Previously, Wireshark was sorting all packets in a capture,
regardless whether they were actually visible or not. If you
are working with large PCAPs & filters, this is a MASSIVE
performance drag. Therefore, this commit changes this
by only sorting the visible packets which boosts the
sorting performance in filtered views massively.
For a string, add the value from the packet normally so that the
value is filterable, shows up in JSON, etc. Prepend the tag
description to the item so the formatting is displayed in the
tree with the name like it has been.
Generate filter expressions for columns with multiple occurrences
by using the membership operator (which is semantically OR).
It's not clear if this approach makes more sense than AND;
there's use cases for both.
Don't do this for multifield custom columns, since we don't know
which values were found by which field. That takes changing
the column logic in several places.
Ping #18001
Use the information gained from conversation tracking to infer
well-known names. Show well-known names as addresses to improve the
readability of a D-Bus capture.
Add the method name to response frames, like Method Return and Error.
The name is not included in the frame itself, but can be inferred with
conversation tracking.
Add generated fields with the value from the request. D-Bus response
frames don't include fields like "member", i.e. the method name. By
adding generated fields it's easier to filter method calls and its
method return by name.
Since cbd3c447 ("ftypes: Add FT_UINT_STRING to IS_FT_STRING() macro")
proto_tree_add_string() accepts FT_UINT_STRING, but the API check still
fails. Update the API check to reflect that change.
The poll and precision fields in timing NTP messages are signed
integers.
Different NTP implementations have different minimum and maximum polling
intervals. Some can be configured even with negative values for
sub-second intervals (e.g. down to -7 for 1/128th of a second).
NTP clocks on modern systems and hardware typically have
a sub-microsecond precision.
Print all poll values. Add the raw precision and change the resolution
of the printed value to nanoseconds.
The fragment functions will work with a zero length fragment,
which might happen if a record length is zero in a malformed
packet and a reassembly is in progress. It is not by itself
a fatal error (and could actually work, even though
non-compliant.) There is already a tls.record.length.invalid
expert info added by ssl_check_record_length for this case.
Related to #17890.
1. Fix the bug that the timestamp of google.protobuf.Timestamp message
type does not displayed while pbf_as_hf (Dissect Protobuf fields as
Wireshark fields) is FALSE.
2. Add the use_utc preference for displaying google.protobuf.Timestamp
in UTC or local zone format.
Add a dissector table "btcommon.eir_ad.entry.uuid_16", which behaves the same
way as the hard-coded GAEN (Google/Apple Exposure Notification) dissector does
today -- the table key is the 16-bit UUID
(https://www.bluetooth.com/specifications/assigned-numbers/), and the dissector
is given the corresponding service data.
Normally, 'control' and 'otherbss' flags are set when
using monitor mode, but certain Wi-Fi drivers (e.g. MT7921)
need to explicitly have these flags set in order to capture
control frames.
A device is not allowed to start a new control procedure if it
has already responded to a peer procedure.
The detection of a response being present did not take into account
that some procedures do not have a response.
Signed-off-by: Rubin Gerritsen <rubin.gerritsen@nordicsemi.no>
According to 3GPP TS 44.018 section 10.5.2.20, the Measurement Results
is a type 3 (TV) information element with 17 (1 + 16) octets length.
The respective dissection function is called as follows:
ELEM_MAND_V(GSM_A_PDU_TYPE_RR, DE_RR_MEAS_RES, ...)
elem_v(tvb, tree, pinfo, GSM_A_PDU_TYPE_RR, DE_RR_MEAS_RES, ...)
de_rr_meas_res(tvb, subtree, pinfo, curr_offset, -1, ...)
^^^
len
Note that elem_v() passes -1 as the len argument to de_rr_meas_res().
The later returns -1 casted to guint, and this is indeed wrong.
Moreover, the 'len' argument is marked as unused (_U_).
This bug creates a false impression that the Measurement Results IE
occupies more octets than it actually does when it's encapsulated
into some other protocol, e.g. A-bis/RSL.
Let's return value 16, which is known from the specs.
This way we can also use this function for checking padding in
the Measurement Results IE, which uses 0x00 as padding pattern.
Drop the '_csn' part because it's not CSN.1 specific anymore.
When running the profiles dialog from the main status bar,
some objects appear to be not cleaned up properly with Qt 6.
This will circumvent this, by creating an object for the
dialog and cleaning it on closing.
Fixes#18525
The context menu falsely assigns the proxied index to the context menu
entries, therefore always selecting the wrong model index for the
resulting functions.
Fixes #18xxx
should be { 0x6, "NB 24.4 kbps" } instead of the current { 0x6, "Not used" }
According to Table A.3 of 3gpp TS 26445
Reported by Massimiliano Agnoletti
Close: #18550