Dumpcap depends on wsutil.so. The path to the shared library
is encoded in the RPATH (or RUNPATH) property of ELF binaries.
This is currently an absolute path on most Unixy systems.
Dumpcap could not be made to work with a relative RPATH because it
uses elevated privileges and some loaders will ignore relative
RPATHs and non-standard paths under those circumstances, because of
(justified) security concerns.
To enable relocation of the program we link dumpcap statically
with wsutil instead.
This provides a fully working relocatable installation on Linux
and other platforms that support relative RPATHs.
Make sure init_plugin_dir and get_doc_dir uses the same logic as
get_datafile_dir. Update each so that the xxx_DATA_DIR and
xxx_PLUGIN_DIR environment variables take precedence.
CMake's ENABLE_APPLICATION_BUNDLE determines whether or not we're using
an application bundle layout, so check for it instead of __APPLE__.
Make copies of our top-level packages instead of symlinking them. Blind
attempt at fixing #18830.
Switch to UDZO for our application disk images as recommended in
https://developer.apple.com/forums/thread/128166
[skip ci]
It is fine to dissect and cache columns data during color dissection if
it won't evict already cached data. There is rather high probability of
using the column data because color information is dissected in order.
Dependent frames list order does not matter and thus significantly
faster data structure can be used. Replace the list with hash table to
avoid excessive CPU usage when opening files containing reassembled
packets consisting of large number of fragments.
Invalidate endpoint info on SET ADDRESS to prevent reassembly and/or
retransmission detection across reset boundary.
Leave endpoint info intact when assigning default address (0) to avoid
issues related to unknown control endpoint max packet size. Only control
transfers are allowed to address 0 so this should pose no issues.
Add support for CB_RECALL_ANY operation as given in the following:
RFC 5661 Network File System (NFS) Version 4 Minor Version 1 Protocol.
RFC 8435 Parallel NFS (pNFS) Flexible File Layout.
Opcode: CB_RECALL_ANY (8)
Objects to keep: 0
Number of masks: 1
Type mask: 0x00000001 (Read Delegation)
Type: Read Delegation (0)
Consistently speak of "UNIX-compatible systems" when comparing UN*Xes
and Windows, and, the first time we mention "UNIX-compatible systems" in
a section or a list item, enumerate the not-dead-or-moribund ones.
(HP-UX is deemed moribund given that Itanium processors are no longer
being manufactured and HPE are apparently not porting HP-UX to x86-64,
choosing instead to run HP-UX Itanium applications in a compatibility
environment under Linux on x86-64.)
For the -D option, don't bother mentioning ifconfig -a or ip link show,
as there's no reason not to use -D if you want to know what you can
caputre on - for one thing, -D may list devices *other* than the network
interfaces listed by ifconfig -a or ip link show. In addition, don't
speak of code testing whether the interface can be opened, as recent
versions of libpcap don't check that, and neither do any of the programs
in the Wireshark release. (This was done so that, if there's an
itnerface that shows up in the enumeration but that can't be opened,
it'll be offered to the user, and they'll get a message if they try to
capture on it, indicating either that they need to somehow get the
necessary permissions or should report a bug.)
For the -i option, don't mention ifconfig -a or ip link show, as the
user should, again, use -D.
Give more detail when describing files and directories under the global
or personal preferences directory, calling out macOS specially for the
global preferences directory, as it's in the app bundle, and taking into
account that Wireshark might be installed under /usr rather than
/usr/local (for example, if it's installed from a package that's part of
a Linux distribution).
Replace the "Overrides XXX' description of some environment variables
with a more verbose description similar to what's used for other
environment variables.
Get the installation prefix from the program dir. We have code
to obtain the directory where the executable resides for all
platforms we support, Linux, BSDs, Apple, etc.
On less well-known platforms where this isn't true (POSIX does not
define any standard interfaces for this) we fallback on
using a hard-coded installation prefix, like we have been doing
until now.
The path relocation allows the whole installation tree to be moved
without having to recompile the program. But note there are other
requirements for shared libraries to have full support for relocation.
This is only partial support.
We now use a header to pass the relative path definitions to avoid
excessively long compilation command lines as the number of #defines
increases.
pcapng allows multiple link-layer types, and allows new link-layer types
in the middle of a file. Many (most) other capture types allow a single
link-layer type, which must be specified in the initial header.
When reading files and writing their contents to another file (which
may be of a different type), many programs using the wiretap API want
want to know the link-layer type upon initially opening the source
file, so that they can check if that encapsulation can be written to
the output file, and so that they can write the output file header.
They should be able to wait until a link-layer type is seen before
creating the output type, but don't. (Wireshark reads the entire file
in intially, so this isn't a problem, but that isn't much of an option
for some command line tools, particularly when operating on a pipe or
FIFO.) Note that regardless, if a new link-layer type is encountered
partway through a file, they would still have to fail in the middle
of reading and writing.
