When opening a console dialog, make it reuse an existing instance
if it is already open. This is required because the output of
the Lua code currently only goes into a single GUI dialog
(the last one open). And in general it feels correct.
This depends on the QAction holding the pointer reference,
which seems reasonable because it is a dynamic menu action.
Use global variables to save the state needed to restore the
print-to-console Lua function when the Lua state is destroyed
and re-created (reloaded).
Do not pass a lua_State pointer to the dialog, for the same reasons;
it is already a global variable, use that instead.
Fixes a crash that was easily reproduced on macOS, but probably
happens elsewhere too, where the saved state became inconsistent on
reload because the dialog wasn't re-registered. (It still isn't,
but now we are handling it with global variables on the Lua side).
Do not close the console dialog when Lua is reloaded. It is no
longer necessary and improves the usability of the dialog.
The MDB (Multi-Drop Bus) protocol is used inside a vending machine. MDB
defines the communication between the main control board (VMC = Vending
Machine Controller) and peripheral components, e.g. a payment terminal
or a bill validator.
The protocol specification is available from
https://namanow.org/nama-releases-mdb-version-4-3/
The pcap input format for this dissector is documented at
https://www.kaiser.cx/pcap-mdb.html
We are in the process of requesting an official DLT for MDB.
For now, the dissector can be mapped to a User-DLT for testing.
Add both TLS heuristic and non-heuristic dissector functions,
namely dissect_rpc_tls_heur() and dissect_rpc_tls() respectively.
Using same functionality as RPC-over-TCP in order to allow both
TLS and RPC fragmentation reassembly. Added extra option to pass
the tlsinfo struct in order to differentiate between TCP and TLS.
Do not use conversation_set_dissector() to set the non-heuristic
dissector for RPC-with-TLS, instead use tlsinfo->app_handle to
set it.
The RPC-with-TLS initialization starts by sending an RPC NULL
procedure with a credential flavor of AUTH_TLS over TCP thus
setting the non-heuristic dissector at this point will cause
all TLS packets to be dissected as RPC. To avoid this, keep
on using the heuristic dissector until an RPC with a credential
other than AUTH_TLS is used.
When determining if the first few bytes of a ICMP Echo or
Echo Reply look like a timestamp, take the smaller difference
from the packet time instead of just taking the Big Endian time
if it's less than our maximum delta.
Also, test for timevals using 64 bit time_t, since that's common
now. Assume that suseconds_t is 64 bit if time_t is, even though
it doesn't have to be (do any 32 bit systems do that?)
Assume that if something looks like a LE timeval with a 64 bit time_t
that it is one, rather than being a LE timeval with a 32 bit time_t
and 0 fractional seconds. (Otherwise we'd make the wrong heuristic
decision with clock skew that makes the ping timestamp in the future.)
Fix#19283
That obviates the need to count characters in a string (which is done
incorrectly in some places, as Coverity pointed out in CID 1541122), and
also lets us do a better job of making sure the length fits in 16 bits
(by clamping it at 65535, rather than just casting it to a 16-bit
unsigned integer).
Instead of always requiring that setCaptureInProgress be
followed by a call to setVerticalAutoScroll to properly set
the auto scroll status, pass in the auto scroll checkbox status
to setCaptureInProgress.
This is simpler since we no longer to set up the timer.
Add the short name (used by Wireshark for MAC address name resolution)
to the output as another column. This matches the historical
format for this text file, before it was turned into static
binary data.
The use case for still parsing an optional external manuf text file
is to allow customization of the compiled in data, for any reason.
In that case it is useful to be able to run something like:
tshark -G manuf | grep MyVendorName >> ~/.config/wireshark/manuf
And then edit the newly added short name entries to one's satisfaction.
This commit adds new fields to the output of both `-G protocols` and
`-G heuristic-decodes` in `tshark`.
For `-G protocols`, three new fields (4, 5 and 6) have been appened to
the existing ones:
- Field 1: protocol name
- Field 2: protocol short name
- Field 3: protocol filter name
- Field 4 (NEW): protocol enabled (e.g. "T" or "F")
- Field 5 (NEW): protocol enabled by default (e.g. "T" or "F")
- Field 6 (NEW): protocol can toggle (e.g. "T" or "F")
For `-G heuristic-decodes`, similarly three new fields (4, 5 and 6)
have been appended to the existing ones:
- Field 1: underlying dissector (e.g. "tcp")
- Field 2: name of heuristic decoder (e.g. "ucp")
- Field 3: heuristic enabled (e.g. "T" or "F")
- Field 4 (NEW): heuristic enabled by default (e.g. "T" or "F")
- Field 5 (NEW): heuristic short name (e.g. "ucp_tcp")
- Field 6 (NEW): heuristic display name (e.g. "UCP over TCP")
The new fields added to `-G heuristic-decodes` are useful as the short
name argument required for `--enable-heuristic` was not previously
shown in the `-G heuristic-decodes` output.
