Release notes enhancements and fixups
This commit is contained in:
parent
268a9e243c
commit
c97982881f
|
@ -29,42 +29,22 @@ A new display filter feature for filtering raw bytes has been added.
|
|||
|
||||
Display filter autocomplete is smarter about not suggesting invalid syntax.
|
||||
|
||||
menu:Tools[Lua Scripts,Launch with SSLKEYLOGFILE] can launch your web browser with the SSLKEYLOGFILE environment variable set to the appropriate value.
|
||||
New GUI dialog (under Tools menu) to lookup a MAC address in the IEEE OUI registry.
|
||||
|
||||
The personal extcap plugin folder location on Unix has been changed to
|
||||
follow existing conventions for architecture-dependent files.
|
||||
The extcap personal folder is now ``$HOME/.local/lib/wireshark/extcap``.
|
||||
Previously it was ``$XDG_CONFIG_HOME/wireshark/extcap``.
|
||||
Some external text files have been compiled in for improved start-up times.
|
||||
|
||||
The installation target no longer installs development headers by default.
|
||||
That must be done explicitly using ``cmake --install <builddir> --component Development``.
|
||||
|
||||
The Wireshark installation is relocatable on Linux (and other ELF platforms
|
||||
with support for relative RPATHs).
|
||||
|
||||
Support for building an NSIS Windows installer using the MinGW-w64 toolchain
|
||||
and https://www.msys2.org/[MSYS2]. Read README.msys2 in the distribution for more information.
|
||||
Wireshark can be compiled on Windows using https://www.msys2.org/[MSYS2].
|
||||
Check the Developer's guide for instructions.
|
||||
|
||||
When changing the dissector via the Decode As table for values that
|
||||
have default dissectors registered, selecting "(none)" will select
|
||||
no dissection (while still allowing heuristic dissectors to attempt to
|
||||
dissect.) The previous behavior was to reset the dissector to the default.
|
||||
To facilitate resetting the dissector, the default dissector is now sorted
|
||||
at the top of the list of possible dissector options.
|
||||
Support for building a Windows installer using Linux cross-compilation.
|
||||
Check the Developer's guide for instructions.
|
||||
|
||||
Packet list sorting has been updated:
|
||||
* When sorting packet list with a filter applied, only the visible packets are
|
||||
sorted, which greatly increases sorting speed.
|
||||
* The cache size for column text is limited to a default of 10000 rows,
|
||||
which limits the maximum memory usage. The maximum value can be changed in
|
||||
Preferences->Appearance->Layout
|
||||
* Due to the above, columns that require packet dissection can only be sorted
|
||||
if the number of visible rows is less than the cache size. If there are
|
||||
more rows visible, a warning will appear. Columns that do not require packet
|
||||
dissection (those that calculated directly from the capture file frame
|
||||
headers, such as packet number, time, and frame length) can be sorted with
|
||||
any number of visible rows.
|
||||
* Sorting can be interrupted.
|
||||
Packet list sorting has been updated.
|
||||
|
||||
Many other improvements have been made.
|
||||
See the “New and Updated Features” section below for more details.
|
||||
|
@ -97,18 +77,18 @@ The following features are new (or have been significantly updated) since versio
|
|||
|
||||
* Wireshark now builds with Qt6 by default. To use Qt5 instead pass USE_qt6=OFF to CMake.
|
||||
|
||||
* ciscodump support Cisco IOS XE 17.x
|
||||
* ciscodump support for Cisco IOS XE 17.x
|
||||
|
||||
* The default interval between GUI updates when capturing has been decreased
|
||||
from 500ms to 100ms, and is now configurable.
|
||||
from 500ms to 100ms, and is now configurable.
|
||||
|
||||
* The *-n* option also now disables IP address geolocation information lookup
|
||||
in configured MaxMind databases (and geolocation lookup can be enabled with
|
||||
*-Ng*.) This is most relevant for tshark, where geolocation lookups are
|
||||
synchronous.
|
||||
in configured MaxMind databases (and geolocation lookup can be enabled with
|
||||
*-Ng*.) This is most relevant for tshark, where geolocation lookups are
|
||||
synchronous.
|
||||
|
||||
* Implement built-in dissector for FiRa UWB Controller Interface (UCI) protocol.
|
||||
Recognizes PCAP traces with the link type LINKTYPE_FIRA_UCI=299.
|
||||
Recognizes PCAP traces with the link type LINKTYPE_FIRA_UCI=299.
|
||||
|
||||
* The reassemble_streaming_data_and_call_subdissector() API has been added to provide a simpler way to
|
||||
reassemble the streaming data of a high level protocol that is not on top of TCP.
|
||||
|
@ -117,20 +97,29 @@ Recognizes PCAP traces with the link type LINKTYPE_FIRA_UCI=299.