However, to make this a little bit easier for such file types, pcapng
block types that are handled strictly internally and not passed back
to the reader can be processed initially in pcapng_open(). (Note
that for DSBs and NRBs, any blocks processed in pcapng_open() will
automatically be sent to the callbacks when the callbacks are added
later.) Previously we just processed all the IDBs immediately after
the initial SHB, instead of all the internal block types.
Fix#18581. Ping #15502.
Added the SAP Diag dissector protocol from [SecureAuth's plugin](https://github.com/SecureAuthCorp/SAP-Dissection-plug-in-for-Wireshark/blob/master/src/packet-sapdiag.c).
This is a dissector that implements the Diag protocol. Decompression of packets is not considered as this requires the proprietary LZC/LZH decompression routines still pending to be added in #8973. The Diag packets can be wrapped in an SNC frame, in which case the respective dissector is called. Embedded RFC calls are disabled as this requires the respective dissector to be found, which will be submitted in a separate merge request.
Details about the protocol and example requests can be found in [pysap's documentation](https://pysap.readthedocs.io/en/latest/protocols/SAPDiag.html).
If the server greeting and login packets weren't part of the captured packets we assume various capabilities were not set. This MR tries to make a better guess in those cases to allow dissection to work in most cases.
update r2_ap_capa_flags (epan/dissectors/packet-ieee1905.c):
- rename
- hf_ieee1905_basic_service_prio_flag ==>
hf_ieee1905_ctag_service_prio_flag
- hf_ieee1905_enhanced_service_prio_flag ==>
hf_ieee1905_dpp_onboarding_flag
- add new flag hf_ieee1905_traffic_separation_flag:0x08
used by r2_ap_capa_flags
- update hf_ieee1905_r2_ap_capa_flags_reserved:0x07
as defined by Wi-Fi EasyMesh™ Specification Version 5.0 :
17.2.48 Profile-2 AP Capability TLV format
Length encoded integers were:
- Reported as `mariadb.prefix` and `mariadb.length` but were not specific to MariaDB specific protocol features.
- These were reported in the UI as "Length" and "Prefix" and were in many cases the same as 1 byte integers are very common.
- These were often duplicating things like `hf_mysql_connattrs_length`, `hf_mysql_connattrs_name_length`, etc which meant that the same length was often reported 3 times in the interface.
Parse Multi-AP Extension subelement flags:
- Profile-1 Backhaul STA association disallowed.
- Profile-2 Backhaul STA association disallowed.
defined by Wi-Fi_EasyMesh_Specification_v5.0.pdf / Table 14
SpeexDSP is now required.
Update the required cmake and glib versions.
Our CMake build process now expects a C++ compiler to always be present,
so require it even if not building the GUI.
Only default to Qt 6 on distributions where we know we have it,
otherwise default to Qt 5 for now.
Update the required RPM version to 4.13 (which all distributions that
can currently build have) to ensure we have Boolean dependencies.
Use Boolean dependencies instead of checking the distribution, hopefully
to improve building on various other RPM-based distributions.
Redefine the cmake_install macro on SUSE to what is used on RH/Fedora.
The default SUSE macro calls the builder (make or ninja) insted of
cmake --install, which makes it difficult to pass options.
Remove tests and workarounds for RHEL 7, and SUSE < 15.2, since those
distributions are too old to build anyway.
Remove a workaround for an old broken librotli-devel package in
SUSE that's been long since fixed.
Keep name resolution information as mandatory elements for
NRBs, and when the ipv4 or ipv6 callback is set, have name
resolution entries from already read NRBs sent to the callback.
rescan_packets can use this when redissecting to reobtain the
name resolution entries from the NRB, similar to what is done
with Decryption Secrets Blocks. (This can also later be used
if we read NRBs and DSBs in pcapng_open before the first packet,
and before the callbacks are set.)
This doesn't yet make the changes to wtap_dumper to write them out,
but is a step towards that too. (It's not clear in cases where we
dissect packets whether we want to copy the entire NRB, or only
write out actually used addresses as done now. For copying without
reading a file, like with editcap, we presumably do want to copy them.)
Fix#13425. Ping #15502
packet-bgp.c hf_bgp_ls_tlv_te_default_metric_value : - filter 'bgp.ls.tlv.te_default_metric_value' appears consecutively - labels are 'TE Default Metric (old format)' and 'TE Default Metric'
packet-bgp.c:4026 proto_tree_add_item called for hf_bgp_mcast_vpn_nlri_source_as - item type is FT_UINT16 but call has len 4
packet-bgp.c:4095 proto_tree_add_item called for hf_bgp_mcast_vpn_nlri_source_as - item type is FT_UINT16 but call has len 4