We want to do more sophisticated processing of UTF-8 in wmem and
for that we want to use the unicode utility functions in wsutil.
We also want to use wmem scoped memory in wsutil unicode utility
functions.
This introduces a circular dependency. Fix that by making both
the same library and removing the sanitary cordon separating
them.
We still need to be mindful of public header depencies of wmem on
wsutil because wmem.h is included in wireshark.h and we want to
be parsimonious with the use of global includes.
Add `pkgutil --forget org.wireshark.ChmodBPF.pkg` to the "Uninstall
ChmodBPF" postinstall script. The `pkgutil` man page says
--forget package-id
Discard all receipt data about package-id, but do not touch the
installed files. DO NOT use this command from an installer package
script to fix broken package design.
but Homebrew's Wireshark cask does this, and it should help to work
around issue #18734.
Add `pkgutil --forget org.wireshark.path_helper.pkg` to the "Remove
Wireshark from the system path" postinstall script.
epan_dissect_run_* and epan_dissect_reset unreference the packet
block that is part of the record, which frees it if the ref count
drops to zero. However, tshark needs the block later to, e.g.,
copy the options. process_cap_file_[single|second]_pass still
unreference and free the block with wtap_rec_reset() at the end
of each packet loop.
Fix#18693
WTAP_ENCAP_UNKNOWN is used for two different cases:
1. Encapsulation type values that are unsupported by libwiretap or
bogus values (and thus "unknown" to libwiretap).
2. An initial state where the encapsulation type is "not yet" known
for a file type like pcapng without a single encapsulation type in the
header, before any packets or interfaces that set the encapsulation type
have been read. (If the file has no packets, this may be the value after
the file is entirely read in.) This can be the value when an output file
is written out simultaneously with reading an input file, rather than
reading the entire input file first, and, e.g., there is a custom block
before any IDBs.
The first case can never be handled when writing out a file, but the
second case can possibly be handled, so long as (for pcapng) IDBs
are available to write when they become necessary, or (for file
types like pcap with a single link-layer type in the header) the
writer waits until a link-layer type is seen to create the output
header. (It is possible, of course, that writing would fail in the
middle if an unsupported encapsulation type appears, or if the
encapsulation becomes per-packet for file types that don't support that,
but that is an unavoidable risk when writing without reading the entire
input file(s).)
Introduce WTAP_ENCAP_NONE for the second case, and use it for pcapng,
where we guarantee that any necessary IDBs will be passed along.
Continue to use WTAP_ENCAP_UNKNOWN for the first case.
Allow pcapng files to open a file for writing with WTAP_ENCAP_NONE.
There are some other file types that support per-packet link-types,
and could also use WTAP_ENCAP_NONE, but they require more work to
generate IDBs. (Note that all of them currently are impossible to
write to pcapng when they have multiple encapsulations, even if
the encapsulations are all supported by pcapng, because they don't
properly generate IDBs.)
Remove the workaround in ef43fd48b4
for tshark writing to pcapng when the source file is WTAP_ENCAP_UNKNOWN,
since now such files will be WTAP_ENCAP_NONE and work properly (and
also work in editcap, mergcap, etc.)
Along with 8cddc32d35, fix#18449.
Add strings with proto_tree_add_item instead of tvb_memcpy,
appending a null, and a proto_tree_add_string so that the
strings are validated for encoding, trailing nulls, etc.
Fix#18847
Pass a prefix to `codesign` so that our signature identifier is
"org.wireshark.foo" instead of "foo" for our command line utilities,
libraries, and ChmodBPF.
Add the ability to cancel sorting. Since we now parse user inputs
during the sort, test and set the capture file read lock. Try to
sort in PacketList::captureFileReadFinished, since now sorting during
thawing won't happen if it's in the middle of a rescan.
Fix#17640
In certain situations using __MINGW64__ is not correct.
We want to have the condition apply using MinGW-w64 but also
using MSYS2, which the __MINGW64__ condition alone does not
capture.
Add a HAVE_MSYSTEM C define and use it where appropriate.
Forcing the use of a dedicated header to replace pcap.h is
unnecessary code and mental overhead in this case. We can
use config.h instead for the same purpose of defining a
macro symbol before including pcap.h.
g_utf_8_make_valid() replaces embedded NULs with unicode
replacement characters and this behaviour does not match
the pcapng spec; the first NULL should terminate the string
instead.
Use ws_utf8_make_valid() which provides the correct behaviour.
Tweak the script used for creating a new skeleton dissector, to allow it
to create the dissector in `plugins/epan/PROTOSHORTNAME` instead of in
`epan/dissectors`. Handles modifying the appropriate CMake file in the
appropriate way, and generates the plugin's `CMakeLists.txt` if needed.
Do not modify global data pointer when redissecting packets. This fixes
transient incorrect packet sequence errors when user navigates packet
list when live capture is in progress.
The packet loss column has been sorting on a private variable
that is never set(?!) and also is unsigned whereas the actual
lost number is signed. Get the calculated packet loss number
and sort by that. (Should this be sorting by the total number or
the percentage, since the column displays both? Total number is
first so let's use that.)
This should probably be some kind of Model/View instead.
Fix#16785.
Just because a file type supports per packet encapsulation does
not mean it can write every encapsulation type.
When determining what file-level encapsulation to write the merged
file, check each file's encapsulation to see if it is writable by
the output file type. If any are not, report _UNKNOWN so that the
merge will fail early with an appropriate error message, instead of
always reporting WTAP_ENCAP_PER_PACKET.
This prevents confusing errors when trying to merge, e.g., a JSON
file and a normal packet file into a pcapng.
Intitialize some environment variables using `brew shellenv`.
Speexdsp is required. Make some variable names match their respective
command line flags.
RTP is commonly multiplexed on the same UDP 5-tuple with STUN, DTLS, and
other protocols including ZRTP. RFC 7983 gives current best practices for
dealing with the multiplexing that doesn't involve assuming that version
0 packets are always the same protocol. Implement that for the "what to do
if RTP packets have the wrong version number" preference and set it as the
default.
Only use this setting when RTP is being dissected non-heuristically
(leave heuristic dissections to the other protocol's heuristic
dissector.)
This avoids a problem of the STUN heuristic dissector setting itself
to be the new dissector for an RTP conversation (cf issue #18148).
This also allows dissection of TURN ChannelData multiplexed on the
same 5-tuple as RTP set up by, e.g., SDP.
Fix#18832
Put the "attempt to compile a filter string as a capture filter" code
into a common routine, and, if the attempt succeeds, free up the
generated capture filter code.
Fixes#18837.