If we do a save with copy, so that we just copied the binary
file, everything in the wtap structure should be the same except
for the filename and the file descriptors, so just change that
instead of closing wtap and reopening it.
The current behavior of calling wtap_open_offline does not work
for files that have blocks (SHBs, IDBs, NRBs, DSBs, ISBs, etc.) in
the middle of the file instead of at the beginning, but we shouldn't
have to waste time rescanning the entire file either.
In the case where a specific file format reader was manually selected,
this will keep the same file format as selected instead of switching to
the auto-detection when opening the copy, just as SAVE_WITH_MOVE already
does and presumably what the user wants.
Update wtap_fdreopen to change the wtap struct's pathname if
wtap_fdreopen is called with a different filename than currently.
Fix#17472
When desegmenting, don't add [TCP segment of a reassembled PDU] to
the INFO column if we've already dissected a complete PDU in this
frame. This is for the same reasons that we set a fence in the INFO
column and set the PROTOCOL column to be not writable. It's not
of particular interest that this frame also contains the start of
a new PDU when the INFO column has information about a complete
higher level PDU. The information about the other PDU is contained
in the tcp tree elements.
Fix#15494
In the case where the beginning of a TCP segment does not continue
a higher-level PDU, but the end of the segment is the beginning of
another PDU, we don't need to create the MSP for the second PDU
after the first time we visit the packet. However, we do want to
retrieve that MSP for determining in which frame the second PDU
was reassembled.
Make "Reassembled PDU in frame:" messages be added in that case
like it already is for other frames with MSPs.
TCP can contain multiple PDUs of the next layer protocol, and the
subdissector (or further subdissectors called from it) can change
the addresses and ports. However, the addresses and ports are used
for the desegmentation tables at the TCP level, as well as for
various purposes in encapsulated protocols.
Restore the addresses and ports values of packet_info before each PDU,
and in desegment_tcp after returning from a subdissector. When leaving
desegment_tcp ensure that the addresses and ports are set to whatever
they were after the last subdissector call that successfully
desegmented a PDU.
Fix#2345. Fix#9782.
The test for "old_len" with a reassembled MSP has never been accurate
for out of order reassembly, where it caused additional data requested
to be taken from the end of the current frame instead of from the
correct portion of the reassembled MSP, which could be from an
out of order frame (later in sequence, but arrived earlier.)
The test is unnecessary - the other case, where we need more data
but there's more in the current frame is already handled by looping again.
This fixes reassembly where TCP is out of order and those out of order
segments don't align on PDU boundaries. Fix#13317.
Also fix a minor issue in the same situation where the length of the
current segment was indicated incorrectly for out of order frames
contributing to multiple MSPs.
The warning is harmless and we want to keep upstream code
as pristine as possible (unless there is a real issue in
the code of course) so disable the warning.
Rename the following build targets:
app_bundle to wireshark_app_bundle
dmg_package_prep to wireshark_dmg_prep
dmg_package to wireshark_dmg
Add logwolf_app_bundle, logwolf_dmg_prep, and logwolf_dmg targets and
packaging assets. Update the documentation.
We need to add a set of Logwolf version variables to CMake and
make-version.pl. Add a static logwolf-version attribute to
attributes.adoc in the mean time.
52054046c1 switched archive extraction from 7Zip to CMake. This removed
a dependency on 7Zip, but assumed that CMake was in our PATH. Add a
CMakeExecutable to win-setup.ps1 and use it in CMakeLists.txt to pass
the value of CMAKE_COMMAND.
Add the de facto standard Lua regex API to Wireshark. Upstream
code is copied verbatim and the module opened in the "rex" table.
This is just a user convenience and developer quality of life improvement
over the GRegex Lua API because it has always been possible to
load lrexlib-pcre2 as a Lua module from Wireshark.
This code has been unmaintained and does not pass the lrexlib test
suite. GRegex itself has been obsolescent for some time, although GNOME
has recently restarted trying to move it to PCRE2.
Remove it in preparation for a move to lrexlib-pcre2.
When processing segments out of order in TCP, it is possible to
get new segments that fill a sequence gap and be able to dissect
at least one PDU but need more data for additional PDUs (that have
data from the contiguous stream bytes.) We can only determine this
after passing the reassembled segments to the subdissector first.
To keep dissection and layer numbers consistent between passes,
split the multisegment PDU, keeping the already dissect PDU(s) in
the current reassembly and creating a new MSP for the parts not yet
dissected.
Update the dissection test to enable the currently skipped test that
require MSP splitting and remove test_tcp_out_of_order_twopass_with_bug
Introduce Wireshark specific enum to facilitate USB speed specific
dissection. Any similarity of actual enum values with any protocol
is coincidence and should not be relied upon.
Rename speed defines in USBIP dissector to not collide with Wireshark
USB speed enum. The values used in USBIP are implementation specific.
Allow user to set capture speed in USBLL dissector preferences. Use the
selected speed in USB dissector to sanitize endpoint maximum packet size
value based on speed specfic requirements from USB 2.0 specification.
Close#18062
Almost all the ints in tap-iostat are loop counters, numbers of columns
or rows, durations, lengths, widths, or magnitudes, all things that are
inherently unsigned. Make them unsigned.
This has the incidental effect of fixing an odd alloc-size-larger-than
error with gcc 12.1, which is afraid that if borderlen is signed that
g_malloc will somehow be called with value -1 (18446744071562067969):
Fix#18089
Switch the non-endpoint *_by_id conversation routines to use element
lists. Change the ID type from guint32 to guint64. None of them used the
address+port option flag arguments, so remove them.
Download our third party libraries and drivers from dev-libs.wireshark.org
in win-setup.ps1. Automatically check our state based on our library
filenames and hashes instead of a manually updated tag.
Guy Harris