Dissector names allow extension items to be given standard text names.
This also uses a protocol-in-name-only to avoid the frame.protocols field from containing ":tcpcl:tcpcl:tcpcl:..." for each extension dissection.
Update to reflect the transition from C99 to C11. Remove obsolete
comments and recommendations. Add a bit about transitioning to C
fixed width types.
Related to #17768.
_parse_time, which uses g_strlcpy, expects that end_field points
to the position after the end of the field (such as the \0.)
text_import_regex handles this correctly, but when importing from
hex dumps the last character of the timestamp was being cut off,
which makes a big difference when fractional seconds are not used.
C11 support requires a newer Windows SDK. Add version checks and
workarounds as needed. Remove a redundant CMAKE_C_COMPILER_ID check. Add
a description of C5105 to match our other warning adjustments.
In wtap_dump_init_dumper(), when constructing a dummy IDB for files
that don't have one, if the tsprecision value is anything other than
the default, then the OPT_IDB_TSRESOL option also needs to be set.
Without it, for a pcapng the timestamps will be written according to the
tsprecision and time_units_per_second values, but when it is read,
the values will be interpreted incorrectly.
It would probably be better if the consistency of these values were enforced.
In addition to setting tsprecision and time_units_per_second, add
the OPT_IDB_TSRESOL option as well, because pcapng expects that to
be set if tsprecision is anything other than the default.
Because we already have the length of the output string after
calling vsnprintf(), we should avoid calling wmem_strdup(), which
will ignore that and recompute the length.
Increase the buffer size to a value that seems reasonable to
minimize the chance of a second call to vsnprintf().
For historical reasons our logging inherited from GLib the logging of
some levels to stdout. Namely levels "info" and "debug" (to which we
added "noisy").
However this practice is discouraged because it mixes debug output
with application output for CLI tools and breaks many common usage
scenarios, like using tshark in pipes.
This change flips the logic on wslog to make logging to stderr the
default behavior.
Extcap subprocess have a hidden dependency on stdout so add that.
Some GUI users may also have a dependency on stdout. Because
GUI tools are unlikely to depend on stdout for programatic output
add another exception for wireshark GUI, to preserve backward
compatibility.
The type ssize_t is not available on Windows. Because this is
used in the public API we must provide a definition for it.
To avoid having to add a header to fix this use a size_t in
the API instead, and assign SIZE_MAX to represent a null
terminated string.
At least on Monterey, with Xcode 13.1, the linker whines that we weren't
granted the Sacred and Holy Right to link with the Python 2.7 framework.
As far as I know, we have no need to use that framework, so configure it
out.
Point it to fetch files from falcosecurity/libs repo.
Moreover, add support for blank spaces in param names.
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
Mainly:
* added 3 new procexit event params
* avoid sigsegv when sysdig event has
a number of params that is
greater of the wireshark one.
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
epan/dissectors/packet-netlink-netfilter.c: FT_UINT32: proto_tree_add_item(tree, hf_nfq_hwaddr_addr, tvb, offset, addrlen, [[ENC_BIG_ENDIAN]-->[ENC_NA]]);
(These messages are wrong, this field is FT_ETHER, not FT_UINT32).
epan/dissectors/packet-netlink-psample.c (15 (of 15) fields)
netlink.psample.cmd doesn't match PROTOABBREV of netlink-psample
netlink.psample.attr_type doesn't match PROTOABBREV of netlink-psample
netlink.psample.iifindex doesn't match PROTOABBREV of netlink-psample
netlink.psample.oifindex doesn't match PROTOABBREV of netlink-psample
netlink.psample.origsize doesn't match PROTOABBREV of netlink-psample
netlink.psample.sample_group doesn't match PROTOABBREV of netlink-psample
netlink.psample.group_seq_num doesn't match PROTOABBREV of netlink-psample
netlink.psample.sample_rate doesn't match PROTOABBREV of netlink-psample
netlink.psample.tunnel doesn't match PROTOABBREV of netlink-psample
netlink.psample.group_refcount doesn't match PROTOABBREV of netlink-psample
netlink.psample.out_tc doesn't match PROTOABBREV of netlink-psample
netlink.psample.out_tc_occ doesn't match PROTOABBREV of netlink-psample
netlink.psample.latency doesn't match PROTOABBREV of netlink-psample
netlink.psample.timestamp doesn't match PROTOABBREV of netlink-psample
netlink.psample.proto doesn't match PROTOABBREV of netlink-psample
Exif does not define the order of elements in the Exif data, so if there's
empty space in front of IFD #0, it might be used for other IFDs or standalone
values.
As such, don't create a dummy tree item covering that space.