Re: [Wireshark-dev] CI not running for vcpkg commit?

[Gerald Combs]

It looks like a CI configuration issue, although I'm not quite sure what the 
problem is. I approved the merge request and started the job; it seems to have 
run fine from the master branch.

On 5/29/24 5:34 AM, Anders Broman wrote:

Hi,
It looks like there is a problem with th CI job at:

https://gitlab.com/wireshark/wireshark-vcpkg-scripts/-/jobs/6968885748 


Any ideas?
Best regards
Anders

___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
  mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe


___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Wireshark 4.2.4 is now available

[Gerald Combs]

I'm proud to announce the release of Wireshark 4.2.4.


 What is Wireshark?

  Wireshark is the world’s most popular network protocol analyzer. It is
  used for troubleshooting, analysis, development and education.

  Wireshark is hosted by the Wireshark Foundation, a nonprofit which
  promotes protocol analysis education. Wireshark and the foundation
  depend on your contributions in order to do their work. If you or your
  organization would like to contribute or become a sponsor, please
  visit wiresharkfoundation.org[1].

 What’s New

  Bug Fixes

   If you are upgrading Wireshark 4.2.0 or 4.2.1 on Windows you will
   need to download and install[2] Wireshark 4.2.4 or later by hand.

   The following vulnerabilities have been fixed:

 • wnpa-sec-2024-06[3] T.38 dissector crash. Issue 19695[4].
   CVE-2024-2955[5].

   Additionally, CVE-2024-24478, CVE-2024-24479, and CVE-2024-24476 were
   recently assigned to Wireshark without any coordination with the
   Wireshark project. As far as we can determine, each one is based on
   invalid assumptions and we have requested that they be rejected.

   The following bugs have been fixed:

 • Extcap with configuration never starts; "Configure all extcaps
   before start of capture." is shown instead. Issue 18487[6].

 • Packet Dissection CSV Export includes last column even if hidden.
   Issue 19666[7].

 • Inject TLS secrets closes Wireshark on Windows. Issue 19667[8].

 • Fuzz job issue: fuzz-2024-02-27-7196.pcap. Issue 19674[9].

 • Wireshark crashes when adding another port to the HTTP dissector.
   Issue 19677[10].

 • Fuzz job issue: fuzz-2024-03-03-7204.pcap. Issue 19685[11].

 • Fuzz job issue: randpkt-2024-03-05-8004.pcap. Issue 19688[12].

 • When adding a new row to a table an error report may be inserted.
   Issue 19705[13].

 • '--export-objects' does not work as expected on tshark version
   later than 3.2.10. Issue 19715[14].

 • Fuzz job issue: fuzz-2024-03-21-7215.pcap. Issue 19717[15].

  New and Updated Features

   There are no new or updated features in this release.

  New Protocol Support

   There are no new protocols in this release.

  Updated Protocol Support

   5GLI, 6LoWPAN, AFP, AllJoyn, AMQP, ASAP, Babel, BACnet, Banana, BEEP,
   Bencode, BFCP, BGP, BT BNEP, BT SDP, BT-DHT, BVLC, CFLOW, CIP, CMIP,
   CMP, COROSYNC/TOTEMSRP, COSE, CQL, CSN.1, DAP, DCCP, DCOM, DHCPv6,
   DICOM, DISP, DOCSIS MAC MGMT, DOF, DVB-S2, E2AP, EDONKEY, ENRP,
   ErlDP, Etch, EXTREME MESH, FC-SWILS, GIOP, GLOW, GNW, GOOSE, GQUIC,
   Gryphon, GSM A-bis OML, GSUP, GTPv2, H.223, H.225.0, H.245, H.248,
   H.264, H.265, HSMS, ICMPv6, ICQ, IEEE1609dot2, IPP, IPPUSB, ISAKMP,
   iSCSI, ISIS LSP, ISO 7816, ISUP, ITS, JSON 3GPP, JXTA, Kafka, KINK,
   KNX/IP, LDAP, LDP, LISP, LISP TCP, LLRP, LwM2M-TLV, M2UA, M3UA,
   MAC-LTE, MBIM, MMS, MONGO, MPEG PES, MPLS Echo, MQ PCF, MQTT-SN,
   MS-WSP, MSDP, MsgPack, NAS-5GS, NETLINK, NHRP, OpenFlow, OpenWire,
   OPSI, OSC, P22, P7, PANA, PIM, PNIO, ProtoBuf, PROXY, Q.2931, QNET,
   RDP, RESP, RPL, RSL, RSVP, RTLS, RTMPT, RTPS, S7COMM, SCTP,
   SIMULCRYPT, SMB2, SML, SNA, SNMP, Socks, SolarEdge, SOME/IP,
   SoulSeek, SUA, T.38, TCAP, TEAP, TFTP, Thread, Thrift, TN5250,
   USBHID, USBVIDEO, VP9, WASSP, WiMAX ASN CP, WLCCP, WTP, X.509IF,
   X.509SAT, XML, XMPP, YAMI, Z39.50, and ZigBee ZCL

  New and Updated Capture File Support

   There is no new or updated capture file support in this release.

  Updated File Format Decoding Support

   BLF, JPEG, and RBM

 Prior Versions

  This document only describes the changes introduced in Wireshark
  4.2.4. You can find release notes for prior versions at the following
  locations:

• Wireshark 4.2.3[16]

• Wireshark 4.2.2[17]

• Wireshark 4.2.1[18]

• Wireshark 4.2.0[19]

 Getting Wireshark

  Wireshark source code and installation packages are available from
  https://www.wireshark.org/download.html.

  Vendor-supplied Packages

   Most Linux and Unix vendors supply their own Wireshark packages. You
   can usually install or upgrade Wireshark using the package management
   system specific to that platform. A list of third-party packages can
   be found on the download page[20] on the Wireshark web site.

 File Locations

  Wireshark and TShark look in several different locations for
  preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
  locations vary from platform to platform. You can use "Help › About
  Wireshark › Folders" or `tshark -G folders` to find the default
  locations on your system.

 Getting Help

  The User’s Guide, manual pages and various other documentation can be
  found at https://www.wireshark.org/docs/

  Community support is available on Wireshark’s Q site[21] and on the
  wireshark-users mailing list. Subscription information and archives
  for all of Wireshark’s mailing lists can be found on the web site[22].

  Bugs and feature requests can be reported on the 

Re: [Wireshark-dev] [PATCH 0/4] Wireshark SocketCAN updates

[Gerald Combs]

Thanks for your contribution! Can you submit a merge request at

https://gitlab.com/wireshark/wireshark/ ?

Complete documentation on contributing code to Wireshark can be found in our 
Developer's Guide at

https://www.wireshark.org/docs/wsdg_html/#ChSrcContribute

On 3/18/24 3:46 AM, Oliver Hartkopp via Wireshark-dev wrote:

This patchset simplifies the CAN packet type detection as it focusses
on the rules to distiguish the different CAN CC/FD/XL frames from the
Linux kernel API.

Additionally some more content is shown in the dissector and the
CAN CiA 611-1 definitions have been cleaned up and extended by CiA.

Oliver Hartkopp (4):
   socketcan: simplify CAN packet type detection
   socketcan: display CANFD_FDF and CANXL_XLF flag content
   socketcan: display len8dlc content for Classical CAN
   socketcan: update CAN CiA 611-1 definitions

  epan/dissectors/packet-socketcan.c | 86 ++
  epan/dissectors/packet-socketcan.h | 17 +++---
  2 files changed, 39 insertions(+), 64 deletions(-)



___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Wireshark 4.2.3 is now available

[Gerald Combs]

I'm proud to announce the release of Wireshark 4.2.3.


 What is Wireshark?

  Wireshark is the world’s most popular network protocol analyzer. It is
  used for troubleshooting, analysis, development and education.

  Wireshark is hosted by the Wireshark Foundation, a nonprofit which
  promotes protocol analysis education. Wireshark and the foundation
  depend on your contributions in order to do their work. If you or your
  organization would like to contribute or become a sponsor, please
  visit wiresharkfoundation.org[1].

 What’s New

  Bug Fixes

   If you are upgrading Wireshark 4.2.0 or 4.2.1 on Windows you will
   need to download and install[2] Wireshark 4.2.3 or later by hand.

   The following bugs have been fixed:

 • Capture start fails when file set enabled and file extension not
   supplied if directory contains a period. Issue 14614[3].

 • Cannot drag and move custom filter buttons in toolbar. Issue
   19447[4].

 • Not equal won’t work when used with wlan.addr. Issue 19449[5].

 • sshdump fails to connect with private key (ssh-rsa) Issue
   19510[6].

 • ChmodBPF installation fails on macOS Sonoma 14.1.2. Issue
   19527[7].

 • Windows installers should check for Windows 8.1. Issue 19569[8].

 • Fuzz job crash output: fuzz-2024-01-05-7725.pcap. Issue 19570[9].

 • Fuzz job crash output: fuzz-2024-01-06-7734.pcap. Issue
   19578[10].

 • Incorrect recursion depth assert failure when dissecting a
   legitimate GOOSE message. Issue 19580[11].

 • OPC UA - large read request is reported as malformed in 4.2.1 but
   not in 4.0.12. Issue 19581[12].

 • TFTP dissector bug type listed as netscii instead of netascii
   doesn’t show all TFTP packets including TFTP blocks. Issue
   19589[13].

 • SMB1 replies from LAN Drive app only show up as NBSS Continuation
   Message. Issue 19593[14].

 • ciscodump - older SSH key exchange algorithms not supported.
   Issue 19594[15].

 • Problem decoding LAPB/X.25/FTAM after adding X.75 decoding. Issue
   19595[16].

 • Wireshark Filter not working. Issue 19604[17].

 • CFLOW: failure to decode 0 length data fields of IPFIX variable
   length data types. Issue 19605[18].

 • Copy …​as Printable Text Feature Missing in 4.1/4.2. Issue
   19607[19].

 • Export Objects - HTTP is missing some HTTP/2 files in a two-pass
   analysis. Issue 19609[20].

 • ASAM-CMP Plugin: Malformed message, length mismatch if vendor
   defined data of status messages has odd length. Issue 19626[21].

 • OSS-Fuzz 66561: wireshark:fuzzshark_ip_proto-udp:
   Null-dereference READ in wmem_map_lookup. Issue 19642[22].

  New and Updated Features

   There are no new or updated features in this release.

  New Protocol Support

   There are no new protocols in this release.

  Updated Protocol Support

   ASAM CMP, CAN, CFLOW, CMIP, CMP, DAP, DICOM, DISP, E2AP, GLOW, GOOSE,
   GTP, GTPv2, H.225, H.245, H.248, HTTP2, IEEE 1609.2, IEEE 1722, IPv4,
   IPv6, ISO 15765, ISUP, ITS, Kerberos, LDAP, MMS, NBT, NRUP,
   openSAFETY, P22, P7, PARLAY, RTMPT, RTP, SCSI, SOME/IP, T.38, TCP,
   TECMP, TFTP, WOW, X.509if, X.509sat, X.75, X11, Z39.50, and ZigBee
   Green Power

  New and Updated Capture File Support

   pcap and pcapng

 Prior Versions

  This document only describes the changes introduced in Wireshark
  4.2.3. You can find release notes for prior versions at the following
  locations:

• Wireshark 4.2.2[23]

• Wireshark 4.2.1[24]

• Wireshark 4.2.0[25]

 Getting Wireshark

  Wireshark source code and installation packages are available from
  https://www.wireshark.org/download.html.

  Vendor-supplied Packages

   Most Linux and Unix vendors supply their own Wireshark packages. You
   can usually install or upgrade Wireshark using the package management
   system specific to that platform. A list of third-party packages can
   be found on the download page[26] on the Wireshark web site.

 File Locations

  Wireshark and TShark look in several different locations for
  preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
  locations vary from platform to platform. You can use "Help › About
  Wireshark › Folders" or `tshark -G folders` to find the default
  locations on your system.

 Getting Help

  The User’s Guide, manual pages and various other documentation can be
  found at https://www.wireshark.org/docs/

  Community support is available on Wireshark’s Q site[27] and on the
  wireshark-users mailing list. Subscription information and archives
  for all of Wireshark’s mailing lists can be found on the web site[28].

  Bugs and feature requests can be reported on the issue tracker[29].

  You can learn protocol analysis and meet Wireshark’s developers at
  SharkFest[30].

 How You Can Help

  The Wireshark Foundation helps as many people as possible understand
  their networks as much as possible. You can find 

[Wireshark-dev] GitLab security announcement

[Gerald Combs]

Hi all,

GitLab recently announced that several security flaws were recently fixed on 
their platform, including two critical flaws:

https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/

The Wireshark repositories are hosted on GitLab's SaaS platform (gitlab.com), 
and the issues have been fixed there.

One of the vulnerabilities allowed an attacker to take over your account. 
According to the announcement, GitLab hasn't detected anyone leveraging this 
vulnerability on their systems, but they do recommend that you enable 2FA on 
your GitLab account if possible.
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Wireshark 4.2.2 is now available

[Gerald Combs]

I'm proud to announce the release of Wireshark 4.2.2.


 What is Wireshark?

  Wireshark is the world’s most popular network protocol analyzer. It is
  used for troubleshooting, analysis, development and education.

  Wireshark is hosted by the Wireshark Foundation, a nonprofit which
  promotes protocol analysis education. Wireshark and the foundation
  depend on your contributions in order to do their work. If you or your
  employer would like to contribute or become a sponsor, please visit
  wiresharkfoundation.org[1].

 What’s New

  Bug Fixes

   This release fixes a software update issue on Windows which causes
   Wireshark to hang if you are upgrading from version 4.2.0 or 4.2.1.
   If you are experiencing this issue you will need to download and
   install[2] Wireshark 4.2.2 or later.

   The following bugs have been fixed:

 • sharkd is not installed by the Windows installer. Issue 19556[3].

 • Fuzz job crash output: fuzz-2024-01-01-7740.pcap. Issue 19558[4].

 • Can’t open a snoop file from the Open dialog box unless I select
   "All files" as the file type. Issue 19565[5].

 • Add s4607 dissector to "decode as" Issue 19566[6].

 • Updater for 4.2.1 hangs. Issue 19568[7].

  New and Updated Features

   There are no new or updated features in this release.

  New Protocol Support

   There are no new protocols in this release.

  Updated Protocol Support

   RSVP, RTPS, and STANAG 4607

  New and Updated Capture File Support

   There is no new or updated capture file support in this release.

 Prior Versions

  This document only describes the changes introduced in Wireshark
  4.2.2. You can find release notes for prior versions at the following
  locations:

• Wireshark 4.2.1[8]

• Wireshark 4.2.0[9]

 Getting Wireshark

  Wireshark source code and installation packages are available from
  https://www.wireshark.org/download.html.

  Vendor-supplied Packages

   Most Linux and Unix vendors supply their own Wireshark packages. You
   can usually install or upgrade Wireshark using the package management
   system specific to that platform. A list of third-party packages can
   be found on the download page[10] on the Wireshark web site.

 File Locations

  Wireshark and TShark look in several different locations for
  preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
  locations vary from platform to platform. You can use "Help › About
  Wireshark › Folders" or `tshark -G folders` to find the default
  locations on your system.

 Getting Help

  The User’s Guide, manual pages and various other documentation can be
  found at https://www.wireshark.org/docs/

  Community support is available on Wireshark’s Q site[11] and on the
  wireshark-users mailing list. Subscription information and archives
  for all of Wireshark’s mailing lists can be found on the web site[12].

  Bugs and feature requests can be reported on the issue tracker[13].

  You can learn protocol analysis and meet Wireshark’s developers at
  SharkFest[14].

 How You Can Help

  The Wireshark Foundation helps as many people as possible understand
  their networks as much as possible. You can find out more and donate
  at wiresharkfoundation.org[15].

