Although c-ares support was techically optional, it was either on by
default or required in all of our packaging. Go ahead and require it
globally. C-ares is widely available and synchronous name resolution can
easily result in a horrific user experience.
Change-Id: Id67c797316ed6b8a0ab5052e55a43a1b9e2a2464
Reviewed-on: https://code.wireshark.org/review/35188
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Change improves Wireshark ability to save rtp streams. It allows a user
to save any supported codec with 8 kHz rate. In real, it means G.711 and
G.729 for now.
There is no hardcoded codec limitation during save anymore. If code detects
unsupported codec or rate during save, it replaces samples with silence and
reports it. Therefore any added codec in future will be supported.
Note to RTP saving:
RTP streams (there can be up to two of them for save) can contain multiple
codecs in each direction - some of it can be supported and some
unsupported. What should be exported then?
Till my patch save do not run and a user received nothing even part of stream
was OK/encoded with supported codec.
Therefore I managed the code to start with export and do its best.
Unknown codec/part is replaced with silence and user is warned after
export. Therefore a user will get:
a) audio - when all codecs are supported (no warning)
b) mix audio/silence - when some codecs are supported (warning)
c) only silence - when no codec is supported (warning)
BTW same output user sees/gets in RTP player for years.
Change-Id: Id938d419f5841af46d2d2d3ddfaf1ec9a0235bcc
Reviewed-on: https://code.wireshark.org/review/35105
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Update the new protocol list and clarify our Qt versions.
Change-Id: If4d5e591b4419cc3171616825201375fdc5401aa
Reviewed-on: https://code.wireshark.org/review/35165
Reviewed-by: Gerald Combs <gerald@wireshark.org>
They no longer reside to the right of the display filter toolbar, but
have been moved to Analyze->Display Filter Expressions... as well as
the context menu of the display filter edit
Change-Id: I5afb87a483838204be33f5b8b965643c2c95e306
Reviewed-on: https://code.wireshark.org/review/35151
Reviewed-by: Roland Knall <rknall@gmail.com>
Add support for automatic updates using the Sparkle framework. Add
FindSparkle.cmake and associated CMake plumbing. Add a public key and
other info to Info.plist.in. Add ui/macosx/sparkle_bridge.{h,m}, which
wraps the Sparkle API. Make code that's specific to WinSparkle
Windows-only.
Add Sparkle installation steps to the macos-setup scripts. Sparkle
prints a warning if your bundle is unsigned (which is the case during
development) so disable installing it by default.
Updating here takes a long time. We might be able to fix that by
shipping our DSYMs separately.
Change-Id: I6cc6671db5657dadc514bda6bf6e1c8bbc9468a5
Reviewed-on: https://code.wireshark.org/review/35090
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Allow the storage of extcap plugins in the personal directory and
enable loading from there. It will also take precedence of any
system-wide extcaps with an identical name
Change-Id: Ib88e09a26c4f99cf5e793327f2808c7445c6b1b5
Reviewed-on: https://code.wireshark.org/review/34988
Reviewed-by: Roland Knall <rknall@gmail.com>
Buttons can be left-aligned in the display filter edit bar, by selecting
the corresponding option from the context menu
Bug: 14123
Change-Id: I18b48bb0ea43a598b2e309dcad9210463be06414
Reviewed-on: https://code.wireshark.org/review/34980
Reviewed-by: Roland Knall <rknall@gmail.com>
Add a graph for the currently display filter if none exists, upon
opening IOGraph
Change-Id: Ic25b014484898dd1917b13f2616fd519e2e8183b
Reviewed-on: https://code.wireshark.org/review/34984
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
If working in streaming RPC mode, many grpc messages will be
contained in one http2 stream, the stream will end very late
(for example ETCD watch stream).
So we could not rely on old http2 reassembly mode which call
sub-dissector only END_STREAM appeared. We need a reassembly
mode that call subdissector which support streaming mode as
soon as the message in STREAM is available.
Please refer to comments of
reassemble_http2_data_according_to_subdissector() function
of epan/dissectors/packet-http2.c for more detail.
See the linked bug for streaming mode gRPC capture files.
Ping-Bug: 16160
Change-Id: Id9e5337a0e3ca9f8c8119d74d2c1fe4cc263afc3
Reviewed-on: https://code.wireshark.org/review/23988
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The recent macOS installer changes were backported to master-3.0, so
they're no longer new in master.
Change-Id: I357e0f8facbc2266c3780bcf8d696b5c2b00602d
Reviewed-on: https://code.wireshark.org/review/34745
Reviewed-by: Gerald Combs <gerald@wireshark.org>
1. A C-style Protocol Buffers Language (PBL) parser for *.proto file is added.
It contains protobuf_lang_scanner.l (lex scanner), epan/protobuf_lang.y (grammar
parser), and protobuf_lang_tree.h/c (grammar tree implementation).
2. The protobuf-helper.h/cpp is an interface wrapper layer. If one day C++ is allowed,
we can create a protobuf-helper.cpp file, which using offical protobuf C++
library, to replace protobuf-helper.c. That keeps packet-protobuf.c unchanged.
