Make it so that "Edit->Preferences->Columns" can also set the
resolved/unresolved status of custom columns. Hide the checkbox
when the fields don't support it (including any non custom
columns.) Also make the checkbox entries in the column list model
not editable.
Fix#15394
Add a textbox to allow for filtering the traffic types
in the conversation and endpoint dialog. The current implementation
allows for an easier growth of the list entries. To ensure that
the user can find the entry he/she/they is looking for fast, add
a textbox for filtering
Treat all 4 octets of the control field as a single little-endian value
divided into bitfields. We already showed *some* subfields as
bitfields; this means we show *all* of them that way.
That makes the display more clearly show which bits in those octets
correspond to which fields.
It also fixes the dissection of the type field; we have separate
bitfields for I frames (1-bit bitfield) and S and U frames (2-bit
bitfield).
Use proto_tree_add_item_ret_uint() to fetch the values other than the
frame type value.
Fixes#18167.
Not all display filters are valid for custom columns (see #15990).
Use the validation function for custom columns instead of the
display filter validation when adding or editing a custom column
through Edit->Preferences, as the Edit Column in the packet list
header already does.
Revisit this if we ever do expand the list of possible custom
columns.
Strengthen the DCP-ETSI (TS 102 821) heuristic from matching
two bytes to matching four bytes. Split the heuristic and
non-heuristic dissector pieces, and add the non-heuristic
dissector for Decode As.
KNX/IP has an IANA registered port, 3671, and some other ports commonly
used but unregistered (or registered to other services). It also has
no heuristics. Add a port range preference defaulting to the registered
port.
tplink-smarthome uses a port registered by IANA to another application.
At least add a heuristic; since the message is always JSON, we
can decode and test the first two characters.
Propagating the capture_file was required for a single
function as was the cast for the model. Both are not
needed, as the functionality can be either moved to
PacketListModel or was already included in PacketList
To implement loading a packet list, a lot of helper
methods are required. Those prototypes where split up
over two places and have been moved to packet_list_utils.h
to ensure a single place for lookup
USB 2.0/1.1/1.0 devices (or 3.x and newer when connected to hosts that
are not Super-Speed capable) operate at one of three speeds:
* Low-Speed (1.5 Mbps)
* Full-Speed (12 Mbps)
* High-Speed (480 Mbps)
Supporting speed specific linktypes allows speed specific dissection
without the need for user to manually set the speed.
After implementing RFC 7983, the STUN dissector will reject
DTLS and [S]RTP packets even in non-heuristic mode. Since
the dissector is more discriminating, it is safe to set
the conversation dissector after receiving any valid STUN
packet, not just specifically a TURN packet.
This makes dissection work better on some captures that have
some TURN ChannelData messages along with STUN packets in
the other direction, but lack the packets that set up the
TURN Channel. In turn, that allows the Decode As setting to
be configured for RTP, which has a weaker heuristic dissector
than STUN. Fix#18148.
Port make-sminmpec.pl to Python.
Now uses an explicit destination path,
instead of a hardcoded path relative to
the script's location on disk.
Ping #18152
conversation_dialog.h:24:15: warning: parameter 'cli_proto_id' not found in the function declaration [-Wdocumentation]
conversation_dialog.h:25:15: warning: parameter 'filter' not found in the function declaration [-Wdocumentation]
Remove unneeded row number in capture file. The packet list is
the only object that should know the correct number, propagating
it further only complicates things. At the same time, rework
cf_select_packet to select the packet based on frame_data not on
the row (which can be unreliable).
Remove duplicate functionality for jumping to packet and
remove unused function to move to the end. Furthermore
move the code for redraws of visible packets directly
into the calling code
Setting sorting enabled/disabled resorts the list. If this happens
too often, sometimes it can lead to the physical view models
not present anymore and therefore crashing.
Ping #18159
Port the script that creates init.lua to Python3. The generated init.lua
removes one newline and adds another, otherwise the output is identical
to the Perl version.
Ping #18152.
Port the script that creates taps_wslua.c and taps.txt to Python3. The
generated taps_wslua.c has one less newline, otherwise the output is
identical to the Perl version. Make the "taps" configuration file an
ConfigParser / .ini file.
Ping #18152.
The progress frame animation is so slow, that it might not show
up on certain setups. Reduce the initial speed and duration for
the animation, which also speeds up calculations as well as dissection
as less animation has to be rendered/calculated
This code adds more robust handling of smaller issues with PTP messages,
like a missing 2-step flag of a not quite correct implementation of
802.1AS and improves 1-step support.
Changes:
- Handle 1-step syncs in analysis.
- Handle missing 2-step flag on pDelay more robust and warn in analysis.
- Handle missing F'up TLV in 802.1AS Sync more robust and warn.
Reject the previous reserved and unassigned TURN channels and
STUN methods restricted by RFC 5764 and RFC 7983 to allow
multiplexing of STUN with DTLS-SRTP (and ZRTP) on the same
addresses and ports. (As an exception, allow the special MS
Multiplex TURN channel value.) Earlier versions of the specs
had these as unassigned (or did not support TURN Channels), and
no implementation has used them.
This prevents the STUN dissector from claiming RTP packets
going to the same port as set for STUN by Decode As, and should
allow us to set the STUN dissector as the dissector for a conversation
on UDP if we see any STUN message, not just a TURN message type.
- Declare a separate type for the IPv6 TLV MAC address, otherwise its
filter key is `ieee1905.ipv4_type.mac_addres` instead of the expected
`ieee1905.ipv6_type.mac_addres` one which is confusing
- Fix label for `hf_ieee1905_ipv6_type_count` to read "IPv6 address count"
instead of the wrong "IPv4 address count"
- Parse the IPv6 link local address which appears between the EUI-48 and
the IPv6 address count in IPv6 type TLVs, without that, valid IPv6 TLVs
are wrongly parsed and reported as malformed
Signed-off-by: Jo-Philipp Wich <jo@mein.io>