Windows installers are signed by the "Wireshark Foundation, Inc."
Change-Id: I69881faccaf6345c25d8e106e3dbb96bdc302599
Reviewed-on: https://code.wireshark.org/review/36302
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Initial support for TEAP (Tunnel Extensible Authentication Protocol)
defined in RFC7170.
Only partial support implemented. Mainly the parts needed to discover
the carried EAP payload when establishing IEEE802.11 EAP-TEAP
connections.
Bug: 16379
Change-Id: Ic2b31d0b871b430792a371cd09926811e350c32b
Reviewed-on: https://code.wireshark.org/review/36104
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
ACDR is a protocol over UDP that is used by AudioCodes devices for
recording traffic to and from the device.
It adds a header to each packet that contains extra data about the packet.
For some packet types (like SIP), it also appends the IP and UDP/TCP
headers of the sent/received packet.
The dissector unwraps the ACDR header, and displays the packets with the
original type (and when available, with the original addresses).
Bug: 16275
Change-Id: I19ad90053a2ef73da80881dc5e94aa362de23ea3
Reviewed-on: https://code.wireshark.org/review/35417
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
It is possible to decode iLBC payload. It uses libilbc library (https://github.com/TimothyGu/libilbc).
Bug: 16314
Change-Id: Id4cad7ae32305a0e94ef32beb24e07733d7f834e
Reviewed-on: https://code.wireshark.org/review/35686
Reviewed-by: João Valverde <j@v6e.pt>
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Provide more details about the threshold used for TCP Out-Of-Order
detection.
Switch from dashes for lists to asterisks as recommended at
https://asciidoctor.org/docs/asciidoc-recommended-practices
Change-Id: Ibb6d3d3d5ca15acba5f679ea26142d65f96c69a8
Reviewed-on: https://code.wireshark.org/review/35840
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
C-ares is required, so don't mark it as optional. Add Win64 download
URLs and list them first. Zlib is part of our vcpkg bundle.
Change-Id: I232f4df988aa12afde0b66fff203187136504e94
Reviewed-on: https://code.wireshark.org/review/35700
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Make the release notes and some PNGs non-executable.
Change-Id: Iecd52e782258f6d7a485138f8f965b7dce52a0dc
Reviewed-on: https://code.wireshark.org/review/35689
Reviewed-by: Gerald Combs <gerald@wireshark.org>
We don't currently distinguish between missing and zero values in I/O
graphs. This can be problematic in scatter plots since the plot points
tend to show up as chartjunk which overwhelms the X axis. In plain,
non-calculated plots assume that zero values mean "missing" and omit
those points.
Describe this in the User's Guide, but comment the text out for now
pending a full update to the I/O Graph section.
Switch to title case in our default graphs. Make the TCP Errors graph
red by default.
Change-Id: I92dcbf05f58ae0b7b7734fa8dfc342424bbea114
Reviewed-on: https://code.wireshark.org/review/35645
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Note that you can edit the packet ranges shown in the Packet Lengths
dialog.
Change-Id: I23170de175e5b7cf5545240b3e4c8be716ce2c27
Reviewed-on: https://code.wireshark.org/review/35638
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Update the Transifex URL and describe how its resources are organized.
Change-Id: Icc03ff57da73c0a60da0ea1e7ff19d6ecffae3a1
Reviewed-on: https://code.wireshark.org/review/35637
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Add a section for the Packet Lengths window. Use title case for the
column headers. Fix a button name and other issues elsewhere.
Change-Id: I339d56aa169158e0788acd02a897729205e9f50e
Reviewed-on: https://code.wireshark.org/review/35615
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Add a note about case sensitive directories on Windows.
Recommend the "winflexbison3" Chocolatey package.
Update our list of Linux distributions.
Change-Id: I4676453941a66de71215d6ce6cf7057623c92fec
Reviewed-on: https://code.wireshark.org/review/35622
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Add an initial "es" Qt translation file and an accompanying flag image.
The image came from
https://en.wikipedia.org/wiki/File:Flag_of_Spain.svg
and is in the public domain.
(We already had a debian/po/es.po.)
Change-Id: I5378ad2cbffb2267389fc8ae6af6d591071e0144
Reviewed-on: https://code.wireshark.org/review/35620
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Two enhancements and one fixed bug:
1. Add dissecting protobuf fields as wireshark (header) fields preferences. User
can input the full names of protobuf fields or messages in Filter toolbar for
searching.
2. Add 'protobuf_field' dissector table. Dissector based on protobuf can register
itself to 'protobuf_field' keyed with the full names of fields of BYETS or STRING
types.
3. A bug about search MESSAGE or ENUM type in context is fixed.
4. Another small enhancement is adding prefs_set_preference_effect_fields() which
can mark a preference that affects fields change (triggering FieldsChanged event).
See the linked bug for sample capture file and .proto files.
Ping-Bug: 16209
Change-Id: Ibc3c45a6d596a8bb983b0d847dd6a22801af7e04
Reviewed-on: https://code.wireshark.org/review/35111
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Update the Expert Information section of the User's Guide. Use the term
"Expert Information" to describe the dialog and "expert information
item" to describe each generated item. Update related text elsewhere.
Update the expert icon and other parts of the status bar docs.
Change-Id: I0c2cba0cbb3c74a1f6e3a37d4a2a592faccb350f
Reviewed-on: https://code.wireshark.org/review/35462
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Generalize the "missing bpf.h" entry. Remove the UCD SNMP and Fink
entries.
Change-Id: I276f2387c4bf017c7ba4f0a37cce525efd1c24ae
Reviewed-on: https://code.wireshark.org/review/35469
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Remove the last of our description list term formatting. This is better
handled using CSS. Update the filter expression dialog DL text.
Change-Id: Ib21e2ee5265c9b476d960e7d73ac99b25b646141
Reviewed-on: https://code.wireshark.org/review/35437
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Remove some formatting and link to the list archives.
Change-Id: I45c5a24b4a6d01234aafab71dc080cf98f4e22cf
Reviewed-on: https://code.wireshark.org/review/35435
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Update the minimum version in various documents. Remove some
no-longer-needed code from scripts that call windeployqt.
Change-Id: I16da4bced9780c9f1b1969aae7c52e2fce1968aa
Reviewed-on: https://code.wireshark.org/review/35391
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Add an "Export Specified Packets" section. Update the "Export Packet
Dissections," "Packet Range," and "Packet Format" sections. Update some
markup and text throughout the chapter.
Change-Id: I7b7c6fcc41c4fdc684c86a34364ed9baa5123d15
Reviewed-on: https://code.wireshark.org/review/35359
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Update a few screenshots and associated text. (The file open, save as,
and merge images date back to the Ethereal era!) The interface options
dialog no longer exists, so remove that screenshot and text.
Mark GTK+ and outdated images as such in CMakeLists.txt.
Change-Id: Ia01788434a1c96dd3f527c9d4ae34b1ca30f92d7
Reviewed-on: https://code.wireshark.org/review/35345
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Update some of the FAQ and WSUG content for Windows 7's impending
demise. Add supported releases for macOS and other updates.
Change-Id: I5741ac631f39803fa060e9f5c2006a75cb54136f
Reviewed-on: https://code.wireshark.org/review/35333
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Add a section for the Wireless menu.
Remove some unused images. It doesn't look like we ever used
ws-*-preferences.png. They had ENTITY definitions in the original XML,
but those weren't referenced anywhere.
Change-Id: I7f027b48ef22c8680f6224f189d4e9d0bd8114c0
Reviewed-on: https://code.wireshark.org/review/35328
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Documentation of the Tshark and dumpcap command line options between
help text, manual page and user's guide diverged over time. One aspect
of this is the implementation of more long options. This change tries to
update all documentation to be complete and in sync again.
Change-Id: Ie8bee013df8d209080fcf288072774f18f9ff51f
Reviewed-on: https://code.wireshark.org/review/35261
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
The WSDG is a mix of references to 32 and 64 architectures. Use 64
in more places.
Change-Id: Ifb4b3189912268808cfe8fdb5119f2177c815163
Reviewed-on: https://code.wireshark.org/review/35248
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Change-Id: I537fbb26681555d0cd303d4b614bc016e935eb70
Reviewed-on: https://code.wireshark.org/review/35225
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The update_tools_help CMake target is periodically run, but the output
of `wireshark -h` was previously not included.
