Add a function to get the column text of the nth column, taking
into account whether the column is resolved or unresolved. Use
this function in the GUI, as well as in tshark, when writing
PSML, exporting dissection to PSML, etc., instead of accessing
col_data directly.
This removes the direct accesses of col_data from outside
column.c and column-utils.c
Fix#18168.
Switch to the name "Logray" for the log analyzer. Rays are biological
cousins of sharks and more people like the name "Logray" in a completely
unscientific survey here. Apologies for any inconvenience this might
cause.
Because completed reassemblies are hashed in the reassembled_table for
all the frame numbers that contributed fragments,
fragment_get_reassembled_id() works wherever fragment_get_reassembled()
does, and also works where the fragment id is not the frame number.
However, since the reassembled_table hash key only depends on the
fragment id and the frame number, it only allows a frame to have
one reassembly with a given fragment id. Some protocols can have
more than one reassembly with a given fragment id (that differ on
addresses or other keys), such as GSM SMS, and the wrong reassembly
is retrieved on the second pass in those cases.
For this reason, we might want to add additional key elements to
reassembled_table, such as layer number. fragment_get_reassembled_id
already takes packet_info as a parameter and can accommodate that
without further changes, but fragment_get_reassembled cannot, so
remove the latter in favor of the former.
It would be really nice if the PortableApps package builder exited
with an error to stdio instead of opening an dialog in a CI builder's
inaccessible UI session.
[skip ci]
In commit 8c7e3f0d30, the config.nsh.in
was renamed as wireshark-config.nsh.in, and the config.nsh was renamed
as wireshark-config.nsh as well, but the wireshark-common.nsh still
includes the config.nsh, which will cause the packaging failed.
Commit 5cd591129f removes a number
of conversation related functions. Remove them from the debian
symbol list.
The commit also removed the implementation of conversation_hash_exact,
so remove the declaration from the header file.
Create Logwolf-specific copies of the various Wireshark NSIS config files
and modify them to install and uninstall Logwolf. There are still a bunch
of rough edges, but the installer works for a test capture I have here.
Rename the following build targets, similar to the recent macOS target
name changes:
nsis_package_prep to wireshark_nsis_prep
nsis_package to wireshark_nsis
Rename some NSIS files to reflect that they're specific to Wireshark.
Update the documentation and CI configurations.
Rename the following build targets:
app_bundle to wireshark_app_bundle
dmg_package_prep to wireshark_dmg_prep
dmg_package to wireshark_dmg
Add logwolf_app_bundle, logwolf_dmg_prep, and logwolf_dmg targets and
packaging assets. Update the documentation.
We need to add a set of Logwolf version variables to CMake and
make-version.pl. Add a static logwolf-version attribute to
attributes.adoc in the mean time.
Add conversation_new_full and find_conversation_full, which take
arbitrary element lists instead of fixed addresses and ports.
Update the comments in conversation.h to be more Doxygen-conformant.
Update README.dissector.
Use the new functionality to add initial conversation support to the
Falco Bridge dissector.
Users might want to download a source tarball and build an RPM
package from it.
Have git-export-release.sh use git-archive's 'export-subst' feature
so that it can detect whether it is being run from a git repository
versus run from source extracted from a tarball produced by git-archive.
In the latter case, produce a helpful console message telling the
user to copy the downloaded tarball into the binary directory so
that the rpm-package target can succeed. Also update the Developer's
Guide to suggest this as well.
We could try to create our own archive using tar, but there are
several possible gotchas, such as in-source builds, excluding a build
directory that is a subdirectory of the source dir, excluding unknown
different build directories from previous builds, dealing with different
options in different versions of tar, etc. This is good enough for
the common case, and anyone who wants something more complicated can
hopefully create their own tarball.
Fix#15167
Add get_configuration_namespace() and use it in code that writes
"generated by" comments at the top of various configuration files.
Update our Logwolf colorfilters.
Tarballs created by git archive have the commit ID stored in their
header. Only preserve a preexisting tarball if that commit ID matches
that of the current commit, even if the versions match.
Fix the creation of a temporary commit for when the working directory
does not match the tree. (When git diff-index is called without
--quiet or --exit-code, the exit code is success even when there
are differences). Use git stash create, as it is intended for scripts
like this; it creates a temporary stash not stored in the ref namespace
which does not require being popped later, and does nothing and outputs
the empty string instead of a commit ID if there are no local changes.
This helps when generating tarballs or building rpm packages repeatedly
out of a changing working tree.