 Frequently Asked Questions

  A complete FAQ is available on the Wireshark web site[16].

 References

   1. https://wiresharkfoundation.org
   2. https://www.wireshark.org/download.html
   3. https://gitlab.com/wireshark/wireshark/-/issues/19556
   4. https://gitlab.com/wireshark/wireshark/-/issues/19558
   5. https://gitlab.com/wireshark/wireshark/-/issues/19565
   6. https://gitlab.com/wireshark/wireshark/-/issues/19566
   7. https://gitlab.com/wireshark/wireshark/-/issues/19568
   8. https://www.wireshark.org/docs/relnotes/wireshark-4.2.1.html
   9. https://www.wireshark.org/docs/relnotes/wireshark-4.2.0.html
  10. https://www.wireshark.org/download.html
  11. https://ask.wireshark.org/
  12. https://www.wireshark.org/lists/
  13. https://gitlab.com/wireshark/wireshark/-/issues
  14. https://sharkfest.wireshark.org
  15. https://wiresharkfoundation.org
  16. https://www.wireshark.org/faq.html


Digests

wireshark-4.2.2.tar.xz: 4491 bytes
SHA256(wireshark-4.2.2.tar.xz)=9e3672be8c6caf9279a5a13582d6711ab699ae2a79323e92a99409c1ead98521
SHA1(wireshark-4.2.2.tar.xz)=b14f94019c0a0d01409d57736dd458c23fceba78

Wireshark-4.2.2-arm64.exe: 67867832 bytes
SHA256(Wireshark-4.2.2-arm64.exe)=1f87e5918604d42956c1ec5ae1aa9aedfe1a50a343dcaa533160c295c3176579
SHA1(Wireshark-4.2.2-arm64.exe)=40819c8ec260c10ed6d23e5ee0e4c15b8100030e

Wireshark-4.2.2-x64.exe: 86375712 bytes
SHA256(Wireshark-4.2.2-x64.exe)=3bd13a521b1e9d100e800b666705da132e584cccbd4f30c88e9cf0d93289b2fa
SHA1(Wireshark-4.2.2-x64.exe)=2b8f90a64b1dad7791de0b430f661788f8d082ce

Wireshark-4.2.2-x64.msi: 62820352 bytes
SHA256(Wireshark-4.2.2-x64.msi)=0ebc060fc70b61396c78fbcdd36ed56f3b64a2c96e1a44eebcc0e852c9bd7c20
SHA1(Wireshark-4.2.2-x64.msi)=efcab3048932cd7824f68697131dff0d77999b9c

[Wireshark-dev] Wireshark 4.2.1 is now available

[Gerald Combs]

I'm proud to announce the release of Wireshark 4.2.1.


 What is Wireshark?

  Wireshark is the world’s most popular network protocol analyzer. It is
  used for troubleshooting, analysis, development and education.

  Wireshark is hosted by the Wireshark Foundation, a nonprofit which
  promotes protocol analysis educaton. Wireshark and the foundation
  depend on your contributions in order to do their work. If you or your
  employer would like to contribute or become a sponsor, please visit
  wiresharkfoundation.org[1].

 What’s New

  Bug Fixes

   The following vulnerabilities have been fixed:

 • wnpa-sec-2024-01[2] GVCP dissector crash. Issue 19496[3].
   CVE-2024-0208[4].

 • wnpa-sec-2024-02[5] IEEE 1609.2 dissector crash. Issue 19501[6].
   CVE-2024-0209[7].

 • wnpa-sec-2024-03[8] HTTP3 dissector crash. Issue 19502[9].
   CVE-2024-0207[10].

 • wnpa-sec-2024-04[11] Zigbee TLV dissector crash. Issue 19504[12].
   CVE-2024-0210[13].

 • wnpa-sec-2024-05[14] DOCSIS dissector crash. Issue 19557[15].
   CVE-2024-0211[16].

   The following bugs have been fixed:

 • Capture filters not saved to recently used list. Issue 12918[17].

 • CFM dissector does not handle Sender ID TLV correctly when
   Chassis ID Length is zero. Issue 13720[18].

 • OSS-Fuzz 64290: wireshark:fuzzshark_ip: Global-buffer-overflow in
   dissect_zcl_read_attr_struct. Issue 19490[19].

 • Overriding capture options set by preference by command line
   arguments (like -S) doesn’t work. Issue 14549[20].

 • Segfault when enabling monitor mode on wireless card that falsely
   claims to support it. Issue 16693[21].

 • Documented format of temporary file name is out of date in the
   Wireshark User’s Guide. Issue 18464[22].

 • Selection highlight lost when interface list is sorted. Issue
   19133[23].

 • HTTP3 malformed packets. Issue 19475[24].

 • Capture filter compilation fails with obscure error message.
   Issue 19480[25].

 • XML: Parsing encoding attribute failed when standalone attribute
   exists. Issue 19485[26].

 • Display filter expressions where the protocol name starts with
   digit and contains a hyphen are rejected. Issue 19489[27].

 • diameter.3GPP-* display filters not working after upgrade to
   version 4.2.0. Issue 19493[28].

 • GigE-vision: Control Protocol shows \"unknown\" as value for
   ASCII character set. Issue 19494[29].

 • The HTTP/3 Request Header URI is not correct. Issue 19497[30].

 • QUIC/TLS not extracting \"h3\" from ALPN in a capture. Issue
   19503[31].

 • Documentation on system requirements should be updated. Issue
   19512[32].

 • 4.2.0: init.lua in subdirectories not loaded anymore. Issue
   19516[33].

 • Malformed SIP/SDP messages: components are not decoded properly.
   Issue 19518[34].

 • heuristic_protos do not reset on profile swap. Issue 19520[35].

 • Wireshark 4.2 crashes on Apply As Column. Issue 19521[36].

 • NFLOG timestamp is incorrect. Issue 19525[37].

 • Qt6 Crash (Double Free) When Attempting to Save TCP Stream Graph.
   Issue 19529[38].

 • Fixed parsing display filter expressions containing literal OID
   values, e.g. `snmp.name == 1.3.6.1.2.1.1.3.0`.

  New and Updated Features

   There are no new or updated features in this release.

  New Protocol Support

   There are no new protocols in this release.

  Updated Protocol Support

  New and Updated Capture File Support

   There is no new or updated capture file support in this release.

   pcapng: the if_tsoffset option is now supported.

 Prior Versions

  This document only describes the changes introduced in Wireshark
  4.2.1. You can find release notes for prior versions at the following
  locations:

• Wireshark 4.2.0[39]

 Getting Wireshark

  Wireshark source code and installation packages are available from
  https://www.wireshark.org/download.html.

  Vendor-supplied Packages

   Most Linux and Unix vendors supply their own Wireshark packages. You
   can usually install or upgrade Wireshark using the package management
   system specific to that platform. A list of third-party packages can
   be found on the download page[40] on the Wireshark web site.

 File Locations

  Wireshark and TShark look in several different locations for
  preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
  locations vary from platform to platform. You can use "Help › About
  Wireshark › Folders" or `tshark -G folders` to find the default
  locations on your system.

 Getting Help

  The User’s Guide, manual pages and various other documentation can be
  found at https://www.wireshark.org/docs/

  Community support is available on Wireshark’s Q site[41] and on the
  wireshark-users mailing list. Subscription information and archives
  for all of Wireshark’s mailing lists can be found on the web site[42].

Re: [Wireshark-dev] Changes to the plugin registration API

[Gerald Combs]

On 12/4/23 12:43 PM, João Valverde wrote:


On 04/12/23 18:45, Gerald Combs wrote:

The FAQ entry below makes it clear that developing an internal version of Wireshark is permitted, 
and that "within an organization" counts as "internal." As far as I know the 
GPL doesn't place any restrictions on making an internal combined work with GPL and non-GPL 
software, so writing a non-GPL, internal-only plugin is permitted as long as you take care to keep 
it internal. I'd personally prefer that plugins were GPL-compatible, but I also know that we live 
in a real world where that sometimes isn't possible.


There's two things here. Internal use of modified Wireshark source code is 
allowed, agreed, regardless of any software license. This includes writing and 
linking binary plugins. All the Wireshark copyright holders already gave 
permission for that when they licensed their code using the GPL.

I'm less happy about statements that could be construed to imply that GPL 
compatibility is a matter of convenience in the real world, even obliquely. At 
best it is an oversimplification to the point of incorrection that sends the 
wrong message.


I expect everyone who modifies or integrates with Wireshark to abide by its 
license. I've enforced the GPL on the project's behalf before and I'll do it 
again if needed, although I'd prefer to help people avoid violating the license 
in the first place.



https://www.gnu.org/licenses/gpl-faq.html#GPLAndPlugins

https://www.gnu.org/licenses/gpl-faq.html#LinkingWithGPL

Gerald: "As far as I know the GPL doesn't place any restrictions on making an 
internal combined work with GPL and non-GPL software"

Is this really correct? Is it possible to comply with the GPLv2 and modify 
Wireshark to use a third-party proprietary library, even if it is only used 
internally? Can corporation A legally modify Wireshark source code to use a 
proprietary library licensed by corporation B to corporation A, even if they 
never release this modified version outside of A's organization? I would be 
surprised if that were the case.


You're the one insisting that the GPLv2 prohibits this, so where does it say 
that? The only clause I can find in the GPLv2 that directly addresses 
modification is 2a:

"You must cause the modified files to carry prominent notices stating that you 
changed the files and the date of any change."

That's it. I don't see anything that prohibits me from combining GPL code with 
proprietary code on my personal machine or my company laptop. *However*, the 
very next clause (2b) says

"You must cause any work that you distribute or publish, that in whole or in part 
contains or is derived from the Program or any part thereof, to be licensed as a whole at 
no charge to all third parties under the terms of this License."

...so if you do combine Wireshark with some piece of GPL-incompatible code, you 
certainly can't distribute it under the terms of the GPL, and in Wireshark's 
case it means you can't distribute your combined work at all since Wireshark is 
only available under the GPL.



This isn't in contradiction with the fact that writing plugins and not 
distributing the source code is allowed by the GPL. It does not make much sense 
to ask if the plugin is compatible or incompatible with the GPL (unless the 
plugin uses other software already using other licenses). This question of GPL 
compatibility only poses itself when a license must be granted to a third party 
to use this (proprietary/secret/whatever) binary plugin as a combined work with 
Wireshark.


I'm not sure what you're getting at here. If we can determine that a plugin 
isn't GPL or GPL-compatible, we could expose that in the UI, which might help 
companies avoid distributing something that they shouldn't.

My former employer built an internal version of Wireshark which contained both 
modified Wireshark code and (as I recall) internal plugins. The installer and 
main screen were quite clear that it was internal only and should not be 
provided to anyone outside the company. Plugin license detection would probably 
have been useful in that case.
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Changes to the plugin registration API

[Gerald Combs]

The FAQ entry below makes it clear that developing an internal version of Wireshark is permitted, 
and that "within an organization" counts as "internal." As far as I know the 
GPL doesn't place any restrictions on making an internal combined work with GPL and non-GPL 
software, so writing a non-GPL, internal-only plugin is permitted as long as you take care to keep 
it internal. I'd personally prefer that plugins were GPL-compatible, but I also know that we live 
in a real world where that sometimes isn't possible.

As far as MR 13524 goes, I think adding a "license" field, or even an "internal only" 
field would be useful, and that showing an "internal only" indicator in the plugin list would be 
useful as well. Refusing to load a plugin based on that field is needlessly disruptive, and follows neither 
the letter nor the intent of the GPL. At the very least the check should be removed.


On 12/4/23 8:33 AM, Gilbert Ramirez wrote:

The GPL FAQ discusses this:

https://www.gnu.org/licenses/gpl-faq.en.html#InternalDistribution 


Is making and using multiple copies within one organization or company 
“distribution”? (#InternalDistribution 
)

No, in that case the organization is just making the copies for itself. As 
a consequence, *a company or other organization can develop a modified version 
and install that version through its own facilities*, without giving the staff 
permission to release that modified version to outsiders.

However, when the organization transfers copies to other organizations or 
individuals, that is distribution. In particular, providing copies to 
contractors for use off-site is distribution.


Gilbert


On Mon, Dec 4, 2023 at 10:30 AM Anders Broman mailto:a.broma...@gmail.com>> wrote:


https://www.google.com/search?q=company+internal+use+of+gpl+code=company+internal+use+of+gpl+code_lcrp=EgZjaHJvbWUyBggAEEUYOTIHCAEQIRigAdIBCTIxMDcwajFqN6gCALACAA=ms-android-samsung-ss=chrome-mobile=UTF-8_dse_attribution=1
 


For me it is no problem circumventing your code. I'm just questioning if it 
is the right thing for the project to do.
That's it from me.
Regards
Anders

Den mån 4 dec. 2023 17:24João Valverde mailto:j...@v6e.pt>> 
skrev:



On 04/12/23 15:55, Martin Mathieson via Wireshark-dev wrote:
 > I have been doing internal Wireshark releases for years wherever I've
 > been working (as far as I know, they have never been sent outside of
 > the company).  I have *never* used the plugin mechanism. I package up
 > the entire program, even if only one file has been changed.  My
 > current company has acquired and merged with several other companies
 > and development groups - as far as I can tell, they all have a local
 > Wireshark person who does the same.  If people are working
 > closely with me, we sometimes even just keep dissectors as part of 
the
 > test code for the project that uses them, and team members build it
 > themselves.
 >
 > Am I allowed to do this?

In a strict legal sense I don't think you can use a GPL-incompatible
license for your changes, but it doesn't really matter as long as you
don't distribute it. Otherwise what does it matter which license it uses
or if it doesn't have a license at all? There is no one to license it
to. You are the only one using it and the GPL grants you the right to
modify the software. You can grant yourself only a GPL-license for your
modifications and no one else if it gives you peace of mind. :-)

AFAIK there is also nothing legally preventing someone from rebuilding
Wireshark with a modified source code to ignore the plugin license check
and forget the whole issue, in the same conditions as above, as long as
they don't distribute the proprietary plugin. The GPL violation only
happens if you distribute your plugin using an incompatible license.

 > Martin
 >
 >
 >
 > On Mon, Dec 4, 2023 at 2:54 PM João Valverde mailto:j...@v6e.pt>> wrote:
 >
 >
 >
 >     On 04/12/23 14:52, João Valverde wrote:
 >     >
 >     >
 >     > On 04/12/23 14:32, Anders Broman wrote:
 >     >> Hi,
 >     >> Company plug-ins may have restrictive license as the purpose 
is to
 >     >> only use them internally no public usage "secret" code for
 >     >> proprietary protocols under patents or IPL. Do we really want 
to
 >     >> forbid that? In 

Re: [Wireshark-dev] Future of Wireshark's Debian packaging scripts in the main repository

[Gerald Combs]

I think this falls well within the scope of the steering committee, and would 
be a good first exercise.

On 11/22/23 3:45 AM, Roland Knall wrote:

Hi

I would recommend that we bring this topic before the technical steering 
committee. As of right now, that committee needs to be formed in January and 
this topic is exactly why we are going to have the committee in the first 
place. The process is in the final steps and should be finished by the end of 
the year anyway.

I do not think that further discussing this issue is actually beneficial for 
the long term resolution of this situation. Both sides have valid arguments and 
good pointers and I would suggest as soon as the committee has taken up the 
topic we collectively create a single mission statement as suggested by Joao 
above. Until then, personally I will refrain from discussing this further, as I 
have said everything there is to say from my perspective.

Do you agree Gerald?

kind regards
Roland



Am Mi., 22. Nov. 2023 um 12:36 Uhr schrieb João Valverde mailto:j...@v6e.pt>>:

__
Maybe you´d like to volunteer to maintain the Wireshark Debian assets? 
Since you've got the experience and actually use it?