|
|||
of "most recently created".
|
||||
|
||||
* Display filter syntax-related changes:
|
||||
|
||||
** It is now possible to filter on raw packet data for any field by using the syntax ``@some.field == <bytes...>``.
|
||||
This can be useful to filter on malformed UTF-8 strings, among other use cases where it is necessary to
|
||||
look at the field's raw data.
|
||||
|
||||
** Negation (unary minus) now works with any display filter arithmetic expression.
|
||||
|
||||
** Using the slice operator with strings produces a string. Previously it
|
||||
would produce a byte array. This is useful to index/slice UTF-8 multibyte strings.
|
||||
String byte slices can still be obtained using the "@" (raw operator) prefix.
|
||||
|
||||
** Arithmetic expressions are allowed as set elements.
|
||||
|
||||
** Absolute date and time values can be written as Unix time.
|
||||
|
||||
** The limitation where a minus sign needed to be preceded by a space character
|
||||
has been removed.
|
||||
|
||||
** Added XOR logical operator.
|
||||
|
||||
** Fixed the implementation of `all ... in` membership operator
|
||||
(https://gitlab.com/wireshark/wireshark/-/issues/19188[#19188]).
|
||||
|
||||
** The deprecated ~≃ operator symbol has been removed. It was replaced by !== in version 4.0.
|
||||
|
||||
* Running the test suite requires the https://pypi.org/project/pytest/[pytest]
|
||||
|
@ -138,29 +127,29 @@ Recognizes PCAP traces with the link type LINKTYPE_FIRA_UCI=299.
|
|||
installed has been removed.
|
||||
|
||||
* When saving files or exporting packets after changing their time with the
|
||||
"Time Shift" dialog, the shifted time is written to the new file.
|
||||
"Time Shift" dialog, the shifted time is written to the new file.
|
||||
|
||||
* TLS secrets used in decrypting packets can be embedded (or discarded) from
|
||||
the capture file via the GUI, similar to the options --inject-secrets and
|
||||
--discard-all-secrets in editcap.
|
||||
|
||||
* The text of any configured column (displayed or hidden) can be filtered
|
||||
anywhere that filters are used - in display filters, filters in taps, coloring
|
||||
rules, Wireshark read filters, and the -Y, -R, and -e options to tshark,
|
||||
the "Apply as Filter" GUI option, etc.
|
||||
** The filter field names are prefixed by "_ws.col", followed by a lowercase
|
||||
version of the COL_ name found in epan/column-utils.h, e.g. "_ws.col.info"
|
||||
or "_ws.col.protocol"
|
||||
** Using the column names as a filter is slower than other filter types
|
||||
because the columns must be constructed, so when the same filtering
|
||||
can be achieved via other fields, prefer that.
|
||||
anywhere that filters are used - in display filters, filters in taps, coloring
|
||||
rules, Wireshark read filters, and the -Y, -R, and -e options to tshark,
|
||||
the "Apply as Filter" GUI option, etc.
|
||||
|
||||
** The filter field names are prefixed by "_ws.col", followed by a lowercase
|
||||
version of the COL_ name found in epan/column-utils.h, e.g. "_ws.col.info"
|
||||
or "_ws.col.protocol"
|
||||
|
||||
** Using the column names as a filter is slower than other filter types
|
||||
because the columns must be constructed, so when the same filtering
|
||||
can be achieved via other fields, prefer that.
|
||||
|
||||
* The external name resolution text files "manuf", "enterprises" and "services"
|
||||
have been removed and replaced with static binary data. You can dump the
|
||||
respective internal data using `tshark -G manuf|enterprises|services`.
|
||||
|
||||
* New GUI dialog (under Tools menu) to lookup a MAC address in the IEEE OUI registry.
|
||||
|
||||
* The Windows build has a new SpeexDSP external dependency (https://www.speex.org).
|
||||
The speex code that was previously bundled has been removed.
|
||||
|
||||
|
@ -170,6 +159,41 @@ can be achieved via other fields, prefer that.
|
|||
* Wireshark now shows byte units in the statistics in the user-selected language
|
||||
(uses the system default language by default).
|
||||
|
||||
* Packet list sorting updates include:
|
||||
|
||||
** When sorting packet list with a filter applied, only the visible packets are
|
||||
sorted, which greatly increases sorting speed.
|
||||
|
||||
** The cache size for column text is limited to a default of 10000 rows,
|
||||
which limits the maximum memory usage. The maximum value can be changed in
|
||||
Preferences->Appearance->Layout
|
||||
|
||||
** Due to the above, columns that require packet dissection can only be sorted
|
||||
if the number of visible rows is less than the cache size. If there are
|
||||
more rows visible, a warning will appear. Columns that do not require packet
|
||||
dissection (those that calculated directly from the capture file frame
|
||||
headers, such as packet number, time, and frame length) can be sorted with
|
||||
any number of visible rows.