Fix some deprecated and obsolete syntax from the rpm specfile that
modern distributions complain about:
Don't specify the BuildRoot
Don't have a %clean section
Don't remove the BuildRoot at the start of %install
Don't repeat Name in summary
Version the Obsoletes
Have a %build section
Escape macros in changelog
Remove comment about user setting _smp_mflags since rpm does that
automatically better now
Be consistent about spaces and tabs (tabs are used)
SUSE 15.1 moved to out of source builds, and sets a builddir
appropriately, but it makes some decisions about automatically
entering the build dir when building or installing that are
handled by the distribution's various Make and Ninja macros
differently than other distributions and later SUSE releases.
Work around it, so that both ninja and make builds work on
SUSE 15.1 (both OpenSUSE and SLES)
Related to #17910
Update glib and cmake requirements in the rpm spec, and also remove
some RHEL 7 conditions associated with them, since the versions of
glib and cmake in RHEL 7 are too old to be supported.
Convert our conversation protocols to a dynamic list and add
add_conversation_filter_protocol(). Use it in the Falco Bridge plugin to
add protocols with conversation filters.
In conversation_filter.h, add a separate log_conv_filter_list. Use it in
register_log_conversation_filter and add conversation_filter_from_log.
It looks like we no longer use find_conversation_filter externally, so
remove it from the API.
Add location tracking as a column offset and length from offset
to the scanner. Our input is a single line only so we don't need
to track line offset.
Record that information in the syntax tree. Return the error location
in dfilter_compile(). Use it in dftest to mark the location of the
error in the filter string. Later it would be nice to use the location
in the GUI as well.
$ dftest "ip.proto == aaaaaa and tcp.port == 123"
Filter: ip.proto == aaaaaa and tcp.port == 123
dftest: "aaaaaa" cannot be found among the possible values for ip.proto.
ip.proto == aaaaaa and tcp.port == 123
^~~~~~
Add argument to dfilter_compile_real() to save syntax tree text
representation.
Use it with dftest to print syntax tree.
Misc debug output format improvements.
Rename init_progfile_dir to configuration_init. Add an argument which
specifies our configuration namespace, which can be "Wireshark"
(default) or "Logwolf".
Add a separate UI application named "Logshark". It's currently a very
thin superclass of Wireshark, but that will change over time. Based on
work by Loris Degioanni.
This replaces the current macro reference system with
a completely different implementation. Instead of a macro a reference
is a syntax element. A reference is a constant that can be filled
in the dfilter code after compilation from an existing protocol tree.
It is best understood as a field value that can be read from a fixed
tree that is not the frame being filtered. Usually this fixed tree
is the currently selected frame when the filter is applied. This
allows comparing fields in the filtered frame with fields in the
selected frame.
Because the field reference syntax uses the same sigil notation
as a macro we have to use a heuristic to distinguish them:
if the name has a dot it is a field reference, otherwise
it is a macro name.
The reference is synctatically validated at compile time.
There are two main advantages to this implementation (and a couple of
minor ones):
The protocol tree for each selected frame is only walked if we have a
display filter and if the display filter uses references. Also only the
actual reference values are copied, intead of loading the entire tree
into a hash table (in textual form even).
The other advantage is that the reference is tested like a protocol
field against all the values in the selected frame (if there is more
than one).
Currently the reference fields are not "primed" during dissection, so
the entire tree is walked to find a particular reference (this is
similar to the previous implementation).
If the display filter contains a valid reference and the reference is
not loaded at the time the filter is run the result is the same as a
non existing field for a regular READ_TREE instruction.
Fixes#17599.
This allows the "needs to be reloaded" indication to be set in the close
process, as is the case for ERF; having a routine that returns the value
of that indication is not useful if it gets seet in the close process,
as the handle for the wtap_dumper is no longer valid after
wtap_dump_close() finishes.
We also get rid of wtap_dump_get_needs_reload(), as callers should get
that information via the added argument to wtap_dump_close().
Fixes#17989.
Create a Wireshark.dSYM bundle for our debugging symbols. Create a
separate .dmg for the dSYM bundle, similar to what we do for Windows.
`dwarfdump --uuid run/Wireshark.dSYM` returns what app
This reduces the size of the application bundle and .dmg quite a bit
(sizes measured with `du -sm`):
51 Wireshark 3.7.0 Intel 64.dmg
81 Wireshark dSYM 3.7.0 Intel 64.dmg
182 Wireshark.app
262 Wireshark.dSYM
Allow export PDU taps to be registered with a wiretap encapsulation
instead of always using WTAP_ENCAP_WIRESHARK_UPPER_PDU. This allows
creating normal capture files that aren't tied to wireshark without
having to do a "editcap -C -L -T", as well as creating files in
formats other than pcapng and pcap with tshark.