There are loads of lintian warnings waiting to be fixed, or there were 
until recently. Maybe you'd like to start there, and be more active staying on 
top of the all-important symbol lists. Just a thought.

On 21/11/23 15:00, Anders Broman wrote:

Hi,
I found it useful to be able to do Debian packages easily to provide 
internal installation packages and even ppa for Ubuntu.
So I have been using the Debian build system.
Best regards
Anders

Den tis 21 nov. 2023 15:48Roland Knall mailto:rkn...@gmail.com>> skrev:

As mentioned on the ticket - just putting it here as well - I am 
against dropping packaging/debian. But I am for having it underneath packaging, 
and not in the main directory, which is what the original change was about. I 
respect Joao's opinion as well as yours Balint. In this case here I think, we 
can provide assistance for future implementors and as a starting point, by 
keeping the directory underneath packaging/debian.

just my thoughts
Roland


Am Di., 21. Nov. 2023 um 15:28 Uhr schrieb Bálint Réczey mailto:bal...@balintreczey.hu>>:

Hi All,

João shared his opinion about the project's commitment to maintain 
the
packaging/debian/ in the project's repository:


https://gitlab.com/wireshark/wireshark/-/commit/79da670bd1b4f91eebee5c96b19eaf1f33c94777#note_1656501952
 


I believe the current practice is reasonable and beneficial enough 
for
many parties to warrant the work, but I could be wrong.

Probably the most important question is if there is anyone relying 
on
the packaging scripts there. If you are, please speak up otherwise 
the
directory may be dropped.

Comments are welcome.

Cheers,
Balint

___
Sent via:    Wireshark-dev mailing list mailto:wireshark-dev@wireshark.org>>
Archives: https://www.wireshark.org/lists/wireshark-dev 

Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev 

             mailto:wireshark-dev-requ...@wireshark.org 
?subject=unsubscribe


___
Sent via:    Wireshark-dev mailing list mailto:wireshark-dev@wireshark.org>>
Archives: https://www.wireshark.org/lists/wireshark-dev 

Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev 

             mailto:wireshark-dev-requ...@wireshark.org 
?subject=unsubscribe


___
Sent via:Wireshark-dev mailing list  

Archives:https://www.wireshark.org/lists/wireshark-dev  

Unsubscribe:https://www.wireshark.org/mailman/options/wireshark-dev  

  mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe  



___
Sent via:    Wireshark-dev mailing list mailto:wireshark-dev@wireshark.org>>

[Wireshark-dev] Wireshark 4.2.0 is now available

[Gerald Combs]

I'm proud to announce the release of Wireshark 4.2.0.


 What is Wireshark?

  Wireshark is the world’s most popular network protocol analyzer. It is
  used for troubleshooting, analysis, development and education.

 What’s New

  This is the first major Wireshark release under the Wireshark
  Foundation, a nonprofit which hosts Wireshark and promotes protocol
  analysis education. The foundation depends on your contributions in
  order to do its work. If you or your employer would like to contribute
  or become a sponsor, please visit wiresharkfoundation.org[1].

  Wireshark supports dark mode on Windows.

  A Windows installer for Arm64 has been added.

  Packet list sorting has been improved.

  Wireshark and TShark are now better about generating valid UTF-8
  output.

  A new display filter feature for filtering raw bytes has been added.

  Display filter autocomplete is smarter about not suggesting invalid
  syntax.

  "Tools › MAC Address Blocks" can lookup a MAC address in the IEEE OUI
  registry.

  The enterprises, manuf, and services configuration files have been
  compiled in for improved start-up times. These files are no longer
  available in the master branch in our source code repository. You can
  download the manuf file[2] from our automated build directory.

  The installation target no longer installs development headers by
  default.

  The Wireshark installation is relocatable on Linux (and other ELF
  platforms with support for relative RPATHs).

  Wireshark can be compiled on Windows using MSYS2[3]. Check the
  Developer’s guide for instructions.

  Wireshark can be cross-compiled for Windows using Linux. Check the
  Developer’s guide for instructions.

  "Tools › Browser (SSL Keylog)" can launch your web browser with the
  SSLKEYLOGFILE environment variable set to the appropriate value.

  Windows installer file names now have the format
  Wireshark--.exe.

  Wireshark now supports the Korean language.

  Many other improvements have been made. See the “New and Updated
  Features” section below for more details.

  Bug Fixes

   The following bugs have been fixed:

 • Issue 18413[4] - RTP player do not play audio frequently on
   Windows builds with Qt6.

 • Issue 18510[5] - Playback marker does not move after resume with
   Qt6.

  New and Updated Features

   The following features are new (or have been significantly updated)
   since version 4.2.0rc3:

 • Nothing of note.

   The following features are new (or have been significantly updated)
   since version 4.2.0rc2:

 • The Windows installers now ship with Npcap 1.78. They previously
   shipped with Npcap 1.77.

   The following features are new (or have been significantly updated)
   since version 4.2.0rc1:

 • The Windows installers now ship with Npcap 1.77. They previously
   shipped with Npcap 1.71.

   The following features are new (or have been significantly updated)
   since version 4.1.0:

 • Improved dark mode support.

 • The Windows installers now ship with Qt 6.5.3. They previously
   shipped with Qt 6.2.3.

   The following features are new (or have been significantly updated)
   since version 4.0.0:

 • The API has been updated to ensure that the dissection engine
   produces valid UTF-8 strings.

 • Wireshark now builds with Qt6 by default. To use Qt5 instead pass
   USE_qt6=OFF to CMake.

 • The "ciscodump" extcap supports Cisco IOS XE 17.x.

 • The default interval between GUI updates when capturing has been
   decreased from 500ms to 100ms, and is now configurable.

 • The -n option also now disables IP address geolocation
   information lookup in configured MaxMind databases (and
   geolocation lookup can be enabled with -Ng.) This is most
   relevant for TShark, where geolocation lookups are synchronous.

 • The display filter drop-down list is now sorted by "most recently
   used" instead of "most recently created".

 • Display filter syntax-related changes:

• It is now possible to filter on raw packet data for any field
   by using the syntax `@some.field == `. This can be
   useful to filter on malformed UTF-8 strings, among other use
   cases where it is necessary to look at the field’s raw data.

• Negation (unary minus) now works with any display filter
   arithmetic expression.

• Using the slice operator with strings produces a string.
   Previously it would produce a byte array. This is useful to
   index/slice UTF-8 multibyte strings. String byte slices can still
   be obtained using the "@" (raw operator) prefix.

• Arithmetic expressions are allowed as set elements.

• Absolute date and time values can be written as Unix time.

• The limitation where a minus sign needed to be preceded by a
   space character has been removed.

• Added XOR logical operator.

• Fixed the implementation of `all …​ 

Re: [Wireshark-dev] Remove GPL (v3 or later) (with Bison parser exception) from our allowed license list?

[Gerald Combs]

On 10/8/23 2:49 PM, Gerald Combs wrote:

Hi all,

We currently have "GPL (v3 or later) (with Bison parser exception)" in the list 
of allowed licenses in checklicenses.py. Presumably that was because we shipped 
Bison-generated code at one time. However, our last .y file was removed in 2020 in 
f21cd2e23f and I can't find any code in our repository or in our dependencies that uses 
this particular license. Does anyone object to removing it from our allow list?


I created MR #12533 which removes "GPL (v3 or later) (with Bison parser 
exception)" from our allow list. I'll leave it open until next Wednesday to allow 
time for discussion.
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Remove GPL (v3 or later) (with Bison parser exception) from our allowed license list?

[Gerald Combs]

Hi all,

We currently have "GPL (v3 or later) (with Bison parser exception)" in the list 
of allowed licenses in checklicenses.py. Presumably that was because we shipped 
Bison-generated code at one time. However, our last .y file was removed in 2020 in 
f21cd2e23f and I can't find any code in our repository or in our dependencies that uses 
this particular license. Does anyone object to removing it from our allow list?
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Wireshark 4.0.10 is now available

[Gerald Combs]

I'm proud to announce the release of Wireshark 4.0.10.


 What is Wireshark?

  Wireshark is the world’s most popular network protocol analyzer. It is
  used for troubleshooting, analysis, development and education.

 What’s New

  We do not ship official 32-bit Windows packages for Wireshark 4.0 and
  later. If you need to use Wireshark on that platform, we recommend
  using the latest 3.6 release. Issue 17779[1]

  If you’re running Wireshark on macOS and upgraded to macOS 13 from an
  earlier version, you might have to open and run the “Uninstall
  ChmodBPF” package, then open and run “Install ChmodBPF” in order to
  reset the ChmodBPF Launch Daemon. Issue 18734[2].

  Bug Fixes

   The following bugs have been fixed:

 • Error loading g729.so plugin with Wireshark 4.0.9 and 3.6.17 on
   macOS. Issue 19374[3].

  New and Updated Features

   There are no new or updated features in this release.

  New Protocol Support

   There are no new protocols in this release.

  Updated Protocol Support

   There are no updated protocols in this release.

  New and Updated Capture File Support

   There is no new or updated capture file support in this release.

  New File Format Decoding Support

   There is no new or updated file format support in this release.

 Getting Wireshark

  Wireshark source code and installation packages are available from
  https://www.wireshark.org/download.html.

  Vendor-supplied Packages

   Most Linux and Unix vendors supply their own Wireshark packages. You
   can usually install or upgrade Wireshark using the package management
   system specific to that platform. A list of third-party packages can
   be found on the download page[4] on the Wireshark web site.

 File Locations

  Wireshark and TShark look in several different locations for
  preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
  locations vary from platform to platform. You can use "Help › About
  Wireshark › Folders" or `tshark -G folders` to find the default
  locations on your system.

 Getting Help

  The User’s Guide, manual pages and various other documentation can be
  found at https://www.wireshark.org/docs/

  Community support is available on Wireshark’s Q site[5] and on the
  wireshark-users mailing list. Subscription information and archives
  for all of Wireshark’s mailing lists can be found on the web site[6].

  Bugs and feature requests can be reported on the issue tracker[7].

  You can learn protocol analysis and meet Wireshark’s developers at
  SharkFest[8].

 How You Can Help

  The Wireshark Foundation helps as many people as possible understand
  their networks as much as possible. You can find out more and donate
  at wiresharkfoundation.org[9].

 Frequently Asked Questions

  A complete FAQ is available on the Wireshark web site[10].

 References

   1. https://gitlab.com/wireshark/wireshark/-/issues/17779
   2. https://gitlab.com/wireshark/wireshark/-/issues/18734
   3. https://gitlab.com/wireshark/wireshark/-/issues/19374
   4. https://www.wireshark.org/download.html
   5. https://ask.wireshark.org/
   6. https://www.wireshark.org/lists/
   7. https://gitlab.com/wireshark/wireshark/-/issues
   8. https://sharkfest.wireshark.org
   9. https://wiresharkfoundation.org
  10. https://www.wireshark.org/faq.html


Digests

wireshark-4.0.10.tar.xz: 43124192 bytes
SHA256(wireshark-4.0.10.tar.xz)=b2e3ff03fa2be9058a9ffbedd12b0a670433bd16c8cc6c432ab48dabc2df1898
SHA1(wireshark-4.0.10.tar.xz)=830ba7ff602da90323bbc5ec15941c0878d9ee4a

Wireshark-win64-4.0.10.exe: 79141976 bytes
SHA256(Wireshark-win64-4.0.10.exe)=085d9aa4f6614730f132fb5c28ec5fa445dea79687e4c648d586de569ffcc5e2
SHA1(Wireshark-win64-4.0.10.exe)=1e5ea0f5fa1a8835bcfc9587efa4bf58c495d13f

Wireshark-win64-4.0.10.msi: 53219328 bytes
SHA256(Wireshark-win64-4.0.10.msi)=965e532c05c4be1423e72bcb6c3350aca3f64b42543807c1193705ab7a1e59af
SHA1(Wireshark-win64-4.0.10.msi)=b6e13884d0a6ab5f41e92a127d85261fc71b28c4

WiresharkPortable64_4.0.10.paf.exe: 45802800 bytes
SHA256(WiresharkPortable64_4.0.10.paf.exe)=40e4da853067905cee3447d64b3399d8101b90265bcc213081b750e33f78bb8f
SHA1(WiresharkPortable64_4.0.10.paf.exe)=15a0ba51e056029699484a13adb4c52bd30703a9

Wireshark 4.0.10 Arm 64.dmg: 63446426 bytes
SHA256(Wireshark 4.0.10 Arm 
64.dmg)=178201c6b010e8ee7058a640b2592a8759a8ffa323f5a04434273a3501530a94
SHA1(Wireshark 4.0.10 Arm 64.dmg)=0ec52abbd32c97a0f1ee21b590f6dc919960c7b2

Wireshark 4.0.10 Intel 64.dmg: 66986608 bytes
SHA256(Wireshark 4.0.10 Intel 
64.dmg)=f0ae6cfc2ecf1e7f5b1475c91bb2c5f7ac63174405a667056bb29b8c17f1180b
SHA1(Wireshark 4.0.10 Intel 64.dmg)=926abb7a6bdb0f58b6b4b6aaba19353207d90ce6

You can validate these hashes using the following commands (among others):

Windows: certutil -hashfile Wireshark-win64-x.y.z.exe SHA256
Linux (GNU Coreutils): sha256sum wireshark-x.y.z.tar.xz
macOS: shasum -a 256 "Wireshark x.y.z Arm 64.dmg"
Other: openssl sha256 wireshark-x.y.z.tar.xz


OpenPGP_signature
Description: 

[Wireshark-dev] Wireshark 4.0.9 is now available

[Gerald Combs]

I'm proud to announce the release of Wireshark 4.0.9.


 What is Wireshark?

  Wireshark is the world’s most popular network protocol analyzer. It is
  used for troubleshooting, analysis, development and education.

 What’s New

  We do not ship official 32-bit Windows packages for Wireshark 4.0 and
  later. If you need to use Wireshark on that platform, we recommend
  using the latest 3.6 release. Issue 17779[1]

  If you’re running Wireshark on macOS and upgraded to macOS 13 from an
  earlier version, you might have to open and run the “Uninstall
  ChmodBPF” package, then open and run “Install ChmodBPF” in order to
  reset the ChmodBPF Launch Daemon. Issue 18734[2].

  Bug Fixes

   The following vulnerabilities have been fixed:

 • wnpa-sec-2023-27[3] RTPS dissector memory leak. Issue 19322[4].
   CVE-2023-5371[5].

   The following bugs have been fixed:

 • Updating from within Wireshark if a file is open fails because it
   can’t close Wireshark. Issue 17658[6].

 • ESL timestamp provided by ET2000 not displayed. Issue 18308[7].

 • Kafka: dissect_kafka_sync_group_request missing version check for
   instance_id. Issue 19290[8].

 • Start Capture via context menu crashes on macOS with an older Qt
   version. Issue 19299[9].

 • Delta time displayed is incorrect after unsetting time reference.
   Issue 19324[10].

 • Fuzz job crash output: randpkt-2023-09-09-7060.pcap. Issue
   19332[11].

 • Missing one bit in SCCP::sequencing/segmenting. Issue 19336[12].

 • Protobuf field malformed packet for last byte of 'repeated
   fixed32' Issue 19342[13].

 • RTP/RFC 4571: Wrong desegmentation/reassembly in RTP over TCP
   packets. Issue 19345[14].

 • Sparklines not working on macOS Sonoma with both native OS and
   Homebrew pcap. Issue 19349[15].

 • Incorrect bit values and namings in BSS Configuration Report TLV.
   Issue 19352[16].

  New and Updated Features

   There are no new or updated features in this release.

  New Protocol Support

   There are no new protocols in this release.

  Updated Protocol Support

   ESL, GNW, IDN, IEEE 1722, IEEE 1905.1a, ITS, Kafka, ProtoBuf, RTP,
   RTPS, SCCP, TACACS, and Tibia

  New and Updated Capture File Support

   There is no new or updated capture file support in this release.

