That reduces the number of get_progfile_dir() calls, leaving only the
calls that are done either to 1) get the pathname in order to display it
or 2) get the pathname in order to reset the library path.
That makes it easier to figure out which get_progfile_dir() calls are
made to find the directory in which (non-extcap) binaries from Wireshark
are installed and which - if any - are made to figure out the directory
in which *the currently-running executable* are stored. (Currently,
get_progfile_dir() attemps to get the former, not the latter, so
extcaps in an extcap subdirectory, for example, will get the parent
directory of that subdirectory, *not* the directory in which they weere
installed.)
This adds BPv7 source and destination as first-class text addresses for the packet.
This fixes proto-data used for decode-as table editing outside of a layer.
This adds support to Wireshark for custom context menus for packets, so
that when a packet's context menu is opened (e.g., by right-clicking),
Wireshark can support doing things like "run a program" or
"open a URL" with a field from the packet as a parameter. Note that
this is similar to ArcSight's integration commands feature.
For example, it could be used like the following:
```
ROBTEX_URL = "https://www.robtex.com/dns-lookup/"
local function search_robtex(...)
local fields = {...};
for i, field in ipairs( fields ) do
if (field.name == 'http.host') then
browser_open_url(ROBTEX_URL .. field.value)
break
end
end
end
register_packet_menu("Search host in Robtex", search_robtex, "http.host");
```
Fixes issue #14998
Add fragment_add_check_with_fallback() and use it in USBLL dissector
instead of fragment_add_check() to avoid last fragment retransmissions
from being treated as separate transfers. With this change, the last
fragment retransmissions are correctly grouped together with the rest
of the transfer.
Only skip single fragment reassembly if retransmission is not possible
at the protocol level, i.e. for SETUP DATA0 (when it is not merged with
OUT data) and for isochronous transfers. The reassembly must not be
skipped for other transfers (especially for full-speed bulk) because
otherwise it wouldn't be possible to group retransmissions together with
the first data packet.
Do not use DATA0/DATA1 tracking for isochronous transfers. Isochronous
data cannot be retransmitted because there are no handshakes (there is
no ACK nor NAK after isochronous data packets).
This change improves sequence analysis and subdissector interfaces, adds
payload Decode As support for DTN and IPN services, and add heuristic
dissection for BTSD.
Add a command line option --log-fatal-domains= and environment variable
WIRESHARK_LOG_FATAL_DOMAINS that aborts the programs if a domain in
the list is logged to.
Negative matches for fatal log domains not implemented for now,
pending a relevant use-case.
Like wmem_map_remove(), this frees the key/value pair item
in the map but not the key or the value itself (which may
in fact be the same object.) Not generally a problem, as
they'll get freed by the pool. (If someone wants to manage
memory themselves, they should probably be using a GHashTable.)
Instead of having the UI have to know about each type of follow
stream, and how to retrieve its total number of streams, have
each follow type register a function that returns the total
number of stream. (The function can be NULL, for protocols like
SIP that do not use this.)
This gets us closer to making follow stream registration generic.
Rename dissector_handle_get_long_name() and
dissector_handle_get_short_name() to
dissector_handle_get_protocol_long_name() and
dissector_handle_get_protocol_short_name(), to clarify that they fetch
names for the protocol that the dissector dissects, not for the
dissector *itself*. Leave a deprecated
dissector_handle_get_short_name() wrapper, and export
dissector_handle_get_protocol_long_name(), as it's now used in some
dissectors.
Change some calls to dissector_handle_get_description() back to
dissector_handle_get_protocol_short_name(), as they appear to be made in
order to display a *protocol* name.
Rename some methods, variables, enums, and table column names to reflect
cases where the dissector description is being used.
It defaults to the short name of the protocol dissected by the
descriptor, but it's now possible to register a dissector with an
explicit description.
This is mainly for use in the Decode As UI. It handles the case where
the same protocol might have different "Decode As..."-specifiable
dissectors for different situations.
Add lricon.svg and lriconinst.svg, which provide the core graphic
element for the various Logray icons. Add lricon*.png, which were
created using the templates at
https://developer.apple.com/design/resources/. Add Logray.icns,
logray.ico, and lograyinst.ico, and use them in various packaging
resources.
Add Percent-encoding to the list of encoding types that Show
Packet Bytes can handle.
There's a function added to glib 2.66 to handle this for arbitrary
bytes that might have internal nulls (and which allows the result
to be non UTF-8), but we don't require that version yet, so extend
the existing function.
Related to #1084
It's not a general key for looking up arbitrary conversations - that's
what an array of conversation elements is for - it's just a pair of
address/port endpoints. (It's not even hijacked for conversations
identified by a circuit ID any more.)
The "conversation table" mechanism supports two types of tables, one for
the "Conversations" menu item under "Statistics" and one for the
"Endpoints" menu item under "Statistics". The first of them shows
statistics for conversations at various layers of the networking stack;
the second of them shows statistics for endpoints at various layers of
the networking stack.
The latter is *not* a table of hosts; an endpoint might be a host,
identified by an address at some network level (MAC, IP, etc.), or it
might be a port on a host, identified by an address/port pair.
Some data types, function names, etc. use "host" or "hostlist" or other
terms that imply that an endpoint is a host; change them to speak of
endpoints rather than hosts, using names similar to the corresponding
functions for conversations.
Provide wrapper functions and typedefs for backwards source and binary
compatibility; mark them as deprecated in favor of the new names.
Clean up some comment errors found in the process.
Linux builds were left behind on the Qt transition, presumably because
our Ubuntu CI image does not support Qt6.
Enable Qt6 by default and explicitly disable it for slower or more
conservative Linux distros.
Drop experimental status for Qt6, because we are using it to build
official Windows and macOS releases.
libbrotlidec and libbrotlicommon show up in `otool -L` without any path
information on the macOS builders, similar to what's described at
https://github.com/google/brotli/issues/934
Try to work around this in osx-app.sh.