When writing files spaced over equal time periods, instead of
using the timestamp in the packet record for a new filename,
use the interval start. This keeps the filenames equally spaced,
and is especially clearer when writing empty files because no
packets occurred in that interval.
Fix#19067
This stub implements an interface from WinPcap/Npcap. The function
declaration differs in a constness attribute between different WinPcap
flavors, leading to pain and tears. Just rename the function instead
so it doesn't clobber any public declaration from WinPcap/Npcap and
cause mismatched declaration errors.
Add support for using the host system's lemon binary instead of
compiling our own. Many linux distributions include a lemon
parser generator package. Using this binary when cross-compiling
is much simpler than configuring the build to use the build host
toolchain to compile lemon.
Regenerate the ASN.1 dissectors in the Code Checks job, and fail
if any tracked files have changes after doing so.
This should make it impossible to commit changed to ASN.1 dissectors
without corresponding changes to the templates and conformance files,
and vice versa. (Perhaps the generated files shouldn't even be in git.)
Various data that is currently tracked in conversation data needs to
be moved to the per PDU data. The conversation data is only for the
last encountered value.
The remaining field packet count needs to be tracked in per frame data.
The most recent field metadata needs to be tracked in per frame data.
The number of parameters and number of fields received during the
last prepared statement can be retrieved from the statement data
of the last prepared statement id, which is already in per PDU data.
The statement data for a given statement id (which is not reused on
the same connection) should only be created on the first pass instead
of being recreated (in file scope) each time a PREPARE PDU is dissected.
The dissector table that multipart media type has to override the
normal media type handling should be case insensitive, just like
the regular media type table
The c_append_text() uses vsnprintf in order to create a buffer that
is then handed to two proto_item_append_text() calls. It doesn't
handle truncation of UTF-8 correctly. Instead of two levels of
variadic functions, change it to a variadic macro that calls
proto_item_append_text twice with the variable parameters.
Also don't use a redundant _add_string_format_value when the
formatting is just "%s".
Fix#19065
Partition names have a name starting with /vicepa to /vicepz, where
the last character is stored as a 32 bit unsigned integer from 0 to 25.
Keep that integer unsigned; declaring it as a signed integer and doing
a less than comparison with 25 ends up adding all sorts of unprintable
characters to the tree when an erroneous value would be converted to
a negative number.
Fix#19093
The length of the string returned after UTF-8 conversion is
not necessarily that of the number of octets of the message
before UTF-8 conversion, if there are illegal characters.
Fix#19096
C compilers don't care what size a value was on the wire. Use
naturally-sized ints, including in dissect_message_channel_mb where we
would otherwise overflow and loop infinitely.
Fixes#19100
If the stream length flag is set, use that to bound the tvb that
is sent to the follow tap.
Also fix the QUIC follow multistream test expected results, since
we shouldn't be including the padding that isn't part of the stream.
Fix#19102
Make it possible to use Decode As to set the current dissector
for an entry in a dissector table to NULL even if there is a
default dissector registered for that entry. (none) means (none)
This is different than disabling the dissector entirely, because
a dissector might be registered as default for multiple entries/ports,
and a user might want only to disable it for one entry, not in general.
Or, a dissector might have multiple registered dissectors and a
heuristic dissector, and a user might want to disable one dissector
registered value while still having the heuristic dissector enabled.
This is different than setting the dissector for the entry to Data,
because it still allows heuristic dissectors to get a chance.
This is different than setting a "Try heuristic sub-dissectors first"
preference, because it only affects the single entry in the tables,
instead of trying heuristic sub-dissectors first for all entries in
the table (and it works for all tables, even those that lack such a
preference.)
Move the default dissector to the top of the combobox so it is
still easy to reset to the default.
Fix#12098
tvb_new_octet_aligned() can throw an exception, and creating
a new composite TVB but not appending any data (and thus not
attaching it to a chain) leaks data because the composite TVB
is never freed. So try to create the aligned TVB fragment first
before creating the composite TVB.
Fix some leaks in fuzzed captures
Fixup 32e1750343 a bit. We can't
necessarily free a tvb for an entry in the reassembled table that
is being replaced, because there might be an address that directly
shares the tvb memory (thanks to set_address_tvb()).
If we can, add it to the chain for the replacement reassembly's tvb,
so it will still be freed.
Fix#19094
Added flags and filters for the following:
- Additional Authenticated Data bit
- Message protected with PSK
- Transport-Specific Message
- Endianness flag dissection improved