  New File Format Decoding Support

   There is no new or updated file format support in this release.

 Getting Wireshark

  Wireshark source code and installation packages are available from
  https://www.wireshark.org/download.html.

  Vendor-supplied Packages

   Most Linux and Unix vendors supply their own Wireshark packages. You
   can usually install or upgrade Wireshark using the package management
   system specific to that platform. A list of third-party packages can
   be found on the download page[17] on the Wireshark web site.

 File Locations

  Wireshark and TShark look in several different locations for
  preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
  locations vary from platform to platform. You can use "Help › About
  Wireshark › Folders" or `tshark -G folders` to find the default
  locations on your system.

 Getting Help

  The User’s Guide, manual pages and various other documentation can be
  found at https://www.wireshark.org/docs/

  Community support is available on Wireshark’s Q site[18] and on the
  wireshark-users mailing list. Subscription information and archives
  for all of Wireshark’s mailing lists can be found on the web site[19].

  Bugs and feature requests can be reported on the issue tracker[20].

  You can learn protocol analysis and meet Wireshark’s developers at
  SharkFest[21].

 How You Can Help

  The Wireshark Foundation helps as many people as possible understand
  their networks as much as possible. You can find out more and donate
  at wiresharkfoundation.org[22].

 Frequently Asked Questions

  A complete FAQ is available on the Wireshark web site[23].

 References

   1. https://gitlab.com/wireshark/wireshark/-/issues/17779
   2. https://gitlab.com/wireshark/wireshark/-/issues/18734
   3. https://www.wireshark.org/security/wnpa-sec-2023-27
   4. https://gitlab.com/wireshark/wireshark/-/issues/19322
   5. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5371
   6. https://gitlab.com/wireshark/wireshark/-/issues/17658
   7. https://gitlab.com/wireshark/wireshark/-/issues/18308
   8. https://gitlab.com/wireshark/wireshark/-/issues/19290
   9. https://gitlab.com/wireshark/wireshark/-/issues/19299
  10. https://gitlab.com/wireshark/wireshark/-/issues/19324
  11. https://gitlab.com/wireshark/wireshark/-/issues/19332
  12. https://gitlab.com/wireshark/wireshark/-/issues/19336
  13. https://gitlab.com/wireshark/wireshark/-/issues/19342
  14. https://gitlab.com/wireshark/wireshark/-/issues/19345
  15. https://gitlab.com/wireshark/wireshark/-/issues/19349
  16. https://gitlab.com/wireshark/wireshark/-/issues/19352
  17. 

Re: [Wireshark-dev] 4.2.0 release schedule

[Gerald Combs]

The release-4.2 branch has been created.

On 9/21/23 3:41 PM, Gerald Combs wrote:

It doesn't look like I mentioned it below, but I plan on creating the 
release-4.2 branch this upcoming Monday, the 25th. At that point we'll have the 
following active branches and major+minor versions:

master / 4.3
release-4.2 / 4.2
release-4.0 / 4.0
release-3.6 / 3.6

4.2.0rc1 is still scheduled for October 5 and the Windows and macOS installers 
will hopefully include Qt 6.5.3. 4.2.0 is still scheduled for November 15.

On 9/17/23 3:13 PM, João Valverde wrote:

I'm not sure I follow. I don't know why things would settle down before a 
branch is made. That's exactly my point, the master branch should be unaffected 
by the release schedule IMO. Things settle down after the branch is created, 
not before.

If the policy I outline before is followed there's no extra work, the churn 
just happens earlier instead, with 4.1 releases and not 4.2 (backports that are 
strictly bug fixes are not churn).

On 9/17/23 12:29, Jaap Keuter wrote:

Hi,

This starts to resemble the Linux kernel merge window challenges. There's 
always a tradeoff between ease of development vs. churn. Things do need to 
settle down
before a branch can be made, that's what we're here for.

Personally I'm in the process of finalizing a new dissector (for iperf3) and 
extending another (RTP headers in SAToP). That's my target for 4.2. Not an 
issue to double submit, just a bit more hassle.

Jaap

On 9/16/23 01:02, João Valverde wrote:

I would like that. We can be liberal backporting changes to the 4.1 release, 
but some care should be taken to avoid very big or risky changes. Then for the 
4.2 release candidates, ideally only bugfixes would be backported.

On 9/15/23 22:51, Gerald Combs wrote:

I have no objections to creating the 4.2 branch earlier. As you point out, it mostly 
comes down to how much backporting we want to do. The release numbers are a reflection of 
the fact that "run tools/make-version.py -v ..." is in the new release branch 
checklist.

On 9/15/23 12:06 PM, João Valverde wrote:

Should 4.1 be developed on the release-4.2 branch already? Obviously it would 
require some backporting work from developers, but also provide some stability. 
Right now the 4.1 release is just a snapshot of master, so really 4.1.x micro 
versions are meaningless.

There are some changes that might be too experimental to push on master right 
now, given that a stable release is right around the corner.

By creating the release-4.2 branch earlier, I think that problem could be 
avoided, and maybe also lead to a better 4.2 release.

Thoughts?

On 8/17/23 22:04, Gerald Combs wrote:

Hi all,

I'd like to start preparing for the creation of the release-4.2 branch and the 
4.2.0 release. I've come up with the following tentative schedule, which will 
give us a couple of release candidates before SharkFest EU and a final release 
in November, after SharkFest:

Aug 24 : Release 4.1.0
Aug ?? : Release 4.1.1
Sep ?? : Release 4.1.2
Oct  2 : Create the release-4.2 branch
Oct  4 : Release 4.2.0rc1
Oct 18 : Release 4.2.0rc2
Oct 30 - Nov 3 : SharkFest EU. See you in Brussels!
Nov  8 : Release 4.2.0

If you need to delay any of the above, particularly the release-4.2 branch, 
please let me know.

New features and improvements in 4.2.0 will include:

- Packet list sorting performance improvements.

- "_ws.col." display filters.

- More display filter improvements, including raw byte matching (@field.name == 
12:ab:23:cd).

- Some name resolution files (such as "manuf" and "services") are now compiled 
in, which reduces startup time.

- A built-in MAC address / OUI dialog.

- A Windows Arm64 installer.

Note that the release-3.6 branch is an LTS branch, so in accordance with 
https://wiki.wireshark.org/Development/LifeCycle we'll have three active 
release branches until May 2024.



___
Sent via:    Wireshark-dev mailing list 
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe


___
Sent via:    Wireshark-dev mailing list 
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe




___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] 4.2.0 release schedule

[Gerald Combs]

It doesn't look like I mentioned it below, but I plan on creating the 
release-4.2 branch this upcoming Monday, the 25th. At that point we'll have the 
following active branches and major+minor versions:

master / 4.3
release-4.2 / 4.2
release-4.0 / 4.0
release-3.6 / 3.6

4.2.0rc1 is still scheduled for October 5 and the Windows and macOS installers 
will hopefully include Qt 6.5.3. 4.2.0 is still scheduled for November 15.

On 9/17/23 3:13 PM, João Valverde wrote:

I'm not sure I follow. I don't know why things would settle down before a 
branch is made. That's exactly my point, the master branch should be unaffected 
by the release schedule IMO. Things settle down after the branch is created, 
not before.

If the policy I outline before is followed there's no extra work, the churn 
just happens earlier instead, with 4.1 releases and not 4.2 (backports that are 
strictly bug fixes are not churn).

On 9/17/23 12:29, Jaap Keuter wrote:

Hi,

This starts to resemble the Linux kernel merge window challenges. There's 
always a tradeoff between ease of development vs. churn. Things do need to 
settle down
before a branch can be made, that's what we're here for.

Personally I'm in the process of finalizing a new dissector (for iperf3) and 
extending another (RTP headers in SAToP). That's my target for 4.2. Not an 
issue to double submit, just a bit more hassle.

Jaap

On 9/16/23 01:02, João Valverde wrote:

I would like that. We can be liberal backporting changes to the 4.1 release, 
but some care should be taken to avoid very big or risky changes. Then for the 
4.2 release candidates, ideally only bugfixes would be backported.

On 9/15/23 22:51, Gerald Combs wrote:

I have no objections to creating the 4.2 branch earlier. As you point out, it mostly 
comes down to how much backporting we want to do. The release numbers are a reflection of 
the fact that "run tools/make-version.py -v ..." is in the new release branch 
checklist.

On 9/15/23 12:06 PM, João Valverde wrote:

Should 4.1 be developed on the release-4.2 branch already? Obviously it would 
require some backporting work from developers, but also provide some stability. 
Right now the 4.1 release is just a snapshot of master, so really 4.1.x micro 
versions are meaningless.

There are some changes that might be too experimental to push on master right 
now, given that a stable release is right around the corner.

By creating the release-4.2 branch earlier, I think that problem could be 
avoided, and maybe also lead to a better 4.2 release.

Thoughts?

On 8/17/23 22:04, Gerald Combs wrote:

Hi all,

I'd like to start preparing for the creation of the release-4.2 branch and the 
4.2.0 release. I've come up with the following tentative schedule, which will 
give us a couple of release candidates before SharkFest EU and a final release 
in November, after SharkFest:

Aug 24 : Release 4.1.0
Aug ?? : Release 4.1.1
Sep ?? : Release 4.1.2
Oct  2 : Create the release-4.2 branch
Oct  4 : Release 4.2.0rc1
Oct 18 : Release 4.2.0rc2
Oct 30 - Nov 3 : SharkFest EU. See you in Brussels!
Nov  8 : Release 4.2.0

If you need to delay any of the above, particularly the release-4.2 branch, 
please let me know.

New features and improvements in 4.2.0 will include:

- Packet list sorting performance improvements.

- "_ws.col." display filters.

- More display filter improvements, including raw byte matching (@field.name == 
12:ab:23:cd).

- Some name resolution files (such as "manuf" and "services") are now compiled 
in, which reduces startup time.

- A built-in MAC address / OUI dialog.

- A Windows Arm64 installer.

Note that the release-3.6 branch is an LTS branch, so in accordance with 
https://wiki.wireshark.org/Development/LifeCycle we'll have three active 
release branches until May 2024.



___
Sent via:    Wireshark-dev mailing list 
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe


___
Sent via:    Wireshark-dev mailing list 
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
     mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe


___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] 4.2.0 release schedule

[Gerald Combs]

I have no objections to creating the 4.2 branch earlier. As you point out, it mostly 
comes down to how much backporting we want to do. The release numbers are a reflection of 
the fact that "run tools/make-version.py -v ..." is in the new release branch 
checklist.

On 9/15/23 12:06 PM, João Valverde wrote:

Should 4.1 be developed on the release-4.2 branch already? Obviously it would 
require some backporting work from developers, but also provide some stability. 
Right now the 4.1 release is just a snapshot of master, so really 4.1.x micro 
versions are meaningless.

There are some changes that might be too experimental to push on master right 
now, given that a stable release is right around the corner.

By creating the release-4.2 branch earlier, I think that problem could be 
avoided, and maybe also lead to a better 4.2 release.

Thoughts?

On 8/17/23 22:04, Gerald Combs wrote:

Hi all,

I'd like to start preparing for the creation of the release-4.2 branch and the 
4.2.0 release. I've come up with the following tentative schedule, which will 
give us a couple of release candidates before SharkFest EU and a final release 
in November, after SharkFest:

Aug 24 : Release 4.1.0
Aug ?? : Release 4.1.1
Sep ?? : Release 4.1.2
Oct  2 : Create the release-4.2 branch
Oct  4 : Release 4.2.0rc1
Oct 18 : Release 4.2.0rc2
Oct 30 - Nov 3 : SharkFest EU. See you in Brussels!
Nov  8 : Release 4.2.0

If you need to delay any of the above, particularly the release-4.2 branch, 
please let me know.

New features and improvements in 4.2.0 will include:

- Packet list sorting performance improvements.

- "_ws.col." display filters.

- More display filter improvements, including raw byte matching (@field.name == 
12:ab:23:cd).

- Some name resolution files (such as "manuf" and "services") are now compiled 
in, which reduces startup time.

- A built-in MAC address / OUI dialog.

- A Windows Arm64 installer.

Note that the release-3.6 branch is an LTS branch, so in accordance with 
https://wiki.wireshark.org/Development/LifeCycle we'll have three active 
release branches until May 2024.
___
Sent via:    Wireshark-dev mailing list 
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe


___
Sent via:    Wireshark-dev mailing list 
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
     mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe


___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Wireshark 4.0.8 is now available

[Gerald Combs]

I'm proud to announce the release of Wireshark 4.0.8.


 What is Wireshark?

  Wireshark is the world’s most popular network protocol analyzer. It is
  used for troubleshooting, analysis, development and education.

 What’s New

  We do not ship official 32-bit Windows packages for Wireshark 4.0 and
  later. If you need to use Wireshark on that platform, we recommend
  using the latest 3.6 release. Issue 17779[1]

  If you’re running Wireshark on macOS and upgraded to macOS 13 from an
  earlier version, you might have to open and run the “Uninstall
  ChmodBPF” package, then open and run “Install ChmodBPF” in order to
  reset the ChmodBPF Launch Daemon. Issue 18734[2].

  Bug Fixes

   The following vulnerabilities have been fixed:

 • wnpa-sec-2023-23[3] CBOR dissector crash. Issue 19144[4].

 • wnpa-sec-2023-24[5] BT SDP dissector infinite loop. Issue
   19258[6].

 • wnpa-sec-2023-25[7] BT SDP dissector memory leak. Issue 19259[8].

 • wnpa-sec-2023-26[9] CP2179 dissector crash. Issue 19229[10].

   The following bugs have been fixed:

 • TShark cannot capture to pipe on Windows correctly. Issue
   17900[11].

 • Wireshark wrongly blames group membership when pcap capabilities
   are removed. Issue 18279[12].

 • Packet bytes window broken layout. Issue 18326[13].

 • RTP Player only shows waveform until sequence rollover. Issue
   18829[14].

 • Valid Ethernet CFM DMM packets are shown as malformed. Issue
   19198[15].

 • Crash on DICOM Export Objects window close. Issue 19207[16].

 • The QUIC dissector is reporting the quic_transport_parameters
   max_ack_delay with the title \"GREASE\" Issue 19209[17].

 • Preferences: Folder name editing behaves weirdly, cursor jumps.
   Issue 19213[18].

 • DHCPFO: Expert info list does not show all expert infos. Issue
   19216[19].

 • Websocket packets not decoded and displayed for Field type=Custom
   and Field name websocket.payload.text. Issue 19220[20].

 • Cannot read pcapng file captured on OpenBSD and read on FreeBSD.
   Issue 19230[21].

 • UI: While capturing the Wireshark icon changes from green to blue
   when new file is created. Issue 19252[22].

 • Conversation: heap-use-after-free after wmem_leave_file_scope.
   Issue 19265[23].

 • IP Packets with DSCP 44 does not indicate "Voice-Admit" Issue
   19270[24].

 • NAS 5GS Malformed Packet Decoding SOR transparent container PLMN
   ID and access technology list. Issue 19273[25].

 • UI: Auto scroll button in the toolbar is turned on when manually
   scrolling to the end of packet list. Issue 19274[26].

  New and Updated Features

   There are no new or updated features in this release.

  New Protocol Support

   There are no new protocols in this release.

  Updated Protocol Support

   BT SDP, CBOR, CFM, CP2179, CQL, DHCPFO, DICOM, F1AP, GSM DTAP, IEEE
   802.11, IPv4, NAS-5GS, PFCP, PKT CCC, QUIC, RTP, TFTP, WebSocket, and
   XnAP

  New and Updated Capture File Support

   There is no new or updated capture file support in this release.

  New File Format Decoding Support

   There is no new or updated file format support in this release.

