PacketListRecords should only report themselves as colorized when
colorized with the latest version of the coloring rules. Otherwise,
ensureRowColorized will not recolorize rows when the rules have changed.
This makes the minimap/intelligent scrollbar correctly update
colors in the background when the rules have changed. (Rows that
were being displayed were being updated, because the columnStrings
were invalidated at the same time, and when fetching the columnStrings
the colors would be updated if the rules had changed.)
Fix#17621
You're Not Supposed To Do That, as per RFC 8446 section 4.1.2 "Client
Hello".
Also do the equivalent check for DTLS, as RFC 9147 Section 5.3 "Client
Hello" says You're Not Supposed To Do The Equivalent. We don't yet
handle DTLS 1.3, but if we ever do....
Fixes#18851.
While we're at it, improve two comments to clarify what
ssl_dissect_hnd_hello_common() does (and to fix one place where the old
comment was incorrect).
Increase the proto item size so that the ethertype is selected as part
of the cisco-metadata protocol.
Signed-off-by: Gabriel Ganne <gabriel.ganne@gmail.com>
The location of the next line should be based off one row larger
than the current row.
This fixes an issue where all the lines drawn in the intelligent
scrollbar are off by one - the color intended to be drawn for
the first packet never appears, the first packet corresponds to
the line for the second packet, etc., and there is a line at
the bottom that can never be colored in.
Fix#18850
We want to do more sophisticated processing of UTF-8 in wmem and
for that we want to use the unicode utility functions in wsutil.
We also want to use wmem scoped memory in wsutil unicode utility
functions.
This introduces a circular dependency. Fix that by making both
the same library and removing the sanitary cordon separating
them.
We still need to be mindful of public header depencies of wmem on
wsutil because wmem.h is included in wireshark.h and we want to
be parsimonious with the use of global includes.
Add `pkgutil --forget org.wireshark.ChmodBPF.pkg` to the "Uninstall
ChmodBPF" postinstall script. The `pkgutil` man page says
--forget package-id
Discard all receipt data about package-id, but do not touch the
installed files. DO NOT use this command from an installer package
script to fix broken package design.
but Homebrew's Wireshark cask does this, and it should help to work
around issue #18734.
Add `pkgutil --forget org.wireshark.path_helper.pkg` to the "Remove
Wireshark from the system path" postinstall script.
epan_dissect_run_* and epan_dissect_reset unreference the packet
block that is part of the record, which frees it if the ref count
drops to zero. However, tshark needs the block later to, e.g.,
copy the options. process_cap_file_[single|second]_pass still
unreference and free the block with wtap_rec_reset() at the end
of each packet loop.
Fix#18693
WTAP_ENCAP_UNKNOWN is used for two different cases:
1. Encapsulation type values that are unsupported by libwiretap or
bogus values (and thus "unknown" to libwiretap).
2. An initial state where the encapsulation type is "not yet" known
for a file type like pcapng without a single encapsulation type in the
header, before any packets or interfaces that set the encapsulation type
have been read. (If the file has no packets, this may be the value after
the file is entirely read in.) This can be the value when an output file
is written out simultaneously with reading an input file, rather than
reading the entire input file first, and, e.g., there is a custom block
before any IDBs.
The first case can never be handled when writing out a file, but the
second case can possibly be handled, so long as (for pcapng) IDBs
are available to write when they become necessary, or (for file
types like pcap with a single link-layer type in the header) the
writer waits until a link-layer type is seen to create the output
header. (It is possible, of course, that writing would fail in the
middle if an unsupported encapsulation type appears, or if the
encapsulation becomes per-packet for file types that don't support that,
but that is an unavoidable risk when writing without reading the entire
input file(s).)
Introduce WTAP_ENCAP_NONE for the second case, and use it for pcapng,
where we guarantee that any necessary IDBs will be passed along.
Continue to use WTAP_ENCAP_UNKNOWN for the first case.
Allow pcapng files to open a file for writing with WTAP_ENCAP_NONE.
There are some other file types that support per-packet link-types,
and could also use WTAP_ENCAP_NONE, but they require more work to
generate IDBs. (Note that all of them currently are impossible to
write to pcapng when they have multiple encapsulations, even if
the encapsulations are all supported by pcapng, because they don't
properly generate IDBs.)
Remove the workaround in ef43fd48b4
for tshark writing to pcapng when the source file is WTAP_ENCAP_UNKNOWN,
since now such files will be WTAP_ENCAP_NONE and work properly (and
also work in editcap, mergcap, etc.)
Along with 8cddc32d35, fix#18449.
Add strings with proto_tree_add_item instead of tvb_memcpy,
appending a null, and a proto_tree_add_string so that the
strings are validated for encoding, trailing nulls, etc.
Fix#18847
Pass a prefix to `codesign` so that our signature identifier is
"org.wireshark.foo" instead of "foo" for our command line utilities,
libraries, and ChmodBPF.
Add the ability to cancel sorting. Since we now parse user inputs
during the sort, test and set the capture file read lock. Try to
sort in PacketList::captureFileReadFinished, since now sorting during
thawing won't happen if it's in the middle of a rescan.
Fix#17640
In certain situations using __MINGW64__ is not correct.
We want to have the condition apply using MinGW-w64 but also
using MSYS2, which the __MINGW64__ condition alone does not
capture.
Add a HAVE_MSYSTEM C define and use it where appropriate.
Forcing the use of a dedicated header to replace pcap.h is
unnecessary code and mental overhead in this case. We can
use config.h instead for the same purpose of defining a
macro symbol before including pcap.h.
g_utf_8_make_valid() replaces embedded NULs with unicode
replacement characters and this behaviour does not match
the pcapng spec; the first NULL should terminate the string
instead.
Use ws_utf8_make_valid() which provides the correct behaviour.
Tweak the script used for creating a new skeleton dissector, to allow it
to create the dissector in `plugins/epan/PROTOSHORTNAME` instead of in
`epan/dissectors`. Handles modifying the appropriate CMake file in the
appropriate way, and generates the plugin's `CMakeLists.txt` if needed.
Do not modify global data pointer when redissecting packets. This fixes
transient incorrect packet sequence errors when user navigates packet
list when live capture is in progress.
The packet loss column has been sorting on a private variable
that is never set(?!) and also is unsigned whereas the actual
lost number is signed. Get the calculated packet loss number
and sort by that. (Should this be sorting by the total number or
the percentage, since the column displays both? Total number is
first so let's use that.)
This should probably be some kind of Model/View instead.
Fix#16785.