Write inequalities more clearly and naturally. Remove obsolete
admonition.
Rewrite DNS examples to be more pedagogical to avoid conflating
ports with protocols.
The macro expression is invalid because of the range used and looks
a bit wrong.
Use a simpler expression that should match the intended meaning,
filtering for unicast addresses with the U/L bit equal to 1.
In order to phase out older versions, we recommed 5.12 as a
minimum Qt version going forward. Although build support for
5.10 and 5.11 is not being removed at this point, it might
be for 4.x at a later time.
Harden the code a little and alternate the mac address to allow
the code to be used for testing conversation and endpoint dialog.
Also transmit integer values not as ascii representations and include
a data packet that allows for reassembly to be tested
All/any equal have their own symbols for operators so cannot
be handled in the same switch case.
Other comparisons don't have different symbols for any/all.
New vendor ID's up to june 22, 2022 have been added.
Decoding of the optional description field in BACnet SC BVLC's has been fixed.
Decoding of the exteded event parameters has been fixed.
It's possible for a dissector to claim a frame without adding to
the tree or being added to frame.protocols (see !6669)
Log a debug message showing the pinfo layers and the dissector that
claimed the tvb (frame/packet).
Add a function to get the column text of the nth column, taking
into account whether the column is resolved or unresolved. Use
this function in the GUI, as well as in tshark, when writing
PSML, exporting dissection to PSML, etc., instead of accessing
col_data directly.
This removes the direct accesses of col_data from outside
column.c and column-utils.c
Fix#18168.
Use QtConcurrent to create and sort widget items. The dialog window is
immediately visible and usable. Search becomes available once all items
are added to the tree.
When compiled with Qt5, all items are added in bulk. Qt6 features new
QPromise interface that makes it possible to add tree items one by one.
Pass comparator function so the list gets sorted alphabetically. Without
the comparator function, the pointer values were sorted. Insert already
sorted data into tree widget and thus remove the redundant sort call.
Use std::stable_sort() instead of std::sort() as stable sort is actually
faster here. The std::stable_sort() tends to do fewer comparisons and
more moves than std::sort(). When sorting QTreeWidgetItem pointers, the
move is very low cost (only the pointer itself is moved) and string
comparison is quite heavy (especially because the strings share common
prefix).
Currently Wireshark does not close the vlans file on profile change.
This leads to major problems, when vlan resolution is turned on:
- Deleting a profile (not even selected) is not possible without exiting
Wireshark.
- Switching from one profile with vlans to another with vlans, does
not switch the resolution but stays on the names of the old profile!
Instead of using an OS-independent and (somewhat) toolchain-independent,
but x86-only, mechanism to fetch a string that identifies the type(s) of
CPU on the machine, use OS-dependent but instruction-set-independent
mechanisms.
That way, we can get CPU type strings for non-x86 processors - ARM
processors, in particular, but others as well (yes, you can run
Wireshark on an IBM mainframe...).
Fixes#18187.
Since Qt 6.3 the /permissive- option is required as otherwise the
compilation fails on static assert:
"On MSVC you must pass the /permissive- option to the compiler."
This patch improves the uat config checking for SOME/IP:
- detecting simple endless loops
- better error output on faulty configs
- using uat resets to fix crash on faulty configs
This enables the traffic dialogs to filter data based on the
context menu entries. For instance, one can only show rows,
where the number of packets is not greater than 10
When writing a custom column, some field types can't have a resolved
value, and just copy the label from the expression to the value.
Only copy information from the most recent field when doing so,
so that with multifield custom columns the entire unresolved value
doesn't get overwritten with the resolved value (if some fields
have resolved values and some don't.) This also reduces copying
from O(N^2) to O(N).
Fixes the display "unresolved" value for multifield custom columns
that are a mix of field types.
Custom column expressions do not need to be limited to COL_MAX_LEN.
The size of the expression does not have any necessary relationship
to the size of the column contents, especially in the common case of
many semantically equivalent different fields from different protocols,
only one of which appears in any given frame.
The only place that actually does limit the length of custom
custom expressions is in reading the preferences. Use a GString
instead of allocating a buffer to COL_MAX_LEN when constructing
the string. In normal cases, this should decrease temporary
memory usage. Fix#16905
If a configuration profile is requested on the command line that
does not exist as a personal profile but does exist as a global
profile, copy it to the personal directory and use it, the same
as when selecting a global profile in the GUI.
Add the same feature to tshark and tfshark as well, where it
is particularly useful.
For the top-level item for an extension, initially create it with a
length of "to the end of the packet" and, when we finish dissecting it,
set the length appropriately. That way, if the length is too large, we
don't throw an immediate exception, making it a little clearer what's
happending.
When dissecting an authentication extension, construct the text of the
top-level item as we dissect it, and initially create it with a length
of "to the end of the packet" and, when we're finished dissecting it,
set the length appropriately. That way, we don't throw an exception
before doing any dissection if the data for the item isn't all there, we
only throw an exception when we run out of data, and we also don't try
to add the data unless there is at least one byte of data.
The latter of those fixes#18181.
Add and install default coloring rules and filter buttons for Logray.
Add is_packet_configuration_namespace() and use it to set the default
timestamp type for Logray to "Absolute", which is more appropriate for
log entries.
Switch to the name "Logray" for the log analyzer. Rays are biological
cousins of sharks and more people like the name "Logray" in a completely
unscientific survey here. Apologies for any inconvenience this might
cause.
It looks like 1eafee6566 wasn't sufficient to fix the Qt 6 background
paint issue, at least for Qt 6.2.3. Explicitly set our background brush
before filling our rect.
Fixes#18175.
Alexis La Goutte