 Getting Wireshark

  Wireshark source code and installation packages are available from
  https://www.wireshark.org/download.html.

  Vendor-supplied Packages

   Most Linux and Unix vendors supply their own Wireshark packages. You
   can usually install or upgrade Wireshark using the package management
   system specific to that platform. A list of third-party packages can
   be found on the download page[27] on the Wireshark web site.

 File Locations

  Wireshark and TShark look in several different locations for
  preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
  locations vary from platform to platform. You can use "Help › About
  Wireshark › Folders" or `tshark -G folders` to find the default
  locations on your system.

 Getting Help

  The User’s Guide, manual pages and various other documentation can be
  found at https://www.wireshark.org/docs/

  Community support is available on Wireshark’s Q site[28] and on the
  wireshark-users mailing list. Subscription information and archives
  for all of Wireshark’s mailing lists can be found on the web site[29].

  Bugs and feature requests can be reported on the issue tracker[30].

  You can learn protocol analysis and meet Wireshark’s developers at
  SharkFest[31].

 How You Can Help

  The Wireshark Foundation helps as many people as possible understand
  their networks as much as possible. You can find out more and donate
  at wiresharkfoundation.org[32].

 Frequently Asked Questions

  A complete FAQ is available on the Wireshark web site[33].

 References

   1. https://gitlab.com/wireshark/wireshark/-/issues/17779
   2. https://gitlab.com/wireshark/wireshark/-/issues/18734
   3. https://www.wireshark.org/security/wnpa-sec-2023-23
   4. 

Re: [Wireshark-dev] About the DNS resolver

[Gerald Combs]

Sounds fine to me. We had overlapping support for c-ares and ADNS for a while, so this 
isn't new territory. Can you open an issue and set the milestone to "Wireshark 
5.x" so this doesn't get lost?

On 8/20/23 12:08 PM, Jaap Keuter wrote:

Hi,

So we’ve been using the c-ares name resolver for a while now and it’s serving 
its purpose.
However, this is not the only one out there. DNS technologies have evolved 
somewhat and c-ares does not provide for them.
Would it make sense to start looking into using libunbound[1] as a replacement 
for c-ares to bring these technologies in reach.
 From a cursory look it seems that the current structure can be retained while 
shoehorning in unbound.
Thoughts? It could be something we could try to achieve for 5.0.

[1] https://nlnetlabs.nl/projects/unbound/about/

Jaap

___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
  mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe


___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] 4.2.0 release schedule

[Gerald Combs]

Hi all,

I'd like to start preparing for the creation of the release-4.2 branch and the 
4.2.0 release. I've come up with the following tentative schedule, which will 
give us a couple of release candidates before SharkFest EU and a final release 
in November, after SharkFest:

Aug 24 : Release 4.1.0
Aug ?? : Release 4.1.1
Sep ?? : Release 4.1.2
Oct  2 : Create the release-4.2 branch
Oct  4 : Release 4.2.0rc1
Oct 18 : Release 4.2.0rc2
Oct 30 - Nov 3 : SharkFest EU. See you in Brussels!
Nov  8 : Release 4.2.0

If you need to delay any of the above, particularly the release-4.2 branch, 
please let me know.

New features and improvements in 4.2.0 will include:

- Packet list sorting performance improvements.

- "_ws.col." display filters.

- More display filter improvements, including raw byte matching (@field.name == 
12:ab:23:cd).

- Some name resolution files (such as "manuf" and "services") are now compiled 
in, which reduces startup time.

- A built-in MAC address / OUI dialog.

- A Windows Arm64 installer.

Note that the release-3.6 branch is an LTS branch, so in accordance with 
https://wiki.wireshark.org/Development/LifeCycle we'll have three active 
release branches until May 2024.
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Help regarding CI failure in gitlab

[Gerald Combs]

The Windows and macOS CI runners are private to the Wireshark project itself, 
so any attempts to run them from an external project will fail. They shouldn't 
show up in the pipelines in other repositories, but it looks like there's a bug 
in our GitLab CI rules. I've pushed an attempted fix in MR 11554.


On 7/27/23 12:51 PM, Riya Dixit wrote:

Hi community,
I am new to Wireshark development. I am trying to upstream my dissector. The 
code works fine but why is the CI failing for all packages ( window×64, macos 
arm and Intel). It is only passing for Windows MinGw. How do I debug this?
This is the link to my CI -
https://gitlab.com/riyadixitagra/wireshark-pldm/-/pipelines/913244896 


___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
  mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe


___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Windows Arm64 packages

[Gerald Combs]

Hi all,

We now have a Windows Arm64 CI builder and experimental Windows Arm64 packages 
are available at https://www.wireshark.org/download/automated/win64/. Basic 
features worked in my limited testing, but if you run into any problems please 
create an issue at https://gitlab.com/wireshark/wireshark/-/issues.
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Wireshark 4.0.7 is now available

[Gerald Combs]

I'm proud to announce the release of Wireshark 4.0.7.


 What is Wireshark?

  Wireshark is the world’s most popular network protocol analyzer. It is
  used for troubleshooting, analysis, development and education.

 What’s New

  We do not ship official 32-bit Windows packages for Wireshark 4.0 and
  later. If you need to use Wireshark on that platform, we recommend
  using the latest 3.6 release. Issue 17779[1]

  If you’re running Wireshark on macOS and upgraded to macOS 13 from an
  earlier version, you might have to open and run the “Uninstall
  ChmodBPF” package, then open and run “Install ChmodBPF” in order to
  reset the ChmodBPF Launch Daemon. Issue 18734[2].

  Bug Fixes

   The following vulnerabilities have been fixed:

 • wnpa-sec-2023-21[3] Kafka dissector crash. Issue 19105[4].

 • wnpa-sec-2023-22[5] iSCSI dissector crash. Issue 19164[6].

   The following bugs have been fixed:

 • Crash when (re)loading a capture file after renaming a dfilter
   macro. Issue 13753[7].

 • Moving a column deselects selected packet and moves to beginning
   of packet list. Issue 16251[8].

 • If you set the default interface in the preferences, it doesn’t
   work with TShark. Issue 16593[9].

 • Severe performance issues in Follow → Save As raw workflow. Issue
   17313[10].

 • TShark doesn’t support the tab character as an aggregator
   character in \"-T fields\" Issue 18002[11].

 • On Windows clicking on a link in the 'Software Update' window
   launches, now unsupported, MS Internet Explorer. Issue 18488[12].

 • Wireshark 4.x.x on Win10-x64 crashes after saving a file with a
   name already in use. Issue 18679[13].

 • NAS-5GS Operator-defined Access Category: Multiple Criteria
   values not displayed in dissected packet display. Issue
   18941[14].

 • Server Hello Packet Invisible - during 802.1x Authentication-
   from Wireshark App Version 4.0.3 (v4.0.3-0-gc552f74cdc23) &
   above. Issue 19071[15].

 • TShark reassembled data is incomplete/truncated. Issue 19107[16].

 • CQL protocol parsing issues with `Result` frames from open source
   Cassandra. Issue 19119[17].

 • TLS 1.3 second Key Update doesn’t work. Issue 19120[18].

 • HTTP2 dissector reports an assertion error on large data frames.
   Issue 19121[19].

 • epan: Single letter hostnames aren’t displayed correctly. Issue
   19137[20].

 • BLF: CAN-FD-Message format is missing a field. Issue 19146[21].

 • BLF: last parameter of LIN-Message is not mandatory (BUGFIX)
   Issue 19147[22].

 • PPP IPv6CP: Incorrect payload length warning. Issue 19149[23].

 • INSTALL file needs to be updated for Debian. Issue 19167[24].

 • Some RTP streams make Wireshark crash when trying to play stream.
   Issue 19170[25].

 • Wrong ordering in OpenFlow 1.0 Datapath unique ID. Issue
   19172[26].

 • Incorrect mask in RTCP slice picture ID. Issue 19182[27].

 • Dissection error in AMQP 1.0. Issue 19191[28].

  New and Updated Features

   There are no new or updated features in this release.

  Removed Features and Support

  New Protocol Support

   There are no new protocols in this release.

  Updated Protocol Support

   9P, AMQP, BGP, CQL, DHCPFO, EAP, GlusterFS, GSM MAP, HTTP2, iSCSI,
   Kafka, Kerberos, NAN, NAS-5GS, OCP.1, OpenFlow 1.0, PDCP-NR, PEAP,
   PPPoE, RSL, RTCP, rtnetlink, and XMPP

  New and Updated Capture File Support

   There is no new or updated capture file support in this release.

  New File Format Decoding Support

   There is no new or updated file format support in this release.

 Getting Wireshark

  Wireshark source code and installation packages are available from
  https://www.wireshark.org/download.html.

  Vendor-supplied Packages

   Most Linux and Unix vendors supply their own Wireshark packages. You
   can usually install or upgrade Wireshark using the package management
   system specific to that platform. A list of third-party packages can
   be found on the download page[29] on the Wireshark web site.

 File Locations

  Wireshark and TShark look in several different locations for
  preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
  locations vary from platform to platform. You can use "Help › About
  Wireshark › Folders" or `tshark -G folders` to find the default
  locations on your system.

 Getting Help

  The User’s Guide, manual pages and various other documentation can be
  found at https://www.wireshark.org/docs/

  Community support is available on Wireshark’s Q site[30] and on the
  wireshark-users mailing list. Subscription information and archives
  for all of Wireshark’s mailing lists can be found on the web site[31].

  Bugs and feature requests can be reported on the issue tracker[32].

  You can learn protocol analysis and meet Wireshark’s developers at
  SharkFest[33].

 How You Can Help

  The Wireshark Foundation helps 

Re: [Wireshark-dev] Latest PDF document (4.1.0)

[Gerald Combs]

What application are you using to view the PDF? The TOC shows up just fine if I 
view the User's Guide here in Preview, Chrome, and Firefox. It doesn't show up 
in Safari but that appears to be due to a limitation of Safari. Note that in 
this case the TOC is part of the PDF file format; we don't stuff a bunch of 
links into the document contents like we have to do with the HTML guides.

The page numbers are definitely missing. A fix is inbound at

https://gitlab.com/wireshark/wireshark/-/merge_requests/10935

On 6/2/23 1:53 PM, Tobin, Tom wrote:

Why does the latest PDF have no page numbers, no table of contents, and no 
section #’s???

Wireshark User’s Guide: Version 4.1.0 


-tom


___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
  mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe


___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Wireshark 4.0.6 is now available

[Gerald Combs]

I'm proud to announce the release of Wireshark 4.0.6.


 What is Wireshark?

  Wireshark is the world’s most popular network protocol analyzer. It is
  used for troubleshooting, analysis, development and education.

 What’s New

  We do not ship official 32-bit Windows packages for Wireshark 4.0 and
  later. If you need to use Wireshark on that platform, we recommend
  using the latest 3.6 release. Issue 17779[1]

  If you’re running Wireshark on macOS and upgraded to macOS 13 from an
  earlier version, you will likely have to open and run the “Uninstall
  ChmodBPF” package, then open and run “Install ChmodBPF” in order to
  reset the ChmodBPF Launch Daemon. Issue 18734[2].

  Bug Fixes

   The following vulnerabilities have been fixed:

 • wnpa-sec-2023-12[3] Candump log file parser crash. Issue
   19062[4].

 • wnpa-sec-2023-13[5] BLF file parser crash. Issue 19063[6].

 • wnpa-sec-2023-14[7] GDSDB dissector infinite loop. Issue
   19068[8].

 • wnpa-sec-2023-15[9] NetScaler file parser crash. Issue 19081[10].

 • wnpa-sec-2023-16[11] VMS TCPIPtrace file parser crash. Issue
   19083[12].

 • wnpa-sec-2023-17[13] BLF file parser crash. Issue 19084[14].

 • wnpa-sec-2023-18[15] RTPS dissector crash. Issue 19085[16].
   CVE-2023-0666[17].

 • wnpa-sec-2023-19[18] IEEE C37.118 Synchrophasor dissector crash.
   Issue 19087[19]. CVE-2023-0668[20].

 • IEEE-C37.118 parsing buffer overflow. Issue 19087[21].

   The following bugs have been fixed:

 • Conversations list has incorrect unit (bytes) in bit speed
   columns in the 3.7 development versions. Issue 18211[22].

 • The media_type table should treat media types, e.g.
   application/3gppHal+json, as case-insensitive. Issue 18611[23].

 • NNTP dissector bug. Issue 18981[24].

 • Incorrect padding in BFCP decoder. Issue 18890[25].

 • SPNEGO dissector bug. Issue 18991[26].

 • SRT values are incorrect when applying a time shift. Issue
   18999[27].

 • Add warning that capturing is not supported in Wireshark
   installed from flatpak. Issue 19008[28].

 • Opening Wireshark with -z io,stat option. Issue 19042[29].

 • batadv dissector bug. Issue 19047[30].

 • radiotap-gen build fails if pcap is not found. Issue 19059[31].

 • [UDS] When filtering the uds.wdbi.data_identifier or
   uds.iocbi.data_identifier field is interpreted as 1 byte whereas
   it consists of 2 bytes. Issue 19078[32].

 • Wireshark can’t save this capture in that format. Issue
   19080[33].

 • MSMMS parsing buffer overflow. Issue 19086[34].

 • USB HID parser shows wrong label for usages Rx/Vx/Vbrx of usage
   page Generic Desktop Control. Issue 19095[35].

  New and Updated Features

   There are no new or updated features in this release.

  Removed Features and Support

  New Protocol Support

   There are no new protocols in this release.

  Updated Protocol Support

 • The media type dissector table now properly treats media types
   and subtypes as case-insensitive automatically, per RFC 6838.
   Media types no longer need to be lower cased before registering
   or looking up in the table.

   batadv BFCP CommunityID COSE GDSDB H.265 HTTP ILP ISAKMP MSMMS NNTP
   NR RRC NTLMSSP RTPS SPNEGO Synphasor TCP UDS ULP USB HID

  New and Updated Capture File Support

   BLF, Candump, NetScaler, and VMS TCPIPtrace

  New File Format Decoding Support

   There is no new or updated file format support in this release.

 Getting Wireshark

  Wireshark source code and installation packages are available from
  https://www.wireshark.org/download.html.

  Vendor-supplied Packages

   Most Linux and Unix vendors supply their own Wireshark packages. You
   can usually install or upgrade Wireshark using the package management
   system specific to that platform. A list of third-party packages can
   be found on the download page[36] on the Wireshark web site.

 File Locations

  Wireshark and TShark look in several different locations for
  preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
  locations vary from platform to platform. You can use "Help › About
  Wireshark › Folders" or `tshark -G folders` to find the default
  locations on your system.

 Getting Help

  The User’s Guide, manual pages and various other documentation can be
  found at https://www.wireshark.org/docs/

  Community support is available on Wireshark’s Q site[37] and on the
  wireshark-users mailing list. Subscription information and archives
  for all of Wireshark’s mailing lists can be found on the web site[38].

  Bugs and feature requests can be reported on the issue tracker[39].

  You can learn protocol analysis and meet Wireshark’s developers at
  SharkFest[40].

 How You Can Help

  The Wireshark Foundation helps as many people as possible understand
  their networks as much as possible. You can find out more and donate
  at 

[Wireshark-dev] Wireshark 4.0.5 is now available

[Gerald Combs]

I'm proud to announce the release of Wireshark 4.0.5.


 What is Wireshark?

  Wireshark is the world’s most popular network protocol analyzer. It is
  used for troubleshooting, analysis, development and education.

 What’s New

  We do not ship official 32-bit Windows packages for Wireshark 4.0 and
  later. If you need to use Wireshark on that platform, we recommend
  using the latest 3.6 release. Issue 17779[1]

  If you’re running Wireshark on macOS and upgraded to macOS 13 from an
  earlier version, you will likely have to open and run the “Uninstall
  ChmodBPF” package, then open and run “Install ChmodBPF” in order to
  reset the ChmodBPF Launch Daemon. Issue 18734[2].

