Replace our code with the upstream version, simplified to search
only for our supported Lua versions.
This allows selecting Lua versions 5.2, 5.2 or "any". The default
is 5.2 only because supporting more than one Lua versions is
generally the wrong thing to do. Allow falling back to
5.1 *explicitly*
This adds a dialog in the Tools menu to open a console and evaluate
Lua code using the embedded Lua engine. It replaces the previous
console.lua implementation that was more limited to use, because
it relies on GUI bits exposed to Lua. It used two separate windows
for that reason.
The implementation uses the existing "funnel" API amd relies heavily
on callbacks to maintain separation between GUI and epan code and
make it generic enough to possibly support more use cases than just
the Lua 5.2 console.
The open and close callbacks are used to install and remove a custom
print() lua function with dialog creation and destruction.
The eval callback is basically the same as luaL_dostring().
Remove bundled dtd_gen.lua script. It has never been enabled.
Remove it as part of a policy to remove dead code.
Currently it breaks with a runtime error. I did not investigate
the root cause.
Initial work on supporting VP9
update release-notes.adoc
add vp9 to new protocol support section
fix warnings
replace 0xFF by 0 for bits mask
Fix warnings
Rename pid to pid_ext
Rename pg to pg_ext
The dissector supports data, control, status, and vendor defined
messages. As well as the following technologies:
- CAN
- CAN-FD
- LIN
- FlexRay
- Analog
- UART
- Ethernet
Update macos-setup.sh to attempt to install Qt 6.2.4; that won't work,
but at least it means it doesn't install Qt 5, which is no longer used
as the default Qt version for builds.
Have macos-setup.sh not say you're ready to build Wireshark if Qt hasn't
been installed; if QT_VERSION was set but Qt wasn't installed, point to
the Wireshark Develper's Guide for instructions on how to download and
install it.
Have the Wireshark Developer's Guide give instructions on how to
download and install Qt 6, derived from the instructions for Windows but
modified for installing 6.2.4 on macOS.
Make the text of each registered column a FT_STRING field that can be
filtered, prefixed with _ws.col - these work in display filters, filters
in taps, coloring rules, Wireshark read filters, and in the -Y, -R, -e,
and -j options to tshark. Use them as the default "Apply as Filter" value
for the columns that aren't handled by anything else currently.
Because only the columns formats that actually correspond to columns
get filled in (invisible columns work), register and deregister the
fields when the columns change.
Use the lower case version of the rest of the COL_* define for each
column as the field name.
This adds a number of conditions to "when are the columns needed",
including when the main display filter or any filter on a tap is
using one of these fields.
Custom columns are currently not implemented. For custom columns, the
tree then has to be further primed with any fields used by the custom
columns as well. (Perhaps that should happen in epan_dissect_run() -
are there any cases where we construct the columns and don't want to
prime with any field that custom columns contains? Possibly in taps
that we know only use build in columns.)
Thus, for performance reasons, you're better off matching an ordinary
field if possible; it takes extra time to generate the columns and many
of them are numeric types. (Note that you can always convert a non-string
field to a string field if you want regex matching, consult the
*wireshark-filter(4)* man page.) It does save a bit on typing (especially
for a multifield custom column) and remembering the column title might
be easier in some cases.
The columns are set before the color filters, which means that you
can have a color filter that depends on a built-in column like Info or
Protocol.
Remove the special handling for the -e option to tshark. Note that
the behavior is a little different now, because fixed field names
are used instead of the titles (using the titles allowed illegal
filter names, because it wasn't going through the filter engine.)
For default names, this means that they're no longer capitalized,
so "_ws.col.info" instead of "_ws.col.Info" - hopefully a small
price in exchange for the filters working everywhere.
The output format for -T fields remains the same; all that special
handling is removed (except for remembering if someone asked for
a column field to know that columns should be constructed.)
They're also set before the postdissectors, so postdissectors can
have access.
Anything that depends on whether a packet and previous packets are
displayed (COL_DELTA_TIME_DIS or COL_CUMULATIVE_BYTES) doesn't work
the way most people expect, so don't register fields for those.
