Use "x64" to refer to "Windows running on 64-bit Intel processors". Get
rid of WIRESHARK_TARGET_PROCESSOR_ARCHITECTURE in favor of
WIRESHARK_TARGET_PLATFORM because the latter is shorter.
If a time shift has been applied to frames, save the time-shifted
value to the newly written file.
If we're doing Save/Save As, so that the newly written file replaces
the currently open file, make sure to clear the shift offset from
the frame data, for the same reason that we mark the file as no longer
being modified. If we're Exporting packets and not changing the
currently open capture file, leave the shift offset the same.
If there's color rules based on the frame protocol, recolorize.
We also really should reapply the current filter, if any, if it
depends on something in the frame protocol.
Fix#14306
Use FindPython3.cmake instead of the deprecated FindPythonInterp.cmake,
to make sure we actually find Python3.
Don't use the module with MSYS2 because it is buggy and exhibits broken
behaviour.
Run it earlier in the configuration, just as a precaution, so other
indirect calls to find python don't happen earlier.
This reverts commit d6380e7ae4.
Turns out we were unwittingly still using FindPythonInterp
instead of FindPython3.cmake, via LocatePythonModule.cmake,
nd this commit actually enabled FindPython3.cmake. Also turns
out FindPython3.cmake is far too clever and very buggy with MSYS2.
It will usually not find the correct python binary and fail in many
suprising ways, depending on which combination of Python Windows
installations is present.
Make it possible to use Decode As to set the current dissector
for an entry in a dissector table to NULL even if there is a
default dissector registered for that entry. (none) means (none)
This is different than disabling the dissector entirely, because
a dissector might be registered as default for multiple entries/ports,
and a user might want only to disable it for one entry, not in general.
Or, a dissector might have multiple registered dissectors and a
heuristic dissector, and a user might want to disable one dissector
registered value while still having the heuristic dissector enabled.
This is different than setting the dissector for the entry to Data,
because it still allows heuristic dissectors to get a chance.
This is different than setting a "Try heuristic sub-dissectors first"
preference, because it only affects the single entry in the tables,
instead of trying heuristic sub-dissectors first for all entries in
the table (and it works for all tables, even those that lack such a
preference.)
Move the default dissector to the top of the combobox so it is
still easy to reset to the default.
Fix#12098
This changes the existing code for the MSVC installer as little
as possible to allow building the Wireshark .exe Windows installer
using the MinGW-w64 toolchain.
Currently the DLL dependency list is static, this may change in
the future. Ideally we would use CPack and install() logic
to copy the DLLs.
The msys2checkdeps.py script is copied from the Inkscape project[1].
It doesn't have a specific license identifier. The Inkscape project
is licensed under the GPL version 2 or later.
TODO: Download Npcap and USBPcap using CMake instead of requiring
manual action.
[1]https://gitlab.com/inkscape/inkscape
Ping #17771.
Add dissectors for navigation messages of the Satellite-based
Augmentation System (on L1 frequency). Includes dissectors for message
types MT1, MT2 - MT6, and MT25.
Use CMake components to install the guides, instead of
a custom target and script.
We have to inconveniently place the install() command in the
top-level CMakeLists.txt file, instead of docbook/CMakeLists.txt,
so that we can use
cmake --install <builddir> --component UserGuide
insead of
cmake --install <builddir>/docbook --component UserGuide
so that it can be used in the wireshark.spec file without too
many contortions.
https://datatracker.ietf.org/doc/html/rfc6838#section-4.2
RFC 6838, 4.2 Naming Requirements:
"Both top-level type and subtype names are case-insensitive."
Some media types, e.g. application/3gppHal+json, are officially
registered with capital letters, and sometimes registered to
the dissector table that way.
Fix#18611
Remove the pytest compatibility layer and require the real thing.
Fix running tests with pytest and Python 3.11+. Pytest strongly
favors using fixtures instead of setup/teardown methods so
use that. This fixes the test suite with pytest and Python 3.11
and has the added benefit of removing the dependency on a private
unittest property.
We remove the dedicated log file code in SubprocessTestCase and just
write to standard out. This presumes to leverage the pytest logging
features, such as writing to a log file. To make the system more useful
we should probably rely on logging calls instead of writing to
stdout.
The teardown log file cleanup logic and filename_from_id() method
are replaced with pytest fixtures and native temporary path support.
They are cleaner to use and do not require messy teadown logic. The
temporary files are created in the system temporary directory. By
default the last three runs are kept.
More work is needed to complete remove the unittest module dependency.
Fixes#18740.
Add dissector for the UBX protocol as used by u-blox GNSS receivers.
