs to stderr with normal formatting, because that will be connected to
the sync pipe. Don't send them to stdout either, because that can be
connected to a data pipe (e.g., for retrieving interface information.)
Instead, send it to stderr with the special formatting so that the
parent recognizes it.
Use va_copy if both DEBUG_DUMPCAP and DEBUG_CHILD_DUMPCAP are defined,
avoiding undefined behavior that can lead to segfaults.
Set the log level to DEBUG when running as a capture child if the
DEBUG defines are set, because sync_pipe_start doesn't pass along
log level information. If you turned on the extra #define, you
presumably want to debug.
If logging to a file, open the file before any log messages.
Get rid of a check for the log level being below the default level.
It's either redundant of a check already done in ws_log_full, or it
prevents logs from being shown when dumpcap is run standalone with
logging options.
Fix the file name in the introductory comment.
Update a comment to note that a base64 value is handled, in some ways,
like a nested element, even though it's not nested in the way that an
object or array is.
Have json_dumper_bad() write current stack depth and the current and
previous types in, if possible, symbolic or numeric form; don't dump
other information. Also have it set JSON_DUMPER_FLAGS_ERROR, so no
other routine needs to do so.
Add routines to check for dumper stack overflow *and* underflow and
report them with appropriate messages, and use them in routines that
push onto or pop off of that stack, respectively.
This means that the stack depth won't overflow or underflow, so we can
make it unsigned (as it will never underflow below 0) and don't need to
check for negative or bigger-than-the-stack values.
Pull check out of json_dumper_check_state() into various existing or new
routines (for common code to call in those existing routines), and have
the error messages passed to json_dumper_bad() give a more detailed
explanation of the particular problem detected.
Oliver Smith
Daniel Willmann
Martin Mathieson
Harald Welte