One of these modifies a field name ("hart_ip.pt.rsp.transducer_serail_number"
in packet-hartip.c), a few are in text displayed for fields (in packet-nvme.c)
or for unknown fields (in packet-oer.c and packet-per.c), one is in a
preprocessor macro (in packet-cip.[ch]), and the rest are all in comments.
arry -> array
authos -> authors
compatability -> compatibility
contigous -> contiguous
dispaly -> display
erorr -> error
filed (where it was obviously incorrect) -> field or filled
hueristic -> heuristic
regsiter -> register
serail -> serial
When showing the follow data as text (ASCII, UTF-8, EBCDIC, etc), add a
newline at each turn. Add the ability to show delta times between
packets and turns. Add a recent setting for delta times.
Make the initial dialog a bit wider.
Save and restore our scoll position when reading a stream.
Manually connect our signals and slots. Fix some clazy warnings.
While we do immediately free it and recompile in rescan_packets,
or if we open a capture file in cf_read, if we start a capture
we go from cf_open to cf_continue_tail, and we want to use this
filter since we don't compile during a capture for each group
of packets (for reasons explained in the previous commit.)
Fixup 08cf0e9553
This IE has been recently renamed in GSUP protocol spec [1] and main
implementation (libosmocore) [2] from "PDP Type" to "PDP Address",
update it here too.
While at it, properly dissect the type_org, type_nr and address buffers.
[1] 602fabc6d5
[2] 74ee02420a
Similar to the UMTS MM Context, when the Extended Access
Restriction Data length is greater than 1, handle the length
but indicate that we don't dissect it yet.
Also fix two of the UMTS MM Context expert infos being added to
the wrong tree.
Fix#19630
The Endace ERF format has extended the 'Interface Id' from 2 bits (interface 0-3) to 3 bits (interface 0-7).
The Interface Id high order bit is not adjacent in the flags field.
Extend wtap handling for ERF records.
Extend epan dissection and display of ERF format.
The existing erf.flags.cap field is retained and extended to 0-7.
A new erf.flags.if_raw field is added for the unformatted value.
Note proto_tree_add_split_bits_item_ret_val() cannot be used here because it only supports input from the tvb and not from a non-tvb value.
PI_RECEIVE is for indications from the process of receiving packets,
such as CRC errors, short/long frame indications, etc..
PI_INTERFACE is for indications from an interface (other than receive
indications), such as out-of-buffrs indications, hardware errors,
changes in link speed, etc..
See !14177 for some discussion of this.
In the first pass of two-pass wireshark, where we can do
asynchronous DNS lookups, make sure to actually take the
requests off the queue and process them, instead of waiting
until the end of the first pass.
Use a mutex to protect taking requests off the queue, just in
case.
Related to #19629.
Some of the functions in proto.c when handling a FT_BOOLEAN field
allow it to be part of a 64 bit unsigned integer with a 64 bit
bitmask. Other functions do not. Some of the functions start out
allowing a 64 bit bitmask and then switch to casting the value to
a 32 bit unsigned integer (but others don't.) Consistently allow
a boolean to be extracted using a 64 bit bitmask by changing the
various proto_tree_add_boolean functions to allow a 64 bit unsigned
integer value parameter.
There was only one function adding a boolean that already took
a 64 bit value, proto_tree_add_boolean_bits_format_value64, a
counterpart of proto_tree_add_boolean_bits_format_value. It was
never used anywhere and not WS_DLL_PUBLIC, so it is safe to remove
in favor of having the latter take a uint64_t.
Note that _proto_tree_add_bits_format_value, as a comment says:
"does not receive an actual value but a dimensionless pointer to that value.
For this reason, the type of the header field is examined in order to determine
what kind of value we should read from this address.
The caller of this function must make sure that for the specific header field
type the address of a compatible value is provided."
Both proto_tree_add_boolean_bits_format_value and
proto_tree_add_boolean_bits_format_value64 called that function, one
passing a pointer to a guint32 as a void*, the other passing a
pointer to a guint64. In both cases it was cast to a guint32*, which
was less than ideal in the value64 case. Fix that.
This is related to #19552, as it is necessary in order to add support
for passing a UInt64 value to a boolean field (as oppposed to extracting
it directly from the tvb.)
When switching to synchronous external host name lookups (e.g., upon
starting the second pass of a two-pass tshark command), if there are
any in-flight requests, wait for them to return.
This avoids a problem where on the second pass, synchronous lookups
aren't performed but instead immediately report failure (because
according to our cache the request has already been made; in the GUI,
the answer would be updated later.)
It makes tshark two-pass performance faster than one-pass, so long as
the host name lookups are queued in the first pass (e.g., by offering
a display filter like "-Y ip.addr".)
A nice enhancement later would be to ensure that any external host name
lookups that will be needed in the second pass are done asynchronously
in the first pass. Even the overkill of doing the dissection with a visible
tree is likely better performance than waiting for many synchronous
lookups.
Fix#19629.
Define VCS_NUM_COMMITS and VCS_COMMIT_ID in vcs_version.h. Use them to
return the Logray version in get_lr_vcs_version_info and use that where
appropriate. Rename VCSVERSION to VCS_VERSION.
Vendor Data for the Status Message CM and the Status Message Interface
are not required to have a multiple of 2 as length.
Also ASAM CMP UDP encapsulation was missing.
Closes: #19626
The RTP dissector already calculates an extended timestamp
that takes into account wrapping and passes it to the taps.
Just use that in the analysis stats instead of redoing the
extended timestamp calculation.
(The calculation currently in the analysis has some slight
issues about when to use a absolute difference versus a
signed difference, and what to cast the 32 bit timestamps to.)
Fix#19622. Tested and works with the various edges cases
in !4853 and #16330 and others.
Darius Davis
Pau Espin