osmocom
/
wireshark
14
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

Release notes enhancements and fixups

This commit is contained in:
João Valverde 2023-08-20 12:57:40 +01:00
parent 268a9e243c
commit c97982881f
1 changed files with 82 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
docbook/release-notes.adoc
View File

@ -29,42 +29,22 @@ A new display filter feature for filtering raw bytes has been added.
Display filter autocomplete is smarter about not suggesting invalid syntax.
menu:Tools[Lua Scripts,Launch with SSLKEYLOGFILE] can launch your web browser with the SSLKEYLOGFILE environment variable set to the appropriate value.
New GUI dialog (under Tools menu) to lookup a MAC address in the IEEE OUI registry.
The personal extcap plugin folder location on Unix has been changed to
follow existing conventions for architecture-dependent files.
The extcap personal folder is now ``$HOME/.local/lib/wireshark/extcap``.
Previously it was ``$XDG_CONFIG_HOME/wireshark/extcap``.
Some external text files have been compiled in for improved start-up times.
The installation target no longer installs development headers by default.
That must be done explicitly using ``cmake --install <builddir> --component Development``.
The Wireshark installation is relocatable on Linux (and other ELF platforms
with support for relative RPATHs).
Support for building an NSIS Windows installer using the MinGW-w64 toolchain
and https://www.msys2.org/[MSYS2]. Read README.msys2 in the distribution for more information.
Wireshark can be compiled on Windows using https://www.msys2.org/[MSYS2].
Check the Developer's guide for instructions.
When changing the dissector via the Decode As table for values that
have default dissectors registered, selecting "(none)" will select
no dissection (while still allowing heuristic dissectors to attempt to
dissect.) The previous behavior was to reset the dissector to the default.
To facilitate resetting the dissector, the default dissector is now sorted
at the top of the list of possible dissector options.
Support for building a Windows installer using Linux cross-compilation.
Check the Developer's guide for instructions.
Packet list sorting has been updated:
* When sorting packet list with a filter applied, only the visible packets are
sorted, which greatly increases sorting speed.
* The cache size for column text is limited to a default of 10000 rows,
which limits the maximum memory usage. The maximum value can be changed in
Preferences->Appearance->Layout
* Due to the above, columns that require packet dissection can only be sorted
if the number of visible rows is less than the cache size. If there are
more rows visible, a warning will appear. Columns that do not require packet
dissection (those that calculated directly from the capture file frame
headers, such as packet number, time, and frame length) can be sorted with
any number of visible rows.
* Sorting can be interrupted.
Packet list sorting has been updated.
Many other improvements have been made.
See the “New and Updated Features” section below for more details.
@ -97,18 +77,18 @@ The following features are new (or have been significantly updated) since versio
* Wireshark now builds with Qt6 by default. To use Qt5 instead pass USE_qt6=OFF to CMake.
* ciscodump support Cisco IOS XE 17.x
* ciscodump support for Cisco IOS XE 17.x
* The default interval between GUI updates when capturing has been decreased
from 500ms to 100ms, and is now configurable.
from 500ms to 100ms, and is now configurable.
* The *-n* option also now disables IP address geolocation information lookup
in configured MaxMind databases (and geolocation lookup can be enabled with
*-Ng*.) This is most relevant for tshark, where geolocation lookups are
synchronous.
in configured MaxMind databases (and geolocation lookup can be enabled with
*-Ng*.) This is most relevant for tshark, where geolocation lookups are
synchronous.
* Implement built-in dissector for FiRa UWB Controller Interface (UCI) protocol.
Recognizes PCAP traces with the link type LINKTYPE_FIRA_UCI=299.
Recognizes PCAP traces with the link type LINKTYPE_FIRA_UCI=299.
* The reassemble_streaming_data_and_call_subdissector() API has been added to provide a simpler way to
reassemble the streaming data of a high level protocol that is not on top of TCP.
@ -117,20 +97,29 @@ Recognizes PCAP traces with the link type LINKTYPE_FIRA_UCI=299.
of "most recently created".
* Display filter syntax-related changes:
** It is now possible to filter on raw packet data for any field by using the syntax ``@some.field == <bytes...>``.
This can be useful to filter on malformed UTF-8 strings, among other use cases where it is necessary to
look at the field's raw data.
** Negation (unary minus) now works with any display filter arithmetic expression.
** Using the slice operator with strings produces a string. Previously it
would produce a byte array. This is useful to index/slice UTF-8 multibyte strings.
String byte slices can still be obtained using the "@" (raw operator) prefix.
** Arithmetic expressions are allowed as set elements.
** Absolute date and time values can be written as Unix time.
** The limitation where a minus sign needed to be preceded by a space character
has been removed.
** Added XOR logical operator.
** Fixed the implementation of `all ... in` membership operator
(https://gitlab.com/wireshark/wireshark/-/issues/19188[#19188]).
** The deprecated ~≃ operator symbol has been removed. It was replaced by !== in version 4.0.
* Running the test suite requires the https://pypi.org/project/pytest/[pytest]
@ -138,29 +127,29 @@ Recognizes PCAP traces with the link type LINKTYPE_FIRA_UCI=299.
installed has been removed.
* When saving files or exporting packets after changing their time with the
"Time Shift" dialog, the shifted time is written to the new file.
"Time Shift" dialog, the shifted time is written to the new file.
* TLS secrets used in decrypting packets can be embedded (or discarded) from
the capture file via the GUI, similar to the options --inject-secrets and
--discard-all-secrets in editcap.
* The text of any configured column (displayed or hidden) can be filtered
anywhere that filters are used - in display filters, filters in taps, coloring
