Fix
epan/conversation_filter.h:43:11: warning: parameter 'A' not found in the function declaration [-Wdocumentation]
* @param A valid protocol name.
^
epan/conversation_filter.h:43:11: note: did you mean 'proto_name'?
The extract_fields struct and calling convention changed, so update to
match. Extract all of our fields at once, which noticeably speeds up
dissection here.
Add support to display filters for matching a specific layer within a frame.
Layers are counted sequentially up the protocol stack. Each protocol
(dissector) that appears in the stack is one layer.
LINK-LAYER#1 <-> IP#1 <-> TCP#1 <-> IP#2 <-> TCP#2 <-> etc.
The syntax allows for negative indexes and ranges with the usual semantics
for slices (but note that counting starts at one):
tcp.port#[2-4] == 1024
Matches layers 2 to 4 inclusive.
Fixes#3791.
The word range is used for different things with different
meanings and that is confusing. Avoid using "range" in code to
mean "slice".
A range is one or more intervals with a lower and upper bound.
A slice is a range applied to a bytes field.
Replace range with slice wherever appropriate. This usage of
"slice" instead of range is generally correct and consistent in
the documentation.
Packet info already contains the notion of layer depth for the
current protocol, among all the protocols in the frame. This
adds an extra layer number for the protocols that are the same
as the current one. Obviously this will only go above one if
the protocol is repeated in the stack, such as with IP tunneling.
Adds extra logic to track numbers for each protocol in the frame
and update them when calling a dissector.
The total layer number and protocol layer number are store in
the field info structure so they can be used after dissection,
namely by display filters.
- The latest version of the Wi-SUN FAN specification has added
a number of Information Elements that need to be supported by
the dissector.
- Following changes and additions have been included:
- New Header IEs: LUTT, LBT, NR, LUS, FLUS, LBS, LND, LTO, PANID
and RT.
- New Payload IEs: POM, LCP, LFNVER and LGTKHASH
- New frame types: LFN PAN Advertisements, Solicits and time
synchronization frame types.
- Update to the channel spacing names to incorporate the new
ones defined in FAN 1.1
Create resources/share/wireshark and resources/share/logwolf. Move
various data and configuration files to resources/share/wireshark and
add resources/share/logwolf/colorfilters.
The handshake hash is used to derive TLS decryption keys when the
Extended Master Secret (EMS) extension is in use.
ssl_calculate_handshake_hash updates this hash only when the master
secret has not been determined yet.
During TLS renegotiation, there are two master secrets: one before, and
one after. Before this fix, the second calculated master secret is
wrong because the second Client Hello is missing in the handshake hash.
It was missing because the handshake hash was not being updated since
the master secret for the first handshake was still present, and the
decryption state was only reset after that hash update.
To fix this, make sure to clear the SSL_MASTER_SECRET flag before
updating the handshake hash when needed. Additionally, clear the
handshake hash when processing the Client Hello just to make sure that
any previous state is gone.
Fixes#18059
Fix some deprecated and obsolete syntax from the rpm specfile that
modern distributions complain about:
Don't specify the BuildRoot
Don't have a %clean section
Don't remove the BuildRoot at the start of %install
Don't repeat Name in summary
Version the Obsoletes
Have a %build section
Escape macros in changelog
Remove comment about user setting _smp_mflags since rpm does that
automatically better now
Be consistent about spaces and tabs (tabs are used)
SUSE 15.1 moved to out of source builds, and sets a builddir
appropriately, but it makes some decisions about automatically
entering the build dir when building or installing that are
handled by the distribution's various Make and Ninja macros
differently than other distributions and later SUSE releases.
Work around it, so that both ninja and make builds work on
SUSE 15.1 (both OpenSUSE and SLES)
Related to #17910
All currently supported Linux distributions have a version greater
than 1.11.0 (and our macOS and Windows versions are also much greater),
and this allows us to use nghttp2_hd_inflate_hd2(), which replaced the
deprecated nghttp2_hd_inflate_hd()
Update glib and cmake requirements in the rpm spec, and also remove
some RHEL 7 conditions associated with them, since the versions of
glib and cmake in RHEL 7 are too old to be supported.
Bum the minimum version of GnuTLS to 3.5.8, which was the first stable
release in the 3.5 series. All the currently supported Linux
distributions have a version at least this new.
