There was a warning that dynamic_hf[i].p_id is not checked for NULL and
that could mean a NULL Pointer dereference.
To make the code more robust and the compiler happy, this patch adds the
check for NULL.
Support all possible file formats that wiretap writes, using the
same "-F" flag that other CLI tools like editcap, mergecap, and tshark
support. Default is still pcap for now; a future commit will switch
to pcapng and remove the "-n" option, to match other CLI tools.
This relaxes the display filter syntax to accept byte arrays without
separators. An expression such as the following becomes valid:
quic.dcid == b1f0b7cbe0897974
Previously it had to be written as:
quic.dcid == b1:f0:b7:cb:e0:89:79:74
Partially fixes#17818.
Having some options use DISABLE_ and others ENABLE_ is inconsistent
and difficult to remember. Use ENABLE_ instead consistently.
Frame-larger-than remains an exception.
Wireshark crashes when missing an UAT column due to a read access
violation. This was introduced by the code to add better compatibility
to UAT changes.
See "UAT: Allow missing fields."
This codes add a check, if the defaults are NULL before accessing them.
The descriptor contains a registered MPEG TS Identifier. Which full des-
cription may be found at https://smpte-ra.org/registered-mpeg-ts-ids.
I added displaying of a readable MPEG TS identifier and an organization
name.
Instead of just assuming CAN-IDs > 0x7ff are extended, the new code
checks the EFF_FLAG of the CAN-ID of the Signal_PDU_Binding_CAN and
AUTOSAR_IPDUM_Binding_CAN. This affects registering CAN-IDs with the CAN
dissector as well as config lookups.
This patch changes the config format of Signal_PDU_Binding_CAN and
AUTOSAR_IPDUM_Binding_CAN. CAN-IDs need to include the EFF-Flag now!
Disable QAbstractItemView's alternatingRowColors in places where we have
that set. One of Wireshark's most heavily used features is packet
colorization; we use color in packet list and detail rows to convey
information. Simple alternating color rows doesn't do that, and as my
blatant appeal to authority^W^W^W^W^WEdward Tufte points out, "Strips
are merely bureaucratic or designer chartjunk; good typography can
always organize a table, no stripes needed."
https://www.edwardtufte.com/bboard/q-and-a-fetch-msg?msg_id=0001IV
- CISCO-DYNAMIC-ROUTE
Indicates support for IKEv2 Dynamic Routing
- CISCO-VPN-REV-02
Not so sure about this one. Presumably indicates to peers internal
differences in the IKE implementation which can influence subsequent
configuration of the security associations.
Require date/time separators when entering a time value, e,g:
2014-07-04 12:34:56.789+00:00
Separators in the timezone offset are an exception, they are
never mandatory.
This excludes ISO basic format to avoid inputs that could
be entirely numbers indistinguishable from Epoch time, in case
we want to support that in the future.
Add support in text2pcap for the regex mode added to "Import from
Hex Dump" in 3.6.0 The input and output indicators cannot (yet?)
be configured, and are set to the default of allowing any of "iI<"
for inbound and "oO>" for outbound. This reaches feature parity
between text2pcap and Import from Hex Dump, fixes#16724.
(There might be some more cleanups to do, including docs.)
Protocol parses some fields. As a result, the parsed result is inconsistent with the description in the protocol.
Register different fields in the BICC protocol and parse them separately.
The details are as follows:
1. Split the following fields in the ISUP protocol:
Continuity Indicator(isup.continuity_check_indicator)
End-to-end method indicator(isup.forw_call_end_to_end_method_indicator)
End-to-end method indicator(isup.backw_call_end_to_end_method_indicator)
End-to-end information indicator(isup.backw_call_end_to_end_information_indicator)
BICC indicator(isup.backw_call_isdn_user_part_indicator)
SCCP method indicator(isup.backw_call_sccp_method_indicator)
End-to-end information indicator(isup.forw_call_end_to_end_information_indicator)
BICC indicator(isup.forw_call_isdn_user_part_indicator)
BICC preference indicator(isup.forw_call_preferences_indicator)
SCCP method indicator(isup.forw_call_sccp_method_indicator)
2. Register the following fields in the BICC protocol again.
Continuity Check Indicator(bicc.continuity_check_indicator)
End-to-end method indicator(bicc.forw_call_end_to_end_method_indicator)
End-to-end method indicator(bicc.backw_call_end_to_end_method_indicator)
End-to-end information indicator(bicc.backw_call_end_to_end_information_indicator)
ISDN user part indicator(bicc.backw_call_isdn_user_part_indicator)
SCCP method indicator(bicc.backw_call_sccp_method_indicator)
End-to-end information indicator(bicc.forw_call_end_to_end_information_indicator)
ISDN user part indicator(bicc.forw_call_isdn_user_part_indicator)
ISDN user part preference indicator(bicc.forw_call_preferences_indicator)
SCCP method indicator(bicc.forw_call_sccp_method_indicator)
Add information about the different kind of comparisons with
multiple fields to the wireshark-filter man page.
Add some minimal information to the user guide. It would be
nice to have a section dedicated to this with some examples.
Dr. Lars Völker