Change our menu path separator to "//" similar to our filter buttons.
Change the "name" configuration element to "path", since it's a menu
path. Add a separate "title" element. This lets us use names like "Foo
I/O".
Add an opaque public type for stats_tree configurations. Get rid of
stats_tree_register_with_group and add stats_tree_set_group. Add
stats_tree_set_first_column_name. Convert some documentation to doxygen.
Pass the sysdig.param.asyncevent.data start and offset to the Falco Bridge
dissector, and use that to highlight the evt.buffer and fd fields.
Pass the data to the ELF dissector if we find an ELF magic ID.
Add a pinfo conversation filter which enables related packets based on
(container.id, proc.id) combinations. Register the "Process" conversation
filter first so that the "Go" menu behavior matches the related packet
display.
Handle cases where container.id is missing.
Add 64-bit integer type support to conversations.
If the OpenSecureChannel message is not captured, then whether
messages are signed, and what the signature length is is unknown.
This creates a preference that can be set to a default value to use,
instead of assuming that all messages on the channel are unsigned.
Fix#15206
One of these modifies a field name ("hart_ip.pt.rsp.transducer_serail_number"
in packet-hartip.c), a few are in text displayed for fields (in packet-nvme.c)
or for unknown fields (in packet-oer.c and packet-per.c), one is in a
preprocessor macro (in packet-cip.[ch]), and the rest are all in comments.
arry -> array
authos -> authors
compatability -> compatibility
contigous -> contiguous
dispaly -> display
erorr -> error
filed (where it was obviously incorrect) -> field or filled
hueristic -> heuristic
regsiter -> register
serail -> serial
Fix the distributed examples to use the "new" style configuration,
as shown in the WSUG and Wiki. Fix the FTP example in the WSUG,
as it's missing the Match keyword
Related to #12118.
Fix#16940
In addition to the start and end offset locations, store a pointer to
the data source tvb in each mate_range. The start and end offsets
are only relevant within a data source.
If a field has a data source different from one of the protocol,
transport protocol, or payload ranges, search in the tree for the
ancestor nodes of the field, and see if an ancestor is located within
one of the ranges.
In order to workaround #17877 (non-visible items can't change length
after being added to the tree, which affects most protocols), set
the tree as visible similar to done with a number of Lua postdissectors
that need all fields. Unfortunately this is overkill that hurts
performance.
Fix#19619
Build on !13975 to add human-readable descriptions for all heuristic
dissector tables in Wireshark.
Chosen names are meant to give some info on when a heuristic dissector
lookup will be made. Terms like 'fallback' are used when the heuristic
is only consulted if other checks do not result in dissection, for
example.
People with more intimate knowledge of the protocols and dissectors
involved are encouraged to suggest or implement better descriptions.
Try caching strings based on their CPU ID, PID, and field index. This
lets us use a constant 64-bit key before spending CPU time hashing
strings. This saves about 500ms when loading a test capture here.
Even though these files are generated and warn not to change
them, the generator is not working currently, so patch them.
(See the disscussion in !14000)
This is the reassembly API call for fragments that start at a
different value. This is better than examining the entire
chain, and also would have a better chance of working with
out of order fragments (though TCP should handle that for us.)
Dissect the X.509 v3 Certificates used in OPC UA.
Use proto_tree_add_bytes_with_length for adding NULL bytes to
the tree with a (0) length different than the length taken up
in the tvb. It's somewhat nicer than changing the item length later.
http://www.irdajp.info/specifications.php doesn't work any more; remove
it.
Show some other document links, purportedy uploaded to archive.org by
the IrDA, as well as a link to a collection of those documents.
Show ome links from the archive copy of the IrDA specifications page
from the Wayback Machine.
[skip ci]
Add a minimum and maximum API level. Backward-compatible changes to
the API only bump the maximum API level. Backward incompatible
changes bump the maximum API level and the mininum, to the
new (maximum) level.
This may allow codec plugins to continue working without recompilation,
possibly with reduced functionality.
The API level is only defined for codecs because it is a small
and easy to define API, and very stable.
Maybe we could do the same for wiretap (file type) plugins. For the
various epan plugin types it seems pointless and futile. I cannot
see a scenario where a new Wireshark minor release does not increase
the minimum API level.
John Thacker