Add Huffman decoding from libngttp2 library (MIT licensed),
and use it in HTTP/3 to display the decoded QPACK bytes.
(HTTP/2 and HTTP/3 use the same Huffman encoding.) These
files are not part of the public libnghttp2 library but
normally internal.
Note that libnghttp3 does not supply a function to inflate
headers like nghttp2_hd_inflate_h2.
Related to #16761
Correcting offset miss in !13077
Due to offset for octet 4 is skipped earlier, the remaining lenght becomes wrongly.
To correct the fault, offset for octet 4 is need to be added after IE has been decoded
Build on !13975 to add human-readable descriptions for all heuristic
dissector tables in Wireshark.
Chosen names are meant to give some info on when a heuristic dissector
lookup will be made. Terms like 'fallback' are used when the heuristic
is only consulted if other checks do not result in dissection, for
example.
People with more intimate knowledge of the protocols and dissectors
involved are encouraged to suggest or implement better descriptions.
Try caching strings based on their CPU ID, PID, and field index. This
lets us use a constant 64-bit key before spending CPU time hashing
strings. This saves about 500ms when loading a test capture here.
Add a field to `struct heur_dissector_list` to hold a human-readable
description of the heuristic dissector list. The field is named
`ui_name` to parallel `struct dissector_table`.
Add `register_heur_dissector_list_with_description()` to register a new heuristic
dissector list with a description as well as a name. Change
`register_heur_dissector_list()` to be a thin wrapper which passes a
null description.
Add `heur_dissector_list_get_description()` to get the description from
a `heur_dissector_list_t` (which is an opaque type).
Modify the Qt user interface so that heuristic tables listed in *View →
Internals → Dissector Tables* show the description in the left column
and the short name in the right column, as is the case for other
dissector table types. For heuristic dissector lists which do not have a
description, repeat the short name in the left column to resemble how
the dialog was presented before this change.
Revise function name based on feedback
X.75 is not the same thing as LAPB, and we already *have* a LAPB
dissector that registers for WTAP_ENCAP_LAPB. Two dissectors
registering for a value in the wtap_encap table means one of them will
lose, so it does not work; in this case, the LAPB dissector loses.
Fixes#19595.
Only show the "Displayed: x (y%)" packet list info if we have a display
filter set, similar to the other statistics. This avoids showing the
same number twice followed by "100.0%".
QObject::tr() returns a QString, so there's no need to wrap it in
QString(). (We do this a *lot*, which is probably my fault.)
Clean up some QString::arg calls.
Use the modern signal + slot syntax.
libssh 0.10.0 removed SHA-1 based keys and algorithms from its
default configuration, though they are still supported. We
ship with 0.10.5 in Windows and macOS now, and many Linux
distributions are on 0.10.x as well.
Add the ability to re-enable SHA-1 RSA keys, MAC, and KEX algorithms
with a preference to ciscodump, sshdump, and wifidump.
This will be a little easier in 0.11.0, where it's possible to
just specify the algorithms you want to add to the default list,
instead of having to specify the entire list.
Fix#19510. Fix#19594
Add buttons to select the infix pattern in multiple file mode,
using the new option for having the date and time before the
file index number (which provides more natural sorting, and
keeps different groups of captures together) added for tshark
and the capture options in 8bc52f542bFix#12371
interface_t contains an if_info_t as its member. It
doesn't need to copy the friendly name, vendor description,
and type from the if_info_t into separate members. The vast
majority of the time, we're already using the member from
the embedded if_info_t, but change a couple of cases.
The display name is a unique transformation of the name, friendly
name (OS name), and vendor description (hardware name) that depends
somewhat on the OS, so that needsto be seprate. The addresses and
links are also transformed from the if_info format. The name is
copied as well, but at least that's the primary key for the interface.
If the supported_versions extension is provided in the Client Hello,
display the mimimum supported version given in the extension in the
Protocol column if the session TLS version is unknown. Use the minimum
version because we don't know what the server will agree to, but it
must be at least this version.
This only affects when the Server Hello or other authoritative
messages haven't been seen, so in first-pass dissection (live
capture or one pass tshark) or a capture that doesn't contain
authoritative messages at all.
Fix#16114
If we have a packet that isn't long enough to fit an entire header,
but the first byte does look like a message type, and we can do
reassembly, ask for reassembly.
Fix#19593
For RTMP connections where we get the handshake, continue to use
the initial value of 128 as done in the protocol; we should get
any Set Chunk Size messages.
For connections where we don't get the initial handshake, i.e.
the connection is already in progress when the capture is started,
allow setting a different default chunksize. Note that both too
large and too small values will cause problems, but the since the
initial bytes of chunks can have any value, it's very difficult
to do this heuristically.
Fix#12403 (by setting the preference to a large value, e.g. 60000,
everything is dissected correctly in that capture.)
Some systems repeatedly send out SDP setup information for the same
RTP conversation. We end up setting up multiple conversations
(it's not clear we need to, since most of the information we copy
to per-packet info for subsequent passes.)
When doing so, copy the per-SSRC number space information that
determines what cycle number we're on for extended sequence numbers
and timestamps (since those fields can and do wrap.)
This doesn't hurt at all if the setup information is for different
conversations, even ones using the same SSRC; it aligns the cycle
number but that's fine. It helps a lot in cases where the RTP
sequence number has already overflowed and then we get a duplicate
SETUP message; we need to stay on the same cycle.
Fix#19592
When rescanning the interface list (e.g. when manually refreshing
or a new device is added or removed), do not destroy old devices
but instead reuse it and preserve the user-set options.
Do check the monitor mode and active dlt setting against the
retrieved values to make sure that they are still supported.
In particular this means that the capture filter is not reset.
For many of the options, the value when creating a new device is
taken from the prefs, and the prefs are updated when the Capture
Options Dialog is closed (monitor mode, promiscuous mode, link layer
type, snapshot length, buffer size), or when the Manage Interfaces
Dialog is closed (hidden, user description), which mostly worked,
unless a refresh occurred when those dialogs were open and changes
had not been saved to prefs.
Fix#16418
Even though these files are generated and warn not to change
them, the generator is not working currently, so patch them.
(See the disscussion in !14000)
RTMPT doesn't use the native reassembly API, so store the frames that
are involved in reassembly of a packet and mark the depended upon
frames itself so that exporting selected packets doesn't omit them.
This is the reassembly API call for fragments that start at a
different value. This is better than examining the entire
chain, and also would have a better chance of working with
out of order fragments (though TCP should handle that for us.)
Martin Mathieson