inputMask populates the field with a space for each character
in the mask. Mouse people that click in the field may position
the cursor at the far right of the mask and not be able to enter
a value.
https://www.qtcentre.org/threads/7106-QLineEdit-and-input-mask
Remove the inputMask from the field definition and add a validator.
The beginning of the tshark manual talks about read filters and
using the -R option. Switch all that to display filters and -Y,
since that's the typical use now, with -R limited to two-pass
analysis.
When RPCGSS flavor is used and GSS context is destroyed (GSS procedure is set
to RPCSEC_GSS_DESTROY), Verifier field must be dissected as a part of 'RPC'
protocol in the same way as for other GSS procedures. This behaviour
is explicitly defined by RFC2203 chapter '5.4 COntext Destruction'.
Reverts commit 3d81f3612b.
Fixes#17845.
Signed-off-by: Volodymyr Khomenko <Khomenko.Volodymyr@gmail.com>
Calculate the relative sequence number correctly for the first
data chunk of an association in the first pass. This fixes
tshark display and fixes calculation of retransmissions if the
first data chunk of an association is retransmitted. Fix#17917.
macos-setup.sh:
- Fix filename of libtiff in existence test from "libtiff" to "tiff"
- Added fallback URL for libtiff when the downloaded file is not a valid gzip
archive. The host rotates older versions of libtiff into an "old"
subdirectory, so curl downloads a 404 Web page and exits without error. Then
the call to gzcat fails with an invalid gzip archive error. Maybe libtiff
version should be updated instead?
Fix the URL for the FreeBSD pflog code.
Make the byte order for the UID and the PID an enum, with the default
being *host*-endian, as, from a quick look at the PF code in the OSes
that have it, both the IDs are in the byte order of the host writing
the file. (This means I need to update libpcap and libwiretap to
byte-swap them when reading a byte-swapped capture file or file section,
as we do with some other pseudo-header fields. That's next on the
list.)
Add some comments about the signedness of the UID and PID fields.
This is the right way to handle #10202.
At some point the indices of the request and response stat tables
got switched, and stats were being looked up in the wrong table.
Use stat_tap_find_table to lookup the tables rather than hardcoding
the indices. Fix#17904
Correctly handle the length field; it should be rounded up to a multiple
of 4 to determine the full length, it shouldn't just have 3 added to it
under the assumption that length % 4 = 1.
The LEN_PFLOG values refer to OpenBSD releases, so name them
LEN_PFLOG_OPENBSD_{version}., not just BSD. Give them values that don't
include the padding.
Add FreeBSD and Darwin AF_INET6 values, as this can be used to analyze
non-OpenBSD PF logs.
Add additionaal reason, action, and direction values, with #ifs for
different platforms. To handle other platforms' PF logs, we'd need a
preference (although what we *really* want are separate LINKTYPE_ values
for different OSes, so the preference would not be needed for newer
files).
Use proto_item_add_item_return_ routines for integral-valued fields.
Show the rule number as decimal, as long as it's an FT_INT32.
Update links for OpenBSD CVS repository, add pfvar.h, and add links to
repositories for other OSes with PF.
Have RTCP behave similar to the RTP dissector and reject packets
with a version other than 2 (after adding some entries to the tree
as RTP does.) This is necessary because WebRTC and others often send
STUN or DTLS packets on a port after SDP has set up the RTCP dissector
(with a=rtcp:port or similar). Improves dissection of the files
in #13193 when the key log file is set in the TLS prefs.
Perhaps later a preference could be added, as with RTP.
packet-ssh.c:2502:17: warning: Value stored to 'offset' is never read [deadcode.DeadStores]
packet-ssh.c:2511:17: warning: Value stored to 'offset' is never read [deadcode.DeadStores]
packet-ssh.c:2516:17: warning: Value stored to 'offset' is never read [deadcode.DeadStores]
packet-ssh.c:2532:17: warning: Value stored to 'offset' is never read [deadcode.DeadStores]
packet-ssh.c:2535:17: warning: Value stored to 'offset' is never read [deadcode.DeadStores]
packet-ssh.c:2538:17: warning: Value stored to 'offset' is never read [deadcode.DeadStores]
packet-ssh.c:2561:25: warning: Value stored to 'offset' is never read [deadcode.DeadStores]
packet-ssh.c:2564:25: warning: Value stored to 'offset' is never read [deadcode.DeadStores]
packet-ssh.c:2568:17: warning: Value stored to 'offset' is never read [deadcode.DeadStores]
Remove tvb and offset from ssh_keylog_hash_write_secret
not longer need after 54cd727edf
packet-ssh.c:1879:40: error: unused parameter ‘tvb’ [-Werror=unused-parameter]
packet-ssh.c:1879:49: error: unused parameter ‘offset’ [-Werror=unused-parameter]
packet-ssh.c:2131:14: warning: Although the value stored to 'err' is used in the enclosing expression, the value is never actually read from 'err'
packet-ssh.c:2137:14: warning: Although the value stored to 'err' is used in the enclosing expression, the value is never actually read from 'err'
Fix two calls of proto_tree_add_item() when proto_tree_add_uint()
was meant. Passing the actual value of a field instead of an encoding
into proto_tree_add_item() has unexpected results. Fix#17909.
(The whole area of this dissector would probably be cleaner with
more calls to add_item(), but this is a smaller change consistent
with the rest.)
After commit 16ddc9ab19, we don't need to call srtcp_add_address
separately for a multiplexed connection. Do call it on a client hello
with only a single protection profile offered, in case of a one way
connection, though. Related to #13193.
The RTP dissector supports RFC 5761 multiplexing by default, always
passing payload types that conflict with RTCP to the RTCP dissector.
Thus, when a [S]RTP stream is set up by srtp_add_address, it should
pass along the information to the RTCP dissector so that the rtcp_info
and srtcp_info information is attached to the conversation as well.
Helps with DTLS-SRTP (#13193).
Fix regressions in AppleShare dissection by correcting the length
of afp.access and afp.file_bitmap fields to be UINT16 as specified
in the AppleShare protocol specification.
Fix reuse of afp.file_bitmask in CatSearchExt as a 16 and as a 32 bit
value by introducing afp.request_bitmask for the 32 bit Request
Bitmap.
Closes#17907.
dissections by introducing hf_afp_request_bitmap for the 32 bit
Request Bitmap in FPCatSearchExt. Made the hf_afp_access_*
FT_BOOLEANs have a width of 16 to reflect the fact that
hf_afp_access_mode needs to be a FT_UINT16 as AFP spec defines
access mode as a short.
Fix regressions in AppleShare dissection by correcting the length
of afp.access and afp.file_bitmap fields to be UINT16 as specified
in the AppleShare protocol specification. Closes#17907
Guy Harris