(The same is already true of color filters that use those, along with
color filters that use the color filter fields.)
Fix#16576. Fix#17971. Fix#4684. Fix#13491. Fix#13941.
Fix the "all X in S" expression to be implemented as
(x1 in S) AND (x2 in S) AND ... AND (xn in S)
Previously it was implemented as
(X all_eq s1) OR (X all_eq s2) OR ... OR (X all_eq sn)
which does not implement set membership semantics correctly.
The implementation uses a list to build the set and the
set membership test is done with a SET_*_IN instruction
that tests if a register belongs to the set (list contents).
Example:
Filter:
all tcp.port in {10..15,20,30}
Instructions:
0000 READ_TREE tcp.port -> R0
0001 IF_FALSE_GOTO 7
0002 SET_ADD_RANGE 10 .. 15
0003 SET_ADD 20
0004 SET_ADD 30
0005 SET_ALL_IN R0
0006 SET_CLEAR
0007 RETURN
Fixes #19188.
Features:
- Supports also compressed and TLS-encrypted Zabbix connections as well
as TCP desegmenting
- Dissects both passive agent connections (10050/tcp, plaintext-based)
and active agent, proxy and sender/trapper connections (10051/tcp,
JSON-based), ports are configurable
- Detects passive agent conversations by checking the request being
non-JSON (not depending on the well-known TCP ports)
- Calculates response times using protocol data saved in conversations
- Detects the connection type (proxy, agent, sender/trapper) and shows
tree and Info column information accordingly
- Dissects protocols up to Zabbix version 6.4 (currently latest) and
7.0 (currently in alpha)
- Does not support passive agent connections in Zabbix 3.x or earlier
(it does not have the normal Zabbix header; note that Zabbix 4.0 was
released in 2018)
If we are only trying to find RTP streams that match the current
packet, there's no reason to retap all other packets after
dissecting the current packet. This speeds up selection in that
case.
It is possible for an RTP session to contain multiple SSRCs
(such as with SDP negotiating BUNDLE (RFC 9143) as in WebRTC,
also see RFC 8872 for a general disscussion.)
The existing mechanism for searching for matching RTP streams for
the currently selected packet does not deal well with this.
findRtpStreams adds one copy of the forward stream (however, with the
same SSRC each time) for each stream bundled together on the session.
It also adds one copy for each stream in the reverse direction, only
using the first encountered SSRC.
When processed later, that means that only one reverse direction RTP
stream is added, which might not be the desired pair of the forward
stream (e.g., audio and video are bundled in each direction.)
Worse, if and when the RTP stream IDs are freed, a double-free can occur
and crash.
Don't add an RTP stream more than once.
Change the behavior when the Ctrl key is selected to adding all
RTP streams that share the addresses and ports (in either direction)
regardless of SSRC. Adding everything in the bundle makes more sense,
especially since there's no good way to determine which of the
bundled reverse RTP streams are paired with the selected packet's
RTP stream.
Also try to handle the unusual case of more than one stream in
the current packet (could happen with unusual tunneling.)
The LTE and RTP chapters are sub-sections, and don't get an
entire page in the chunked view. They need to point to the
higher level section plus an anchor.
Related to #17982
Sets can now accept arithmetic expressions, not just fields
and constants.
Besides making sets more generic and useful it also nicely
simplifies the grammar specification.
The only caveat is that the use of curly braces can become
a bit confusing.
Allow string slices (indexing) to work with internationalized
strings. The old behavior of indexing on byte boundaries can
be obtained using raw slices.
When reading developer's guide about backporting,
it looks like the commit hash in this example is '1ab2c3d4',
and it is more consistent if we use 'backport-1ab2c3d4' instead of
'backport-g1ab2c3d4'.
This closes#19140
Signed-off-by: Jones Syue <jonessyue@qnap.com>
Add a GUI option to append a DSB to the open file containing any
used TLS secrets from the session. The marks the file as having
unsaved changes.
Note #19128 - we don't currently have warning about saving a file
with a DSB in a format that doesn't support it, as we do with comments.
No longer export the RSA Session ID, only CLIENT_RANDOM related
information. This has been a long standing TODO.
Fix#18400