Instead of always setting the libssh log level to SSH_LOG_INFO
when an extcap has a ws log level of LOG_LEVEL_DEBUG or lower,
set the libssh log level to a corresponding log level
(NOISY/TRACE, DEBUG/DEBUG, INFO/INFO, MESSAGE and above/WARN).
Format the libssh logging messages more similar to our normal
logging messages, with a libssh domain and using the libssh
priority.
Prior to 0.11.0 (that is, this commit:
657d9143d1
) libssh sends some merely informational messages at their WARN
level, so lower that down to INFO, which isn't printed by default
and doesn't get printed in the GUI.
Related to #17888
ssh_pki_import_privkey_file can return SSH_OK ("import good, go ahead
and try to connect") or two types of errors, SSH_EOF ("file doesn't exist
or permission denied") or SSH_ERROR (any other error). Unfortunately
ssh_get_error() is called on the session, and doesn't provide anything
when importing the key failed.
When we get one of those two errors, add a log message explaining
what's going on. Unfortunately ssh_get_error() is called on the
session, not a key, and doesn't provide anything more when importing
the key failed, so we'll have to be somewhat generic in our error
mssage. It's a user-correctible error, so it's worth putting in the GUI.
When importing the key succeeded but authentication failed, keep
doing what we've been doing, as other methods might still succeed.
Fix#17888
Only 1 of the 4 bytes comprising the window field was actually
being read, causing the value to be incorrect. The offset pointer
was correctly increased by 4 on the following line, so this is
clearly just an oversight.
The configure-window-mask field was being dissected using the
"window value mask" bitmasks. It was interpreted correctly when
dissecting the actual fields, though, so this is clearly just
another minor oversight.
Before:
window: 0x00000001
configure-window-mask: 0x0003, background-pixmap, background-pixel
x: 448
y: 156
After:
window: 0x03800001
configure-window-mask: 0x0003, x, y
x: 448
y: 156
Use command substitution instead of backticks in several places. Use
`uname -m`, which returns "arm64" and "x86_64" instead of `uname -p`,
which returns "arm" and "i386". Clean up some test expressions. Comment
out some definitions and code which appear to be unused. Move the
"macosx-support-lib-patches" directory to "tools/macos-setup-patches".
Uninstall old zstd versions.
[skip ci]
Gitlab Bug #19597
The preference capture.auto_scroll was moved to a 'recent' value and marked obsolete.
It was not possible to set the recent value with -o because values marked as obsolete preferences were not checked to see if they were valid 'recent' values.
Garbage values passed to -o were not reported as unknown preferences because the 'recent' code returned PREFS_SET_OK for any value.
Changed commandline handling of -o to pass obsolete prefs to 'recent' in case they were moved there.
Return PREFS_SET_NO_SUCH_PREF for unmatched 'recent' values.
libssh 0.8.5 was released in October 2018, all known Linux distributions
that currently compile on the master branch with their default
packages include a more recent version, and we ship the 0.10.x series
for Windows and MacOS. (Among major Linux distributions that compile currently,
Debian Buster has 0.8.7).
It has several API changes to ssh_options_get and ssh_options_set, new features,
and a number of bugs and CVEs fixed. We can remove a workaround for a
missing API call in extcap/ssh-base
This is a little annoying because the OTOA field that determines the
encoding is many fields after the OAdC field. Also annoying because
the encoding is faintly absurd, and not the same as the other
"IRAString" encoding; that one is also a hex string, but uses
*unpacked* GSM 7 bit encoding. Here we have a hex string encoding of
a SMS-like "number of used semi-octets" followed by packed GSM 7 bit
encoding.
Fix#19599
The capture session sometimes calls the error handler with an
empty error message. This is generally on extcap errors, because
extcap errors aren't reported from dumpcap over the sync pipe
but instead gathered from the extcap stderr only after the session
closes. They're reported a bit later in the closed function.
Avoid console messages like:
** [Capture MESSAGE] -- Error message from child: "", ""
and
tshark:
Add Huffman decoding from libngttp2 library (MIT licensed),
and use it in HTTP/3 to display the decoded QPACK bytes.
