pcapng allows multiple link-layer types, and allows new link-layer types
in the middle of a file. Many (most) other capture types allow a single
link-layer type, which must be specified in the initial header.
When reading files and writing their contents to another file (which
may be of a different type), many programs using the wiretap API want
want to know the link-layer type upon initially opening the source
file, so that they can check if that encapsulation can be written to
the output file, and so that they can write the output file header.
They should be able to wait until a link-layer type is seen before
creating the output type, but don't. (Wireshark reads the entire file
in intially, so this isn't a problem, but that isn't much of an option
for some command line tools, particularly when operating on a pipe or
FIFO.) Note that regardless, if a new link-layer type is encountered
partway through a file, they would still have to fail in the middle
of reading and writing.
However, to make this a little bit easier for such file types, pcapng
block types that are handled strictly internally and not passed back
to the reader can be processed initially in pcapng_open(). (Note
that for DSBs and NRBs, any blocks processed in pcapng_open() will
automatically be sent to the callbacks when the callbacks are added
later.) Previously we just processed all the IDBs immediately after
the initial SHB, instead of all the internal block types.
Fix#18581. Ping #15502.
Added the SAP Diag dissector protocol from [SecureAuth's plugin](https://github.com/SecureAuthCorp/SAP-Dissection-plug-in-for-Wireshark/blob/master/src/packet-sapdiag.c).
This is a dissector that implements the Diag protocol. Decompression of packets is not considered as this requires the proprietary LZC/LZH decompression routines still pending to be added in #8973. The Diag packets can be wrapped in an SNC frame, in which case the respective dissector is called. Embedded RFC calls are disabled as this requires the respective dissector to be found, which will be submitted in a separate merge request.
Details about the protocol and example requests can be found in [pysap's documentation](https://pysap.readthedocs.io/en/latest/protocols/SAPDiag.html).
If the server greeting and login packets weren't part of the captured packets we assume various capabilities were not set. This MR tries to make a better guess in those cases to allow dissection to work in most cases.
update r2_ap_capa_flags (epan/dissectors/packet-ieee1905.c):
- rename
- hf_ieee1905_basic_service_prio_flag ==>
hf_ieee1905_ctag_service_prio_flag
- hf_ieee1905_enhanced_service_prio_flag ==>
hf_ieee1905_dpp_onboarding_flag
- add new flag hf_ieee1905_traffic_separation_flag:0x08
used by r2_ap_capa_flags
- update hf_ieee1905_r2_ap_capa_flags_reserved:0x07
as defined by Wi-Fi EasyMesh™ Specification Version 5.0 :
17.2.48 Profile-2 AP Capability TLV format
Length encoded integers were:
- Reported as `mariadb.prefix` and `mariadb.length` but were not specific to MariaDB specific protocol features.
- These were reported in the UI as "Length" and "Prefix" and were in many cases the same as 1 byte integers are very common.
- These were often duplicating things like `hf_mysql_connattrs_length`, `hf_mysql_connattrs_name_length`, etc which meant that the same length was often reported 3 times in the interface.
Parse Multi-AP Extension subelement flags:
- Profile-1 Backhaul STA association disallowed.
- Profile-2 Backhaul STA association disallowed.
defined by Wi-Fi_EasyMesh_Specification_v5.0.pdf / Table 14
SpeexDSP is now required.
Update the required cmake and glib versions.
Our CMake build process now expects a C++ compiler to always be present,
so require it even if not building the GUI.
Only default to Qt 6 on distributions where we know we have it,
otherwise default to Qt 5 for now.
Update the required RPM version to 4.13 (which all distributions that
can currently build have) to ensure we have Boolean dependencies.
Use Boolean dependencies instead of checking the distribution, hopefully
to improve building on various other RPM-based distributions.
Redefine the cmake_install macro on SUSE to what is used on RH/Fedora.
The default SUSE macro calls the builder (make or ninja) insted of
cmake --install, which makes it difficult to pass options.
Remove tests and workarounds for RHEL 7, and SUSE < 15.2, since those
distributions are too old to build anyway.
Remove a workaround for an old broken librotli-devel package in
SUSE that's been long since fixed.
Keep name resolution information as mandatory elements for
NRBs, and when the ipv4 or ipv6 callback is set, have name
resolution entries from already read NRBs sent to the callback.
rescan_packets can use this when redissecting to reobtain the
name resolution entries from the NRB, similar to what is done
with Decryption Secrets Blocks. (This can also later be used
if we read NRBs and DSBs in pcapng_open before the first packet,
and before the callbacks are set.)
This doesn't yet make the changes to wtap_dumper to write them out,
but is a step towards that too. (It's not clear in cases where we
dissect packets whether we want to copy the entire NRB, or only
write out actually used addresses as done now. For copying without
reading a file, like with editcap, we presumably do want to copy them.)
Fix#13425. Ping #15502
packet-bgp.c hf_bgp_ls_tlv_te_default_metric_value : - filter 'bgp.ls.tlv.te_default_metric_value' appears consecutively - labels are 'TE Default Metric (old format)' and 'TE Default Metric'
packet-bgp.c:4026 proto_tree_add_item called for hf_bgp_mcast_vpn_nlri_source_as - item type is FT_UINT16 but call has len 4
packet-bgp.c:4095 proto_tree_add_item called for hf_bgp_mcast_vpn_nlri_source_as - item type is FT_UINT16 but call has len 4
The personal extcap folder $XDG_CONFIG_DIR/wireshark on Linux is
inconsistent with the global extcap folder (lib/wireshark/extcap)
and personal plugins folder (.local/lib/wireshark/plugins) and also
the configuration folder should not contain architecture-specific files.
The extcap personal folder is changed from:
.config/wireshark/extcap
to:
.local/lib/wireshark/extcap
Do not add a dependent frame if it's already been added to a
frame's list. Do not mark a frame as a dependent of a displayed
frame if we've already marked it as such in this pass.
Clear the list of dependent frames if we reset the frame data,
because the list of dependent frames depends on the dissection
and may not be valid if redissecting (because, for example,
a reassembly preference may have changed.)
Move the pointer to the list of dependent frames away from the
bitfields to a location that minimizes the struct size.
Fixup f870c6085dFix#18809
Instead of having AUTHORS.src and copying that to a new AUTHORS
file with git log information appended to that have a single
AUHTORS file and update it in place with git log info.