In some cases, the fds parameter of frame_data_sequence_find is invalid,
causing the software to crash, For example, this command
echo'{"req":"frame","bytes":"yes","proto":"yes","frame":"1" }'|sharkd-
Instead of receiving the program name from GLib, pass it explicitly
to ws_log_init() instead and use that to initialize the GLib program
name.
ws_log_parse_args() will now exit the program when it encounters an
argument error if exit_failure >= 0.
Historically Wireshark evaluated the TCP in-flight value from the
payload actually seen all along the traffic captured.
We introduce another method to meet an observer paying greater
interest in the in-flight deduced from a ponctual SEQ analysis. It
may result in another value when analyzing incomplete conversations,
particularly when the beginning is missing.
The latter is activated by a User Preference setting added in this
release. Closes#7703.
Explain, in detail, exactly what it's trying to do and, for each of the
three commands in the example, what each step does, as well as
explaining what the calculation using the end time of one capture and
start time of another capture is doing.
(Where did this example come from? What is the real-world goal of this
exercise? And why is it an example in which all the fancy stuff is done
in commands *other* than mergecap?)
The debug log levels used in dot11decrypt are pretty much random.
Cleanup how the different levels are used and at the same time change
to standard wslog log levels.
With this change log levels are used as follows:
WARNING - Allocation failures or unexpected (but handled) errors.
DEBUG - Debug messages mainly related to key derivation.
NOISY - Debug messages related to packet decryption.
Build WiresharkPortable32 or WiresharkPortable64 as appropriate for our
target platform. Add WiresharkPortable64 steps to the Win64 builder.
Update the Developer's Guide. Fixes#17260.
It's not that Wireshark only supports one copy of some block options,
it's that *the pcapng specification* only supports one instance of some
block options, and it's not that wtap_block_set_*_value() fails on
non-string values, it's that the set_XXX_option_value routines currently
only support changing the value of an existing option, not adding a new
instance of an option - the latter requires the add_XXX_option_value
routine.
ws_warning() logs the source file name, source line number, and calling
function name for the ws_warning() call; for errors reported by
REPORT_DISSECTOR_BUG() and macros that call it, the message isn't
reported directly by the macro - the macro formats the error message
into a string, saves the string, and throws a DissectorError exception,
to terminate the dissection, and the exception handler uses the
formatted string in its messages.
Thus, the location in the exception handler isn't interesting; it's not
where the error occurred, it's just where the message is logged, which i
the same for all such errors.
Don't use ws_warning(); instead, directly call ws_log() with
WS_LOG_DOMAIN and LOG_LEVEL_WARNING, which doesn't log the location of
the ws_log() call.
Currently we are not filtering the unset (NULL) domain, on
the assumption that every log call should belong to a defined
domain.
However there are still many places in the codebase where this isn't
true and the fact that the null/default domain name is omitted from
the output and never filtered is probably surprising and user-unfriendly.
Users might understandably assume the filtering is buggy.
Give an indication, such as (none)-MESSAGE, to make this more
obvious.
LINKTYPE_ERF pcap files are really ERF files inside a thin pcap wrapper
(don't even ask what a pcapng file with some or all interfaces being
LINKTYPE_ERF is...), so the time stamp comes from the ERF record, not
from the pcap packet header or pcapng block header.
The time stamp reslution for the record should reflect that, so set it
to WTAP_TSPREC_NSEC (ERF time stamps are fractional-power-of-2, not
fractional-power-of-10, so that's the best we can do).
Have them take error code and error information string arguments and,
for various failures, fill them in as "internal error" indications.
Check their return codes to see if they got an error.
The --log-debug and --log-noisy now accepts a '!' to invert the
match and disable the debug (noisy respectively) log level for
the listed domains.
Note this is different from --log-domains, that option
enables/disables the entire log domain itself, regardless of log
level.
Don't assume the default is correct, because there's no guarantee of
that - in fact, there's currently a guarantee that it's not, as it's
initialized to 0, which is WTAP_TSPREC_SECS.
The AUTHORS section of wireshark(1) is about half the content of the man
page. While it's important to acknowledge the people who have
contributed to the project, the goal of the man page is to tell people
how to use Wireshark.
Replace the list of authors with text that acknowledges their
contributions along with pointers to the AUTHORS file and the list on
the main web site.
The name of the block, in the pcapng specification is the systemd
Journal Export Block; add "export" after "journal" in various
variable/enum/define names.
Problem Statement:
=================
OSPFv3 authentication trailer header is not get decoded for
Database description(DD) packets.
RCA:
====
OSPFv3 supports decoding of authentication trailer header only
for Hello packets as of now. Even DD packets have options and
it can be decoded based on AT bit.
Fix:
====
In the function to check if Auth trailer is supported,
Have added a check for DD packet also.
Risk:
=====
Low - Platform independent code.
Tests Executed:
===============
Download the code from CI and test DD packet decoding.
Signed-off-by: Abhinay Ramesh <rabhinay@vmware.com>
ZhongYao Luo