rules, Wireshark read filters, and the -Y, -R, and -e options to tshark,
the "Apply as Filter" GUI option, etc.
** The filter field names are prefixed by "_ws.col", followed by a lowercase
version of the COL_ name found in epan/column-utils.h, e.g. "_ws.col.info"
or "_ws.col.protocol"
** Using the column names as a filter is slower than other filter types
because the columns must be constructed, so when the same filtering
can be achieved via other fields, prefer that.
anywhere that filters are used - in display filters, filters in taps, coloring
rules, Wireshark read filters, and the -Y, -R, and -e options to tshark,
the "Apply as Filter" GUI option, etc.
** The filter field names are prefixed by "_ws.col", followed by a lowercase
version of the COL_ name found in epan/column-utils.h, e.g. "_ws.col.info"
or "_ws.col.protocol"
** Using the column names as a filter is slower than other filter types
because the columns must be constructed, so when the same filtering
can be achieved via other fields, prefer that.
* The external name resolution text files "manuf", "enterprises" and "services"
have been removed and replaced with static binary data. You can dump the
respective internal data using `tshark -G manuf|enterprises|services`.
* New GUI dialog (under Tools menu) to lookup a MAC address in the IEEE OUI registry.
* The Windows build has a new SpeexDSP external dependency (https://www.speex.org).
The speex code that was previously bundled has been removed.
@ -170,6 +159,41 @@ can be achieved via other fields, prefer that.
* Wireshark now shows byte units in the statistics in the user-selected language
(uses the system default language by default).
* Packet list sorting updates include:
** When sorting packet list with a filter applied, only the visible packets are
sorted, which greatly increases sorting speed.
** The cache size for column text is limited to a default of 10000 rows,
which limits the maximum memory usage. The maximum value can be changed in
Preferences->Appearance->Layout
** Due to the above, columns that require packet dissection can only be sorted
if the number of visible rows is less than the cache size. If there are
more rows visible, a warning will appear. Columns that do not require packet
dissection (those that calculated directly from the capture file frame
headers, such as packet number, time, and frame length) can be sorted with
any number of visible rows.
** Sorting can be interrupted.
* When changing the dissector via the Decode As table for values that
have default dissectors registered, selecting "(none)" will select
no dissection (while still allowing heuristic dissectors to attempt to
dissect.) The previous behavior was to reset the dissector to the default.
To facilitate resetting the dissector, the default dissector is now sorted
at the top of the list of possible dissector options.
* menu:Tools[Lua Scripts,Launch with SSLKEYLOGFILE] can launch your web browser
with the SSLKEYLOGFILE environment variable set to the appropriate value.
* The personal extcap plugin folder location on Unix has been changed to
follow existing conventions for architecture-dependent files.
The extcap personal folder is now ``$HOME/.local/lib/wireshark/extcap``.
Previously it was ``$XDG_CONFIG_HOME/wireshark/extcap``.
* Installation of development header must be done explicitly using the CMake
command ``cmake --install <builddir> --component Development``.
=== Removed Features and Support
@ -233,29 +257,29 @@ Fortinet FortiGate Cluster Protocol (FGCP)
=== Updated Protocol Support
* The JSON dissector now has a preference to enable/disable "unescaping"
* JSON: The dissector now has a preference to enable/disable "unescaping"
of string values. By default it is off. Previously it was always on.
* The JSON dissector now supports "Display JSON in raw form".
* JSON: The dissector now supports "Display JSON in raw form".
* The IPv6 dissector has a new preference to show some semantic details
* IPv6: The dissector has a new preference to show some semantic details
about addresses (default off).
* The IPv6 dissector now supports dissecting
* IPv6: The dissector now supports dissecting
https://www.ipv6plus.net/Phase3/apn6/[
Application-aware IPv6 Networking (APN6) option]
in the Hop-by-Hop Options Header (HBH) and Destination Options Header (DOH).
This feature supports to dissect all three types of APN ID,
which are 32-bit, 64-bit and 128-bit in length.
* The XML dissector now supports display character according to the "encoding"
* XML: The dissector now supports display character according to the "encoding"
attribute of the XML declaration, and has a new preference to set default
character encoding for some XML document without "encoding" attribute.
* The SIP dissector now has a new preference to set default charset for
* SIP: The dissector now has a new preference to set default charset for
displaying the body of SIP messages in raw text view.
* The HTTP dissector now supports dissecting chunked data in streaming reassembly
* HTTP: The dissector now supports dissecting chunked data in streaming reassembly
mode. Subdissectors of HTTP can register itself in "streaming_content_type"
subdissector table for enabling streaming reassembly mode while transferring in
chunked encoding. This feature ensures the server stream messages of GRPC-Web
@ -265,20 +289,20 @@ Fortinet FortiGate Cluster Protocol (FGCP)
as case-insensitive automatically, per RFC 6838. Media types no longer need
to be lower cased before registering or looking up in the table.
* The CFM dissector has been overhauled and updated to the level of IEEE std
* CFM: The dissector has been overhauled and updated to the level of IEEE std
802.1Q-2022 and ITU-T Rec. G.8013/Y.1371 (08/2015). This includes dissection
of additional PDU types and TLVs as well as deeper dissection of existing PDUs
and TLVs.
Too many other protocols have been updated to list them all here.
Too many other protocol updates have been made to list them all here.
=== New and Updated Capture File Support
//=== New and Updated Capture File Support
// There is no new or updated capture file support in this release.
// Add one file type per line between the -- delimiters.
[commaize]
--
--
//[commaize]
//--
//--
// === New and Updated Capture Interfaces support