The comments claim that UAT_AFFECTS_FIELDS also triggers a redissection,
but it does not. Fortunately, all UATs whose flags have UAT_AFFECTS_FIELDS
also have UAT_AFFECTS_DISSECTION.
dfilter macro expressions are a rare case of a UAT that should trigger
FieldsChanged but not PacketDissectionChanged. (It's slightly
unnecessary to invalidate the custom columns, but perhaps in the
future macros will be possible in custom columns.)
So resolve things by changing the comments to reflect current reality
and making the dfilter macro UAT flags UAT_AFFECTS_FIELDS.
This prevents a crash when removing a dfilter macro thus invalidating
the current filter, and then opening a file (including reloading the
current one.)
Fix#13753
This code path is no longer necessary because in the PacketDialog
case a separate fixed epan_dissect_t is now passed in
and save (9198448f9d)
Removing the tvb memory comparision is faster and reduces the number
of ways that the PacketDialog can crash after the capture file is
closed, for tvbs with data that was allocated at file scope, or
freed when the file is closed like reassembly.
Related to #14363
Introduce a MINGW_SYSROOT cache variable and --sysroot Python
script option so the installer can be built in other
distributions that do not use Fedora's layout.
Add a few other DLLs and use some shell globs, tested on an
Arch Linux host.
The dependency list should be generated dynamically but we're not
there yet.
This CMake module is specific to Wireshark's 3rd party Windows
repository so make use the correct variable for that, so this
isn't activated in Windows builds that do not use the reppsitory.
Use the new COMPONENTS feature of find_papckage() to configure
Qt6. Leave Qt5 using the old method.
In the past using target_link_libraries() with an OBJECT library
wasn't fully supported but I think we are now requiring a modern
enough CMake version.
Besides being cleaner and more modern this also fixes some detection
problems I am experiencing[1].
[1]https://bugreports.qt.io/browse/QTBUG-95791
Sometimes you have a capture file that has many duplicate frames
because of how the capture was made, and its convenient to ignore
the duplicates so you can concentrate on the data and not all
the TCP warnings.
This adds a preference in the "Protocols" section to ignore
duplicates. This currently only works while reading a capture file
*not* during a live capture.
The secrets maps in [D]TLS include all the values from the configured
keylog file, plus anything from a DSB, and any master secrets computed
at runtime. However, not all of them may be used.
Mark which Client Randoms (and, for [D]TLS <= 1.2, Session IDs used
to compute master secrets) are used, and only export secrets associated
with those. This saves a time consuming operation to do so outside of
Wireshark.
"Export TLS Session Keys" now exports TLS 1.3 derived keys, since
now it is useful for filtering a larger keylog file for the values used.
In the future, the string returned from this function can be used to
write a DSB to the file.
Related to #18400
The haproxy header length *doesn't include* the 16 byte haproxy header.
To make it more intuitive, we use the next_offset value, instead of adding
16 to the header length at every check (it also improves the clarity of the
code, since the expert info also uses that value if the header is too
short).
Add ENC_BOM to the list of bitflag modifiers, and use it with
UTF-16, UCS-2, and UCS-4 (UTF-32). If set, this means that the
first 2 (or 4) octets, if present, are checked to see if they are
a Big-Endian BYTE ORDER MARK ("ZERO WIDTH NON-BREAKING SPACE"). If so,
those octets are skipped and the encoding is set to Little-Endian
or Big-Endian depending on endianness of the BOM.
If the BOM is absent, the passed in Endianness flag is used normally.
Related to #17991
The header for frame_data can forward declare an incomplete type
for wtap_rec, since it only takes a pointer to it.
This prevents every dissector from automatically including
wiretap/wtap.h
Add wiretap/wtap.h to some dissectors that need it.
Remove it from some other dissectors that had the explicit include
but don't actually need it.
A few other dissectors actually need wsutil/inet_addr.h but were
getting that via wtap.h - include what they actually need.
This reduces the number of files that are recompiled when
wiretap/wtap.h is touched from ~2500 to ~800.
Note that most of the dissectors that still include wiretap/wtap.h
really only need to use a WTAP_ENCAP_ value, and most of the rest
just need a pseudoheader. Those could be moved into another wiretap
include to further reduce recompilation.
Related to #19127
Pytest on Windows cannot capture the subprocess output to
stdout and stderr. Wireshark warnings and other incidental
output is printed to the console and that will be interleaved
with pytest output, producing garbled output.
We add some wrappers for subprocess.run() and set default options
to capture output by the parent. Hopefully this will solve that issue
without creating other usability problems.
Set the value of last_frame field of an uncompleted msp to
the max uint64 to prevent mis-reporting error of "[Dissector
bug, protocol HTTP2: ...]".
close#19121
The remote capture stuff, including pcap_findalldevs_ex(), isn't
Windows-specific; libpcap can be built with it on UN*X, although it's
not the *default* configuration.
So, if we're not building for Windows, just #define
ws_pcap_findalldevs_ex to be pcap_findalldevs_ex.
Add the Qt Image Formats package as optional in an RPM installation.
This add transparent runtime support for viewing additional image
formats such as TIFF, WEBP, etc. through Show Packet Bytes -> Show as Image.
https://doc.qt.io/qt-6/qtimageformats-index.html
Test with the TIFF file in !2640.
Try to autodetect ENABLE_SIGNED_NSIS and enable it if
sign-wireshark.bat is detected on the path.
Instead of skipping the whole Qt deployment, including things like
translations, just skip the DLLs in the manifest. This is useful
if the target machine has Qt installed and the static DLL list
for cross-compiling is not adequate.
At least with Xcode 15 beta on macOS 14 beta, some code in libssh gets
the warning
error: a function declaration without a prototype is deprecated in
all versions of C [-Werror,-Wstrict-prototypes]
because they define functions with an empty argument list as
<type> func()
rather than
<type> func(void)
Maybe C23 will finally consider
<type> func()
as meaning "func() takes no arguments" rather than "func() is being
defined without prototypes".
(And, no, I don't know why it says that about a function *definition*
rather than a funciton *declaration*.)
Make the mpeg-audio dissector handle more than one MPEG Audio
frame in a packet. (It's currently just called for files through
the wiretap encapsulation, which divides on each frame.)
Register it to the media type dissector, since it will now do
more than just dissect the first frame (or tag) in those cases.