The default stack size for the main process on most OSes we support is
8MiB, including Linux, MacOS, most UN*Xes.
The default on Windows (when compiled with MSVC) is 1MiB.
Increase the stack size on Windows to match the others.
We set some maximum recursion limits several places in the code, and
set a maximum frame size, and those rough calculations are easier
if we're using the same stack size.
All the TRY..EXCEPT code goes on the stack, so a stack overflow can
lead to not leaving a memory scope, which probably means a crash.
Fix#19090
The decoding of the time inside the credentials was done incorrectly. The
order of the seconds and nanoseconds fields was reversed, and nanoseconds
was interpreted as a 32-bit value, but it's a 64-bit value.
This caused a decoding error that prevented to correctly dissect GlusterFS
packets.
Matt Godbolt's Compiler Explorer is a useful tool for examining
what compilers actually do.
gcc and clang recognize our portable (shift-and-mask) version of
retrieving possibly unaligned values from a pointer in either
Endianness and, at -Os at higher, optimize them appropriately over
a wide variety of architectures, doing better with more recent
versions.
However, even the latest versions of MSVC and icc (both the now deprecated
Intel C++ Compiler "Classic" as well as the new LLVM based version) do not,
They do, however, optimize the memcpy based approach appropriately. The
latter, unfortunately, requires picking the right byteswap intrinsics and
avoiding treating clang-cl and icc on Windows as MSVC, since both define
_MSC_VER in the same way that they define __GNUC__ when compiling on Linux.
So for MSVC and icc and icx, use the algorithm that they manage to
optimize correctly, and use the portable version for all other
compilers, some of which (like gcc and clang) will optimize correctly.
Use "x64" to refer to "Windows running on 64-bit Intel processors". Get
rid of WIRESHARK_TARGET_PROCESSOR_ARCHITECTURE in favor of
WIRESHARK_TARGET_PLATFORM because the latter is shorter.
The comments claim that UAT_AFFECTS_FIELDS also triggers a redissection,
but it does not. Fortunately, all UATs whose flags have UAT_AFFECTS_FIELDS
also have UAT_AFFECTS_DISSECTION.
dfilter macro expressions are a rare case of a UAT that should trigger
FieldsChanged but not PacketDissectionChanged. (It's slightly
unnecessary to invalidate the custom columns, but perhaps in the
future macros will be possible in custom columns.)
So resolve things by changing the comments to reflect current reality
and making the dfilter macro UAT flags UAT_AFFECTS_FIELDS.
This prevents a crash when removing a dfilter macro thus invalidating
the current filter, and then opening a file (including reloading the
current one.)
Fix#13753
This code path is no longer necessary because in the PacketDialog
case a separate fixed epan_dissect_t is now passed in
and save (9198448f9d)
Removing the tvb memory comparision is faster and reduces the number
of ways that the PacketDialog can crash after the capture file is
closed, for tvbs with data that was allocated at file scope, or
freed when the file is closed like reassembly.
Related to #14363
Introduce a MINGW_SYSROOT cache variable and --sysroot Python
script option so the installer can be built in other
distributions that do not use Fedora's layout.
Add a few other DLLs and use some shell globs, tested on an
Arch Linux host.
The dependency list should be generated dynamically but we're not
there yet.
This CMake module is specific to Wireshark's 3rd party Windows
repository so make use the correct variable for that, so this
isn't activated in Windows builds that do not use the reppsitory.
Use the new COMPONENTS feature of find_papckage() to configure
Qt6. Leave Qt5 using the old method.
In the past using target_link_libraries() with an OBJECT library
wasn't fully supported but I think we are now requiring a modern
enough CMake version.
Besides being cleaner and more modern this also fixes some detection
problems I am experiencing[1].
[1]https://bugreports.qt.io/browse/QTBUG-95791
Sometimes you have a capture file that has many duplicate frames
because of how the capture was made, and its convenient to ignore
the duplicates so you can concentrate on the data and not all
the TCP warnings.
This adds a preference in the "Protocols" section to ignore
duplicates. This currently only works while reading a capture file
*not* during a live capture.
The secrets maps in [D]TLS include all the values from the configured
keylog file, plus anything from a DSB, and any master secrets computed
at runtime. However, not all of them may be used.
Mark which Client Randoms (and, for [D]TLS <= 1.2, Session IDs used
to compute master secrets) are used, and only export secrets associated
with those. This saves a time consuming operation to do so outside of
Wireshark.
"Export TLS Session Keys" now exports TLS 1.3 derived keys, since
now it is useful for filtering a larger keylog file for the values used.
In the future, the string returned from this function can be used to
write a DSB to the file.
Related to #18400
The haproxy header length *doesn't include* the 16 byte haproxy header.
To make it more intuitive, we use the next_offset value, instead of adding
16 to the header length at every check (it also improves the clarity of the
code, since the expert info also uses that value if the header is too
short).
Add ENC_BOM to the list of bitflag modifiers, and use it with
UTF-16, UCS-2, and UCS-4 (UTF-32). If set, this means that the
first 2 (or 4) octets, if present, are checked to see if they are
a Big-Endian BYTE ORDER MARK ("ZERO WIDTH NON-BREAKING SPACE"). If so,
those octets are skipped and the encoding is set to Little-Endian
or Big-Endian depending on endianness of the BOM.
If the BOM is absent, the passed in Endianness flag is used normally.
Related to #17991
The header for frame_data can forward declare an incomplete type
for wtap_rec, since it only takes a pointer to it.
This prevents every dissector from automatically including
wiretap/wtap.h
Add wiretap/wtap.h to some dissectors that need it.
Remove it from some other dissectors that had the explicit include
but don't actually need it.
A few other dissectors actually need wsutil/inet_addr.h but were
getting that via wtap.h - include what they actually need.
This reduces the number of files that are recompiled when
wiretap/wtap.h is touched from ~2500 to ~800.
Note that most of the dissectors that still include wiretap/wtap.h
really only need to use a WTAP_ENCAP_ value, and most of the rest
just need a pseudoheader. Those could be moved into another wiretap
include to further reduce recompilation.
Related to #19127