(HTTP/2 and HTTP/3 use the same Huffman encoding.) These
files are not part of the public libnghttp2 library but
normally internal.
Note that libnghttp3 does not supply a function to inflate
headers like nghttp2_hd_inflate_h2.
Related to #16761
Correcting offset miss in !13077
Due to offset for octet 4 is skipped earlier, the remaining lenght becomes wrongly.
To correct the fault, offset for octet 4 is need to be added after IE has been decoded
Build on !13975 to add human-readable descriptions for all heuristic
dissector tables in Wireshark.
Chosen names are meant to give some info on when a heuristic dissector
lookup will be made. Terms like 'fallback' are used when the heuristic
is only consulted if other checks do not result in dissection, for
example.
People with more intimate knowledge of the protocols and dissectors
involved are encouraged to suggest or implement better descriptions.
Try caching strings based on their CPU ID, PID, and field index. This
lets us use a constant 64-bit key before spending CPU time hashing
strings. This saves about 500ms when loading a test capture here.
Add a field to `struct heur_dissector_list` to hold a human-readable
description of the heuristic dissector list. The field is named
`ui_name` to parallel `struct dissector_table`.
Add `register_heur_dissector_list_with_description()` to register a new heuristic
dissector list with a description as well as a name. Change
`register_heur_dissector_list()` to be a thin wrapper which passes a
null description.
Add `heur_dissector_list_get_description()` to get the description from
a `heur_dissector_list_t` (which is an opaque type).
Modify the Qt user interface so that heuristic tables listed in *View →
Internals → Dissector Tables* show the description in the left column
and the short name in the right column, as is the case for other
dissector table types. For heuristic dissector lists which do not have a
description, repeat the short name in the left column to resemble how
the dialog was presented before this change.
Revise function name based on feedback
X.75 is not the same thing as LAPB, and we already *have* a LAPB
dissector that registers for WTAP_ENCAP_LAPB. Two dissectors
registering for a value in the wtap_encap table means one of them will
lose, so it does not work; in this case, the LAPB dissector loses.
Fixes#19595.
Only show the "Displayed: x (y%)" packet list info if we have a display
filter set, similar to the other statistics. This avoids showing the
same number twice followed by "100.0%".
QObject::tr() returns a QString, so there's no need to wrap it in
QString(). (We do this a *lot*, which is probably my fault.)
Clean up some QString::arg calls.
Use the modern signal + slot syntax.
libssh 0.10.0 removed SHA-1 based keys and algorithms from its
default configuration, though they are still supported. We
ship with 0.10.5 in Windows and macOS now, and many Linux
distributions are on 0.10.x as well.
Add the ability to re-enable SHA-1 RSA keys, MAC, and KEX algorithms
with a preference to ciscodump, sshdump, and wifidump.
This will be a little easier in 0.11.0, where it's possible to
just specify the algorithms you want to add to the default list,
instead of having to specify the entire list.
Fix#19510. Fix#19594
Add buttons to select the infix pattern in multiple file mode,
using the new option for having the date and time before the
file index number (which provides more natural sorting, and
keeps different groups of captures together) added for tshark
and the capture options in 8bc52f542bFix#12371
interface_t contains an if_info_t as its member. It
doesn't need to copy the friendly name, vendor description,
and type from the if_info_t into separate members. The vast
majority of the time, we're already using the member from
the embedded if_info_t, but change a couple of cases.
The display name is a unique transformation of the name, friendly
name (OS name), and vendor description (hardware name) that depends
somewhat on the OS, so that needsto be seprate. The addresses and
links are also transformed from the if_info format. The name is
copied as well, but at least that's the primary key for the interface.
If the supported_versions extension is provided in the Client Hello,
display the mimimum supported version given in the extension in the
Protocol column if the session TLS version is unknown. Use the minimum
version because we don't know what the server will agree to, but it
must be at least this version.
This only affects when the Server Hello or other authoritative
messages haven't been seen, so in first-pass dissection (live
capture or one pass tshark) or a capture that doesn't contain
authoritative messages at all.
Fix#16114
If we have a packet that isn't long enough to fit an entire header,
but the first byte does look like a message type, and we can do
reassembly, ask for reassembly.
Fix#19593