Includes dissectors for UBX-NAV-DOP, UBX-NAV-EOE, UBX-NAV-POSECEF,
UBX-NAV-PVT, UBX-NAV-SAT, UBX-NAV-TIMEGPS, UBX-NAV-VELECEF, and
UBX-RXM-SFRBX messages.
Sort the model by Most Recently Used, instead of Most Recently
Added. This improves the usability of the combobox and prevents
the most used filters from being pushed out of the list by newer
entries.
Add a monotonic increasing timestamp to each row, set it
when each entry is created or updated, and use it to sort the model.
Fixes#18997.
Matter is an interoperable application-layer protocol to control IoT smart
home devices, maintained by the Connectivity Standards Alliance.
This dissector currently only parses the outer "message headers" and
"payload headers". The protocol also has encryption, a TLV encoding for
the payload, the application semantics of those TLVs, fragmented
payloads in UDP, support for TCP, etc. which is all missing from the
dissector for now, so there's still lots to do.
There is no defined port number (implementations pick an arbitrary port and
advertise it over mDNS), so I'm only making Matter available in "Decode As"
for now. In the future it would be nice to get the port from the mDNS
answers.
Some fields in the message header can be encrypted by "message privacy".
Since we don't support decryption yet, these currently show up as a
single "encrypted headers" field if the "message privacy" flag is set.
Implement the dissector for Ultra-wideband controller
interface packets, based on the protocol description
on the FiRa consortium website:
https://groups.firaconsortium.org/wg/members/document/1679
The dissector recognizes packets with PCAP identifier 293,
or TCP packets on port 7000 (default).
Revert 9864a877ce, since it causes problems with Sparkle:
error 13:09:41.018537-0700 Wireshark Error: the bundle being updated at NSBundle </path/to/wireshark/build/run> (loaded) has no CFBundleIdentifier! This will cause preference read/write to not work properly.
error 13:09:41.019087-0700 Wireshark Error: the bundle being updated at NSBundle </path/to/wireshark/build/run> (loaded) has no CFBundleIdentifier! This will cause preference read/write to not work properly.
error 13:09:41.019165-0700 Wireshark Error: the bundle being updated at NSBundle </path/to/wireshark/build/run> (loaded) has no CFBundleIdentifier! This will cause preference read/write to not work properly.
error 13:09:41.019216-0700 Wireshark Error: the bundle being updated at NSBundle </path/to/wireshark/build/run> (loaded) has no CFBundleIdentifier! This will cause preference read/write to not work properly.
error 13:09:41.019303-0700 Wireshark This host (/path/to/wireshark/build/run) has no CFBundleVersion! This attribute is required.
error 13:09:41.019628-0700 Wireshark Fatal updater error (6): Sparkle cannot target a bundle that does not have a valid bundle identifier for run.
Update the comments in CMakeLists.txt to note this.
Move MaxMind lookups to a global Name Resolution preference.
That's a bit of a misnomer (it's not name resolution, but it
is using external sources of data to update information about
a network object), but the MaxMind DB path location is already there.
This means that MaxMind lookups can be disabled with the '-n'
option, and enabled with a 'g' for the '-N' option. This is
significant for tshark, because MaxMind lookups are now synchronous.
Disabling the new global preference also keeps the Endpoints window
from doing MaxMind lookups; currently, even if the IPv4 and IPv6 GeoIP
prefs are disabled the data is still looked up and inserted in the
Endpoints window.
Fix#14692
Implements suggestion in issue #18714.
Proposed syntax for setting subsecond precision is "tshark -t adoy.3" for
millisecond accuracy in output. Using a dot separator indicates the precision
of what follows the dot in the output.
The following tshark -t combinations are supported:
1. Specifying just the format with e.g. "-t a" and defaulting the precision.
2. Specifying both format and precision, with "-t ad.2" or "-t ad -t .2".
3. Specifying only the precision with "-t .6" and defaulting format.
4. Use "-t a." or even "-t ." to specify auto precision from trace.
The latter use case is particularly useful with wireshark/logray.
Using a dot like this avoids introducing a new command line option.
Display character according to the "encoding" attribute of the XML
declaration. Add a new preference to set default character encoding
for some XML document without "encoding" attribute.
Since f63628d9c4, `run/wireshark` has been a wrapper script which execs
run/Wireshark.app/Contents/MacOS/Wireshark. It looks like newer versions
of Qt call `[NSApp activateIgnoringOtherApps:YES]`, so this should no
longer be needed.
Make `run/wireshark` and `run/logray` symlinks like our other
executables. This makes it possible to run a debugger on those files and
simplifies CMakeLists.txt a little.
This means that running `run/wireshark` will result in a lower-case
application name in the main menu bar, but if that's an issue you can
still run `open run/Wireshark.app` on the command line.
