This one is complicated because a gboolean is an int, but a bool
is not, in the way that a pointer to a bool (including in the
return of a function pointer) cannot be substituted for a pointer
to a gboolean. (They can convert a bool used internally to a gboolean
on return.)
Continue for that reason to have some functions return gboolean
when used with glib callback functions:
https://docs.gtk.org/glib/callback.HRFunc.html
Another small gotcha is that macros like UINT64_C are not necessarily
guaranteed to wrap the return in parentheses, which G_GUINT64_CONSTANT
and the like do.
In wtap.h, the file subtype "dump_open" function was typedef'd
as returning an int, but almost all users (except in wslua) returned
a gboolean. Switch it to a bool.
Make a note about why can_write_encap does not return a bool,
because it returns error codes on failure (for Lua) instead of
having the err as a separate parameter.
Update the usbdump wiretap plugin too.
A few places outside of wiretap use wiretap function pointers, such
as in the Lua interface, adding IP addresses to NRBs, merging, and
the frame dissector using wiretap functions. Switch those to bool.
Ping #19116
libcloudtrail 0.12 add some fields where the value is a JSON object.
As the keys for each API call are individual, not all fields can be
defined in the plugin. We now call the JSON dissector for these fields
to have a generic dissection.
Change our menu path separator to "//" similar to our filter buttons.
Change the "name" configuration element to "path", since it's a menu
path. Add a separate "title" element. This lets us use names like "Foo
I/O".
Add an opaque public type for stats_tree configurations. Get rid of
stats_tree_register_with_group and add stats_tree_set_group. Add
stats_tree_set_first_column_name. Convert some documentation to doxygen.
Pass the sysdig.param.asyncevent.data start and offset to the Falco Bridge
dissector, and use that to highlight the evt.buffer and fd fields.
Pass the data to the ELF dissector if we find an ELF magic ID.
Add a pinfo conversation filter which enables related packets based on
(container.id, proc.id) combinations. Register the "Process" conversation
filter first so that the "Go" menu behavior matches the related packet
display.
Handle cases where container.id is missing.
Add 64-bit integer type support to conversations.
If the OpenSecureChannel message is not captured, then whether
messages are signed, and what the signature length is is unknown.
This creates a preference that can be set to a default value to use,
instead of assuming that all messages on the channel are unsigned.
Fix#15206
One of these modifies a field name ("hart_ip.pt.rsp.transducer_serail_number"
in packet-hartip.c), a few are in text displayed for fields (in packet-nvme.c)
or for unknown fields (in packet-oer.c and packet-per.c), one is in a
preprocessor macro (in packet-cip.[ch]), and the rest are all in comments.
arry -> array
authos -> authors
compatability -> compatibility
contigous -> contiguous
dispaly -> display
erorr -> error
filed (where it was obviously incorrect) -> field or filled
hueristic -> heuristic
regsiter -> register
serail -> serial
Fix the distributed examples to use the "new" style configuration,
as shown in the WSUG and Wiki. Fix the FTP example in the WSUG,
as it's missing the Match keyword
Related to #12118.
Fix#16940
In addition to the start and end offset locations, store a pointer to
the data source tvb in each mate_range. The start and end offsets
are only relevant within a data source.
If a field has a data source different from one of the protocol,
transport protocol, or payload ranges, search in the tree for the
ancestor nodes of the field, and see if an ancestor is located within
one of the ranges.
In order to workaround #17877 (non-visible items can't change length
after being added to the tree, which affects most protocols), set
the tree as visible similar to done with a number of Lua postdissectors
that need all fields. Unfortunately this is overkill that hurts
performance.
Fix#19619
Build on !13975 to add human-readable descriptions for all heuristic
dissector tables in Wireshark.
Chosen names are meant to give some info on when a heuristic dissector
lookup will be made. Terms like 'fallback' are used when the heuristic
is only consulted if other checks do not result in dissection, for
example.
People with more intimate knowledge of the protocols and dissectors
involved are encouraged to suggest or implement better descriptions.
Try caching strings based on their CPU ID, PID, and field index. This
lets us use a constant 64-bit key before spending CPU time hashing
strings. This saves about 500ms when loading a test capture here.
Even though these files are generated and warn not to change
them, the generator is not working currently, so patch them.
(See the disscussion in !14000)
This is the reassembly API call for fragments that start at a
different value. This is better than examining the entire
chain, and also would have a better chance of working with
out of order fragments (though TCP should handle that for us.)
Dissect the X.509 v3 Certificates used in OPC UA.
Use proto_tree_add_bytes_with_length for adding NULL bytes to
the tree with a (0) length different than the length taken up
in the tvb. It's somewhat nicer than changing the item length later.