Update the example typical location for the temporary directory
on Windows in the manpages to something newer than where Windows NT
or Windows 98 might put it.
Fix#18463
If dfilter_compile() succeeds, but the filter contains deprecated
tokens, don't report an error from dfilter_compile() as a warning, as
there *is* no error from dfilter_compile(). Instead, report "Filter
contains deprecated tokens". (Feel free to improve the error text.)
Fixes the crash, at least, in #18886.
The token format used by rtp-analyse and rtp-download expect the SSRC
field to be a hex string parsable by `ws_hexstrtou32()` as seen in
sharkd_session.c:760. The output from tap:rtp-streams was displaying
it as an unsigned integer.
For consistency, this field is now displayed as a hex string in the
output.
If the call to download an RTP stream did not match any payloads, Sharkd
would not return any information at all.
This now returns an error message indicating that there is no RTP data
available.
Adds three new selftests and sample pcap.
A negative number of bits in a bit item isn't allowed. Treat it
as a very large number (i.e., as unsigned), and throw a
ReportedBoundsError. This was already happening in most cases,
but not in the edge case of a number of bits between -1 and -7
(which was being rounded up to 0 octets and passed our length checks.)
Fix#18877
The comments in the flow diagrams are conceptually an extra y Axis
ticker label on the right. Tell QCustomPlot that we don't want to
render things that look like sufficiently large numbers in scientific
notation.
Fix#18879
In the flow diagram, the hint is an ElidedLabel, which now
escapes HTML: d9adb6f712
So don't escape the comment before passing it to ElidedLabel, or
the double-escaping will cause quotes, angle brackets, etc. to
look like HTML entities.
The documentation for WLAN Traffic menu item in the Wireless menu
was moved from the Statistics Chapter to the Wireless Chapter of
the WSUG. Update the URL in its help button accordingly.
Part of #17982
The WSUG has ChManageInterfacesSection, but the help button in
ui/help_url.c tries to open ChCapManageInterfacesSection.
The latter appears to be correct, as every other section and other
anchor in the Capture Chapter beings with "ChCap".
Part of #17982
In tapReset, the select rtpstread_id is copied member by member
by QList append(), so don't allocate pointers on the heap that
will be leaked. (Coverity 1477952)
Fixes a bug when the return value from load_cap_file() is nonzero.
No response is currently returned causing the client to hang. A non-zero
error code can happen for a variety of reasons, one of which is when the
PCAP is truncated.
An error message from cfile_read_failure_message() is displayed on the
console, but no data was returned to the RPC client.
This adds a call to wtap_strerrror() to look up a human consumable error
message for the specific error code returned during wtap_read().
Adds new self-test to suite_sharkd.py
In the tap, the stream ID allocated on the stack just needs a shallow
copy of the addresses. It only needs a deep copy when being added as a
new entry to the list.
Restore the memleak fix from e76ca2d3cb
that was accidentally removed by 1b4b5e59e9
We do want to reset these (and probably most other elements of the
packet_info struct) when starting to process a new PDU at the same
protocol level as the most recently processed dissector. However,
find_conversation_pinfo() is used in the GUI and elsewhere to get
the final value of conversation and address information, so we don't
want to reset the values after the last PDU.
Revert this until we can find a better general way of handling this.
(!8013 handles the specific PPP case for #18278.) Perhaps eventually
there should be some separation between addresses and conversation
information used for the next dissector called, and the value for
the packet used after the packet is fully dissected (by the GUI, etc.)
This reverts commit 80e287f82c.
Fix#18781.
Enterprise-names containing "formerly" are handled differently, removing the former
name and only keeping the current one.
Some enterprise-names have changed their names using the synonym "previously",
which is currently not parsed in the same way. This commit modifies the script
to recognize both.
When breaking up a raw HDLC byte stream into frames, each frame
should be treated separately, much like it were a new frame in
an ordinary capture file. That means that many of the elements
in the big packet_info struct should be reset for each new frame.
In particular, the "most recent conversation" information stored
in conv_elements and conv_addr_port_endpoints should be reset.
This is not that different to how multiple PDUs should be handled
in some other protocols (DVB-S2, TCP, etc.). When a frame contains
protocol layers A, B, then C, we should distinguish between "C is
contained within B within A" and "C and B are consecutive PDUs both
contained within A."
Unfotunately, it's difficult to handle this in a general way, as we
don't know when calling the dissector for a PDU whether another PDU
will follow or not. If something is the last PDU, we don't want to
reset the last addresses/ports/conversation, so that we can access
them for display purposes, conversation filters, the related packets
line, follow stream, etc., many of which use find_conversation_pinfo
Fix#18278.
Add functions to test if a compiled dfilter considers an hfid
or a protocol id interesting. Use those to define functions to
test if any enabled color filter considers an hfid or a protocol
interesting.
Some of the item length changes in !9655 needed to be done with
the ASN.1 templates so that they don't get lost on ASN.1 regeneration.
Fixup ed8ee831fd
As requested [here][1] by @eapache, help with removing calls to
`wmem_packet_scope()` in favour of references to `pinfo->pool`.
* Plugins chosen semi-randomly.
* When a calling function already has a `pinfo` argument, use that.
* Remove `_U_` from its signature if it was there.
* If a function seems narrowly focused on getting and (possibly)
returning memory, change the function signature to take a
`wmem_allocator_t *`.
* If it seems more focused on packet-based operations, pass in a
`packet_info *` instead and use `pinfo->pool` within.
* If there are several functions defined with the same call
signature, add `pinfo _U_` to the argument list of similar
functions in order to maintain clarity/symmetry.
[1]: https://www.wireshark.org/lists/wireshark-dev/202107/msg00052.html
Gerald Combs