Modernize the handling of experimental TCP options based on
RFC 6994. In particular use ExID instead of magic (which
in the context of RFC 6994 are the last two bytes of a
32-bit ExID) and add a desciption of ExID based on the
current state of the IANA registry.
Set G_DEBUG=fatal-criticals environment variable when debugging with
Visual Studio. Setting the environment variable conveniently triggers
breakpoint whenever there is a programmer error.
Don't add the protocol to the tree if heuristics fail.
Make sure that we have enough bytes to perform the heuristics.
If the magic number is wrong, don't go on to retrieve the ifd offset.
It's set from the result of mktime(), which returns a time_t, and it's
assigned to a time_t that's ultimately assigned to the time_t secs
member of an nstime, so no reason for it to be a guint32.
This should squelch Coverity CID 1509354.
Windows processes inherit all inheritable handles when a new process is
created using CreateProcess() with bInheritHandles set to TRUE. This can
lead to undesired object lifetime extension. That is, the child process
will keep ineritable handles alive even if it does not use them. Up to
Windows Vista it was not possible explicitly list handles that should be
inherited. Wireshark no longer works on Windows releases earlier than
Vista, so use the new API without checking Windows version.
Require all callers to win32_create_process() to pass in the list of
handles to inherit. Set the listed handles as inheritable shortly before
calling CreateProcess() and set them as not inheritable shortly after
the process is created. This minimizes possibility for other callers
(especially in 3rd party libraries) to inherit handles by accident.
Do not terminate mmdbresolve process on exit. Instead rely on process
exit when EOF is received on standard input. Previously the EOF was
never received because mmdbresolve inherited both ends of standard input
pipe, i.e. the fact that Wireshark closed the write end was not observed
by mmdbresolve because mmdbresolve kept write handle the standard input
pipe open.
When reading memory-mapped Linux capture files, fix up the "real" length
field, in case the file was written by a program doing a capture done
with a version of libpcap with a bug that causes it to incorrectly set
the "real" length for isochronous transfers.
Update the sample dissector for some best practices,
and avoid some deprecated behavior.
Use register_protocol instead of creating an anonymous
dissector handle, so that Lua, Export PDU, custom
User DLT disection, etc. can find it. (See #5612)
Use auto preferences and prefer port ranges when possible
(See #14319)
That should never be the case; if you slice off part of a sausage, the
remainder of the sausage cannot be longer than the original sausage.
Warn about that.
If ssl_add_vector is called with a offset past offset_end,
add the malformed buffer too small expert info and return
failure instead of failing an assertion. Malformed packets
can cause this to happen, so it's not necessarily a dissector
bug.
Also change the other assertion to output the result of the
comparison to aid in debugging.
Related to #17890.
The semantics behind ws_pipe_close() were broken since its introduction.
Forcing process termination on Windows, while simply setting variable on
other systems results in more OS specific code sprinkled all over the
place instead of less. Moreover ws_pipe_close() never handled standard
file handles. It is really hard to come up with sensible ws_pipe_close()
replacement, as process exit is actually asynchronous action. It is
recommended to register child watch using g_child_watch_add() instead.
Do not call ws_pipe_close() when deleting capture interface. Things will
break if extcap is still running when interface opts are being freed and
terminating process won't help.
Rework maxmind shutdown to rely on GIOChannel state. For unknown reason
TerminateProcess() is still needed on Windows. The actual root cause
should be identified and fixed instead of giving up hope that it will
ever work correctly on Windows. In other words, TerminateProcess()
should not be used as a pattern, but rather as a last resort.
Move all the declarations of routines that are internal and
not for use by dissectors from column-utils.h column-info.h
Move the column max length defines into column-utils.h because
dissectors might need that
Since packet.h already includes column-utils.h, dissectors don't
need to include column-utils.h anymore.
Remove or downgrade a few other column header includes that are
unnecessary.
Send SIGTERM on UNIX systems to all extcap processes when user requests
capture stop. Wait up to 30 seconds for extcaps to finish. If extcaps do
not finish in time, send SIGKILL to remaining extcaps.
Do not call TerminateProcess() on Windows in the same place where UNIX
SIGTERM is sent. Instead schedule extcap termination timeout to happen
as soon as control returns back to the event loop.
There is no universally agreed replacement for SIGTERM on Windows, so
just keep things simple (forcefully terminate like always) until we
have agreed on something.
The ECN-Echo flag is abbreviated in RFC 3168 using ECE, not ECN.
In addition, when displaying the flags, no abbreviations are
used. Therefore, do the same for the CWR flag.
Any time an expert info is added to the Expert Info tap, the
Expert Info GUI tap listener needs to set TAP_PACKET_REDRAW.
draw_tap_listeners(FALSE) is called from MainApplication::updateTaps()
on a timer (controlled by a preference, defaulting to 3 seconds),
and that clears the Expert Info tap's need_redraw flag. The larger
a capture and the more expert infos, the more likely that the timer
can trigger while epan_dissect_run_with_taps() is still generating
more EI entries, but has already generated EIs of all severities
that are present in the capture. This prevents the expertInfoTreeView
from being redrawn at the end when the captureEvent is finished
retapping the packets.
Fix#18232. Fix#16591.
Michael Tuexen