A conversation in Wireshark might have two endpoints or might have no
endpoints; few if any have one endpoint. Distinguish between
conversations and endpoints.
Since we require CMake version at least 3.7, we can use fixtures
to ensure that the unittests have been built before running
suite_unittests.
This only applies to running the tests via ctest (including
'[ninja|make] test'), not when running pytest directly.
Fix#17191
Our ubuntu container has Qt6 so use the default Qt version.
The APT packages are still using Qt5 at the moment. We may want to
migrate those to Qt6 in the future and choose a single Linux build
using Qt5.
PT_TCP and ENDPOINT_TCP happen to have the same numerical value, and
PT_UDP and ENDPOINT_UDP happen to have the same numerical value, but we
shouldn't cheat and just type-pun a PT_ value to an ENDPOINT_ value.
Instead, make the relevant structure members endpoinnt_type values and
assign them ENDPOINT_ values.
For a PDU where we haven't seen a request, response, or
header line yet, check to see if the header name is valid
before deciding that it is a header. Prevents many false
positives on continuation data that happens to have a line
end and a colon, where we couldn't do desegmentation for
some reason.
If we get a new contiguous fragment that is inserted into the
middle of a MSP in progress, we need to update maxnextseq by
looking at all the fragments part of that MSP that are now contiguous.
Related to #17406
One or both Qt version deps can be selected with a command line option.
If no option is given the script will select Qt6 for Ubuntu 22.04 or
later, Qt5 otherwise.
Similar is done for CGI, where LAC (%x)/CI (%u) is shown.
Let's do the same for SAI case, otherwise it's confusing since it first
looks as if LAC Cell Identifier was sent, but it is actually of type
SAI.
Handle RFC 2920 and RFC 3030 pipelining of DATA and BDAT. This
involves:
Instead of storing a single PDU type for each frame, storing
a linked list of PDUs (with end offsets), in order to handle
frames that switch between data and command state. This includes
handling other commands before or after a BDAT command, or handling
other commands after a DATA EOM. That means parsing the remaining
lines after BDAT and EOMs on the first pass instead of assuming that
the rest of the frame has a known type.
Also, RSET commands allow switching between BDAT transaction
and DATA transactions, per RFC 3030.
The case where more than one message is completed in a single frame
is not yet handled. RFC 2920 and 3030 imply that this is non-standard,
but it could work. To handle it, we would also have to track message
numbers in order to give fragment_add_seq_next unique frag IDs.
(It doesn't handle more than one fragment with the same ID ending in
the same frame.)
Fix#17269. Fix#17267.
In the case that this is being called with an address type that
is neither IPv4 or IPv6, make sure that the char array used
to construct the QString is null terminated so that there's no
warning about using addr uninitialized or a possible strlen running
off the end.
The last specification of the Wi-SUN FAN (I have not checked when it
appeared, but it is present in 1.1v04) introduce LBC-IE (see
"6.3.2.3.1.17 LFN Broadcast Configuration Information Element
(LBC-IE)").
The last specification of the Wi-SUN FAN (I have not checked when it
appeared, but it is present in 1.1v04) introduce the field
broadcast_sync_period in LBS-IE (see "6.3.2.3.1.13 LFN Broadcast
Schedule Information Element (LBS-IE)").
The =1 part does not make any sense in reporting SACK_PERM=1.
There is no value in the option and if it is not supported the
option is not there. So remove the =1 part.
gcc 12.1 thinks that there's a signed/unsigned qsize issue with
the Qt6 sources. Enable compilation until this gets fixed upstream.
/usr/include/qt6/QtCore/qarraydataops.h:98:17: error: ‘void* memcpy(void*, const void*, size_t)’ specified size between 9223372036854775808 and 18446744073709551615 exceeds maximum object size 9223372036854775807 [-Werror=stringop-overflow=]
98 | ::memcpy(static_cast<void *>(this->end()), static_cast<const void *>(b), (e - b) * sizeof(T));
| ~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The "conversation table" mechanism supports two types of tables, one for
the "Conversations" menu item under "Statistics" and one for the
"Endpoints" menu item under "Statistics". The first of them shows
statistics for conversations at various layers of the networking stack;
the second of them shows statistics for endpoints at various layers of
the networking stack.
The latter is *not* a table of hosts; an endpoint might be a host,
identified by an address at some network level (MAC, IP, etc.), or it
might be a port on a host, identified by an address/port pair.
Some data types, function names, etc. use "host" or "hostlist" or other
terms that imply that an endpoint is a host; change them to speak of
endpoints rather than hosts, using names similar to the corresponding
functions for conversations.
Provide wrapper functions and typedefs for backwards source and binary
compatibility; mark them as deprecated in favor of the new names.
Clean up some comment errors found in the process.
Linux builds were left behind on the Qt transition, presumably because
our Ubuntu CI image does not support Qt6.
Enable Qt6 by default and explicitly disable it for slower or more
conservative Linux distros.
Drop experimental status for Qt6, because we are using it to build
official Windows and macOS releases.
If display filter compilation fails and the expression has a syntax
error and associated location, it will be displayed in the filter
tooltip, using a textual underline.
As far as I can tell using a graphical squiggly underline seems extremely
difficult for an object inheriting from QLineEdit, so the tooltip
textual method was used instead.
If we shortcut the HTTP header check because the file starts with
a non-ASCII character, but we think that it is Continuation Data
because we've seen real HTTP in the same conversation, mark the
data as file data and send it to the follow tap, just as we would
if it failed the more extensive checks for being a header. Deals
with cases where desegmentation isn't performed (whether because
of prefs, missing packets, bad checksums, etc.)
Related to #13918.
Guy Harris
Pau Espin