Previously, a `download` method request for an `eo:<name>_<row>`
export object (for example, `eo:http_0` to download the HTTP export
object with row 0) would fail unless a `tap` method for `eo:<name>`
had already been run. This behavior is surprising as the other
resources downloadable via the `download` method do not work this way.
This commit addresses this issue by updating the `download` method to,
when a `eo:<name>_<row>` export object is requested, see if an
`eo:<name>` object list already exists in `sharkd_eo_list`. If it
does not exist, the `download` method first generates the object list
for `eo:<name>` and adds it to `sharkd_eo_list` using `sharkd_retap`
in the same manner that the `tap` method does. After that, the
`download` method looks for the exported object in `sharkd_eo_list`
just as it did before.
This commit also adds a `sha1` field to the list of exported objects
returned by the `tap` method for `eo` objects in
`sharkd_session_process_tap_eo_cb`.
Update generate-sysdig-event.py to match falcosecurity/libs master.
Extract and generate our syscall codes. Regenerate the dissector.
Resolve generic syscalls and show them in the info column. Add a
sysdig.event_name field.
We have a preference that controls how often we get capture updates,
so there's no reason (nor CPU savings) to have a separate timer
checking for when to auto scroll. We can just scroll to the bottom
whenever we insert new rows (which doesn't happen any faster than
prefs.capture_update_interval, which the user can change.)
This makes the auto scrolling smoother, instead of having a gap where
rows have been inserted but not scrolled yet. If the scrolling is too
fast, a user can change the preference.
Make whether or not we are autoscrolling a "recent" item.
Make the selection of automatically scrolling in the Capture
Options tab actually have an effect (right now it does nothing.)
Switching to a recent also means that the command line "-l" option
actually turns on automatic scrolling if the recent value is off
(currently it has no effect because it is always later overridden
by the preference value).
Document our behavior that autoscrolling, if turned on, temporarily
turns off when manually scrolling upwards or Go'ing directly to
a packet (so that a user can examine a chosen packet.) This temporary
effect does not change the "recent" status, which changes only when
the user directly turns the behavior on or off (through the capture
window, the button or menu item, or the -l command line option.)
packet-ieee80211.c hf_ieee80211_gann_flags_reserved filter= wlan.gann.flags.reserved - mask is all set - this is confusing - set 0 instead! : 0xFF
packet-ieee80211.c hf_ieee80211_he_trigger_bar_info_blk_ack_seq_ctrl filter= wlan.trigger.he.common_info.bar_info.blk_ack_starting_seq_ctrl - mask is all set - this is confusing - set 0 instead! : 0xFFFF
Warning: epan/dissectors/packet-ieee80211.c:24227 proto_tree_add_uint called for hf_ieee80211_he_om_rx_nss - item type is FT_UINT16 but call has len 4
Warning: epan/dissectors/packet-ieee80211.c:24229 proto_tree_add_uint called for hf_ieee80211_he_om_channel_width - item type is FT_UINT16 but call has len 4
Warning: epan/dissectors/packet-ieee80211.c:24233 proto_tree_add_uint called for hf_ieee80211_he_om_tx_nsts - item type is FT_UINT16 but call has len 4
Warning: epan/dissectors/packet-ieee80211.c:24326 proto_tree_add_uint called for hf_ieee80211_he_uph_ul_power_headroom - item type is FT_UINT8 but call has len 4
Warning: epan/dissectors/packet-ieee80211.c:24330 proto_tree_add_uint called for hf_ieee80211_he_uph_reserved - item type is FT_UINT8 but call has len 4
Warning: epan/dissectors/packet-ieee80211.c:24348 proto_tree_add_uint called for hf_ieee80211_he_btc_avail_chan - item type is FT_UINT16 but call has len 4
Warning: epan/dissectors/packet-ieee80211.c:24350 proto_tree_add_uint called for hf_ieee80211_he_btc_reserved - item type is FT_UINT16 but call has len 4
Fixes a crash using the console because the dialog holds a pointer
to the Lua state that gets invalidated by the reload.
Forcing the dialog to close drops the invalid reference and avoids
the crash and all the other attending state problems with the reload.
In theory there might be console types other than Lua so we may
want to fix the code to close only Lua type dialogs if only Lua
plugins are reloaded.
Switch from a horizontal input/output text layout to a vertical
layout with a splitter in the middle.
Change to a QTextEdit while at it, just because the performance
reasons that might suggest using QPlainTextEdit are not very
relevant here.
Use the proper keyboard shortcut for macOS.
proto_tree_add_bitmask has an error if called with an empty
set of fields. The flags field is unusued in BATADV_OGM2, so
just add without using a bitmask tree.
Part of #17890
João Valverde