packet-ieee80211.c hf_ieee80211_gann_flags_reserved filter= wlan.gann.flags.reserved - mask is all set - this is confusing - set 0 instead! : 0xFF
packet-ieee80211.c hf_ieee80211_he_trigger_bar_info_blk_ack_seq_ctrl filter= wlan.trigger.he.common_info.bar_info.blk_ack_starting_seq_ctrl - mask is all set - this is confusing - set 0 instead! : 0xFFFF
Warning: epan/dissectors/packet-ieee80211.c:24227 proto_tree_add_uint called for hf_ieee80211_he_om_rx_nss - item type is FT_UINT16 but call has len 4
Warning: epan/dissectors/packet-ieee80211.c:24229 proto_tree_add_uint called for hf_ieee80211_he_om_channel_width - item type is FT_UINT16 but call has len 4
Warning: epan/dissectors/packet-ieee80211.c:24233 proto_tree_add_uint called for hf_ieee80211_he_om_tx_nsts - item type is FT_UINT16 but call has len 4
Warning: epan/dissectors/packet-ieee80211.c:24326 proto_tree_add_uint called for hf_ieee80211_he_uph_ul_power_headroom - item type is FT_UINT8 but call has len 4
Warning: epan/dissectors/packet-ieee80211.c:24330 proto_tree_add_uint called for hf_ieee80211_he_uph_reserved - item type is FT_UINT8 but call has len 4
Warning: epan/dissectors/packet-ieee80211.c:24348 proto_tree_add_uint called for hf_ieee80211_he_btc_avail_chan - item type is FT_UINT16 but call has len 4
Warning: epan/dissectors/packet-ieee80211.c:24350 proto_tree_add_uint called for hf_ieee80211_he_btc_reserved - item type is FT_UINT16 but call has len 4
Fixes a crash using the console because the dialog holds a pointer
to the Lua state that gets invalidated by the reload.
Forcing the dialog to close drops the invalid reference and avoids
the crash and all the other attending state problems with the reload.
In theory there might be console types other than Lua so we may
want to fix the code to close only Lua type dialogs if only Lua
plugins are reloaded.
Switch from a horizontal input/output text layout to a vertical
layout with a splitter in the middle.
Change to a QTextEdit while at it, just because the performance
reasons that might suggest using QPlainTextEdit are not very
relevant here.
Use the proper keyboard shortcut for macOS.
proto_tree_add_bitmask has an error if called with an empty
set of fields. The flags field is unusued in BATADV_OGM2, so
just add without using a bitmask tree.
Part of #17890
A confusion of offsets can cause mis-dissection of some Telnet option
subnegotiation data. Fix it by directly testing whether the required offset
exists within the tvb.
Fixes#19236
This function is just a wrapper around ws_log() and has been
superseded by the more feature-complete full wslog API.
It doesn't seem to be exposed to Lua scripts so removing it
should not break anything Lua-related.
Set the StockIconToolButton cursor to ArrowCursor,
so that, e.g. the buttons in a FieldFilterEdit won't
use the parent's Qt::IBeamCursor.
Set the StockIconToolButton mode back to QIcon::Normal
on a Leave event.
Fix#19278
Created new `-p`/`-P` flags to enable and disable the output of all
individual packets comments via `capinfos`. Output of the comments
is enabled by default.
It is possible to have multiple comment blocks on a single packet. The
output of `capinfos` will include multiple comment lines for the same
packet.
When machine-readable output is enabled via `-M`, packet comments are
escaped before being printed. Using `-M` also escapes the any file-level
comments.
When a packet contains a complete TLS record followed by a segment, add
an entry to the TLS protocol tree labelling the segment as such.
The current behaviour claims that data as part of the parent tree item
but without any dissection or explanation. This change is meant to be a
hint that fragmentation is happening at a lower level but the traffic is
recognized as TLS.
Uses `ssl_proto_tree_add_segment_data()` to create the tree entry.
Tweaks that function to report remaining TVB length when passed a length
of -1 (which the underlying `proto_tree_add_foo()` call already treats
as "to the end of the packet").
Add an enum containing a set of symbols for time stamp precisions, where
the value of the symbol is the number of digits of precision after the
decimal point.
Replace to_str_time_res_t with the new enum, ws_tsprec_e.
Deefine the TS_PREC_FIXED_ entries in the ts_precision enum, and the
WTAP_TSPREC_ #defines that correspond to known time stamp precisions, to
have the same values as the corresponding ws_tsprec_e values. This means
that their values are also the number of digits of precision after the
decimal point.