|
||||
|
||||
** Sorting can be interrupted.
|
||||
|
||||
* When changing the dissector via the Decode As table for values that
|
||||
have default dissectors registered, selecting "(none)" will select
|
||||
no dissection (while still allowing heuristic dissectors to attempt to
|
||||
dissect.) The previous behavior was to reset the dissector to the default.
|
||||
To facilitate resetting the dissector, the default dissector is now sorted
|
||||
at the top of the list of possible dissector options.
|
||||
|
||||
* menu:Tools[Lua Scripts,Launch with SSLKEYLOGFILE] can launch your web browser
|
||||
with the SSLKEYLOGFILE environment variable set to the appropriate value.
|
||||
|
||||
* The personal extcap plugin folder location on Unix has been changed to
|
||||
follow existing conventions for architecture-dependent files.
|
||||
The extcap personal folder is now ``$HOME/.local/lib/wireshark/extcap``.
|
||||
Previously it was ``$XDG_CONFIG_HOME/wireshark/extcap``.
|
||||
|
||||
* Installation of development header must be done explicitly using the CMake
|
||||
command ``cmake --install <builddir> --component Development``.
|
||||
|
||||
=== Removed Features and Support
|
||||
|
||||
|
@ -233,29 +257,29 @@ Fortinet FortiGate Cluster Protocol (FGCP)
|
|||
|
||||
=== Updated Protocol Support
|
||||
|
||||
* The JSON dissector now has a preference to enable/disable "unescaping"
|
||||
* JSON: The dissector now has a preference to enable/disable "unescaping"
|
||||
of string values. By default it is off. Previously it was always on.
|
||||
|
||||
* The JSON dissector now supports "Display JSON in raw form".
|
||||
* JSON: The dissector now supports "Display JSON in raw form".
|
||||
|
||||
* The IPv6 dissector has a new preference to show some semantic details
|
||||
* IPv6: The dissector has a new preference to show some semantic details
|
||||
about addresses (default off).
|
||||
|
||||
* The IPv6 dissector now supports dissecting
|
||||
* IPv6: The dissector now supports dissecting
|
||||
https://www.ipv6plus.net/Phase3/apn6/[
|
||||
Application-aware IPv6 Networking (APN6) option]
|
||||
in the Hop-by-Hop Options Header (HBH) and Destination Options Header (DOH).
|
||||
This feature supports to dissect all three types of APN ID,
|
||||
which are 32-bit, 64-bit and 128-bit in length.
|
||||
|
||||
* The XML dissector now supports display character according to the "encoding"
|
||||
* XML: The dissector now supports display character according to the "encoding"
|
||||
attribute of the XML declaration, and has a new preference to set default
|
||||
character encoding for some XML document without "encoding" attribute.
|
||||
|
||||
* The SIP dissector now has a new preference to set default charset for
|
||||
* SIP: The dissector now has a new preference to set default charset for
|
||||
displaying the body of SIP messages in raw text view.
|
||||
|
||||
* The HTTP dissector now supports dissecting chunked data in streaming reassembly
|
||||
* HTTP: The dissector now supports dissecting chunked data in streaming reassembly
|
||||
mode. Subdissectors of HTTP can register itself in "streaming_content_type"
|
||||
subdissector table for enabling streaming reassembly mode while transferring in
|
||||
chunked encoding. This feature ensures the server stream messages of GRPC-Web
|
||||
|
@ -265,20 +289,20 @@ Fortinet FortiGate Cluster Protocol (FGCP)
|
|||
as case-insensitive automatically, per RFC 6838. Media types no longer need
|
||||
to be lower cased before registering or looking up in the table.
|
||||
|
||||
* The CFM dissector has been overhauled and updated to the level of IEEE std
|
||||
* CFM: The dissector has been overhauled and updated to the level of IEEE std
|
||||
802.1Q-2022 and ITU-T Rec. G.8013/Y.1371 (08/2015). This includes dissection
|
||||
of additional PDU types and TLVs as well as deeper dissection of existing PDUs
|
||||
and TLVs.
|
||||
|
||||
Too many other protocols have been updated to list them all here.
|
||||
Too many other protocol updates have been made to list them all here.
|
||||
|
||||
=== New and Updated Capture File Support
|
||||
//=== New and Updated Capture File Support
|
||||
|
||||
// There is no new or updated capture file support in this release.
|
||||
// Add one file type per line between the -- delimiters.
|
||||
[commaize]
|
||||
--
|
||||
--
|
||||
//[commaize]
|
||||
//--
|
||||
//--
|
||||
|
||||
// === New and Updated Capture Interfaces support
|
||||
|
||||
|
|
Loading…
Reference in New Issue