  Bug Fixes

   The following vulnerabilities have been fixed:

 • wnpa-sec-2023-09[3] RPCoRDMA dissector crash. Issue 18852[4].
   CVE-2023-1992[5].

 • wnpa-sec-2023-10[6] LISP dissector large loop. Issue 18900[7].
   CVE-2023-1993[8].

 • wnpa-sec-2023-11[9] GQUIC dissector crash Issue 18947[10].
   CVE-2023-1994[11].

   The following bugs have been fixed:

 • Wireshark ITS Dissector RTCMEM wrong protocol version selector 2
   - should use 1. Issue 18862[12].

 • Wireshark treats the letter E in SSRC as an exponential
   representation of a number. Issue 18879[13].

 • VNC RRE Parser skips over data. Issue 18883[14].

 • sshdump coredump when --remote-interface is left empty. Issue
   18904[15].

 • Fuzz job crash output: fuzz-2023-03-17-7298.pcap. Issue
   18917[16].

 • Fuzz job crash output: fuzz-2023-03-27-7564.pcap. Issue
   18934[17].

 • RFC8925 support (dhcp option 108) Issue 18943[18].

 • DIS dissector shows an incorrect state in the packet list info
   column. Issue 18967[19].

 • RTP analysis shows incorrect timestamp error when timestamp is
   rolled over. Issue 18973[20].

 • Asterisk (*) key crash on Endpoint/Conversation dialog. Issue
   18975[21].

 • The RTP player waveform now synchronizes better with audio.

  New and Updated Features

   There are no new or updated features in this release.

  Removed Features and Support

  New Protocol Support

   There are no new protocols in this release.

  Updated Protocol Support

   DHCP, DIS, DNS, ERF, FF, genl, GQUIC, GSM A-bis OML, HL7, IEEE
   802.11, ITS, LAPD, netfilter, netlink-route, netlink-sock_diag,
   nl80211, RLC, RPCoRDMA, RTPS, SCTP, SMB, UDS, VNC, and WCP

  New and Updated Capture File Support

   There is no new or updated capture file support in this release.

   Netmon and NetScaler

  New File Format Decoding Support

   There is no new or updated file format support in this release.

 Getting Wireshark

  Wireshark source code and installation packages are available from
  https://www.wireshark.org/download.html.

  Vendor-supplied Packages

   Most Linux and Unix vendors supply their own Wireshark packages. You
   can usually install or upgrade Wireshark using the package management
   system specific to that platform. A list of third-party packages can
   be found on the download page[22] on the Wireshark web site.

 File Locations

  Wireshark and TShark look in several different locations for
  preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
  locations vary from platform to platform. You can use "Help › About
  Wireshark › Folders" or `tshark -G folders` to find the default
  locations on your system.

 Getting Help

  The User’s Guide, manual pages and various other documentation can be
  found at https://www.wireshark.org/docs/

  Community support is available on Wireshark’s Q site[23] and on the
  wireshark-users mailing list. Subscription information and archives
  for all of Wireshark’s mailing lists can be found on the web site[24].

  Bugs and feature requests can be reported on the issue tracker[25].

  You can learn protocol analysis and meet Wireshark’s developers at
  SharkFest[26].

 How You Can Help

  The Wireshark Foundation helps as many people as possible understand
  their networks as much as possible. You can find out more and donate
  at wiresharkfoundation.org[27].

 Frequently Asked Questions

  A complete FAQ is available on the Wireshark web site[28].

 References

   1. https://gitlab.com/wireshark/wireshark/-/issues/17779
   2. https://gitlab.com/wireshark/wireshark/-/issues/18734
   3. https://www.wireshark.org/security/wnpa-sec-2023-09
   4. https://gitlab.com/wireshark/wireshark/-/issues/18852
   5. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1992
   6. https://www.wireshark.org/security/wnpa-sec-2023-10
   7. https://gitlab.com/wireshark/wireshark/-/issues/18900
   8. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1993
   9. https://www.wireshark.org/security/wnpa-sec-2023-11
  10. https://gitlab.com/wireshark/wireshark/-/issues/18947
  11. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1994
  12. https://gitlab.com/wireshark/wireshark/-/issues/18862
  13. 

[Wireshark-dev] Wireshark 4.0.4 is now available

[Gerald Combs]

I'm proud to announce the release of Wireshark 4.0.4.


 What is Wireshark?

  Wireshark is the world’s most popular network protocol analyzer. It is
  used for troubleshooting, analysis, development and education.

 What’s New

  We do not ship official 32-bit Windows packages for Wireshark 4.0 and
  later. If you need to use Wireshark on that platform, we recommend
  using the latest 3.6 release. Issue 17779[1]

  If you’re running Wireshark on macOS and upgraded to macOS 13 from an
  earlier version, you will likely have to open and run the “Uninstall
  ChmodBPF” package, then open and run “Install ChmodBPF” in order to
  reset the ChmodBPF Launch Daemon. Issue 18734[2].

  Bug Fixes

   The following vulnerabilities have been fixed:

 • wnpa-sec-2023-08[3] ISO 15765 and ISO 10681 dissector crash.
   Issue 18839[4].

   The following bugs have been fixed:

 • UTF-8 characters end up escaped in PSML output. Issue 10445[5].

 • Export filtered displayed packets won’t save IP fragments of SCTP
   fragments needed to reassemble a displayed frame. Issue 12597[6].

 • DICOM dissection in reassembled PDV goes wrong. Issue 13388[7].

 • "Export Objects - IMF" produces incorrect file, TCP reassembly
   fails with retransmissions that have additional data. Issue
   13523[8].

 • The intelligent scroll bar or minimap is not predictable on
   locating and scrolling. Issue 13989[9].

 • If you mark (or unmark) the currently-selected frame, the packet
   details still say it’s not marked (or it is marked) Issue
   14330[10].

 • An out-of-order packet incorrectly detected as retransmission
   breaks desegmentation of TCP stream. Issue 15993[11].

 • Sorting Packet Loss Column is not sorting correct. Issue
   16785[12].

 • Some HTTPS packets cannot be decrypted. Issue 17406[13].

 • SIP TCP decoding regression from Wireshark 1.99.0 to 3.6.8. Issue
   18411[14].

 • Frame comments not preserved when using filter to write new pcap
   from tshark. Issue 18693[15].

 • ChmodBPF not working on macOS Ventura 13.1. Issue 18734[16].

 • Wireshark GUI and window manager stuck after setting display
   filter. Issue 18809[17].

 • Dissector bug, protocol H.261. Issue 18812[18].

 • File extension heuristics are case-sensitive. Issue 18821[19].

 • Symbolic links to packages in macOS dmg can’t be double-clicked
   to install on macOS 13.2. Issue 18830[20].

 • Potential memory leak in tshark.c. Issue 18837[21].

 • Fuzz job crash output: fuzz-2023-02-05-7303.pcap. Issue
   18842[22].

 • f5fileinfo: Hardware platforms missing descriptions. Issue
   18848[23].

 • The lines in the intelligent scrollbar are off by one. Issue
   18850[24].

 • Wireshark crashes on invalid UDS packet in Lua context. Issue
   18865[25].

 • TECMP dissector shows the wrong Voltage in Vendor Data. Issue
   18871[26].

 • UDS: Names of RDTCI subfunctions 0x0b …​ 0x0e are not correct.
   Issue 18873[27].

  New and Updated Features

   There are no new or updated features in this release.

  Removed Features and Support

  New Protocol Support

   There are no new protocols in this release.

  Updated Protocol Support

   ASTERIX, BGP, DHCP, ERF, F5 Ethernet trailer, GMR-1 RR, Gryphon, GSM
   SMS, H.261, H.450, ISO 10681, ISO 15765, MIPv6, NAS-5gs, NR RRC, NS
   Trace, OptoMMP, PDCP-LTE, PDCP-NR, QSIG, ROHC, RSVP, RTCP, SCTP, SIP,
   TCP, TECMP, TWAMP, UDS, and UMTS RLC

  New and Updated Capture File Support

   There is no new or updated capture file support in this release.

  New File Format Decoding Support

   There is no new or updated file format support in this release.

 Getting Wireshark

  Wireshark source code and installation packages are available from
  https://www.wireshark.org/download.html.

  Vendor-supplied Packages

   Most Linux and Unix vendors supply their own Wireshark packages. You
   can usually install or upgrade Wireshark using the package management
   system specific to that platform. A list of third-party packages can
   be found on the download page[28] on the Wireshark web site.

 File Locations

  Wireshark and TShark look in several different locations for
  preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
  locations vary from platform to platform. You can use "Help › About
  Wireshark › Folders" or `tshark -G folders` to find the default
  locations on your system.

 Getting Help

  The User’s Guide, manual pages and various other documentation can be
  found at https://www.wireshark.org/docs/

  Community support is available on Wireshark’s Q site[29] and on the
  wireshark-users mailing list. Subscription information and archives
  for all of Wireshark’s mailing lists can be found on the web site[30].

  Bugs and feature requests can be reported on the issue tracker[31].

  You can learn protocol analysis and meet 

[Wireshark-dev] Announcing the Wireshark Foundation

[Gerald Combs]

Hi all,

The thing that I most love about working on Wireshark is our community. Our 
users, educators, and developers have a passion for packets and protocols, and 
their work is important – modern society runs on computer networks and those 
networks need to be reliable, fast, and secure. I’m grateful that my employers 
and other sponsors have ensured that the community has had the resources to 
grow and thrive over the years.

This is why I’m beyond thrilled to announce that the Wireshark community now 
has a permanent home: the Wireshark Foundation. The foundation is a 501(c)(3) 
nonprofit and will host SharkFest, our developer and user conference, help to 
facilitate Wireshark’s development, and promote analysis and troubleshooting 
education.

The project leadership and I have been working on this for a long time, and 
many other people have generously given their time and expertise in order to 
make this happen. In particular I’d like to thank the following people for 
helping to make this a reality: the Wireshark core development team for 
providing much needed support and advice, and for making all of this possible. 
Sheri Najafi and Angelo Spampinato for keeping the foundation running, and 
along with Janice Spampinato, bringing us SharkFest. CACE Technologies for 
being the first home of SharkFest, Riverbed for taking up that mantle and 
hosting the project for so many years, and Loris Degioanni and everyone else at 
Sysdig for providing the resources necessary to get us across the finish line.

2023 is shaping up to be a great year for the project. Along with the 
foundation, we will celebrate our 25th anniversary in July, and we will be 
meeting in person again at SharkFest in Asia, the U.S., and in Europe. See you 
there!

You can learn more (and donate of course) at https://wiresharkfoundation.org.

If you or your employer would like to become a foundation member, you can learn 
more at https://wiresharkfoundation.org/pdf/become-a-member.pdf.

You can find Sysdig’s press release at 
https://sysdig.com/press-releases/wireshark-foundation/.
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Wireshark 3.6.11 is now available

[Gerald Combs]

I'm proud to announce the release of Wireshark 3.6.11.


 What is Wireshark?

  Wireshark is the world’s most popular network protocol analyzer. It is
  used for troubleshooting, analysis, development and education.

 What’s New

  This is the last release branch with support for 32-bit Windows.
  Updates will no longer be available after May 22, 2024 for that
  platform. Issue 17779[1]

  Bug Fixes

   The following vulnerabilities have been fixed:

 • wnpa-sec-2023-02[2] NFS dissector memory leak. Issue 18628[3].

 • wnpa-sec-2023-03[4] Dissection engine crash. Issue 18766[5].

 • wnpa-sec-2023-04[6] GNW dissector crash. Issue 18779[7].

 • wnpa-sec-2023-05[8] iSCSI dissector crash. Issue 18796[9].

 • wnpa-sec-2023-06[10] Multiple dissector excessive loops. Issue
   18711[11]. Issue 18720[12], Issue 18737[13].

 • wnpa-sec-2023-07[14] TIPC dissector crash. Issue 18770[15].

   The following bugs have been fixed:

 • Qt: After modifying coloring rules, the coloring rule applied to
   the first packet reflects the coloring rules previously in
   effect. Issue 12475[16].

 • Help file doesn’t display for extcap interfaces Issue 15592[17].

 • Dissector bug, protocol DRBD Issue 16689[18].

 • For USB traffic on XHC20 interface destination is always given as
   Host Issue 16768[19].

 • Wrong pointer conversion in get_data_source_tvb_by_name() Issue
   18517[20].

 • Wrong number of bits skipped while decoding an empty UTF8String
   on UPER packet Issue 18702[21].

 • Uninitialized values in various dissectors Issue 18742[22].

 • Q.850 - error in label for cause 0x7F Issue 18780[23].

 • Uninitialized values in CoAP and RTPS dissectors Issue 18785[24].

 • Screenshots in AppStream metainfo.xml file not available Issue
   18801[25].

  New and Updated Features

  New Protocol Support

   There are no new protocols in this release.

  Updated Protocol Support

   BEEP, BGP, BPv6, BSSGP, CoAP, GNW, GSM A-bis P-GSL, GSM BSSMAP,
   iSCSI, ISUP, Kafka, LwM2M-TLV, NAS-5GS, NFS, OPUS, RLC, ROHC, RTPS,
   TCP, Telnet, and USB

  New and Updated Capture File Support

   There is no new or updated capture file support in this release.

  New File Format Decoding Support

   There is no new or updated file format support in this release.

 Getting Wireshark

  Wireshark source code and installation packages are available from
  https://www.wireshark.org/download.html.

  Vendor-supplied Packages

   Most Linux and Unix vendors supply their own Wireshark packages. You
   can usually install or upgrade Wireshark using the package management
   system specific to that platform. A list of third-party packages can
   be found on the download page[26] on the Wireshark web site.

 File Locations

  Wireshark and TShark look in several different locations for
  preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
  locations vary from platform to platform. You can use "Help › About
  Wireshark › Folders" or `tshark -G folders` to find the default
  locations on your system.

 Getting Help

  The User’s Guide, manual pages and various other documentation can be
  found at https://www.wireshark.org/docs/

  Community support is available on Wireshark’s Q site[27] and on the
  wireshark-users mailing list. Subscription information and archives
  for all of Wireshark’s mailing lists can be found on the web site[28].

  Bugs and feature requests can be reported on the issue tracker[29].

 How You Can Help

  The Wireshark Foundation helps as many people as possible understand
  their networks as much as possible. You can find out more and donate
  at wiresharkfoundation.org[30].

 Frequently Asked Questions

  A complete FAQ is available on the Wireshark web site[31].

 References

   1. https://gitlab.com/wireshark/wireshark/-/issues/17779
   2. https://www.wireshark.org/security/wnpa-sec-2023-02
   3. https://gitlab.com/wireshark/wireshark/-/issues/18628
   4. https://www.wireshark.org/security/wnpa-sec-2023-03
   5. https://gitlab.com/wireshark/wireshark/-/issues/18766
   6. https://www.wireshark.org/security/wnpa-sec-2023-04
   7. https://gitlab.com/wireshark/wireshark/-/issues/18779
   8. https://www.wireshark.org/security/wnpa-sec-2023-05
   9. https://gitlab.com/wireshark/wireshark/-/issues/18796
  10. https://www.wireshark.org/security/wnpa-sec-2023-06
  11. https://gitlab.com/wireshark/wireshark/-/issues/18711
  12. https://gitlab.com/wireshark/wireshark/-/issues/18720
  13. https://gitlab.com/wireshark/wireshark/-/issues/18737
  14. https://www.wireshark.org/security/wnpa-sec-2023-07
  15. https://gitlab.com/wireshark/wireshark/-/issues/18770
  16. https://gitlab.com/wireshark/wireshark/-/issues/12475
  17. https://gitlab.com/wireshark/wireshark/-/issues/15592
  18. https://gitlab.com/wireshark/wireshark/-/issues/16689
  19. https://gitlab.com/wireshark/wireshark/-/issues/16768
  20. 