Bug: 16166
Change-Id: Ib7aac89ff31d7b7c7033496b512d97bfbd727aaa
Reviewed-on: https://code.wireshark.org/review/35205
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Although c-ares support was techically optional, it was either on by
default or required in all of our packaging. Go ahead and require it
globally. C-ares is widely available and synchronous name resolution can
easily result in a horrific user experience.
Change-Id: Id67c797316ed6b8a0ab5052e55a43a1b9e2a2464
Reviewed-on: https://code.wireshark.org/review/35188
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Updated the toolchain references to VS 2019,
removing mentions of 2015 & 2017.
Bug: 16211
Change-Id: Ic1607ac2c2713a5d324d40319c4e1be5365eb6f7
Reviewed-on: https://code.wireshark.org/review/35180
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change improves Wireshark ability to save rtp streams. It allows a user
to save any supported codec with 8 kHz rate. In real, it means G.711 and
G.729 for now.
There is no hardcoded codec limitation during save anymore. If code detects
unsupported codec or rate during save, it replaces samples with silence and
reports it. Therefore any added codec in future will be supported.
Note to RTP saving:
RTP streams (there can be up to two of them for save) can contain multiple
codecs in each direction - some of it can be supported and some
unsupported. What should be exported then?
Till my patch save do not run and a user received nothing even part of stream
was OK/encoded with supported codec.
Therefore I managed the code to start with export and do its best.
Unknown codec/part is replaced with silence and user is warned after
export. Therefore a user will get:
a) audio - when all codecs are supported (no warning)
b) mix audio/silence - when some codecs are supported (warning)
c) only silence - when no codec is supported (warning)
BTW same output user sees/gets in RTP player for years.
Change-Id: Id938d419f5841af46d2d2d3ddfaf1ec9a0235bcc
Reviewed-on: https://code.wireshark.org/review/35105
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Update the new protocol list and clarify our Qt versions.
Change-Id: If4d5e591b4419cc3171616825201375fdc5401aa
Reviewed-on: https://code.wireshark.org/review/35165
Reviewed-by: Gerald Combs <gerald@wireshark.org>
They no longer reside to the right of the display filter toolbar, but
have been moved to Analyze->Display Filter Expressions... as well as
the context menu of the display filter edit
Change-Id: I5afb87a483838204be33f5b8b965643c2c95e306
Reviewed-on: https://code.wireshark.org/review/35151
Reviewed-by: Roland Knall <rknall@gmail.com>
Change-Id: Ia96444bc463337e0ffb050a05ce4d454dd18986d
Reviewed-on: https://code.wireshark.org/review/35103
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Add support for automatic updates using the Sparkle framework. Add
FindSparkle.cmake and associated CMake plumbing. Add a public key and
other info to Info.plist.in. Add ui/macosx/sparkle_bridge.{h,m}, which
wraps the Sparkle API. Make code that's specific to WinSparkle
Windows-only.
Add Sparkle installation steps to the macos-setup scripts. Sparkle
prints a warning if your bundle is unsigned (which is the case during
development) so disable installing it by default.
Updating here takes a long time. We might be able to fix that by
shipping our DSYMs separately.
Change-Id: I6cc6671db5657dadc514bda6bf6e1c8bbc9468a5
Reviewed-on: https://code.wireshark.org/review/35090
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Documentation of the Wireshark command line options between help text,
manual page and user's guide diverged over time. One aspect of this is
the implementation of more long options. This change tries to update
all documentation to be complete and in sync again.
Bug: 16168
Change-Id: Id833fbeb14fdb7b3dbc1564504a25d96f4367c91
Reviewed-on: https://code.wireshark.org/review/35047
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Some parts of HTML Help have issues displaying curly quotes. Add a
title argument to the XML2HHP macro so that we can set one with a
straight quote. Set the title using the htmlhelp.title XSL parameter
instead of relying on HTML Help to derive it for us. This seems to keep
"???TITLE???" from being mysteriously appended to the title.
Try setting htmlhelp.window.geometry while we're here.
Bug: 16183
Change-Id: I0bf2dbeeb811dc65010ab5223725d6b5cdc96966
Reviewed-on: https://code.wireshark.org/review/35031
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Allow the storage of extcap plugins in the personal directory and
enable loading from there. It will also take precedence of any
system-wide extcaps with an identical name
Change-Id: Ib88e09a26c4f99cf5e793327f2808c7445c6b1b5
Reviewed-on: https://code.wireshark.org/review/34988
Reviewed-by: Roland Knall <rknall@gmail.com>
Buttons can be left-aligned in the display filter edit bar, by selecting
the corresponding option from the context menu
Bug: 14123
Change-Id: I18b48bb0ea43a598b2e309dcad9210463be06414
Reviewed-on: https://code.wireshark.org/review/34980
Reviewed-by: Roland Knall <rknall@gmail.com>
Add a graph for the currently display filter if none exists, upon
opening IOGraph
Change-Id: Ic25b014484898dd1917b13f2616fd519e2e8183b
Reviewed-on: https://code.wireshark.org/review/34984
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Make the mimetype for the display filter more generic, so that external
programs can attach to Wireshark and users can drag and drop display
filters to the program
Change-Id: Id78b4dff7883e3dab879a31aad07f577d8cc4ee3
Reviewed-on: https://code.wireshark.org/review/34936
Reviewed-by: Roland Knall <rknall@gmail.com>
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
If working in streaming RPC mode, many grpc messages will be
contained in one http2 stream, the stream will end very late
(for example ETCD watch stream).
So we could not rely on old http2 reassembly mode which call
sub-dissector only END_STREAM appeared. We need a reassembly
mode that call subdissector which support streaming mode as
soon as the message in STREAM is available.
Please refer to comments of
reassemble_http2_data_according_to_subdissector() function
of epan/dissectors/packet-http2.c for more detail.
See the linked bug for streaming mode gRPC capture files.
Ping-Bug: 16160
Change-Id: Id9e5337a0e3ca9f8c8119d74d2c1fe4cc263afc3
Reviewed-on: https://code.wireshark.org/review/23988
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Ensure, that all mimedata uses similar mimetypes and document
the mimetypes being used throughout wireshark
Change-Id: I7c02d0a5e12a823153640e600051abb95d58cdeb
Reviewed-on: https://code.wireshark.org/review/34923
Petri-Dish: Roland Knall <rknall@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
The recent macOS installer changes were backported to master-3.0, so
they're no longer new in master.
Change-Id: I357e0f8facbc2266c3780bcf8d696b5c2b00602d
Reviewed-on: https://code.wireshark.org/review/34745
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Used egrep "\b([a-zA-Z]+) \1\b" docbook/wsug_src/*.adoc to find instances
where words were erroneously duplicated.
Change-Id: Ie390fa4f1c61a288ff0ed77aa84c4fb01f4de27e
Reviewed-on: https://code.wireshark.org/review/34725
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. A C-style Protocol Buffers Language (PBL) parser for *.proto file is added.
It contains protobuf_lang_scanner.l (lex scanner), epan/protobuf_lang.y (grammar
parser), and protobuf_lang_tree.h/c (grammar tree implementation).
2. The protobuf-helper.h/cpp is an interface wrapper layer. If one day C++ is allowed,
we can create a protobuf-helper.cpp file, which using offical protobuf C++
library, to replace protobuf-helper.c. That keeps packet-protobuf.c unchanged.
3. User can specify protobuf search paths, and the UDP ports to protobuf message type
maps at the Protobuf protocol preferences.
4. Other dissectors can pass the message type to Protobuf dissector by data parameter
or pinfo->private_table["pb_msg_type"] (pinfo.private["pb_msg_type"] in lua).
Some Sample of GRPC with Protobuf captures can be found in Bug: 13932.
Bug: 13932
Change-Id: Ife16c2f7b381296f8db4740dabe5f8362a456f48
Reviewed-on: https://code.wireshark.org/review/22892
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The QUIC transport protocol provides a stream, similar to HTTP/2. Make
it possible to look at the stream contents. This can be helpful while
HTTP/3 support is not yet complete.
Known issues that will be addressed in the future:
- If a single packet contains multiple streams, then Follow QUIC Stream
will wrongly include data from streams other than the selected one.