Reduce the default update interval for dumpcap to notify its parent
of new packets (or to check if we've met file duration, etc.) from
500 ms to 100 ms, and put in the capture options.
This makes the GUI appear to update more in real time rather than
in visible batches of packets.
This also reduces the amount of ring buffer space needed in cases
where we're doing dissection, and dissection is able to keep up,
but the files can be deleted before tshark gets to them because of
the notification lag. (See #1650.)
The WSUG has ChManageInterfacesSection, but the help button in
ui/help_url.c tries to open ChCapManageInterfacesSection.
The latter appears to be correct, as every other section and other
anchor in the Capture Chapter beings with "ChCap".
Part of #17982
Dumpcap depends on wsutil.so. The path to the shared library
is encoded in the RPATH (or RUNPATH) property of ELF binaries.
This is currently an absolute path on most Unixy systems.
Dumpcap could not be made to work with a relative RPATH because it
uses elevated privileges and some loaders will ignore relative
RPATHs and non-standard paths under those circumstances, because of
(justified) security concerns.
To enable relocation of the program we link dumpcap statically
with wsutil instead.
This provides a fully working relocatable installation on Linux
and other platforms that support relative RPATHs.
Dumpcap depends on wsutil.so. The path to the shared library
is encoded in the RPATH (or RUNPATH) property of ELF binaries.
This is currently an absolute path on most Unixy systems.
Dumpcap could not be made to work with a relative RPATH because it
uses elevated privileges and some loaders will ignore relative
RPATHs and non-standard paths under those circumstances, because of
(justified) security concerns.
To enable relocation of the program we link dumpcap statically
with wsutil instead.
This provides a fully working relocatable installation on Linux
and other platforms that support relative RPATHs.
Move the top-level user-guide.adoc and developer-guide.adoc to their
respective source directores. This is in preparation for a future
toolchain revamp.
Move the wsug_graphics directory to wsug_src/images and wsdg_graphics
directory to wsdg_src/images. Copy common_graphics/* to the each images
directory and remove common_graphics. We only have five admonition
graphics; duplicating them lets us remove some build config overhead.
Rename wsluarm.adoc to wsdg_src/wsdg_lua_support.adoc.
Remove a dummy file.
Tested visually and by enabling `--failure-level=WARN`.
Add a drop-down combobox for UATs, including User DLTs, that
have a choice of dissectors. Make the combobox editable, which
will provide suggestions, and pass things through to the existing
UAT validation for dissectors. (It's a very long list, especially
with 1717 entries, including 530 just from various BT GATT UUIDs,
so being able to still type it in seems useful.)
Dissectors are not protocols. Rename the UAT field from PROTO to
DISSECTOR where used. Update the column names and long descriptions
to use dissector instead of protocol in dissectors that used this.
There may at some point be UATs that want protocols instead of
dissectors, but that's not what the current behavior does and
none of the current dissectors that use the existing types want.
Update the documentation to use "dissector" instead of "protocol."
Put the names of the actual current three Ethernet dissectors.
Clarify that the "ip" dissector actually tries IPv4 and IPv6,
instead of just IPv4.
UAT entries are backwards and forwards compatible with versions
without this change.
Fix#18836.
Dumpcap depends on wsutil.so. The path to the shared library
is encoded in the RPATH (or RUNPATH) property of ELF binaries.
This is currently an absolute path on most Unixy systems.
Dumpcap could not be made to work with a relative RPATH because it
uses elevated privileges and some loaders will ignore relative
RPATHs and non-standard paths under those circumstances, because of
(justified) security concerns.
To enable relocation of the program we link dumpcap statically
with wsutil instead.
This provides a fully working relocatable installation on Linux
and other platforms that support relative RPATHs.
Added the SAP Diag dissector protocol from [SecureAuth's plugin](https://github.com/SecureAuthCorp/SAP-Dissection-plug-in-for-Wireshark/blob/master/src/packet-sapdiag.c).
This is a dissector that implements the Diag protocol. Decompression of packets is not considered as this requires the proprietary LZC/LZH decompression routines still pending to be added in #8973. The Diag packets can be wrapped in an SNC frame, in which case the respective dissector is called. Embedded RFC calls are disabled as this requires the respective dissector to be found, which will be submitted in a separate merge request.
Details about the protocol and example requests can be found in [pysap's documentation](https://pysap.readthedocs.io/en/latest/protocols/SAPDiag.html).
The personal extcap folder $XDG_CONFIG_DIR/wireshark on Linux is
inconsistent with the global extcap folder (lib/wireshark/extcap)
and personal plugins folder (.local/lib/wireshark/plugins) and also
the configuration folder should not contain architecture-specific files.
The extcap personal folder is changed from:
.config/wireshark/extcap
to:
.local/lib/wireshark/extcap