Add a description of absolute time fields to the Display Filter
Field Types section and explain some of its quirks (always in
local time zone, no time zone suffix, etc.) Related to #13268.
Pass the deprecated data struture to the scanner and insert the deprecated
tokens there. This avoids having to keep a dedicated syntax node field
for this.
Pass the deprecated argument in dfwork_t instead of in a separate
argument. This is less cumbersome than adding an extra argument
to every level of the semantic checker.
Use wslog to output debug information. Being able to control
it at runtime is a big advantage.
We extend the syntax tree nodes with a method to return a
canonical string representation.
Add a routine to walk the tree and return an textual representation
for debugging purposes.
Support reloading a Lua FileHandler when this is in use for a
loaded capture file. Prompt to save the file if having unsaved
changes because the file must be reloaded.
Fixes#17615
Re-use the OK Error true false flag instead of defining a custom one
with OK Incorrect.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Add address resolved flag to Advertising PDUs. This indicates if the
sniffer was able to resolve the advertising address using an IRK.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
absolute_val_from_string() doesn't allow a time zone and always
assumes that time strings are in local time zone, so
absolute_val_to_repr() needs to produce that output for FTREPR_DFILTER
so that construct_match_selected_string() produces the correct filter
string for FT_ABSOLUTE_TIME fields that are not ABSOLUTE_TIME_LOCAL.
Fix#17617
The flags were used to identify the SID format, without regard for the
available size. Also in case of error in the flags the SID would not be
shown. Convert, like elsewhere, SID format identification based on size
and add flag validity checks, based on RFC 8667 section 2.1.1.
Closes#17610
Also changing keyboard and button disssectors to prefix values with ": ". This
matches how proto_tree_add_int_bits_format_value() displays values.
Concludes the last bits left: Closes#17550
Using quotes is confusing because they are difficult to distinguish
from the actual filter expression itself. Quotes are unnecessary
anyway because whitespace is not significant (except inside brackets).
Add the heur_dtbl_entry_t entry as deregistered when deleting a
heuristics dissector. The UDP dissector is storing a pointer to
this in proto_data and may access the entry during reload Lua
plugins until all packets are redissected.
At least using MSYS2 python (that uses system() that uses CMD.EXE)
we must quote every command in a pipe, otherwise the "'C:' is not
recognized as an internal or external program" error occurs.
If we are using MSYS2 we use those packages to build Wireshark
using MinGW-w64 and disable most or all of our win-setup.ps1 codepaths.
Fix GLib configuration. Disable copying of DLLs with MSYS2.
Some tests in the suite_capture test suite are failing with MSYS
MINGW64. That particular set of tests is way too brittle regarding
file system paths; more work is needed to improve that situation.
This is more likely to hinder than to help, and is not really a good way to
invoke dpkg-buildpackage. It's a crutch that doesn't interact well with ninja,
has a 50/50 chance of giving the right results and will pollute the build
environment.
The Debian package should be built from a tarball instead.
The openSUSE 15.2 RPM Test step occasionally fails when trying to
retrieve repository metadata. Add "--no-remote" to the zypper install
command in the openSUSE 15.2 RPM Test to match the offline behavior of
our other RPM tests.
Implement little endian support for tvb_get_bits family of functions.
The big/little endian refers to bit numbering within an octet. In big
endian, the most significant bit is considered bit 0, while in little
endian the least significant bit is considered bit 0.
Add encoding parameters to proto tree bits format family functions.
Specify ENC_BIG_ENDIAN in all dissectors using these functions except in
USB HID that requires ENC_LITTLE_ENDIAN to work correctly.
When formatting bits values, always display most significant bit on the
leftmost position regardless of the encoding. This results in no gaps
between octets and makes the displayed value comprehensible.
Close#4478Fix#17014
The file type/subtype for built-in types are <=
wtap_num_builtin_file_types_subtypes - the plugin types are given
type/subtype values after the last built-in type/subtype value.
Fixes#17614.
We only allow exp-Golomb coded values to be as large as 32 bit
integers. When packets encode too large a value (invalid content),
clamp the value and report it as malformed with an expert info,
reporting the number of bits consumed (which will probably lead to
a BoundsError later in the packet.)
The case with 32 leading zeroes is a special case because for both
unsigned and signed interpretation there is one non overflowing value.
This is better than using DISSECTOR_ASSERT for invalid packet content.
Avoid left shifting a 32 bit integer by 32, which is undefined.
Use DISSECTOR_ASSERT_FIELD_TYPE at the beginning of the function rather
than using DISSECTOR_ASSERT in the middle, since it's more descriptive
in its error message and clearer code to do it at the start.
Same issue as #17612, commit a7dfe53488.
Special case the situation with 32 leading zeroes, since in C it's
undefined to left shift a 32 bit integer by 32. Only one value with
32 leading zeroes is an encoded 32 bit integer.
Clamp too large values to G_MAX[U]INT32 and report it as a malformed
expert info. Also report the supposed amount of bits consumed,
which will probably lead to a BoundsError down the line (possibly
not for some bit errors).
This is better than using DISSECTOR_ASSERT for invalid packet content.
Use DISSECTOR_ASSERT_FIELD_TYPE for doing the checks on the hf_field
types, since it's more descriptive in its error message.
Fix#17612.
João Valverde