Keep the recent column width list in sync with the order of the
prefs.col_list by appending, inserting, and moving the recent
column width list at the same time, instead of allowing them
to get out of sync (as we use the format for a key.)
Fix an issue where column_prefs_add_custom did not always return
the position of the column added (when a column number was passed
in that was less than the maximum number of columns.)
Preparation for the width and alignment part of #15529
Add the ability to change the width and alignment of columns
from the Column Preferences.
This also makes it easier to eventually fix#15529 by having all
the column-relevant details edited at once. In order to properly
solve that issue, the column indices from the preferences and the
recent settings need to be kept in sync, instead of using the format
as the unique key.
Related to #15529
Heuristics should not filter out packets that have destinationPAN ID != IEEE802154_BCAST_PAN, since GPD frames MAY inform PAN ID - GPD spec v1.1.1 section A.1.7.1.2 MAC addressing fields
The DCM tag/status/uid lookup tables are only ever read. const-ifying them
moves about 220 kBytes of data to a read-only data section.
packet-dcm.h was regenerated using the make-packet-dcm.py script.
The Well-Known Frames of Reference data have moved to Table A-2, so the script
is updated to integrate the data from that table into the UID list.
Ran "tools/make-packet-dcm.py > epan/dissectors/packet-dcm.h".
MR !14295 ran into trouble with the license checker because three added lines
in tools/make-packet-dcm.py moved the important piece of text outside the
150-line window in which it was checking.
This change maintains the status quo by expanding the window to 160 lines.
Pass the sysdig.param.asyncevent.data start and offset to the Falco Bridge
dissector, and use that to highlight the evt.buffer and fd fields.
Pass the data to the ELF dissector if we find an ELF magic ID.
Lawful Interception (LI) is the main area and should be located first
in name, which will be more easy of use for new user when want to
filter messages
Be a little more careful in TrafficTab about whether we
want the Proxy Model or the Source Model, since the tap
filter doesn't exclude rows from the source model (since
the non-displayed rows are used to as part of the percentages
of the total.)
When we want to respect the display filtering or the sorting,
use the proxy model.
In the tap data model, only claim we have GeoIPData (which makes
the map available) if a row that isn't filtered out has data.
Fix#18530
RFC 4666 section 1.3.1 states that "TCP MAY be used as the underlying
common transport protocol" under certain scenarios. There is even
IANA-allocated TCP port 2905 for that purpose (see section 1.4.8).
Change some instances of "packet" to "event" in Logray's menu items.
Remove "Export Objects" and "Export PDUs" and associated code. Remove
the packet diagram menu items and associated code. Remove the "Decode
as" menu items and associated code.
Use "Selected" instead of the parenthetical plural "Packet(s)" for
marking and ignoring. Remove an attempt at plural translation which
apparently doesn't work if we don't have a "%n" in the translation
string.
Fix a misplaced brace in debug-only function conversation_element_list_values.
(The "#if 0" means that the compiler didn't catch it.)
Move the type_names array to file-level to avoid the two copies getting out of
sync again.
Add a DISSECTOR_ASSERT to ensure that input conversation_element_type values
are within range.
Add a pinfo conversation filter which enables related packets based on
(container.id, proc.id) combinations. Register the "Process" conversation
filter first so that the "Go" menu behavior matches the related packet
display.
Handle cases where container.id is missing.
Add 64-bit integer type support to conversations.
min and max need to handle null arguments where the GPtrArray
is null, generated when there have been other opcodes between
the field loading and the function. (They are ignored, not
treated as zero, so they don't change the minimum.)
Prevents crashes with filters where a field does not exist in the tree:
min(tcp.srcport * 10, tcp.dstport * 10) == 800
min(len(tcp.payload), len(udp.payload)) == 153
min(len(tcp.payload[2:]) + 2, len(udp.payload[2:]) + 2) == 153
where a register is loaded where it has not had its GPtrArray created:
./run/dftest 'min(len(tcp.payload), len(udp.payload))'
Filter:
min(len(tcp.payload), len(udp.payload))
Instructions:
0000 READ_TREE tcp.payload -> R1
0001 IF_FALSE_GOTO 3
0002 LENGTH R1 -> R2
0003 STACK_PUSH R2
0004 READ_TREE udp.payload -> R3
0005 IF_FALSE_GOTO 7
0006 LENGTH R3 -> R4
0007 STACK_PUSH R4
0008 CALL_FUNCTION min(R2, R4) -> R0
0009 STACK_POP [2]
0010 IF_FALSE_GOTO 12
0011 NOT_ALL_ZERO R0
0012 RETURN
Related to fcb6bb5763
(Prior to that commit, this worked because a NULL pointer is a
valid, empty GSList.)
Commit 05e404e8cb was wrong...
This allows dissection of the 'NETLOGON' attribute in
the same way as the 'netlogon' attribute.
Signed-off-by: Stefan Metzmacher <metze@samba.org>