Provide a couple sample implementations in Ethernet (WTAP_ENCAP_ETHERNET)
and IP (v4 and v6, WTAP_ENCAP_RAW_IP) that are the most common use cases.
(I can imagine a few others; WTAP_ENCAP_MPEG_2_TS could probably be
useful, for example.) Fixes#15141
It creates bluetooth_data_t what is The Center of the Bluetooth World in Wireshark,
most important is that bluetooth_data_t must provide shared trees (resources) to enable
dissection for non trivial relations in Bluetooth, for example mapping BDADDR to name.
Issue: 17570
Change-Id: Ice17b804ab6d4dcf0f77f1b2356a6712ce7e64b1
We keep our various packaging assets in the "packaging" directory. Move
the Debian assets there. dpkg-buildpackage doesn't seem appear to have a
"debian directory path" option, but symlinking worked in my test
container.
RHEL 8 and derivatives have supported the various CMake macros since
8.4 (June 2021, see https://access.redhat.com/errata/RHEA-2021:1747)
Use them there as well, so that we have a unified spec file for all
recent distributions (with the older RHEL/CentOS 7 and SLES 12 being
the only exceptions.)
Fedora and SUSE 15 use out of source builds by default, but store
the build directory in differently named macros. Define one macro
for the build directory that has the appropriate value (which will
be "." for any distribution that doesn't have either macro, and
thus presumably does in-source builds.) This fixes building and
installing the guides with any of the supported distributions.
Also, since RHEL/CentOS 7 doesn't have a special CMake macro, it
needs to set the install prefix when calling cmake.
Also, fix a comment warning by escaping the percent sign.
If we're building with ninja, we need to require it.
While CentOS/RHEL/Rocky 8 doesn't have a asciidoctor package
(so we install it separately), we can add a BuildRequires on
the file that RubyGems creates for other rpm based distributions.
There's a couple places where /usr/local is hardcoded in the
spec file that need to be replaced with %{_prefix} in order for
RPMs to build correctly on OpenSUSE with prefixes other than
/usr/local
The BuildRequires and Requires for the -qt subpackage need to
go into its %package section, not its %description section.
The dependencies were not being enforced, but instead being added
to the description of the GUI package.
Fedora Linux recently turned on some hardcore RPATH hardening
that causes RPM build to fail with a wide variety of prefixes unless
$ORIGIN is enabled.
It builds fine with /usr as the prefix because in that case we disable
the RPATH.
In the long run perhaps we should have the rpm-package target use the
standard prefix of /usr instead of the CMAKE_INSTALL_PREFIX, but even
so we want the spec file to work if /usr/local is set as the prefix.
Fix#17830
Commit 0d820ddc8d added set -u to
the script, so the test for CI_COMMIT_SHA (added in commit
e7296d5208) needs to be changed
so there isn't a fatal error if it is unset.
Having some options use DISABLE_ and others ENABLE_ is inconsistent
and difficult to remember. Use ENABLE_ instead consistently.
Frame-larger-than remains an exception.
If the Visual C++ Redistributable installation fails, don't point users
to KB2999226. It applied to Windows 8.1 and earlier, and is more likely
to cause confusion than help fix the problem. Ping #17748.
Asciidoctor is now required for packaging. Try to make sure it's
installed on CentOS 8 and openSUSE 15.2. Note that CentOS 8 doesn't have
an Asciidoctor package, which complicates our SPEC.
Convert doc/*.pod to Asciidoctor. This:
* Means we use the same markup for our man pages, the guides, and
release notes.
* Lets us add versions to our man pages.
* Gives us more formatting options, e.g. AsciiDoc supports `commands`,
nested lists and makes it easy to include version information. The
manpage backend doesn't seem to support tables very well,
unfortunately.
Convert our CMake configuration to produce *roff and html man pages
using Asciidoctor. Add a "manarg" block macro which makes our synopses
wrap correctly.
Similar to the release notes, guides, and FAQ, if Asciidoctor isn't
found the man pages won't be generated or installed.
Move Asciidoctor to the list of package build dependencies in various
places.
This commit includes the conversion script (pod2adoc.py), which will be
removed later.