[Wireshark-dev] Wireshark 4.0.3 is now available

[Gerald Combs]

I'm proud to announce the release of Wireshark 4.0.3.


 What is Wireshark?

  Wireshark is the world’s most popular network protocol analyzer. It is
  used for troubleshooting, analysis, development and education.

 What’s New

  We do not ship official 32-bit Windows packages for Wireshark 4.0 and
  later. If you need to use Wireshark on that platform, we recommend
  using the latest 3.6 release. Issue 17779[1]

  Bug Fixes

   The following vulnerabilities have been fixed:

 • wnpa-sec-2023-01[2] EAP dissector crash. Issue 18622[3].

 • wnpa-sec-2023-02[4] NFS dissector memory leak. Issue 18628[5].

 • wnpa-sec-2023-03[6] Dissection engine crash. Issue 18766[7].

 • wnpa-sec-2023-04[8] GNW dissector crash. Issue 18779[9].

 • wnpa-sec-2023-05[10] iSCSI dissector crash. Issue 18796[11].

 • wnpa-sec-2023-06[12] Multiple dissector excessive loops. Issue
   18711[13]. Issue 18720[14], Issue 18737[15].

 • wnpa-sec-2023-07[16] TIPC dissector crash. Issue 18770[17].

   The following bugs have been fixed:

 • Qt: After modifying coloring rules, the coloring rule applied to
   the first packet reflects the coloring rules previously in
   effect. Issue 12475[18].

 • Help file doesn’t display for extcap interfaces. Issue 15592[19].

 • For USB traffic on XHC20 interface destination is always given as
   Host. Issue 16768[20].

 • Wireshark Expert Info - cannot deselect the limit to display
   filter tick box. Issue 18461[21].

 • Wrong pointer conversion in get_data_source_tvb_by_name() Issue
   18517[22].

 • Wrong number of bits skipped while decoding an empty UTF8String
   on UPER packet. Issue 18702[23].

 • Crash when analyzing protobuf packets. Issue 18730[24].

 • Uninitialized values in various dissectors. Issue 18742[25].

 • String (GeoIP country/city) ordering doesn’t work in Endpoints.
   Issue 18749[26].

 • Wireshark crashes with an assertion failure on stray minus in
   filter. Issue 18750[27].

 • IO Graph: Add new graph only works until the 10th graph. Issue
   18762[28].

 • Fuzz job crash output: fuzz-2022-12-30-11007.pcap. Issue
   18770[29].

 • Q.850 - error in label for cause 0x7F. Issue 18780[30].

 • Uninitialized values in CoAP and RTPS dissectors. Issue
   18785[31].

 • Screenshots in AppStream metainfo.xml file not available. Issue
   18801[32].

  New and Updated Features

  Removed Features and Support

  New Protocol Support

   There are no new protocols in this release.

  Updated Protocol Support

   ASTERIX, BEEP, BGP, BPv6, CoAP, EAP, GNW, GSM A-bis P-GSL, iSCSI,
   ISUP, LwM2M-TLV, MBIM, NBAP, NFS, OBD-II, OPUS, ProtoBuf, RLC, ROHC,
   RTPS, Telnet, TIPC, and USB

  New and Updated Capture File Support

   There is no new or updated capture file support in this release.

  New File Format Decoding Support

   There is no new or updated file format support in this release.

 Getting Wireshark

  Wireshark source code and installation packages are available from
  https://www.wireshark.org/download.html.

  Vendor-supplied Packages

   Most Linux and Unix vendors supply their own Wireshark packages. You
   can usually install or upgrade Wireshark using the package management
   system specific to that platform. A list of third-party packages can
   be found on the download page[33] on the Wireshark web site.

 File Locations

  Wireshark and TShark look in several different locations for
  preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
  locations vary from platform to platform. You can use "Help › About
  Wireshark › Folders" or `tshark -G folders` to find the default
  locations on your system.

 Getting Help

  The User’s Guide, manual pages and various other documentation can be
  found at https://www.wireshark.org/docs/

  Community support is available on Wireshark’s Q site[34] and on the
  wireshark-users mailing list. Subscription information and archives
  for all of Wireshark’s mailing lists can be found on the web site[35].

  Bugs and feature requests can be reported on the issue tracker[36].

  You can learn protocol analysis and meet Wireshark’s developers at
  SharkFest[37].

 How You Can Help

  The Wireshark Foundation helps as many people as possible understand
  their networks as much as possible. You can find out more and donate
  at wiresharkfoundation.org[38].

 Frequently Asked Questions

  A complete FAQ is available on the Wireshark web site[39].

 References

   1. https://gitlab.com/wireshark/wireshark/-/issues/17779
   2. https://www.wireshark.org/security/wnpa-sec-2023-01
   3. https://gitlab.com/wireshark/wireshark/-/issues/18622
   4. https://www.wireshark.org/security/wnpa-sec-2023-02
   5. https://gitlab.com/wireshark/wireshark/-/issues/18628
   6. https://www.wireshark.org/security/wnpa-sec-2023-03
   7. https://gitlab.com/wireshark/wireshark/-/issues/18766
   8. 

[Wireshark-dev] Wireshark 4.0.2 is now available

[Gerald Combs]

I'm proud to announce the release of Wireshark 4.0.2.


 What is Wireshark?

  Wireshark is the world’s most popular network protocol analyzer. It is
  used for troubleshooting, analysis, development and education.

 What’s New

  We do not ship official 32-bit Windows packages for Wireshark 4.0 and
  later. If you need to use Wireshark on that platform, we recommend
  using the latest 3.6 release. Issue 17779[1]

  Bug Fixes

   The following vulnerabilities have been fixed:

 • wnpa-sec-2022-09[2] Multiple dissector infinite loops.

 • wnpa-sec-2022-10[3] Kafka dissector memory exhaustion.

   The following bugs have been fixed:

 • Qt: Endpoints dialog - unexpected byte unit suffixes in packet
   columns. Issue 18229[4].

 • GOOSE: field "floating_point" not working anymore. Issue
   18491[5].

 • EVS Header-Full format padding issues. Issue 18498[6].

 • Wireshark 4.0.0 VOIP playback has no sound and can’t resume after
   pausing. Issue 18510[7].

 • Wireshark crashes when exporting a profile on Mac OSX if there is
   no extension. Issue 18525[8].

 • EVS dissector missing value description. Issue 18550[9].

 • Qt 6 font descriptions not backward compatible with Qt 5. Issue
   18553[10].

 • Wireshark, wrong TCP ACKed unseen segment message. Issue
   18558[11].

 • Invalid Cyrillic symbol in timezone at \"Arrival Time\" field in
   frame. Issue 18562[12].

 • ProtoBuf parse extension definitions failed. Issue 18599[13].

 • Fuzz job crash output: fuzz-2022-11-09-11134.pcap. Issue
   18613[14].

 • Fuzz job crash output: fuzz-2022-11-14-1.pcap. Issue
   18632[15].

 • Wireshark is using old version of ASN (ETSI TS 125 453 V11.2.0)
   which is imapacting length of param in the messages. Issue
   18646[16].

 • BGP: False IGMP flags value in EVPN routes (type 6,7,8) Issue
   18660[17].

 • wslog assumes stderr and stdout exist. Issue 18684[18].

 • Editing packet comments, with non-ASCII characters, on Windows
   saves them in the local code page, not in UTF-8. Issue 18698[19].

 • Unable to decrypt PSK based DTLS traffic which uses Connection
   ID. Issue 18705[20].

 • HTTP2 tests fail when built without nghttp2. Issue 18707[21].

  New and Updated Features

  Removed Features and Support

  New Protocol Support

   There are no new protocols in this release.

  Updated Protocol Support

   ASN.1 PER, ASTERIX, BGP, BPv6, DTLS, EVS, GOOSE, GSM Osmux, IPv6,
   Kafka, Locamation IM, MONGO, NXP 802.15.4, OpenFlow v6, PCAP,
   Protobuf, RTP, S1AP, SKINNY, TCP, and WASSP

  New and Updated Capture File Support

   There is no new or updated capture file support in this release.

  New File Format Decoding Support

   There is no new or updated file format support in this release.

 Getting Wireshark

  Wireshark source code and installation packages are available from
  https://www.wireshark.org/download.html.

  Vendor-supplied Packages

   Most Linux and Unix vendors supply their own Wireshark packages. You
   can usually install or upgrade Wireshark using the package management
   system specific to that platform. A list of third-party packages can
   be found on the download page[22] on the Wireshark web site.

 File Locations

  Wireshark and TShark look in several different locations for
  preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
  locations vary from platform to platform. You can use "Help › About
  Wireshark › Folders" or `tshark -G folders` to find the default
  locations on your system.

 Getting Help

  The User’s Guide, manual pages and various other documentation can be
  found at https://www.wireshark.org/docs/

  Community support is available on Wireshark’s Q site[23] and on the
  wireshark-users mailing list. Subscription information and archives
  for all of Wireshark’s mailing lists can be found on the web site[24].

  Bugs and feature requests can be reported on the issue tracker[25].

  You can learn protocol analysis and meet Wireshark’s developers at
  SharkFest[26].

 Frequently Asked Questions

  A complete FAQ is available on the Wireshark web site[27].

 References

   1. https://gitlab.com/wireshark/wireshark/-/issues/17779
   2. https://www.wireshark.org/security/wnpa-sec-2022-09
   3. https://www.wireshark.org/security/wnpa-sec-2022-10
   4. https://gitlab.com/wireshark/wireshark/-/issues/18229
   5. https://gitlab.com/wireshark/wireshark/-/issues/18491
   6. https://gitlab.com/wireshark/wireshark/-/issues/18498
   7. https://gitlab.com/wireshark/wireshark/-/issues/18510
   8. https://gitlab.com/wireshark/wireshark/-/issues/18525
   9. https://gitlab.com/wireshark/wireshark/-/issues/18550
  10. https://gitlab.com/wireshark/wireshark/-/issues/18553
  11. https://gitlab.com/wireshark/wireshark/-/issues/18558
  12. https://gitlab.com/wireshark/wireshark/-/issues/18562
  13. 

[Wireshark-dev] Wireshark 4.0.1 is now available

[Gerald Combs]

I'm proud to announce the release of Wireshark 4.0.1.


 What is Wireshark?

  Wireshark is the world’s most popular network protocol analyzer. It is
  used for troubleshooting, analysis, development and education.

 What’s New

  We do not ship official 32-bit Windows packages for Wireshark 4.0 and
  later. If you need to use Wireshark on that platform, we recommend
  using the latest 3.6 release. Issue 17779[1]

• The Windows installers now ship with Qt 5.12.2. They previously
  shipped with Qt 6.2.3.

  Bug Fixes

   The following bugs have been fixed:

 • Comparing a boolean field against 1 always succeeds on big-endian
   machines. Issue 12236[2].

 • Qt: MaxMind GeoIP columns not added to Endpoints table. Issue
   18320[3].

 • Fuzz job crash output: fuzz-2022-10-04-7131.pcap. Issue 18402[4].

 • The RTP player might not play audio on Windows. Issue 18413[5].

 • Wireshark 4.0 breaks display filter expression with > sign. Issue
   18418[6].

 • Capture filters not working when using SSH capture and dumpcap.
   Issue 18420[7].

 • Packet diagram field values are not terminated. Issue 18428[8].

 • Packet bytes not displayed completely if scrolling. Issue
   18438[9].

 • Fuzz job crash output: fuzz-2022-10-13-7166.pcap. Issue
   18467[10].

 • Decoding bug H.245 userInput Signal. Issue 18468[11].

 • CFDP dissector doesn’t handle \"destination filename\" only.
   Issue 18495[12].

 • Home page capture button doesn’t pop up capture options dialog.
   Issue 18506[13].

 • Missing dot in H.248 protocol name. Issue 18513[14].

 • Missing dot for protocol H.264 in protocol column. Issue
   18524[15].

 • Fuzz job crash output: fuzz-2022-10-23-7240.pcap. Issue
   18534[16].

  New and Updated Features

  Removed Features and Support

 • The experimental display filter syntax for literals using angle
   brackets <…​> that was introduced in Wireshark 4.0.0 has been
   removed. For byte arrays a colon prefix can be used instead. See
   the User’s Guide[17] for details.

  New Protocol Support

   There are no new protocols in this release.

  Updated Protocol Support

   ASN.1 PER, CFDP, Diameter, DirectPlay, F5 Ethernet Trailer, GTP,
   H.223, H.248, H.264, H.265, IEEE 802.11, IPv4, MBIM, O-RAN FH CUS,
   PFCP, RTCP, SCTP, SMB, TCP, and TRANSUM

  New and Updated Capture File Support

   BLF

  New File Format Decoding Support

   There is no new or updated file format support in this release.

 Getting Wireshark

  Wireshark source code and installation packages are available from
  https://www.wireshark.org/download.html.

  Vendor-supplied Packages

   Most Linux and Unix vendors supply their own Wireshark packages. You
   can usually install or upgrade Wireshark using the package management
   system specific to that platform. A list of third-party packages can
   be found on the download page[18] on the Wireshark web site.

 File Locations

  Wireshark and TShark look in several different locations for
  preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
  locations vary from platform to platform. You can use "Help › About
  Wireshark › Folders" or `tshark -G folders` to find the default
  locations on your system.

 Getting Help

  The User’s Guide, manual pages and various other documentation can be
  found at https://www.wireshark.org/docs/

  Community support is available on Wireshark’s Q site[19] and on the
  wireshark-users mailing list. Subscription information and archives
  for all of Wireshark’s mailing lists can be found on the web site[20].

  Bugs and feature requests can be reported on the issue tracker[21].

  You can learn protocol analysis and meet Wireshark’s developers at
  SharkFest[22].

 Frequently Asked Questions

  A complete FAQ is available on the Wireshark web site[23].

 References

   1. https://gitlab.com/wireshark/wireshark/-/issues/17779
   2. https://gitlab.com/wireshark/wireshark/-/issues/12236
   3. https://gitlab.com/wireshark/wireshark/-/issues/18320
   4. https://gitlab.com/wireshark/wireshark/-/issues/18402
   5. https://gitlab.com/wireshark/wireshark/-/issues/18413
   6. https://gitlab.com/wireshark/wireshark/-/issues/18418
   7. https://gitlab.com/wireshark/wireshark/-/issues/18420
   8. https://gitlab.com/wireshark/wireshark/-/issues/18428
   9. https://gitlab.com/wireshark/wireshark/-/issues/18438
  10. https://gitlab.com/wireshark/wireshark/-/issues/18467
  11. https://gitlab.com/wireshark/wireshark/-/issues/18468
  12. https://gitlab.com/wireshark/wireshark/-/issues/18495
  13. https://gitlab.com/wireshark/wireshark/-/issues/18506
  14. https://gitlab.com/wireshark/wireshark/-/issues/18513
  15. https://gitlab.com/wireshark/wireshark/-/issues/18524
  16. https://gitlab.com/wireshark/wireshark/-/issues/18534
  17. https://www.wireshark.org/docs/wsug_html_chunked/ChWorkBuildDispla
  

Re: [Wireshark-dev] can't compile wireshark version 4.0

[Gerald Combs]

On 10/20/22 9:54 AM, Fulko Hew wrote:

[ ... ]


Now how to fix it is another story.
My first crack at it would be to disable that warning.
My second approach would be to correct that test (as appropriate).


Another question might be why this is an error instead of a warning. 
ENABLE_WERROR is enabled by default in CMakeOptions.txt in master, but it's 
disabled in the release branches.
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Max size of a field seems to be 240 for a dissector

[Gerald Combs]

On 10/18/22 9:49 AM, Richard Sharpe wrote:

On Tue, Oct 18, 2022 at 9:39 AM Pascal Quantin  wrote:


Hi Richard,

Le mar. 18 oct. 2022 à 18:30, Richard Sharpe  a 
écrit :


Hi folks,

How do I squeeze more than 240 chars into a string field?