This is tracked by bug 16093 and affects HTTP/2 as well.
- The Substream index menu does not properly filter for available
stream numbers. If a non-existing stream is selected, then changing
to another (potentially valid) index results in the "Capture file
invalid." error. As workaround, clear the display filter first.
- Follow Stream always selects Stream ID 0 instead of the first or
currently selected stream field in a packet. Users should manually
update the stream index as needed.
Change-Id: I5866be380d58c96f0a71a29abdbd1be20ae3534a
Ping-Bug: 13881
Reviewed-on: https://code.wireshark.org/review/34694
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The Scalable service-Oriented MiddlewarE over IP (SOME/IP) is the
standard communication middleware for IP and Ethernet based
communication. It supports Service Discovery, RPC, Pub/Sub, and more.
Bug: 16014
Change-Id: Ifd6549818ccc87f376a5fb9ba1d6c335818c6e00
Signed-off-by: Dr. Lars Völker <lars.voelker@bmw.de>
Reviewed-on: https://code.wireshark.org/review/34497
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Create ChmodBPF installer and uninstaller packages using pkgbuild and
productbuild. Place them in Wireshark.app/Resources/Extras.
Add a path_helper installer and uninstaller which respectively add and
remove /etc/*paths.d/Wireshark.
Remove the PackageMaker and utility-launcher assets and build targets.
Show a message in the main welcome screen if we don't have capture
permissions. Add an link which launches the ChmodBPF installer.
Add a "macOS Extras" item to About → Folders.
Migrate "Read me first" from RTF to Asciidoctor, which lets us add links
and looks like our other documentation.
Rename dmg_set_style.scpt to arrange_dmg.applescript and make it plain
text. Always run it in osx-dmg.sh.
Bug: 6991
Bug: 12593
Bug: 11399
Ping-Bug: 16074
Change-Id: I7b6aa89aae2be522b4141b0d44e8142dec749e90
Reviewed-on: https://code.wireshark.org/review/31047
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The HTTP/2 protocol multiplexes a single TCP connection into multiple
independent streams. The Follow TCP output can interleave multiple
HTTP/2 streams, making it harder to analyze a single HTTP/2 stream.
Add the ability to select HTTP/2 Streams within a TCP stream.
Internally, the HTTP/2 dissector now stores the known Stream IDs in a
set for every TCP session which allows an amortized O(n) lookup time for
the previous/next/max Stream ID.
[Peter: make the dissector responsible for clamping the HTTP/2 Stream ID
instead of the Qt code, that should permit future optimizations.]
Change-Id: I5d78f29904ae8f227ae36e1a883155c0ed719200
Reviewed-on: https://code.wireshark.org/review/32221
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexander Gryanko <xpahos@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The spelling error for "Desription" in the context menu was very
obvious. The others were found by scanning the output of:
grep -Po '<source>\K.*(?=</source>)' wireshark_en.ts
Change-Id: I4b95236c82f76828a115d59d7c8e0b853eae1d26
Reviewed-on: https://code.wireshark.org/review/34582
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Update some of the packet list and detail context menu items.
Add a release note entry noting the new Apply/Prepare behavior and
update some other items.
Change-Id: I3c2336a3f438f2d97bdb4df764e2af78a3499d81
Reviewed-on: https://code.wireshark.org/review/34543
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The Diagnostic Log and Trace protocol (DLT) is a commonly used and
standardized protocol in the automotive industry used to retrieve
log data. This patch adds the protocol to Wireshark. Keep in mind
that ports have to be configured before the dissector can be used.
Change-Id: I24592705476fb0c3bb83a1cc10b3dae8867523f4
Signed-off-by: Dr. Lars Völker <lars.voelker@bmw.de>
Reviewed-on: https://code.wireshark.org/review/34462
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Allow a selection of the list based on the protocol type. That way
one can easily enable/disable for instance just heuristic protocols
Change-Id: I1ee8df5d9887c764272ec55b33703855c0c91f5a
Reviewed-on: https://code.wireshark.org/review/34442
Reviewed-by: Roland Knall <rknall@gmail.com>
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
List syntax is *not* one of the more straightforward parts of AsciiDoc.
Change-Id: Icfed27de84c8c11cad02c4ba4d359786cd480eea
Reviewed-on: https://code.wireshark.org/review/34423
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Confusing though it might be, a patch-matching expression containing
only the name of a Boolean field matches all packets containing that
field, regardless of whether the field is true or false; you need to
compare the field against 1 to check whether it's true.
Change-Id: I615acc4d71964c8474e6f3655ade8814cbe07b22
Reviewed-on: https://code.wireshark.org/review/34422
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The Linux kernel includes a module called drop monitor which -
unsurprisingly - monitors packet drops.
Once enabled, the module will periodically send netlink notifications to
user space over generic netlink. Historically, these notifications only
included the program counter where the drop occurred and the number of
packets that were dropped in this location in the last interval.
Patches in net-next (queued for Linux kernel 5.4) extend drop monitor
with another mode of operation where the dropped packets themselves are
sent to user space along with relevant metadata as netlink
notifications. This allows users to perform a more detailed analysis of
the dropped packets.
This patch adds a dissector for these netlink packets. The dissector is
expected to be invoked by the generic netlink dissector and during its
hand off routine it adds an entry in the 'genl.family' dissector table.
The various netlink attributes are dissected by calling
dissect_netlink_attributes(), in a similar fashion to the rtnetlink
dissector. The dropped packet itself is encoded in the netlink attribute
'NET_DM_ATTR_PAYLOAD' and dissected by invoking a dissector from the
'sll.ltype' dissector table based on the packet's protocol which is
encoded in the 'NET_DM_ATTR_PROTO' attribute.
Bug: 16018
Change-Id: I10bfa4b9c9d8f5e82769c250f929f74693142a23
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Reviewed-on: https://code.wireshark.org/review/34351
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Also, put the search field on top, as this is the default for search
fields and apply the change of enable/disable and invert-all only to
the selected items, instead of all items.
Bug: 16013
Change-Id: If4ef1c5ce63eef6fa72db679cdcbf52dcb0e8fb6
Reviewed-on: https://code.wireshark.org/review/34393
Reviewed-by: Roland Knall <rknall@gmail.com>
With the design changes made in the Qt interface with respect to the
Deocode as dialogs the Users Guide content is confusing. Update the
graphics and text to accurately describe the current design. Update
references in other parts of the document too.
Change-Id: Iad6af555d2da3430230c7f176bf2ec1e808cc134
Reviewed-on: https://code.wireshark.org/review/34337
Reviewed-by: Gerald Combs <gerald@wireshark.org>
This protocol is a non-standard, ad-hoc protocol to pass baseband GSM
bursts between the modem (osmo-trx) and the encoder / decoder
(osmo-bts-trx). Osmocom inherited this when forking OsmoTRX off the
OpenBTS "Transceiver" program.
Change-Id: I31f5071d08eff1731f1d602886e204c87eed107c
Related: OS#4081 (https://osmocom.org/issues/4081)
Bug: 14814
Reviewed-on: https://code.wireshark.org/review/26796
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
In the configuration files overview the dfilter_macros file was missing.
Add its description and slay a few typos on the way.
Bug: 15973
Change-Id: I381d0482ac13dce6ea1daf44300c74d3a1ff03fe
Reviewed-on: https://code.wireshark.org/review/34243
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
(That's the master and 3.0.x buildbots; the 2.6 Mac buildbot is running
an older version of Apple's UNIX-for-Macs - sufficiently older that
Apple's name for it was different back then.)
While we're at it, note that it's been updated past VS 2013.
Change-Id: I063daa7c38ff58aed0c77950d4265b5544783f2c
Reviewed-on: https://code.wireshark.org/review/34217
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add an item about marking packets using the middle mouse button to the
release notes.
Update the "Marking Packets" section of the User's Guide accordingly.
Use "menu:...[]" to mark up menu items in a bunch of places. It looks
like we need to a add a "guimenu" class to ws.css.
Change-Id: Ide99112f7643e509d8af8a4aa6ddb4287f3585cf
Reviewed-on: https://code.wireshark.org/review/34182
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This patchset ensures a 1:1 replacement of the old 3.0 version of the profiles
dialog. It is a major bugfix for the new version in case of handling creating/
deleting and adding profiles.