Line count sanity check:
Man page .pod .adoc
androiddump 260 280
asn2deb 93 105
capinfos 401 471
captype 54 55
ciscodump 241 269
dftest 42 42
dpauxmon 153 169
dumpcap 464 534
editcap 528 583
etwdump 136 156
extcap 157 181
idl2deb 91 103
idl2wrs 120 100
mergecap 206 207
mmdbresolve 75 75
randpkt 107 111
randpktdump 158 184
rawshark 558 610
reordercap 76 78
sdjournal 145 157
sshdump 272 302
text2pcap 274 312
tshark 2135 2360
udpdump 133 151
wireshark-filter 486 479
wireshark 2967 3420
Apple provides a status page for various developer services at
https://developer.apple.com/system-status/, including the status of the
Developer ID Notary Service. Show the URL notarization fails so that
troubleshooting is easier.
Attempting to release 3.5.0 failed with
No local changes to save
Creating ./wireshark-3.5.0.tar.xz
fatal: not a valid object name: stash@{0}
Use CI_COMMIT_SHA for our export commit if it exists.
Set `ManifestDPIAware true` in the NSIS installer and uninstaller. Note
that this trades a better appearance on HiDPI displays for some
oddly-sized controls.
Build WiresharkPortable32 or WiresharkPortable64 as appropriate for our
target platform. Add WiresharkPortable64 steps to the Win64 builder.
Update the Developer's Guide. Fixes#17260.
Add missing entries, regularize the descriptions, etc..
Note that pcap and pcapng are the native formats.
Fix various issues.
Update the editcap -F output to match urrent reality.
While we're at it, sort the libwiretap modules, putting observer.c in
the right place.
Ninja keeps track of its built files in .ninja_log, so if you copy a
pre-built target into a fresh build directory, Ninja will ignore and
overwrite it. This includes the tarball generated by the 'dist' target.
In get-export-release.sh, check for a preexisting tarball and preserve
it by default. This lets us pass the dist tarball from one GitLab CI
stage to other stages without recreating it. It's also arguably the
right thing to do in general, since we record and publish the tarball
hashes for each release and different contents for the same filename can
cause confusion.
Move the dist tarball to the build directory in .gitlab-ci.yml, and add
a note about using the tarball exclusively.
Standard naming convention in Wireshark generates a version that
make the rpm build fail on Fedora. Since we've not evidence that
this happens on other platforms, just disable on that one.
We initially disabled dark mode support in Info.plist when we didn't
support it very well, and later passively enabled it depending on our
SDK version. Go ahead and force it on since we officially support dark
mode. Closes#17098.
New link type DLT_ETW is added for write and read Event Trace on Windows.
This change updates MBIM dissector to decode a MBIM message from
a DLT_ETW packet.
Convert wiretap/ascend.y.in from Bison/YACC to Lemon and rename it to
wiretap/ascend_parser.lemon. Tighten up some of our scanning and
parsing. Make the indentation in it and related files consistent. Aside
from the recent IPv4 fragment offset changes, this produces identical
output to the 3.4 branch for the Ascend trace files I have here.
Remove the comment about supporting other commands. Another timeline
might have an Ascend that successfully pivoted to DSL or 15625B+1D
gigabit ISDN, but this one has neither.
This was our last/only Bison/YACC file, so remove Bison/YACC as a
development and packaging dependency and remove references to it from
the documentation.
Re-enable Fedora build and add CentOS 8 and OpenSUSE 15.2 builds.
Fedora 33 does out of build tree cmake builds and needs spec file changes.
CentOS 8 has some changes with cmake and other packages that are similar to
older Fedora, and needs extra repositories enabled to get -devel packages
(still missing -devel for some optional libraries). OpenSUSE Leap 15.2 also
has some changes needed to build. Note that OpenSUSE Leap 15.1 is EOL
at the end of November 2020. Fixes#16971
It's possible to play opus payload with libopus (https://opus-codec.org/).
Closes#16882.
Helped-by: Pascal Quantin <pascal.quantin@gmail.com>
Signed-off-by: Lin Sun <lin.sun@zoom.us>
Signed-off-by: Yuanzhi Li <ryanlee@mail.ustc.edu.cn>
Add ui/urls.h to define some URLs on various of our websites. Use the
GitLab URL for the wiki. Add a macro to generate wiki URLs.
Update wiki URLs in comments etc.
Use the #defined URL for the docs page in
WelcomePage::on_helpLabel_clicked; that removes the last user of
topic_online_url(), so get rid of it and swallow it up into
topic_action_url().