Both subset_find_guint8() and subset_pbrk_guint8() pass the parent
tvbuff to tvb_find_guint8()/tvb_ws_mempbrk_pattern_guint8(), along with
the offset in that tvbuff.
That means that the offset they get back is relative to that tvbuff, so
it must be adjusted to be relative to the tvbuff *they* were handed.
For subsets of frame and "real data" tvbuffs, there's a single lump of
data containing the content of the subset tvbuff, so they go through the
"fast path" and get the offset correct, bypassing the broken code;
that's the vast majority of calls to those routines.
For subsets of *composite* tvbuffs, however, they don't go through the
"fast path", and this bug shows up.
This causes both crashes and misdissection of HTTP if the link-layer is
PPP with Van Jacobson compression, as the decompression uses composite
tvbuffs.
Fixes#17254 and its many soon-to-be-duplicates.
This policy says: "Since version 3.10, CMake processes regular and GENERATED
source files in AUTOMOC and AUTOUIC. In earlier CMake versions, only regular
source files were processed. GENERATED source files were ignored silently."
We are currently running AUTOMOC/RCC/UIC on too many files unnecessarily and
that should be improved. CMake 3.20 introduced some changes related with this
that broke the build (issue #17314) and need further investigation.
Meanwhile setting this policy to NEW shouldn't break anything and silences
some noisy CMake warnings.
The '/codecs' dir was removed in g63af1da7e7.
Avoid using include_directories(), prefer target_include_directories().
Remove some unnecessary CMAKE_CURRENT_*_DIR includes and some other
small cleanups while at it.
The length specified in a TvbRange is the *actual packet length*, not
the *sliced-to* length, so use tvb_new_subset_length() to cut it short.
This fixes the fix for #15655, and addresses at least some of the issues
in #17255.
Changes:
In nearly all cases decoding match content of capture. The exception is #2270,
where timestamps do not match recorded time which causes discrepancy in
decoding.
Decoding of audio correctly follows different soundcard rates.
RTP Player shows first sample rate in each stream in place of rate of playing.
Fixed incorrect time axis calculation
Fixes#16837Fixes#4960Fixes#2270
Changes:
- epan/follow.c: follow_conv_filter_func has new parameter
epan_dissect_t *edt, so filter can be generated based on decoded tree
of packet below the cursor
- menu Follow/SIP Call is enabled when sip packet is selected
- value of sip.Call-ID is used as filter for SIP call
- for sharkd it generates filter just 'sip.Call-ID' with no value
When RTP stream has no setup frame, but is decoded by Decode as or
with rtp_udp active, setup frame was shown as SETUP <number>, but
correct is RTP <number>.
Enable CMAKE_AUTOMOC, CMAKE_AUTOUIC, and CMAKE_AUTORCC before searching
for Qt packages. This is apparently required for CMake 3.20.0 and later.
Fixes#17314.
Add DissectorTable.try_heuristics(name, tvb, pinfo, tree). Previously,
there was no way for a Lua plugin to run an existing heuristic
dissector.
Based on Gerrit change 18718. Closes#17220.
disabled RichText in regex text input, to prevent invisible
formatting from getting passed to the regex engine
fixed a issue where fields matched by duplicate groups would
not be parsed
Added documentation on the Regular Expression import mode
Added documentation for the associated ui-fields
Updated the screenshot for the import-from-hexdump dialog
Added a screenshot of the Regular expression mode tab
Updated the documentation for the updated Timestamp format
Added an entry in the release notes about this new/updated feature
Modularized the parser backend slightly to have the needed hooks
Modified the timestamp format slightly to enable arbitrary postion for
second fractions
Added a regex based seeking parser for textfiles as frontend alternative
to text_import_scanner.l
Regex is using the GLib implementation
Supported frame-data formats are bin, hex, oct and base64
Regex based importing UI
Fixed Meory-leak in ImportTextDialog::exec()
A new tab was added to the text_import ui to accomodate the new fields
Hints are available and styled accordingly
Update display name of the nordic_ble dissector to the release used
by nordic semiconductor for the development tool on the homepage.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Introduce a new TCP preference to allow the user to choose the
precedence between Fast Retransmission or Out-Of-Order. When
performing the SEQ analysis, ambiguous packets will be considered
with the chosen priority, helping in the final interpretation.
Closes#15987
This patch adds a dissector for PDUs based on signals. On CAN,
FlexRay, etc. data is transported in PDUs that are based on
signals. These signals are typically an arbitrary number of bits.
This dissector allows:
- Parsing configured signals (shortened datatypes too)
- Scaling and moving signals values (compu scale)
- Naming signal values (compu consts)
- Filtering on the scaled and raw value
The dissector supports:
- Signal PDUs over CAN
- Signal PDUs over FlexRay
- Signal PDUs over SOME/IP
- Signal PDUs over PDU-Transport
Add --ifname and --ifdescr to allow the name and description for an
interface or pipe to be set; this overrides the specified name or
reported description for an interface, and overrides the pipe path name
and provides a description for a pipe.
Provide those arguments when capturing from an extcap program.
This is mainly for extcaps, so you have something more meaningful than
some random path name as the interface name and something descriptive
for the description.
- gvsp: Fixed some GenDC container header related endianess bugs
(flipped bits in dissector)
- gvsp: Added support for GenDC meta-data decoding
- gvsp, u3v: Added support for all newly defined pixel formats
- its: Removed redundant code (possible search and replace error)
Now we ignore random packets and also correctly recognize server
responses in cases where the client uses the same port numbers as
the server for its TFTP or other conversations
As of now a plugin subdissector can register itself for byte or string type only.
This change adds an option to allow a plugin to register a subdissector for any protbuf field.
this subdissector will be able to dissect a protobuf field on top of the existing dissector for that field.
As of now a plugin subdissector can register itself for byte or string type only.
This change adds an option to allow a plugin to register a subdissector for any protbuf field.
this subdissector will be able to dissect a protobuf field on top of the existing dissector for that field.
Changes:
- all waveforms has common scale therefore louder/quiter signal is visible
- when stream/streams are deleted from view, Y axis is rescaled and
waveforms are rearranged to reuse empty space
SASL Buffer starts after the SASL Buffer Length field. Therefore
we should only mark the bytes without the Length field.
Sample capture can be found in wireshark/wireshark#15128
As of now GTP dissector provides option to decode T-PDU data ether, async, and with some heuristics.
But there is no option present to decode a new protocol with a plugin.
This change adds an option to decode T-PDU data with a plugin, to help develop and test new protocols that are
encapsulated as GTP T-PDU data.
Guy Harris