Delete can be performed on multiple profiles now, by selecting the profiles
which need to be deleted.
Import/Export functionality has been overhauled to follow these rules:
* No imports while changes are pending, due to datamodel sanity
* Export for Default Profile and Global Profiles is not possible
* Either all personal profiles can be selected or individually choosen ones
* Use last directory and store it properly
* Imports can be cancelled
* Only one import is allowed at a time (but it can contain as many profiles as needed)
Change-Id: Ie2fccd397202ec06976d764734437284f464409a
Reviewed-on: https://code.wireshark.org/review/34123
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
- Use apt instead of aptitude.
- Update example file name versions.
- Remove leading $ from command lines.
Change-Id: I888f6612615ac252c0c0b3f867bac36610ae3e51
Reviewed-on: https://code.wireshark.org/review/34110
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Change all wireshark.org URLs to use https.
Fix some broken links while we're at it.
Change-Id: I161bf8eeca43b8027605acea666032da86f5ea1c
Reviewed-on: https://code.wireshark.org/review/34089
Reviewed-by: Guy Harris <guy@alum.mit.edu>
To allow for easy import of profiles, one can select a directory
to import profiles from
Change-Id: I12f66e3dc6bd272d34baa76093152dce412b0158
Reviewed-on: https://code.wireshark.org/review/34038
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Remove some dead links or point them to archive.org while at it. All
updated links have been verified.
Change-Id: Icf02167a13d5fe9dfce39ea57525b3f185554c9d
Reviewed-on: https://code.wireshark.org/review/34028
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This change adds a basic dissector for the Network Controller Sideband
Interface (NCSI), as described by DMTF specification DSP0222.
Change-Id: I4e98361bfb7315c524f9c90db38507892adeeebe
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Reviewed-on: https://code.wireshark.org/review/33818
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This new tap collects credentials (username and paassword)
from the dissectors.
So far, few dissectors have been instrumented:
- http (basic auth)
- http (header auth)
- ftp
Others can be instrumented as well using the same technique.
Tshark has a new option (-z credentials) and Wireshark a new
"tools" menu: the documentation has been updated accordingly.
Change-Id: I2d0d96598c85bb3ea4fb5ec090dd8dc28b481fc9
Reviewed-on: https://code.wireshark.org/review/33453
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Add ColorUtils::themeLinkBrush, which returns a readable link color in
dark mode. Use it in place of existing ...palette().link() calls.
Add ColorUtils::themeLinkStyle, which produces an HTML <style/> block
that lightens the link foreground color in dark mode. Use this to style
links in the about box and in elided labels.
Catch ApplicationPaletteChange events where needed.
Add dark theme / dark mode notes to the WSDG.
Ping-Bug: 15511
Change-Id: I92925bd997f97b155491f55a8c818f03549bc7f4
Reviewed-on: https://code.wireshark.org/review/33704
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Move plus-8.png to stock_icons/8x8 and rename it list-add.template.png
which conforms to the Freedesktop icon naming specifications and makes
it a template icon.
Update our style sheet when we recive a QEvent::PaletteChange.
Ping-Bug: 15511
Change-Id: I4b8ddcb4eb64f11faec21d5df4a3fd7fdc5cf488
Reviewed-on: https://code.wireshark.org/review/33626
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Initial go at adding the CableLabs Dual Channel Wi-Fi dissector.
Changes:
. New dissector for CableLabs Layer-3 Protocol ("CL3") IEEE EtherType 0xB4E3
. New dissector for Dual Channel Wi-Fi (Subprotocol of CL3)
. Defined EtherType macro for CL3 + description
Bug: 15818
Change-Id: I6edf99d40883c1890659185cc3f0524a2218a6c4
Reviewed-on: https://code.wireshark.org/review/33440
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bug: 15591
Change-Id: Icb8246ba196df026736ce1e54eb2ace2c7cd49b0
Reviewed-on: https://code.wireshark.org/review/33530
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The URL's used to access the repository with git should not be hyperlinks in
the documentation. These are not intended to be used by a webbrowser.
Change-Id: I2d516f823e58681474f6a2a9e2e229471fbc87f6
Reviewed-on: https://code.wireshark.org/review/33423
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Text smells of CVS/SVN heratige.
Change-Id: I37c3309781f49149b2603ae32087ed01363460ee
Reviewed-on: https://code.wireshark.org/review/33421
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Add dissection for Graylog Extended Log Format (GELF) over UDP.
Bug: 15776
Change-Id: Ie976a1dee8d3441532f209061aef5c804219f289
Reviewed-on: https://code.wireshark.org/review/33184
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I46d0822b2939793990b7e0ef6a34bd421335c919
Reviewed-on: https://code.wireshark.org/review/33337
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The section "Writing a Good Commit Message" from the wiki has been
incorporated in the wsdg.
Missing parenthesis fix, while here.
Bug: 15752
Change-Id: I93f2a6956d366b3e1db0deab6d884f67748d3c54
Reviewed-on: https://code.wireshark.org/review/33254
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This patch adds support of NVMe/TCP (NVM Express over Fabrics for TCP).
to wireshark.
NVM Express is high speed interface for accessing solid state drives.
NVM Express specifications are maintained by NVM Express industry
association at https://nvmexpress.org/.
NVMe/TCP is the TCP transport binding specification
which recently ratified (Technical Proposal 8000) and is a part
of NVMe-oF spec version 1.1.
Reference can be found here:
https://lwn.net/Articles/772556/
and protocol specification:
https://nvmexpress.org/welcome-nvme-tcp-to-the-nvme-of-family-of-transports/
Supported commands are
*) NVMe/TCP ICREQ, ICRESP.
*) NVMe Fabrics commands
*) NVMe commands that are supported by packet-nvme dissector.
Testing is done with Linux 5.0 nvme-tcp host and target drivers.
H2C and C2H termination PDU`s are not supported as Linux NVMe/TCP driver
does not support them as well in kernel 5.0
Bug: 15735
Change-Id: I63ae7aa2a42ff843b9832110830fd345f30d9170
Reviewed-on: https://code.wireshark.org/review/32640
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Remove docbook/examples/test.cap. According to Git we've never used it.
Change-Id: Ie789862fd3c9448a306194e6f5b3d1b92cb11084
Reviewed-on: https://code.wireshark.org/review/33139
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This protocol is spoken between the BSC (Base Station Controller) and
the CBC (Cell Broadcast Centre). It runs over TCP Port 48049 and is
specified in 3GPP TS 48.049.
Change-Id: I183e4741e2db5b9cc4dfe2b89f7920a32af67971
Reviewed-on: https://code.wireshark.org/review/29745
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I8443379d23a2946dd21c12e5e0bd5464ab73ca25
Reviewed-on: https://code.wireshark.org/review/31857
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
Make sure we link each application that calls WSAStartup with ws2_32.lib.
Pass version 2.2 to WSAStartup. Wikipedia says it was introduced in 1996,
so we should be OK.
Ping-Bug: 15711
Change-Id: I431839e930e7c646669af7373789640b5180ec28
Reviewed-on: https://code.wireshark.org/review/33033
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Only warning, note and tips admonitions are documented for use in the
"Typographic Conventions" section. Asciidoctor also supports IMPORTANT
and CAUTION, but we do not use it. Remove it to avoid broken pictures.
Extcap is another user, but that is being removed in another patch.
Change-Id: Iea7c9e67ddb978ae1b9c18e5d8f65b0cfb0d6f2c
Reviewed-on: https://code.wireshark.org/review/32936
Reviewed-by: Gerald Combs <gerald@wireshark.org>
evolved Common Public Radio Interface (eCPRI) is a protocol, which will
be used in fronthaul transport network. It will be included in standard
ethernet frames and UDP frames.
There are 8 Message Types to decode with eCPRI Specification V1.2.
Bug: 15510
Change-Id: I2bb74c1e95e89f0b812492509a05395d6b86eb54
Reviewed-on: https://code.wireshark.org/review/32004
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add an "Install Perl" section to the "Win32/64: Step-by-Step Guide"
section. Recommend Strawberry Perl first there and in the "Microsoft
compiler toolchain" chapter under the theory that if it's good enough
for Larry Wall then it's good enough for us.