We require a C11 compiler, and designated initializers have been in C
since C99. Use them to initialize the time format and precision values
at compile time, rather than requiring that dissect_opts_init() be
called before the command-line arguments are parsed.
This is good because TShark and rawshark were *not* calling
dissect_opts_init(); that doesn't appear to have caused problems with
existing versions, but it might be causing problems with another pending
change that's failing to pass the test suite.
Putting it there makes it not obvious why the check is being done.
Instead, do the check before calling timestamp_set_precision() - and do
the same for timestamp_set_type(), as, in both cases, the _NOT_SET value
means that no command-line option was specified to set the timestamp
type or precision, so there's nothing to set them *to*.
Add new optional `filter` parameter to `sharkd`'s `tap` method which
sets the `fstring` filter parameter which should be used for all
`register_tap_listener` calls made when creating taps requested in the
method's `tap0`-`tap15` parameters. The value of the new `filter`
parameter is used to set a `tap_filter` local variable in
`sharkd_session_process_tap`. This local variable existed previously
and was already passed into most calls to `register_tap_listener`, but
was always set to an empty string.
Added new `editcap` option `--discard-packet-comments` to discard all
packet comments when editing a pcap file and writing a new one. This
behaves the same way as the existing `--discard-capture-comment`
option only it discards packet comments and not capture file comments.
Packet comments added with `-a` on the same command line are not
discarded.
Also, fix the existing `-a` option to work the way the documentation,
which says it should "Add or replace comment for given frame number",
describes it. Namely, any existing comments for the packet are now
removed before the comment specified by the `-a` option is added.
Yes, *one* of the things the routine does is to split a comma-separated
list into individual items, but the *main* thing it does is process all
items in an slist of entries that are strings that are comma-separated
lists of items by passing them to a callback routine.
Rename the routine to describe what it does, namely process an enable or
disable list in the aforementioned format, calling a routine that
enables or disables the item.
The applyGlobalCommandLineOptions() method of the Wireshark and Logray
main window will cause time stamp format and precision settings provided
by the command line to be saved in the recent file, so the next time the
user starts up Wireshark or Logray, they'll get the settings from the
previous invokation with -t.
(This code is a little tricky, so it's not obvious what *not* setting
the parameter in the recent structure would break, if anything. And
I'm not sure anybody's complained about the behavior.)
`MIN_SETUP_COLUMN`'s `user_data.uint_value` field is used to track a
global counter field for all SIP request methods in order to calculate
the average time. This field was not being initialized correctly in
`sip_stat_init` causing subsequent taps in `sharkd` to return
incorrect data. Additionally, initialize `COUNT_COLUMN`'s
`user_data.uint_value` and `AVG_SETUP_COLUMN`'s
`user_data.float_value` which were reset in `sip_stat_reset` but not
initialized in `sip_stat_init`. With these changes, the fields
initialized/reset in `sip_stat_init` and `sip_stat_reset`, both in
`epan/dissectors/packet-sip.c`, should line up.
Finally, remove a duplicate initialization of `RESENT_COLUMN` in
`sip_stat_reset`.
Replace our code with the upstream version, simplified to search
only for our supported Lua versions.
This allows selecting Lua versions 5.2, 5.2 or "any". The default
is 5.2 only because supporting more than one Lua versions is
generally the wrong thing to do. Allow falling back to
5.1 *explicitly*
This adds a dialog in the Tools menu to open a console and evaluate
Lua code using the embedded Lua engine. It replaces the previous
console.lua implementation that was more limited to use, because
it relies on GUI bits exposed to Lua. It used two separate windows
for that reason.
The implementation uses the existing "funnel" API amd relies heavily
on callbacks to maintain separation between GUI and epan code and
make it generic enough to possibly support more use cases than just
the Lua 5.2 console.
The open and close callbacks are used to install and remove a custom
print() lua function with dialog creation and destruction.
The eval callback is basically the same as luaL_dostring().
Add `voip-calls` and `voip-convs` taps to `sharkd`, which provide the
same information as the `Telephony -> VoIP Calls` GUI menu item. The
`voip-convs` tap accepts an optional comma-separated list of call ID's
allowing the caller to limit which conversations are returned. Both a
single call ID or a `<start>-<end>` call ID range is accepted. For
example, `voip-convs:` returns all conversations, `voip-convs:123`
returns only the conversation with call ID 123 and
`voip-convs:1,5-7,9` returns conversations with call ID's 1, 5, 6, 7
and 9. The call ID for a conversation is returned in the `call`
field. The set of call ID's requested by the caller is stored in a
bit-array which, on a standard Linux amd64 machine, supports storing a
maximum of 65536 call ID's.