3. User can specify protobuf search paths, and the UDP ports to protobuf message type
maps at the Protobuf protocol preferences.
4. Other dissectors can pass the message type to Protobuf dissector by data parameter
or pinfo->private_table["pb_msg_type"] (pinfo.private["pb_msg_type"] in lua).
Some Sample of GRPC with Protobuf captures can be found in Bug: 13932.
Bug: 13932
Change-Id: Ife16c2f7b381296f8db4740dabe5f8362a456f48
Reviewed-on: https://code.wireshark.org/review/22892
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The Scalable service-Oriented MiddlewarE over IP (SOME/IP) is the
standard communication middleware for IP and Ethernet based
communication. It supports Service Discovery, RPC, Pub/Sub, and more.
Bug: 16014
Change-Id: Ifd6549818ccc87f376a5fb9ba1d6c335818c6e00
Signed-off-by: Dr. Lars Völker <lars.voelker@bmw.de>
Reviewed-on: https://code.wireshark.org/review/34497
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Create ChmodBPF installer and uninstaller packages using pkgbuild and
productbuild. Place them in Wireshark.app/Resources/Extras.
Add a path_helper installer and uninstaller which respectively add and
remove /etc/*paths.d/Wireshark.
Remove the PackageMaker and utility-launcher assets and build targets.
Show a message in the main welcome screen if we don't have capture
permissions. Add an link which launches the ChmodBPF installer.
Add a "macOS Extras" item to About → Folders.
Migrate "Read me first" from RTF to Asciidoctor, which lets us add links
and looks like our other documentation.
Rename dmg_set_style.scpt to arrange_dmg.applescript and make it plain
text. Always run it in osx-dmg.sh.
Bug: 6991
Bug: 12593
Bug: 11399
Ping-Bug: 16074
Change-Id: I7b6aa89aae2be522b4141b0d44e8142dec749e90
Reviewed-on: https://code.wireshark.org/review/31047
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Update some of the packet list and detail context menu items.
Add a release note entry noting the new Apply/Prepare behavior and
update some other items.
Change-Id: I3c2336a3f438f2d97bdb4df764e2af78a3499d81
Reviewed-on: https://code.wireshark.org/review/34543
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The Diagnostic Log and Trace protocol (DLT) is a commonly used and
standardized protocol in the automotive industry used to retrieve
log data. This patch adds the protocol to Wireshark. Keep in mind
that ports have to be configured before the dissector can be used.
Change-Id: I24592705476fb0c3bb83a1cc10b3dae8867523f4
Signed-off-by: Dr. Lars Völker <lars.voelker@bmw.de>
Reviewed-on: https://code.wireshark.org/review/34462
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Allow a selection of the list based on the protocol type. That way
one can easily enable/disable for instance just heuristic protocols
Change-Id: I1ee8df5d9887c764272ec55b33703855c0c91f5a
Reviewed-on: https://code.wireshark.org/review/34442
Reviewed-by: Roland Knall <rknall@gmail.com>
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The Linux kernel includes a module called drop monitor which -
unsurprisingly - monitors packet drops.
Once enabled, the module will periodically send netlink notifications to
user space over generic netlink. Historically, these notifications only
included the program counter where the drop occurred and the number of
packets that were dropped in this location in the last interval.
Patches in net-next (queued for Linux kernel 5.4) extend drop monitor
with another mode of operation where the dropped packets themselves are
sent to user space along with relevant metadata as netlink
notifications. This allows users to perform a more detailed analysis of
the dropped packets.
This patch adds a dissector for these netlink packets. The dissector is
expected to be invoked by the generic netlink dissector and during its
hand off routine it adds an entry in the 'genl.family' dissector table.
The various netlink attributes are dissected by calling
dissect_netlink_attributes(), in a similar fashion to the rtnetlink
dissector. The dropped packet itself is encoded in the netlink attribute
'NET_DM_ATTR_PAYLOAD' and dissected by invoking a dissector from the
'sll.ltype' dissector table based on the packet's protocol which is
encoded in the 'NET_DM_ATTR_PROTO' attribute.
Bug: 16018
Change-Id: I10bfa4b9c9d8f5e82769c250f929f74693142a23
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Reviewed-on: https://code.wireshark.org/review/34351
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Also, put the search field on top, as this is the default for search
fields and apply the change of enable/disable and invert-all only to
the selected items, instead of all items.
Bug: 16013
Change-Id: If4ef1c5ce63eef6fa72db679cdcbf52dcb0e8fb6
Reviewed-on: https://code.wireshark.org/review/34393
Reviewed-by: Roland Knall <rknall@gmail.com>
This protocol is a non-standard, ad-hoc protocol to pass baseband GSM
bursts between the modem (osmo-trx) and the encoder / decoder
(osmo-bts-trx). Osmocom inherited this when forking OsmoTRX off the
OpenBTS "Transceiver" program.
Change-Id: I31f5071d08eff1731f1d602886e204c87eed107c
Related: OS#4081 (https://osmocom.org/issues/4081)
Bug: 14814
Reviewed-on: https://code.wireshark.org/review/26796
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Add an item about marking packets using the middle mouse button to the
release notes.