Bug: 15512
Change-Id: I9a01c7ae2da01b98fd20b64d29144577a8f456b2
Reviewed-on: https://code.wireshark.org/review/32088
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This feature was removed in v2.5.1rc0-427-gf529ab5d0a, anticipating that
MaxMind would remove support for it in 2019. They have however changed
their mind and maintained latitude and longitude information.
They recommend displaying an accuracy radius, but the reported values
are 50, 100, 200 and 1000km. When implemented literally, a marker in
Ireland would cover the whole island plus mainland, so I have instead
opted to use a fixed radius of 1km at deeper zoom levels.
The old ipmap.html file was outdated and had broken tiles, I rewrote a
new one from scratch using the light-weight Leaflet library combined
with tiles from OpenStreetMap. This is more mobile-friendly and secure
(https, SRI). To improve handling of nearby or overlapping nodes,
clustering is used (individual nodes can still be inspected).
Browser compatibility results: IE8 is unusable, IE9 partially works
(tooltips sometimes disappear and the cluster radius control is gone),
IE11 works. Of course Firefox 65 and Chromium 72 have no issues.
The map popup description in the generated GeoJSON structure is now
split in several properties, allowing presentation to be handled by the
HTML page instead of the C code.
Bug: 14693
Change-Id: If2ec9c518f7723ac0ab27b6272463356875a0ff2
Reviewed-on: https://code.wireshark.org/review/31952
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
(Fix a typoo while we're at it.)
Change-Id: I2129c301ea377a9fb48b3f5abd418f7319659638
Reviewed-on: https://code.wireshark.org/review/32050
Reviewed-by: Guy Harris <guy@alum.mit.edu>
As noted in "AsciiDoc Recommended Practices" at
https://asciidoctor.org/docs/asciidoc-recommended-practices/, the
AsciiDoc/Asciidoctor community seems to have settled on ".adoc" as a
file extension and that's the one preferred by the Asciidoctor project.
Update our filenames to match.
Change-Id: I2d352623d42d65d950b64310c3655b0fd177ee8c
Reviewed-on: https://code.wireshark.org/review/32037
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Convert our self-generating FAQ to Asciidoctor via the following steps:
- `help/faq.py > /tmp/faq.html`.
- `pandoc -t asciidoc -o docbook/faq.adoc /tmp/faq.html`.
- Manually clean up the markup using a text editor.
Question and answer content was left intact. Removing or updating
obsolete content will have to be done in a separate change.
The Asciidoctor project uses the .adoc extension, so start using it here
as well.
The contents of the "help" directory appear to have been used for
offline support in help_url.c, but that functionality was removed in
2008 in 242e3b78bc. Its content is covered in the User's Guide and man
pages so remove it.
Change-Id: I9060eefe97cfc137f8b414077c30f814379b576a
Reviewed-on: https://code.wireshark.org/review/32014
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Update some items in the toolchain section.
Change-Id: I3c2035873d4ee311b639dd3b5c94e3530abad8bc
Reviewed-on: https://code.wireshark.org/review/31944
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Pass "--pdb" to windeployqt 5.6 and later.
Add a note about installing the "Qt Debug Information Files" component
to the Developer's Guide.
Change-Id: I81329bc9f9131050b1076fe275445b6325c24794
Reviewed-on: https://code.wireshark.org/review/31921
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
ElektroBit High Speed Capture and Replay protocol is produced by a
PCIe Card for interfacing high speed automotive interfaces.
Bug: 15474
Change-Id: Ibb3ea36d9281b2779e2cc13d29b66dc382782ca3
Reviewed-on: https://code.wireshark.org/review/31847
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Align the usage help text for '-' as filename for stdin and stdout
with the text used for wireshark.
Change-Id: I67011b8234616940b7878fd5768c9e2a9e79f9f0
Reviewed-on: https://code.wireshark.org/review/31838
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Update release notes now that this GUI is mostly functional.
Change-Id: I118fbbe879e366643084f0e7ac3e437a29f21d5f
Reviewed-on: https://code.wireshark.org/review/31797
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The Colmetadata handling for TEXT, NTEXT, and IMAGE types was incorrect for
TDS 7 versions before TDS 7.2. In addition, the macros using for testing
versions were incorrect.
Clean up max length display to agree with Microsoft specification (as best
as I can understand it).
Bug: 3098
Change-Id: I8254649fd3de97c103078ceaac1557fde3569ded
Reviewed-on: https://code.wireshark.org/review/31734
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If the single byte within a ZeroWindowProbe triggers reassembly within a
subdissector, a new MSP will be created with just a single byte. Be sure
not to mark subsequent segments that contain the full segment data as
retransmission as this prevents the subdissector from seeing the data.
Bug: 15427
Change-Id: I36ae2622689c6606c99cdff70b6beba4b9d25ca7
Reviewed-on: https://code.wireshark.org/review/31732
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jasper Bongertz <jasper@packet-foo.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The single byte within the ZWP could be retransmitted with the next
segment, this is perfectly acceptable behavior. Do not flag these new
segments as retransmissions or Out-Of-Order.
Bug: 15427
Change-Id: I76db2b7a2b684c8c78fa24c9c4b457e1833d12b7
Reviewed-on: https://code.wireshark.org/review/31731
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jasper Bongertz <jasper@packet-foo.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Avoid pinging www.wireshark.org, this removes an external dependency.
Instead send small UDP datagrams to UDP port 9 (discard) every 50ms.
Enable this for all platforms (including macOS and Linux) by default.
On Windows the tests requires Npcap and will be skipped with WinPcap.
Remove the --capture-interface option since it is no longer needed.
Copy WSDG Wireshark Tests Quick Start to README.test and add a link.
Change-Id: Id4105a6b1e95407ebf69b871c785c68f9ae26368
Reviewed-on: https://code.wireshark.org/review/31677
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
From the updates to text2pcap take the updates to the code comments and
apply them here as well. This also applies to the User Guide help texts.
Change-Id: I4e73fb1372ea0c1866c6d0fee7c14bc645fbe1b1
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/31636
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Building only a subset of programs is not a very common situation, it is
more likely that some feature was accidentally disabled. For that
reason, fail tests by default unless a program is explicitly permitted
to be missing.
The '-v' test is now dropped from the Travis tests, the sole reason of
adding it was to see which tests got (accidentally) skipped.
Change-Id: I725f4508541d8ed980e17d69fb7aee1ad2875d73
Reviewed-on: https://code.wireshark.org/review/31660
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Mention some changes to aid developers and distributors.
Change-Id: Ifd33796fd3b4883275c034021d25ae9b35eef1a5
Reviewed-on: https://code.wireshark.org/review/31651
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The DTLS and TLS dissectors already share code for parsing the key log
file contents but the actual key material was stored separately. As
implementations (like GnuTLS) write the TLS and DTLS secrets to the same
file (specified by the SSLKEYLOGFILE environment variable), it seems
reasonable to combine them.
This also enables use of the pcapng Decryption Secrets Block for
decryption of DTLS traces. The dtls.keylog_file preference has become
obsolete and can no longer be used (this was not tested anyway).
A new test was added based on dtls12-aes128ccm8.pcap, the master secret
was extracted using the tls.debug_file preference.
Bug: 15252
Change-Id: Idfd52c251da966fe111dea37bc3fb143d968f744
Reviewed-on: https://code.wireshark.org/review/31577
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Rename sections to avoid files named like
_documentation_toolchain.html and _adding_or_modifying_tests.html.
Rewrite the testing introduction to directly show the required commands
for the pytest method. That provides much nicer output and finishes
faster, except when you cannot install extra build dependencies there
should be no reason to avoid it. ctest is removed from the description
since it does not provide many advantages over the test target (except
for the possibility of adding --verbose I guess).
Group some related sections under a "Test suite structure" heading in
order to collect some small sections on a single page.
Fix some other grammatical issues while at it.
Change-Id: I8ab821a67254e62c0fc3d18630e4bc8b0ef872dd
Reviewed-on: https://code.wireshark.org/review/31550
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Read our major, minor, and micro versions from CMakeLists.txt.
Add the ability to set our extra version information differently if our
Git commit is tagged or untagged. Change our extra version placeholder
from "%#" to "{vcsinfo}".
Add --tagged-version-extra (-t) and --untagged-version-extra (-u)
arguments for specifying the tagged and untagged extra formats. Add
--force-extra (-f) so that we can force one format or the other.