Because many of the taps initialized by `voip_calls_init_all_taps` are
not able to be built without it, a basic CLI-based implementation of
`simple_dialog` which prints to `stderr` has been added in
`ui/cli/simple_dialog.c`.
Update `sharkd_session_process_tap_phs_cb_aux` to use the
`PRIu32`/`PRIu64` format specifiers from `<inttypes.h>` when outputing
`guint32`/`guint64` JSON values since difference targets require
different specifiers to compile.
Add `phs` tap to `sharkd`, providing the same information as
`tshark`'s `-z io,phs` option.
Additionally, modify how `tshark -z io,phs` (and therefore `sharkd`'s
new `phs` tap) handles packet comments (aka `pkt_comment` protocol
frames). Previously, `pkt_comment` protocol frames were handled no
differently from any other protocol in `io,phs`'s `tap_packet`
callback `protohierstat_packet` but were skipped in its `tap_draw`
callback `protohierstat_draw`. This behavior seems to have been first
introduced in 80ae3708. For captures containing packet comments, this
lead to surprising `tshark -z io,phs` output with multiple root-level
`eth` trees. Below is example output of the old behavior for the
`test/captures/protohier-with-comments.pcapng` capture in this
repository with two packet comments, one on an ICMPv6 packet and
another on an SSDP packet:
# tshark -qz io,phs -r ./test/captures/protohier-with-comments.pcapng
===================================================================
Protocol Hierarchy Statistics
Filter:
eth frames:113 bytes:21809
ipv6 frames:38 bytes:7456
icmpv6 frames:35 bytes:3574
udp frames:3 bytes:3882
data frames:3 bytes:3882
ip frames:69 bytes:13993
udp frames:59 bytes:13391
mdns frames:1 bytes:138
ssdp frames:29 bytes:8561
nbns frames:20 bytes:2200
nbdgm frames:1 bytes:248
smb frames:1 bytes:248
mailslot frames:1 bytes:248
browser frames:1 bytes:248
dhcp frames:4 bytes:1864
dns frames:4 bytes:380
igmp frames:10 bytes:602
arp frames:6 bytes:360
eth frames:2 bytes:377
ipv6 frames:1 bytes:110
icmpv6 frames:1 bytes:110
ip frames:1 bytes:267
udp frames:1 bytes:267
ssdp frames:1 bytes:267
===================================================================
Despite the comment in `phs_draw` in `ui/cli/tap-protohierstat.c`,
this does not seem to match the behavior for PHS as shown in the GUI.
The GUI seems to ignore the `pkt_comment` protocol frames and merges
their children up a level. This commit tries to reproduce this
behavior in the `tshark -z io,phs` output by ignoring `pkt_comment`
protocol frames in `protohierstat_packet` instead of
`protohierstat_draw`. The result is output like the following:
# tshark -qz io,phs -r ./test/captures/protohier-with-comments.pcapng
===================================================================
Protocol Hierarchy Statistics
Filter:
eth frames:115 bytes:22186
ipv6 frames:39 bytes:7566
icmpv6 frames:36 bytes:3684
udp frames:3 bytes:3882
data frames:3 bytes:3882
ip frames:70 bytes:14260
udp frames:60 bytes:13658
mdns frames:1 bytes:138
ssdp frames:30 bytes:8828
nbns frames:20 bytes:2200
nbdgm frames:1 bytes:248
smb frames:1 bytes:248
mailslot frames:1 bytes:248
browser frames:1 bytes:248
dhcp frames:4 bytes:1864
dns frames:4 bytes:380
igmp frames:10 bytes:602
arp frames:6 bytes:360
===================================================================
Note that there are no `pkt_comment` protocols and only a single
root-level `eth` protocol. Additionally, the commented ICMPv6 and
SSDP packets have been merged into the first `eth` tree, and the frame
and byte counts have been incremented appropriately.
The conversation_new() function last parameter is options, not
a place to put a uint parameter like the channel id. Change
the call to the conversation_full API in order to do what
was intended, and avoid DISSECTOR_ASSERT messages.
Only allocate the file scoped configuration data the first time
it is encountered, instead of every time a frame is parsed.
The message_info is allocated anew and filled in each time the
packet is dissected, so that should be pinfo->pool allocated.
Related to #16707, #19272
Format an unhandled encapsulation type as ENCAP_n-C, where "n" is the
encapsulation type value - in *decimal*, as that's how they're defined -
and "C" is the channel number.
Format unsinged quantities, such as channel numbers and indices for log
containers, with %u, not %d.