The verbiage for first/last packets and start/end times seem
to not be consistent. Changing will also require a change to
Capture File Statistics in the Wireshark Gui. Future MR.
For #16186. Proposed changes to the tooltips which appear when a filter
expression is potentially problematic.
Rename references to "User's Guide" to "Help" since the link to the
User's Guide in the Help menu is just called *Contents*.
Name specific sections within the help which pertain to the warning
tooltip being shown. Gives first-time users some help in finding the
right part of the sizeable User's Guide.
Since the wraparound aware GT_SEQ is used, passing in 0 for the
ACK number can result in thinking that bytes are missing and
dropping frames from the follow stream tap.
In rare circumstances when a connection could not established on
the first try, succeeding in establishing it later would generate
many Retransmissions. Closes 17616.
For efficiency do the comparison in a single function call
instead of trying to preserving exactly the previous semantics.
Still I tried not to deviate much.
All the order operators can be defined in terms of 'lt'
and 'eq' so use that to reduce the number of required
methods from 6 to 2.
Further reduce to one by combining those two into a single
function that has memcmp semantics: negative return is
"less than", positive is "greater than" and zero is equal.
Null frames are frames with invalid data. This patches makes sure that
the invalid data is not further dissected.
Closes#17644
Bug present since Wireshark 3.4.
When UDP-NM was renamed into AUTOSAR-NM (as well as filename changed)
the author of that patch missed the dynamic filters. This patch fixes
this oversight and makes sure all filters of AUTOSAR NM start with
"autosar-nm.".
Fixes#17643
Since the UDP connection switches back and forth between DHT and uTP,
use conversation_set_dissector_from_frame_number so that the dissector
called by try_conversation_dissector in packet-udp.c doesn't change for
a given frame based on the last packet clicked in the GUI.
Split out a heuristic dissector from uTP so that conversation_set_dissector
is only called from the heuristic dissector.
This doesn't make a difference when the heuristics are accurate but
might in some edge cases.
Last version of MS-RDPEUDP2 has detailled the interpretation of ackvec packets. The
patch also adds the interpretation of ack vector items (bitmap or RLE encoded).
The TECMP dissector did not set the length to the correct value but by
accident just used all bytes present. This is not correct.
This bugfix is for Wireshark 3.4 and newer.
Closes#17638
Strengthen the heuristic, including fixing a typo, disabling via
preference the pre-release "Version 0" of the protocol that hasn't been
supported by any clients for a decade, and putting a limit on the maximum
window size by default via preference. This might be enough to enable it
by default, but hold off on doing so for until more testing.
Also fix a couple of typos and add unit strings.
Do the integer conversion for ranges in the parser. This is more
conventional, I think, and allows removing the unnecessary integer
syntax tree node type.
Try to minimize the number and complexity of lexical rules for
ranges. But it seems we need to keep different states for integer
and punctuation because of the need to disambiguate the ranges
[-n-n] and [-n--n].
If we have a STRING value in an expression and a numeric comparison
we must also check if it matches a value string before throwing
a type error.
Add appropriate tests to the test suite.
Fixes 4d2f469212.
If the RPC dissector doesn't have all the bytes of the a fragment
and thus needs to do TCP desegmentation, but can't or won't for some
reason, then don't try to defragment either, regardless of what the
defragmentation preference says. Fix#11198.
A function is grammatically an identifier that is followed by '(' and ')'
according to some rules. We should avoid assuming a token is a function
just because it matches a registered function name.
Before:
Filter: foobar(http.user_agent) contains "UPDATE"
dftest: Syntax error near "(".
After:
Filter: foobar(http.user_agent) contains "UPDATE"
dftest: The function 'foobar' does not exist.
This has the problem that a function cannot have the same name
as a protocol but that limitation already existed before.