Require the major.minor.micro version to be specified when using
--set-version (-v).
Update appveyor.yml and the Developer's Guide to match the new behavior.
Change-Id: I6e5d55470aff7e7c61e75f208e24c4105276905a
Reviewed-on: https://code.wireshark.org/review/31479
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
This function can convert non-string fields into strings. This allows the
user to apply string functions (like contains and matches) to non-string fields.
Examples:
string(frame.number) matches "[13579]$" => for odd frames
string(eth.dst) matches "aa\.bb\.cc\.dd\.ee\..." => to match a group of stations
string(snmp.name) matches "^1.2.3.4" => for all OIDs under a specific node
Change-Id: I18173f50ba5314ecdcd1e4b66c7e8ba5b44257ee
Reviewed-on: https://code.wireshark.org/review/31427
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The FindPythonInterp module does not verify that a discovered 'python'
program is actually Python 3. Replace this deprecated module by a modern
version that was introduced with CMake 3.12.
Remove PYTHON_EXECUTABLE from WSDG now that it is much more likely that
CMake discovers the right version.
Change-Id: I1f8438baced3d5bf9e1e2732980ad177d3257ca3
Reviewed-on: https://code.wireshark.org/review/31468
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Move doc/README.packaging to the Developer's Guide and update the
content.
Change-Id: I25fda6cade8f3cfd11af865745bedd0fb5a7c86f
Reviewed-on: https://code.wireshark.org/review/31474
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Declare Cygwin as unsupported and remove all supporting code. Simplify
some Chocolatey notes in the WSDG.
Remove FindPerl.cmake as it only existed to force use of Wireshark's
bundled FindCygwin.cmake (bug 13922). FindXSLTPROC.cmake special
handling for Cygwin was also removed, in theory this could cause issues
when the PATH contains a Cygwin xsltproc, but it's unsupported anyway.
Change-Id: Iabfac2b4a9fd930530505d27bdba618bdb8f7f34
Reviewed-on: https://code.wireshark.org/review/31452
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Instead of giving horribly out-of-date instructions on how to add a new
module to libpcap, just point to the document that I started whipping up
earlier today (it definitely needs work - it's incomplete - but I'll be
getting back to it).
While we're at it, update the notes on adding support for new LINKTYPE_
values to libwiretap, and note that it's only necessary if you had to
add a new DLT_ *and* there isn't already a WTAP_ENCAP_ value that would
correspond to that DLT_.
Change-Id: I3882d0a57b29e98f73c074317bc6df7458fcc677
Reviewed-on: https://code.wireshark.org/review/31397
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Remove traces of the "config" module, it was removed. Add a new section
on using pytest.
Change-Id: I763fc53359157f5fcb04198ed98e2d7f7a2c7220
Reviewed-on: https://code.wireshark.org/review/31372
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Finish migrating the User's and Developer's guides to modern syntax.
Remove :compat-mode: from attributes.asciidoc.
Change-Id: I1232676c6ef4c3638253d070dcbae6d3c1ead284
Reviewed-on: https://code.wireshark.org/review/31374
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Expand the Npcap text. Make it clear that you might need to purchase a
license to redistribute Npcap.
Change-Id: I9340ed2d363e66443797478c59859ce10d648aff
Reviewed-on: https://code.wireshark.org/review/31351
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Drop mentions of DDD in favor of Qt Creator, CLion, and Eclipse. From
looking at https://sourceware.org/gdb/wiki/GDB%20Front%20Ends I'm
guessing that those have superseded DDD, as nice at it is/was.
Change-Id: I445a909ab8c8aa73c90f868d6b0958bb8faf62d6
Reviewed-on: https://code.wireshark.org/review/31353
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The full explanation is a bit more complicated - we'd have to mention
the dumpcap/*shark split, and the code on both sides of the split.
Change-Id: I43f8fc3c589bdf900e20714b55a3b4f544879bc2
Reviewed-on: https://code.wireshark.org/review/31349
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Update the Windows CRT text to mention the Universal CRT.
Replace references to WinPcap with Npcap.
Update the Qt LTS text.
Add a WiX / .msi section
Use curly quotes.
Use the {cpp} attribute so that the "++" in "C++" doesn't trigger
monospace formatting.
Make the various "Unix" and "Windows" subsection title names uniform.
Give them the "discrete" attribute so that they don't clutter up the
TOC.
Title-case section titles.
Remove the reference to m4. As far as I can tell we don't require it.
Change-Id: I73f851adae640f77205781d6c4962002c2d53f49
Reviewed-on: https://code.wireshark.org/review/31343
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The Smart Metering Equipment Technical Specifications (SMETS) requires
that Gas Smart Metering Equipment (GSME), and Electricity Smart
Metering Equipment (ESME) including variants, meet the requirements
described in the Great Britain Companion Specification (GBCS).
GBCS messages are end-to-end and contains ZigBee, DLMS or ASN.1
formatted payloads. The GBCS messages are transported via IPor via
the ZigBee Tunneling cluster.
https://smartenergycodecompany.co.uk/document-download-centre/download-info/gbcs-v2-1/
Bug: 15381
Change-Id: I28ca9831fc266a6abd310db103306b98786e63f9
Reviewed-on: https://code.wireshark.org/review/31168
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Martin Boye Petersen <martinboyepetersen@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add dissection of Metro Ethernet Forum specification of Implementation
Agreement for the Emulation of PDH Circuits over Metro Ethernet
Networks [MEF 8]. This includes the introduction of a RTP shim header
dissection function, as is not uncommon in PW and CES services.
Signed-off-by: Jaap Keuter <jaap.keuter@aimvalley.nl>
Change-Id: I6de81007ce11793cd5352fadadd80d3f6f45ae0d
Reviewed-on: https://code.wireshark.org/review/31239
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Update the images and descriptions for the packet list, column header
popup, packet list popup, and packet detail popups.
Add images and descriptions for the byte view popup.
Use title case in more places.
Change-Id: Icf3af426c97c6e7cf97dee377c20039b7b8791ce
Reviewed-on: https://code.wireshark.org/review/31271
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Lua internally uses ANSI C APIs (such as fopen). On many systems (macOS
and Linux for example) these work fine with UTF-8. Windows however
requires special Unicode APIs (such as _wfopen), so patch the Lua
library to interpret paths are UTF-8 and call appropriate Unicode APIs.
Changes compared to the previous LuaBinaries zip archive:
- Patched with UTF-8 support for loadfile, os.execute, etc.
- Built with VS 2015 (VCRUNTIME140.dll) instead of MinGW (MSVCRT.dll).
- Includes PDB file for lua52.dll
- Includes lua52.exe and luac52.exe with UTF-8 argv support (wmain).
- Includes build scripts, source files and README.md.
- Extra subdirectory named after the zip file.
These zip files are taken from https://github.com/Lekensteyn/lua-unicode
(the "prepared" source zips can be found here as well.)
Bug: 15118
Change-Id: I219f046d6e0fd5093287b5d6503a48ba7d1fc6a4
Reviewed-on: https://code.wireshark.org/review/31165
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
NISO Z39.50 is a protocol used by libraries and library vendors for information retrieval and catalog manipulation. It is defined using ASN.1 using BER encoding. It has an assigned TCP port of 210. This is an initial implementation.
Features:
- The Z39.50 standard OIDs are defined.
- The bib-1 attribute set is decoded.
- The bib-1 diagnostics are decoded.
- Some OCTET STRINGs which are nearly always printable ASCII are special-cased.
- The MARC (MAchine Readable Cataloging) format is decoded. Only the MARC21 variant is
currently handled, but this is one of the most common variants. The most common tags
are decoded. The MARC dissector is included in the Z39.50 dissector, but the code is
structured in such away that it could be pulled out.
Todo:
- Add information to the Wiki about Z39.50.
As part of this work, the definition of isdigit_string() was fixed to avoid const complaints.
Change-Id: I29a7db53375ef8be83738a1ab98707761d878717
Reviewed-on: https://code.wireshark.org/review/31209
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
No yet available at 100% (35,8%) but work in progress...
Change-Id: I3d0d861037abe5e5f2611f95ac27ad42c8d20c47
Reviewed-on: https://code.wireshark.org/review/31158
Reviewed-by: Anders Broman <a.broman58@gmail.com>
No yet available at 100% (57,05%) but work in progress...