Add a "section number" field to wtap_rec, with a presence flag, and
provide the section number (0-based) for pcapng files.
Display it (1-based) if present.
setTab(0) should not be required, as this belongs in the constructor as being
part of the general setup of the dialog itself. Outside code should not setup
the correct startview of the dialog.
(the problem exists in the first place, as the wrong tab may be selected via
the .ui file after editing that)
getPoints never worked in the new system therefore it is removed. SparkLineDelegate uses the underlying model to ensure the correct data being transmitted
Linux distributions that have a version less than 3.10 are either
almost at end of support (Debian Stretch), or will be supported by
Wireshark 3.6 LTS (RHEL 7, SLES 12).
The Windows minimum is already 3.13. Increasing the minimum required
means that policies CMP0069 and CMP0071 are automatically set to NEW,
and we can use VERSION_GREATER_EQUAL.
Fix an error in the Qt version comparison; it's Qt 5.14 that first
required macOS 10.13 High Sierra, not Qt 5.15.
Extract Method for multiple message parsing for tpdus to simplify things for future bug fixes and to make the code logic clearer.
Encapsulate the following functions:
dissect_gtp_tpdu_by_handle
dissect_gtp_tpdu_as_pdcp_lte_info
dissect_gtp_tpsu_as_pdcp_nr_info
Note: The original code function is not changed.
Check for null conversations in conversation_add_proto_data,
conversation_get_proto_data, and conversation_delete_proto_data.
Document them as well. Ping #18043.
Sparklines should display to the user, which interfaces are active
and ready for capture. Additionally it should be easy to find active
interfaces, without filtering first.
This change reorders the interface list, in order to sort active
interfaces on top, as well as hide information if no packet has been
received on that interface, to ensure that the user can find active
interfaces faster, making it easier to capture on systems where
the interfaces have very generic names.
The interface context menu has been amended to allow interfaces to be
hidden/unhidden from the main interface list as well
Skip non protocols in process_tree before calling process_node(), and
in process_node() before calling itself recursively, instead of at
the beginning of process_node(), decreaing the number of recursive
calls.
This reduces possible stack overflows in cases arising from dissectors
that call proto_item_get_parent(), which can result in many top level
non protocol items due to items not properly being faked. (#8069)
Use proto_register_is_protocol for the test instead of testing for
a name, which has not been a useful test for some time.
Add some comments about possibly wanting to skip PINOs that have
field_type FT_BYTES if they end up being toplevel items, and about
possibly wanting to descend into the tree to pick up protocols not
at the top level.
Libgcrypt 1.8.x is required for a large amount of decryption
support and is the current LTS version of libgcrypt. The 1.6 and
1.7 series have been end-of-life since 2017-06-30 and 2019-06-30,
respectively.
The Linux distributions that have versions of libgcrypt before 1.8.0
are nearing or at end of support (RHEL7, SLES 12, Debian stretch,
Ubuntu 16.04LTS) and can be supported by the Wireshark 3.6 LTS release
series.
Remove an enormous amount of ifdefs based on libgcrypt versions
1.6.0, 1.7.0, and 1.8.0. There will be a second pass for the
commons defines HAVE_LIBGCRYPT_AEAD, HAVE_LIBGCRYPT_CHACHA20, and
HAVE_LIBGCRYPT_CHACHA20_POLY1305, which are now always defined.
The ISAKMP dissector has some comments noting that some workarounds
were used for libgcrypt 1.6 that aren't needed with 1.7; perhaps
that could be updated now.
The minimum required version of Qt is now 5.9, and thus the
minimum required version of macOS is 10.10 (Yosemite). Update
that in macos-setup, and remove various version checks and older
packages needed for Mountain Lion and Mavericks.
Also update the default version of Qt installed to 5.12.12, the
last release in the Qt 5.12 LTS series (and the last version with
an offline installer.)
Increase the minimum required version of Qt from 5.6 to the next
LTS version, 5.9. The various Linux distributions that have not
released an update to 5.9 or later (SLES 12, Debian stretch) are
nearing end of support, and can be supported by the Wireshark 3.6 LTS
release.
Qt 5.9 requires macOS 10.0, so make that the minimum macOS version
as well.
Remove unneeded version checks (except from QCustomPlot).
Gerald Combs