This enables the traffic dialogs to filter data based on the
context menu entries. For instance, one can only show rows,
where the number of packets is not greater than 10
When writing a custom column, some field types can't have a resolved
value, and just copy the label from the expression to the value.
Only copy information from the most recent field when doing so,
so that with multifield custom columns the entire unresolved value
doesn't get overwritten with the resolved value (if some fields
have resolved values and some don't.) This also reduces copying
from O(N^2) to O(N).
Fixes the display "unresolved" value for multifield custom columns
that are a mix of field types.
Custom column expressions do not need to be limited to COL_MAX_LEN.
The size of the expression does not have any necessary relationship
to the size of the column contents, especially in the common case of
many semantically equivalent different fields from different protocols,
only one of which appears in any given frame.
The only place that actually does limit the length of custom
custom expressions is in reading the preferences. Use a GString
instead of allocating a buffer to COL_MAX_LEN when constructing
the string. In normal cases, this should decrease temporary
memory usage. Fix#16905
If a configuration profile is requested on the command line that
does not exist as a personal profile but does exist as a global
profile, copy it to the personal directory and use it, the same
as when selecting a global profile in the GUI.
Add the same feature to tshark and tfshark as well, where it
is particularly useful.
For the top-level item for an extension, initially create it with a
length of "to the end of the packet" and, when we finish dissecting it,
set the length appropriately. That way, if the length is too large, we
don't throw an immediate exception, making it a little clearer what's
happending.
When dissecting an authentication extension, construct the text of the
top-level item as we dissect it, and initially create it with a length
of "to the end of the packet" and, when we're finished dissecting it,
set the length appropriately. That way, we don't throw an exception
before doing any dissection if the data for the item isn't all there, we
only throw an exception when we run out of data, and we also don't try
to add the data unless there is at least one byte of data.
The latter of those fixes#18181.
Add and install default coloring rules and filter buttons for Logray.
Add is_packet_configuration_namespace() and use it to set the default
timestamp type for Logray to "Absolute", which is more appropriate for
log entries.
Switch to the name "Logray" for the log analyzer. Rays are biological
cousins of sharks and more people like the name "Logray" in a completely
unscientific survey here. Apologies for any inconvenience this might
cause.
It looks like 1eafee6566 wasn't sufficient to fix the Qt 6 background
paint issue, at least for Qt 6.2.3. Explicitly set our background brush
before filling our rect.
Fixes#18175.
proto_strlcpy in normal situations returns the number of bytes
copied (because the return value of g_strlcpy is strlen of the
source buffer). It can copy no more than dest_size - 1, because
dest_size is the size of the buffer, including the null terminator.
(https://docs.gtk.org/glib/func.strlcpy.html)
Returning dest_size can cause offsets to get off by one and reach
the end of the buffer, and can cause subsequent calls to have
buffer overflows. (See #16905 for an example in the comments.)
Several of the constant length string built in address types don't
check to see if the buf_len passed in is long enough to write
the string.
This can cause buffer overflows, e.g. with a custom column with
many FT_ETHER fields.
Allow checking if a slice exists. The result is true if the
slice has length greater than zero.
The len() function is implemented as a DFVM instruction instead.
The semantics are the same.
Remove the "ugly internal SVN file hack" block from make-version.pl. It
only worked for Subversion versions prior to 1.4, which was released in
2006.
Remove the Bazaar (bzr) block. James Brown may not have sang about it,
but even so it's a Git's world.
Remove the Tortoise block. As noted in a comment, it appears to be dead
code.
Port 45564 is not IANA registered for Apache. The heartbeat
messages all start with the same 8 character ASCII delimiter
string, so use that for heuristics.
There is no need for nesting event loops when showing menus. Show menus
asynchronously to limit possibilities of hard to debug problems related
to re-entering event loop.
This removes unparsed name resolution during the semantic
check because it feels like a hack to work around limitations
in the language syntax, that should be solved at the lexical
level instead.
We were interpreting unparsed differently on the LHS and RHS.
Now an unparsed value is always a field if it matches a
registered field name (this matches the implementation in 3.6
and before).
This requires tightening a bit the allowed filter names for
protocols to avoid some common and potentially weird conflicting
cases.
Incidentally this extends set grammar to accept all entities.
That is experimental and may be reverted in the future.
Dr. Lars Völker