Change-Id: I3fa95c49003aa6fd5183d24fe76b721520a44ba0
Reviewed-on: https://code.wireshark.org/review/31157
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Along with checking for exit code 3010 (reboot required), check for
other errors and show a warning as needed.
Add a note about the Universal CRT to the User's Guide.
Bug: 15358
Change-Id: Ia49dbdc66edc8ea68f957ec353f1115536002d13
Reviewed-on: https://code.wireshark.org/review/31100
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Dissector for Intelligent Transport System facility messages:
- Cooperative Awareness Message (CAM)
- Decentralized Environmental Notification Message (DENM)
- Infrastructure to Vehicle Information Message (IVIM)
- MAP (topology) Extended Message (MAPEM)
- Signal Phase And Timing Extended Message (SPATEM)
- Signal Request Extended Message (SREM)
- Signal request Status Extended Message (SSEM)
- Electric Vehicle Charging Spot Notification (EVCSN)
- Electric Vehicle - Recharging Spot Reservation (EVRSR)
- Tyre Information System (TIS) and Tyre Pressure Gauge (TPG) interoperability
Subdissectors:
- ITS version if ever the ITS PDU header is changed
- Version << 16 | MessageID to register new message dissectors
- RegionId << 16 | type to register regional extensions
AddGrpC regional additions already provided
TAP:
- its TAP with ItsPduHeader fields provided
Bug: 15148
Change-Id: I4c71d4dfa1d5d63cb57f61a4e1436a60a3482205
Reviewed-on: https://code.wireshark.org/review/31049
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Implements V2X protocol dissectors:
* Geonetworking (network layer):
Dissector is registered on top of Ethernet (ethertype=0x8947). Secured
Packets are dissected up to the basic header, the rest is shown as data.
GN_ADDR address type is registerd and provides resolution of station
type and country code in the address. MID is shown as an ethernet address.
All the fields are dissected for non Secured Packets.
A subdissector table named "geonw.ch.nh" is provided on the next header
field. IPv6 is automatically registered. Heuristic dissectors is not
supported. If no dissector is foundd, payload is shown as data.
A preference boolean allows to enable/disable sequence number checking.
Tap "geonw" gets headers of all packets (with most fields).
Expert info tests if and provide feedback on:
- version is zero (no other version possible),
- reserved fields are zeros,
- payload_len matching with reported length of buffer,
- Remaining Hop Limit is 1 for Beacon and SHB,
- low RHL or RHL > Max Hop Limit,
- country code is less than 999 (3 digits ITU-T E.164),
- latitude, longitude, heading and angle limits,
- (suspected) duplicate packets,
- LS_REQUEST/LS_REPLY matching.
* Basic Transport Portocol:
BTP-X (X=A or B) dissectors are registered on top of Geonetworking.
Subdissector tables "btpx.port" allow to register for a given port,
while heuristic dissector can register to "btpx.payload". Decode as
capability is supported.
"btpx" taps get headers of all packets with ports/@ infos.
"btpx_follow" taps get the payload.
Bug: 15148
Change-Id: Iab5f4486d4c38068d9ad4361e77296b747f9b1bb
Reviewed-on: https://code.wireshark.org/review/30992
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
New built-in dissector for PCOM protocol (ASCII and binary modes included)
Bug: 15315
Change-Id: Ie13da6bfd7fefefbc5bb5df3461c7fc18261df81
Reviewed-on: https://code.wireshark.org/review/30823
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add an "appimage" target that will create an AppImage package. Current
AppImage tools assume that you only have one executable, so add
a custom AppRun wrapper that will let you run our associated CLI
utilities via symlinks, e.g.
ln -s ./Wireshark-3.2.1-x86.appimage capinfos
./capinfos --help
Packaging requires both linuxdeployqt and appimagetool, although we
might be able to reduce this to just linuxdeployqt:
https://github.com/probonopd/linuxdeployqthttps://github.com/AppImage/AppImageKit
I haven't done much testing beyond running Wireshark and
capinfos. There are undoubtedly issues that need to be fixed.
Bug: 14464
Change-Id: Ic004ba1962e6a8630ebb017349d9b2c0462fd5fe
Reviewed-on: https://code.wireshark.org/review/30953
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Clean up the release notes in preparation for 2.9.0 and 3.0.
Change-Id: I7feb37846ce0b1c3caf248f616943b0f80cf60f3
Reviewed-on: https://code.wireshark.org/review/31012
Reviewed-by: Gerald Combs <gerald@wireshark.org>
1) The default build configuration is to select PCAPNG as
output format, but it can be selected as PCAP. Some of the
command line tools have the option to select the output
format and default towards the build configuration.
This has to be reflected in their help output also.
2) Various documentation files are still stating that PCAP is
the default format of various tools. With the default build
configuration being PCAPNG these have to be adjusted as well.
(with lack of dynamic content the documentation can only refer
to the default build configuration format).
Change-Id: I51d19642a7ed8c99817971c1f25d20972095021e
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30951
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
With the introduction of the ip command (from iproute2) on modern
Linux systems it becomes common to see this tool available,
gradually replacing tools like netstat and ifconfig.
Change-Id: I1fb309e741c07c93271b61a35c4833d36bcc5cb8
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30924
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The Supported Protocols list has move from Help to View.
Also everything is presented in one dialog now.
Change-Id: Ie6105741b1307a0de062a33e4f5e3f933cd14caa
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30845
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
More information on Apple's proprietary AWDL protocol can be found in
Milan Stute, David Kreitschmann, and Matthias Hollick. "One Billion Apples'
Secret Sauce: Recipe for the Apple Wireless Direct Link Ad hoc Protocol"
in ACM MobiCom '18. https://doi.org/10.1145/3241539.3241566
Bug: 15245
Change-Id: I5ce18125b3c957f338909e46f18e30405a3d3941
Reviewed-on: https://code.wireshark.org/review/30413
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Upcoming changes need GnuTLS >= 3.0.2. Require GnuTLS 3.2 (or newer) for
licensing reasons. The Debian control file still mentions 3.2.14 because
older packages linked with a GMP library that was not GPLv2+ compatible.
RHEL6 only has 2.12.23, but is already unsupported anyway.
Change-Id: I024b2a734ebb16b73a624bb2435c254e963d8b7d
Reviewed-on: https://code.wireshark.org/review/30832
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a script that disables all of our desegmentation and reassembly
preferences and use it to create a "No Reassembly" profile.
Change-Id: Icd0b72e9e271a511e637acde9018f3aae018e589
Reviewed-on: https://code.wireshark.org/review/30799
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Various parts of the text2pcap documentation need some fixing up.
This change brings them back in line and up to date with current
features.
Change-Id: I038cf5c4943d2a4bbcc3d0fbd8f5e111dcf0d0a9
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30754
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Try to describe the motivation of pytest fixtures and update the
examples. Add a missing build dependency in CMake while at it.
Change-Id: I5384a86f2191835b834285b81343a7ee56f88e79
Reviewed-on: https://code.wireshark.org/review/30632
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
A race condition exists with msbuild where building some targets
(generate_{developer,user}-guide.xml, {developer,user}_guide_pdf) will
result in parallel, repeated execution of the commands to copy 'ws.css'.
Synchronize those executions using a single target to avoid this.
Change-Id: Ie93d07e504bc18fa4e4e8aac5b611fba329ff188
Reviewed-on: https://code.wireshark.org/review/30553
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add the ability to rotate files after a specified number of packets (`-b
packets:NUM`). Move some condition checks to capture_loop_write_packet_cb.
Add `-a packets:NUM` in order to be consistent. It is functionally
equivalent to the `-c` flag.
Add a corresponding "packets" option to the Capture Interfaces dialog
Output tab.
Add initial tests for autostop and ringbuffer conditions.
Change-Id: I66eb968927ed287deb8edb96db96d7c73526c257
Reviewed-on: https://code.wireshark.org/review/30534
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Python 3 is widely available. All major Linux distributions support it.
RHEL is covered via EPEL (which is already required for cmake3). Drop
support for Python 2 in order to reduce maintenance costs. The main
motivation is being able to simplify the tests.
CMake is updated to search for Python >= 3.4 and will fail if
unavailable (generating dissectors.c requires Python, so it is quite an
important piece to have).
