Add support in text2pcap for the regex mode added to "Import from
Hex Dump" in 3.6.0 The input and output indicators cannot (yet?)
be configured, and are set to the default of allowing any of "iI<"
for inbound and "oO>" for outbound. This reaches feature parity
between text2pcap and Import from Hex Dump, fixes#16724.
(There might be some more cleanups to do, including docs.)
Protocol parses some fields. As a result, the parsed result is inconsistent with the description in the protocol.
Register different fields in the BICC protocol and parse them separately.
The details are as follows:
1. Split the following fields in the ISUP protocol:
Continuity Indicator(isup.continuity_check_indicator)
End-to-end method indicator(isup.forw_call_end_to_end_method_indicator)
End-to-end method indicator(isup.backw_call_end_to_end_method_indicator)
End-to-end information indicator(isup.backw_call_end_to_end_information_indicator)
BICC indicator(isup.backw_call_isdn_user_part_indicator)
SCCP method indicator(isup.backw_call_sccp_method_indicator)
End-to-end information indicator(isup.forw_call_end_to_end_information_indicator)
BICC indicator(isup.forw_call_isdn_user_part_indicator)
BICC preference indicator(isup.forw_call_preferences_indicator)
SCCP method indicator(isup.forw_call_sccp_method_indicator)
2. Register the following fields in the BICC protocol again.
Continuity Check Indicator(bicc.continuity_check_indicator)
End-to-end method indicator(bicc.forw_call_end_to_end_method_indicator)
End-to-end method indicator(bicc.backw_call_end_to_end_method_indicator)
End-to-end information indicator(bicc.backw_call_end_to_end_information_indicator)
ISDN user part indicator(bicc.backw_call_isdn_user_part_indicator)
SCCP method indicator(bicc.backw_call_sccp_method_indicator)
End-to-end information indicator(bicc.forw_call_end_to_end_information_indicator)
ISDN user part indicator(bicc.forw_call_isdn_user_part_indicator)
ISDN user part preference indicator(bicc.forw_call_preferences_indicator)
SCCP method indicator(bicc.forw_call_sccp_method_indicator)
Add information about the different kind of comparisons with
multiple fields to the wireshark-filter man page.
Add some minimal information to the user guide. It would be
nice to have a section dedicated to this with some examples.
Add the option to enter a filter with an absolute time
value in UTC. Otherwise the value is interpreted in
local time.
The syntax used is an "UTC" suffix, for example:
frame.time == "Dec 31, 2002 13:55:31.3 UTC"
This also changes the behavior of "Apply Selected as filter".
Fields using a local time display type will use local time
and fields using UTC display type will be applied using UTC.
Fixes#13268.
Move the parameter setup to text_import, so that later it can
be called from the GUI, including the interface name. (This has
to be a separate function because these parameters need to be
set before the call to wtap_dump_open, which is different for
regular files vs temp files vs stdout.)
Instead of having it return the information needed to fetch the string
value, just have it return the string to use to display that string, as
that's all its only caller needs.
(Note that the display string has had control characters, etc. escaped,
which is what you want for text that appears in a string displayed in
the protocol details.)
Remove the '-d' option from text2pcap, and move the two levels
of debug messages in text2pcap and text_import to either
LOG_LEVEL_DEBUG or LOG_LEVEL_NOISY as appropriate.
The 32-bit Windows Installer / WiX / .msi packages make up a tiny
percentage of our downloads, and they take a non-trivial amount of time
to create. Stop building them. Ping #17779.
Add a LOG_LEVEL_ECHO that is always active and always non-fatal.
Use that to implement a WS_DEBUG_HERE() macro for quick print outs
during debugging sessions.
In "Import from Hex Dump", change the control that determines
IPv4 versus IPv6 to a QComboBox, and move it into the grid of
options, in the IP option section.
Only warn about the parser getting an unexpected offset when
using OFFSET_NONE the first time. Use log warnings for subsequent
messages.
Strip off the whitespace/newline/colon from the offset when adding
it to the message, only output the offset number.
The Kafka dissector uses the return value of tvb_get_varint to advance
the packet offset in many places. If tvb_get_varint fails it returns 0,
which means our offset isn't guaranteed to advance. Stop dissection
whenever that happens. Fixes#17811.
text2pcap used 10.1.1.1 and 10.2.2.2 for default IPv4 addresses,
and "Import From Hex Dump" used 1.1.1.1 and 2.2.2.2. The former
are a little bit better for defaults since they're RFC 1918
private IP addresses, so let's use them for the common code.
John Thacker