Update the "Marking Packets" section of the User's Guide accordingly.
Use "menu:...[]" to mark up menu items in a bunch of places. It looks
like we need to a add a "guimenu" class to ws.css.
Change-Id: Ide99112f7643e509d8af8a4aa6ddb4287f3585cf
Reviewed-on: https://code.wireshark.org/review/34182
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
To allow for easy import of profiles, one can select a directory
to import profiles from
Change-Id: I12f66e3dc6bd272d34baa76093152dce412b0158
Reviewed-on: https://code.wireshark.org/review/34038
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Remove some dead links or point them to archive.org while at it. All
updated links have been verified.
Change-Id: Icf02167a13d5fe9dfce39ea57525b3f185554c9d
Reviewed-on: https://code.wireshark.org/review/34028
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This change adds a basic dissector for the Network Controller Sideband
Interface (NCSI), as described by DMTF specification DSP0222.
Change-Id: I4e98361bfb7315c524f9c90db38507892adeeebe
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Reviewed-on: https://code.wireshark.org/review/33818
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This new tap collects credentials (username and paassword)
from the dissectors.
So far, few dissectors have been instrumented:
- http (basic auth)
- http (header auth)
- ftp
Others can be instrumented as well using the same technique.
Tshark has a new option (-z credentials) and Wireshark a new
"tools" menu: the documentation has been updated accordingly.
Change-Id: I2d0d96598c85bb3ea4fb5ec090dd8dc28b481fc9
Reviewed-on: https://code.wireshark.org/review/33453
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Move plus-8.png to stock_icons/8x8 and rename it list-add.template.png
which conforms to the Freedesktop icon naming specifications and makes
it a template icon.
Update our style sheet when we recive a QEvent::PaletteChange.
Ping-Bug: 15511
Change-Id: I4b8ddcb4eb64f11faec21d5df4a3fd7fdc5cf488
Reviewed-on: https://code.wireshark.org/review/33626
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Initial go at adding the CableLabs Dual Channel Wi-Fi dissector.
Changes:
. New dissector for CableLabs Layer-3 Protocol ("CL3") IEEE EtherType 0xB4E3
. New dissector for Dual Channel Wi-Fi (Subprotocol of CL3)
. Defined EtherType macro for CL3 + description
Bug: 15818
Change-Id: I6edf99d40883c1890659185cc3f0524a2218a6c4
Reviewed-on: https://code.wireshark.org/review/33440
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add dissection for Graylog Extended Log Format (GELF) over UDP.
Bug: 15776
Change-Id: Ie976a1dee8d3441532f209061aef5c804219f289
Reviewed-on: https://code.wireshark.org/review/33184
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This patch adds support of NVMe/TCP (NVM Express over Fabrics for TCP).
to wireshark.
NVM Express is high speed interface for accessing solid state drives.
NVM Express specifications are maintained by NVM Express industry
association at https://nvmexpress.org/.
NVMe/TCP is the TCP transport binding specification
which recently ratified (Technical Proposal 8000) and is a part
of NVMe-oF spec version 1.1.
Reference can be found here:
https://lwn.net/Articles/772556/
and protocol specification:
https://nvmexpress.org/welcome-nvme-tcp-to-the-nvme-of-family-of-transports/
Supported commands are
*) NVMe/TCP ICREQ, ICRESP.
*) NVMe Fabrics commands
*) NVMe commands that are supported by packet-nvme dissector.
Testing is done with Linux 5.0 nvme-tcp host and target drivers.
H2C and C2H termination PDU`s are not supported as Linux NVMe/TCP driver
does not support them as well in kernel 5.0
Bug: 15735
Change-Id: I63ae7aa2a42ff843b9832110830fd345f30d9170
Reviewed-on: https://code.wireshark.org/review/32640
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This protocol is spoken between the BSC (Base Station Controller) and
the CBC (Cell Broadcast Centre). It runs over TCP Port 48049 and is
specified in 3GPP TS 48.049.
Change-Id: I183e4741e2db5b9cc4dfe2b89f7920a32af67971
Reviewed-on: https://code.wireshark.org/review/29745
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I8443379d23a2946dd21c12e5e0bd5464ab73ca25
Reviewed-on: https://code.wireshark.org/review/31857
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
evolved Common Public Radio Interface (eCPRI) is a protocol, which will
be used in fronthaul transport network. It will be included in standard
ethernet frames and UDP frames.
There are 8 Message Types to decode with eCPRI Specification V1.2.
Bug: 15510
Change-Id: I2bb74c1e95e89f0b812492509a05395d6b86eb54
Reviewed-on: https://code.wireshark.org/review/32004
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
As noted in "AsciiDoc Recommended Practices" at
https://asciidoctor.org/docs/asciidoc-recommended-practices/, the
AsciiDoc/Asciidoctor community seems to have settled on ".adoc" as a
file extension and that's the one preferred by the Asciidoctor project.
Update our filenames to match.
Change-Id: I2d352623d42d65d950b64310c3655b0fd177ee8c
Reviewed-on: https://code.wireshark.org/review/32037
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>