The documentation is updated to reflect the Python 3.7 paths used by
Chocolatey. Tested the git-review installation instructions in Windows 7
x64 without a previous Chocolatey installation.
macOS brew now installs Python 3 (its dependencies are already installed
by python@2 for libxml2). The macOS (non-brew variant) is updated to use
the official 64-bit installer to install Python 3.
Change-Id: I80b1e36957f338e0dad1bfcc173b6418682cddba
Reviewed-on: https://code.wireshark.org/review/30192
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
sshdump and ciscodump have been updated to use it.
Change-Id: I4e1e0d35f086d76c13264939bc4f14308cc88cfb
Reviewed-on: https://code.wireshark.org/review/30496
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When importing a file from hex dump, this change adds a way to
add a custom dummy header. It's an export_pdu header which uses
one single tag: the protocol name. This allows to call directly
a dissector without more dummy headers.
Example: it can be used to call the DNS dissector without fake
eth/ip/udp headers.
Change-Id: I12fd6d09a131acd9bd1f0d7c4c8aefcd0d718b26
Reviewed-on: https://code.wireshark.org/review/30403
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I5e9025545f9127d1c5c6200844f9b917af975998
Reviewed-on: https://code.wireshark.org/review/28844
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I1f828df1735bd10ef8849d208e10ea1339ba37e2
Reviewed-on: https://code.wireshark.org/review/26403
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
At least on my W10 machine, they shols up as "xxx Native Tools
Commmand Prompt for VS 2017", not "VS2017 xxx Native Tools Command
Prompt".
Change-Id: I55d7ad24df717cfce21f6abdaf97ed1972128e3c
Reviewed-on: https://code.wireshark.org/review/30215
Reviewed-by: Guy Harris <guy@alum.mit.edu>
More use of "UNIX-like" as the term for "macOS and Linux and *BSD and
Solaris and AIX and..." or, alternatively, for "not Windows".
Add Fedora as a Linux distribution for which packages are available.
Use "Windows" rather than "Win32" in more cases; "Win32" dates back to
the days when the big difference was between Boring Old 16-bit Windows
and modern shiny new 32-bit Windows, but the former is now dead and the
latter now supports both 32-bit and 64-bit machines and software. More
people have probably never heard "Win32" but are familiar with
"Windows".
*ALL* UNIX-like platforms support symlinks; Linux wasn't even the first
one, it just picked them up from the UN*Xes with which it was trying to
be compatible.
Change-Id: I254e74f0ed3c86b55d00f9e8d7b78d009b61fb5e
Reviewed-on: https://code.wireshark.org/review/30178
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We use VS 2017, not VS 2015, for 2.6.x and development builds.
Microsoft's documentation is moving from msdn.microsoft.com to
docs.microsoft.com.
The way you download pre-2017 versions of VS has changed.
Update links to the Android, GNOME, KDE and macOS human interface
guidelines while we're at it.
Change-Id: I1a3973f76aa5b476cb906b8a8604b82d6131e9c5
Reviewed-on: https://code.wireshark.org/review/30168
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add a new button to UAT frames to copy entries from another profile.
Change-Id: I9decb5ed5d67e97388ee7b22a15cacae4d5a3621
Reviewed-on: https://code.wireshark.org/review/30084
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Add an entry for the copy from profile feature for coloring rules,
IO graphs and protocol preference tables.
Change-Id: I79a191c1ec13e96fcb1b5fb04dd28c95dd034aca
Reviewed-on: https://code.wireshark.org/review/30070
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add 'v' option for VLAN ID resolving and get rid of
deprecated 'C' option.
Bug: 14826
Change-Id: I63104f4a465d251048693ad02882ea7eb2c4d926
Reviewed-on: https://code.wireshark.org/review/30029
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Switch the Capture Interfaces section to paragraphs and add one for
sdjournal.
Change-Id: I677a403bf2ea377214c6179f9f22facc9a4ff091
Reviewed-on: https://code.wireshark.org/review/29963
Reviewed-by: Gerald Combs <gerald@wireshark.org>
This reverts commit 5dd0c8daa5.
Reason for revert: As Guy pointed out, Oracle ships a recent version.
Change-Id: I9689dfd0656d95f7ae57ae86c2bea7d09afddc70
Reviewed-on: https://code.wireshark.org/review/29815
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Stop listing Solaris as a supported platform. I'm not sure if you can
compile Wireshark out of the box on it any more and the available binary
packages I can find are ancient.
Change-Id: I89afef01abe05986ce660327731c5504c6622ff7
Reviewed-on: https://code.wireshark.org/review/29764
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Rename the "ssl" protocol to "tls" and add an "ssl" alias. Prefer "TLS"
over "SSL" in user interface text and in the documentation.
Fix the test_tls_master_secret test while we're here.
Bug: 14922
Change-Id: Iab6ba2c7c4c0f8f6dd0f6d5d90fac5e9486612f8
Reviewed-on: https://code.wireshark.org/review/29649
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The "known bugs" list is rarely updated. Remove it and add more helpful
and up-to-date references.
Change-Id: I5aea57c66c6645b5c903ebcebcb1676af5204ce2
Reviewed-on: https://code.wireshark.org/review/29048
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The references read like
This table is handled by an Section 11.7, "User Table" with the
following fields.
which looked a little weird.
Change-Id: I4ae9af48e7edf75aa0c7708614f4a11696db9ee1
Reviewed-on: https://code.wireshark.org/review/29530
Reviewed-by: Guy Harris <guy@alum.mit.edu>
- It cannot support IPv6.
- Non-standard use (specifically recommended against in the RFCs)
of the IPv4 fragment ID field.
- Has a narrow and non-obvious use case, IMO.
- It is not supported in the Qt GUI.
- Significant maintenance burden for an obscure feature.
Change-Id: Icaf429269dc42f78c38b8d20001508132499faf8
Reviewed-on: https://code.wireshark.org/review/29239
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
The "debug" logging function overwrites the "debug" package which breaks
luacov: https://github.com/keplerproject/luacov/issues/55
Change-Id: I9b6025c060733198bfff8ea959444c09d6e08709
Reviewed-on: https://code.wireshark.org/review/29449
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Update docbook/wsug_src/*.txt using tools/update-tools-help.py. This
removes a lot of unwanted behavior that came with updating via a CMake
target.
Change-Id: I0a24f425e9673ef7bd074210d7047654c6755e79
Reviewed-on: https://code.wireshark.org/review/29416
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Remove 'Payload Length' from extcap toolbar control protocol because
this does not exist in the protocol.
Change-Id: I9eea7366d2992a7b7ac769f290c5d7e8e1090ce8
Reviewed-on: https://code.wireshark.org/review/29378
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Add support for aliasing one protocol name to another and for filtering
using aliased fields. Mark aliased fields as deprecated.
Rename the BOOTP dissector to DHCP and alias "bootp" to "dhcp". This
lets you use both "dhcp.type" and "bootp.type" as display filter fields
without having to duplicate all 500+ DHCP/BOOTP fields.
To do:
- Add checks to proto.c:check_valid_filter_name_or_fail?
- Transition SSL to TLS.
- Rename packet-bootp.c to packet-dhcp.c?
Change-Id: I29977859995e8347d80b8e83f1618db441b10279
Ping-Bug: 14922
Reviewed-on: https://code.wireshark.org/review/29327
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a file parser and dissector that can handle the output of
`journalctl -o export`. From here we can add a systemd journal extcap
and possibly support for the JSON and binary formats.
Change-Id: I01576959b2c347ce7ac9aa57cdb5c119c81d61e9
Reviewed-on: https://code.wireshark.org/review/29311
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change occurrences of GIT to Git. Fix a couple of URLs. Other changes.
Change-Id: I9eb69ee16f692c2bf71b62e7a2db4b762d9ab4bf
Reviewed-on: https://code.wireshark.org/review/29237
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Update the images and text to match the current main and display filter
toolbars.
Change-Id: I4d23a3ece35c3b9186b4fff170f6c391f4d157c9
Reviewed-on: https://code.wireshark.org/review/29234
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The Internals menu items were moved under the View menu a while back.
Fix an internals dialog title.
Change-Id: I78d61bf4f52bf9eb86cf7ff59fc036b9f7e846f5
Reviewed-on: https://code.wireshark.org/review/29228
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>