You can't currently.  As seen in epan/proto.h, you have the ITEM_LABEL_LENGTH 
define set to 240 and that exists since ages.



I am trying to fix an issue with the beamforming matrices for 802.11ax
and 802.11be and maybe 802.11ac.


I guess you refer to https://gitlab.com/wireshark/wireshark/-/issues/18504


Yes.



When I try to assemble all of a single SCIDX, I get this:

S [truncated]: SCIDX: -122, phi11:57, phi21:34, phi31:59, phi41:8,
phi51:52, phi61:18, phi71:14, psi21:10, psi31:8, psi41:1, psi51:5,
psi61:5, psi71:3, psi81:4, phi22:33, phi32:22, phi42:22, phi52:10,
phi62:41, phi72:59, psi32:8, psi42:3,
--

Why is there an arbitrary limit? Is it because I am working with 3.4.8?


No, it has been like this for 23 years according to Git blame.
Maybe it's time to display this matrix differently (with several lines?) 
instead of appending all those infos in a single line?


I tried that but the user finds it hard to work with.

I have found a way to make the user happy, but of the spec changes to
increase the number of angles needed we will run into the same
problem.


Would using "Φ" in place of "phi" and "Ψ" in place of "psi" make sense? The 
Greek letters use two UTF-8 bytes instead of three, which would let you fit more elements into the available space.
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] The font size used for the menu etc does not seem to change when I change the main window font size

[Gerald Combs]

Hi Richard,

Font zooming is limited to widgets that handle the zoomMonospaceFont and zoomRegularFont 
signals, currently the packet list, details, bytes, and diagram. We could probably zoom 
everything by setting "font-size" in the application-level stylesheet, but I'm 
not sure how well that would work across the platforms we support.

On 10/13/22 11:41 AM, Richard Sharpe wrote:

Hi folks,

I have noticed that I can increase the font size in the Main Window
via preferences or I can click on the + button in the ribbon below the
menu.

However, nothing seems to increase the font size of the items in the
menu or the headings of the columns.

How can I do that?



___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Wireshark 4.0.0 is now available

[Gerald Combs]

I'm proud to announce the release of Wireshark 4.0.0.


 What is Wireshark?

  Wireshark is the world’s most popular network protocol analyzer. It is
  used for troubleshooting, analysis, development and education.

 What’s New

  We no longer ship official 32-bit Windows packages starting with this
  release. If you need to use Wireshark on that platform, we recommend
  using the latest 3.6 release. Issue 17779[1]

  The display filter syntax is more powerful with many new extensions.
  See below for details.

  The Conversation and Endpoint dialogs have been redesigned. See below
  for details.

  The default main window layout has been changed so that the Packet
  Detail and Packet Bytes are side by side underneath the Packet List
  pane.

  Hex dump imports from Wireshark and from `text2pcap` have been
  improved. See below for details.

  Speed when using MaxMind geolocation has been greatly improved.

  The tools and libraries required to build Wireshark have changed. See
  “Other Development Changes” below for more details.

  Many other improvements have been made. See the “New and Updated
  Features” section below for more details.

  New and Updated Features

   The following features are new (or have been significantly updated)
   since version 4.0.0rc2:

   Nothing of note.

   The following features are new (or have been significantly updated)
   since version 4.0.0rc1:

 • The macOS packages now ship with Qt 6.2.4 and require macOS
   10.14. They previously shipped with Qt 5.15.3.

 • The Windows installers now ship with Npcap 1.71. They previously
   shipped with Npcap 1.70.

   The following features are new (or have been significantly updated)
   since version 3.7.2:

 • The Windows installers now ship with Npcap 1.70. They previously
   shipped with Npcap 1.60.

   The following features are new (or have been significantly updated)
   since version 3.7.1:

 • The 'v' (lower case) and 'V' (upper case) switches have been
   swapped for editcap and mergecap to match the other command line
   utilities.

 • The ip.flags field is now only the three high bits, not the full
   byte. Display filters and Coloring rules using the field will
   need to be adjusted.

 • New address type AT_NUMERIC allows simple numeric addresses for
   protocols which do not have a more common-style address approach,
   analog to AT_STRINGZ.

   The following features are new (or have been significantly updated)
   since version 3.7.0:

 • The Windows installers now ship with Qt 6.2.3. They previously
   shipped with Qt 6.2.4.

 • The Conversation and Endpoint dialogs have been redesigned with
   the following improvements:

• The context menu now includes the option to resize all
   columns, as well as copying elements.

• Data may be exported as JSON.

• Tabs may be detached and reattached from the dialog.

• Adding and removing tabs will keep them in the same order all
   the time.

• If a filter is applied, two columns are shown in either dialog
   detailing the difference between unmatched and matched packets.

• Columns are now sorted via secondary properties if an
   identical entry is found.

• Conversations are sorted via second address and first port
   number.

• Endpoints are sorted via port numbers.

• IPv6 addresses are sorted correctly after IPv4 addresses.

• The dialog elements have been moved to make it easier to
   handle for new users.

• Selection of tap elements is done via a list.

• All configurations and options are done via a left side button
   row.

• Columns for the Conversations and Endpoint dialogs can be
   hidden by a context menu.

• TCP and UDP conversations now include the stream ID and allow
   filtering on it.

   The following features are new (or have been significantly updated)
   since version 3.6.0:

 • The Windows installers now ship with Npcap 1.60. They previously
   shipped with Npcap 1.55.

 • The Windows installers now ship with Qt 6.2.4. They previously
   shipped with Qt 5.12.2.

 • The display filter syntax has been updated and enhanced:

• A syntax to match a specific layer in the protocol stack has
   been added. For example in an IP-over-IP packet “ip.addr#1 ==
   1.1.1.1” matches the outer layer addresses and “ip.addr#2 ==
   1.1.1.2” matches the inner layer addresses.

• Universal quantifiers "any" and "all" have been added to any
   relational operator. For example the expression "all tcp.port >
   1024" is true if and only if all tcp.port fields match the
   condition. Previously only the default behaviour to return true
   if any one field matches was supported.

• Field references, of the form ${some.field}, are now part of
   the syntax of display filters. 

Re: [Wireshark-dev] Wiki: Backporting A Change To A Release Branch

[Gerald Combs]

Did you clone your repository with `--single-branch`? If so you might need to 
run `git fetch upstream release-4.0`.

On 9/26/22 1:00 PM, chuck c wrote:

wireshark$ git remote -v
downstream      g...@gitlab.com:chuckcraft/wireshark.git (fetch)
downstream      g...@gitlab.com:chuckcraft/wireshark.git (push)
upstream        g...@gitlab.com:wireshark/wireshark.git (fetch)
upstream        g...@gitlab.com:wireshark/wireshark.git (push)

wireshark$ git branch -r -l | grep -i upstream
   upstream/master

wireshark$ git checkout -b github_4_0_qt6 upstream/release-4.0
fatal: 'upstream/release-4.0' is not a commit and a branch 'github_4_0_qt6' 
cannot be created from it

(link to the wiki page the original email referenced: 
https://wiki.wireshark.org/Development/SubmittingPatches#backporting-a-change-to-a-release-branch
 
)

On Mon, Sep 26, 2022 at 2:43 PM Jaap Keuter mailto:jaap.keu...@xs4all.nl>> wrote:

Hi,

Yes, the text is still relevant, in case you’re looking to back port a 
change from master to release-X.Y.

What you’re seem to be looking at is making a change in release-4.0 only.
So, checkout release-4.0 first. Then create a branch from that and put your 
change on there and push that.

Regards,
Jaap



On 26 Sep 2022, at 00:52, chuck c mailto:bubbas...@gmail.com>> wrote:

Is this section of the Wiki still accurate?

(substituting  "release-4.0" for "master-X.Y"

"Create and checkout a new branch with a name related to the type of change 
(e.g. the bug number you're fixing or the dissector you're working on):
  git checkout -b my-branch-name upstream/master-X.Y
where "master-X.Y" is the release branch to which to backport the change.

This creates a branch named "my-branch-name" based on the master-X.Y branch in 
the official repository."

Or how best to make a change to:

https://gitlab.com/wireshark/wireshark/-/blob/release-4.0/.github/workflows/windows.yml
 

that doesn't apply to master.

thanks
chuckc
___
Sent via:    Wireshark-dev mailing list mailto:wireshark-dev@wireshark.org>>
Archives: https://www.wireshark.org/lists/wireshark-dev 

Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev 

mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe 



___
Sent via:    Wireshark-dev mailing list mailto:wireshark-dev@wireshark.org>>
Archives: https://www.wireshark.org/lists/wireshark-dev 

Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev 

              mailto:wireshark-dev-requ...@wireshark.org 
?subject=unsubscribe


___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
  mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe


___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Wireshark 3.6.8 is now available

[Gerald Combs]

I'm proud to announce the release of Wireshark 3.6.8.


 What is Wireshark?

  Wireshark is the world’s most popular network protocol analyzer. It is
  used for troubleshooting, analysis, development and education.

 What’s New

 Note: This is the last release branch with support for 32-bit Windows.
 Updates will no longer be available after May 22, 2024 for that
 platform. Issue 17779[1]

  Bug Fixes

   The following vulnerabilities have been fixed:

 • wnpa-sec-2022-06[2] F5 Ethernet Trailer dissector infinite loop.
   Issue 18307[3].

   The following bugs have been fixed:

 • TCAP Malformed exception on externally re-assembled packet Issue
   10515[4].

 • Extended 3GPP-GPRS-Negotiated-QoS-profile strings decoded
   incompletely Issue 10688[5].

 • HTTP2 dissector decodes first SSL record only Issue 11173[6].

 • L2TP improvements - cookie length detection, UDP encapsulation
   and more Issue 16565[7].

 • USB Truncation of URB_isochronous in frames Issue 18021[8].

 • ISUP/BICC parameter summary text duplication Issue 18094[9].

 • Running rpm-setup.sh shows missing packages that Centos does not
   need Issue 18166[10].

 • IPX/IPX RIP: Crash on expand subtree Issue 18234[11].

 • Qt: A file or packet comment that is too large will corrupt the
   pcapng file Issue 18235[12].

 • BGP dissector bug Issue 18248[13].

 • Wrong interpretation of the cbsp.rep_period field in
   epan/dissectors/packet-gsm_cbsp.c Issue 18254[14].

 • Assertion due to incorrect mask for btatt.battery_power_state.*
   Issue 18267[15].

 • Qt: Expert Info dialog not showing Malformed Frame when Frame
   length is less than captured length Issue 18312[16].

 • Wireshark and tshark become non-responsive when reading certain
   packets Issue 18313[17].

  New and Updated Features

  New Protocol Support

   There are no new protocols in this release.

  Updated Protocol Support

   BGP, BICC, BT ATT, CBSP, Couchbase, F5 Ethernet Trailer, Frame, GTP,
   GTP (prime), IPsec, ISUP, L2TP, NAS-5GS, Protobuf, SCCP, TCP, and TLS

  New and Updated Capture File Support

   pcap, pcapng

  New File Format Decoding Support

   There is no new or updated file format support in this release.

 Getting Wireshark

  Wireshark source code and installation packages are available from
  https://www.wireshark.org/download.html.

  Vendor-supplied Packages

   Most Linux and Unix vendors supply their own Wireshark packages. You
   can usually install or upgrade Wireshark using the package management
   system specific to that platform. A list of third-party packages can
   be found on the download page[18] on the Wireshark web site.

 File Locations

  Wireshark and TShark look in several different locations for
  preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
  locations vary from platform to platform. You can use "Help › About
  Wireshark › Folders" or `tshark -G folders` to find the default
  locations on your system.

 Getting Help

  The User’s Guide, manual pages and various other documentation can be
  found at https://www.wireshark.org/docs/

  Community support is available on Wireshark’s Q site[19] and on the
  wireshark-users mailing list. Subscription information and archives
  for all of Wireshark’s mailing lists can be found on the web site[20].

  Bugs and feature requests can be reported on the issue tracker[21].

 Frequently Asked Questions

  A complete FAQ is available on the Wireshark web site[22].

 References

   1. https://gitlab.com/wireshark/wireshark/-/issues/17779
   2. https://www.wireshark.org/security/wnpa-sec-2022-06
   3. https://gitlab.com/wireshark/wireshark/-/issues/18307
   4. https://gitlab.com/wireshark/wireshark/-/issues/10515
   5. https://gitlab.com/wireshark/wireshark/-/issues/10688
   6. https://gitlab.com/wireshark/wireshark/-/issues/11173
   7. https://gitlab.com/wireshark/wireshark/-/issues/16565
   8. https://gitlab.com/wireshark/wireshark/-/issues/18021
   9. https://gitlab.com/wireshark/wireshark/-/issues/18094
  10. https://gitlab.com/wireshark/wireshark/-/issues/18166
  11. https://gitlab.com/wireshark/wireshark/-/issues/18234
  12. https://gitlab.com/wireshark/wireshark/-/issues/18235
  13. https://gitlab.com/wireshark/wireshark/-/issues/18248
  14. https://gitlab.com/wireshark/wireshark/-/issues/18254
  15. https://gitlab.com/wireshark/wireshark/-/issues/18267
  16. https://gitlab.com/wireshark/wireshark/-/issues/18312
  17. https://gitlab.com/wireshark/wireshark/-/issues/18313
  18. https://www.wireshark.org/download.html
  19. https://ask.wireshark.org/
  20. https://www.wireshark.org/lists/
  21. https://gitlab.com/wireshark/wireshark/-/issues
  22. https://www.wireshark.org/faq.html


Digests

wireshark-3.6.8.tar.xz: 39942580 bytes
SHA256(wireshark-3.6.8.tar.xz)=67ab23ee09a646ab8cc0ddcc985209f24f253337461e3d9644c6cfe1c097260c

[Wireshark-dev] wireshark-dev resubscription requested

[Gerald Combs]

Hi all,

As per the message below, this is your reminder that you are about to be 
unsubscribed from wireshark-dev. If you wish to continue to receive emails from 
this list, please visit

https://www.wireshark.org/mailman/listinfo/wireshark-dev

and resubscribe. Thank you for your time and patience in this matter.

> As you may have heard, the Wireshark project is now sponsored by Sysdig, Inc. 
> ("Sysdig"). As part of this acquisition, Sysdig will operate Wireshark's 
> infrastructure, including this mailing list and you must renew your 
> subscription to this list in order to continue to receive emails.
>
> On Monday, March 7 at 10:00 am PST / 6:00 pm UTC, I will resend this message 
> as a reminder, then unsubscribe everyone from the following mailing lists:
>
> wireshark-announce
> wireshark-bugs
> wireshark-commits
> wireshark-dev
> wireshark-users
>
> At that point, if you wish to continue receiving emails from this list you 
> must go to
>
> https://www.wireshark.org/mailman/listinfo/wireshark-dev
>
> and re-subscribe.
>
> I've opened a ticket to track any issues related to this at
>
> https://gitlab.com/wireshark/wireshark/-/issues/17978
>
> If you have any questions, feel free to ask in the ticket or contact me 
> directly.
>
> If you're subscribed to multiple lists, I'd like to apologize in advance for 
> the multiple copies of this message coming your way.

--

Gerald Combs 
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] wireshark-dev resubscription requested

[Gerald Combs]

Hi all,

As you may have heard, the Wireshark project is now sponsored by Sysdig, Inc. 
("Sysdig"). As part of this acquisition, Sysdig will operate Wireshark's 
infrastructure, including this mailing list and you must renew your subscription to this 
list in order to continue to receive emails.

On Monday, March 7, I will resend this message as a reminder, then unsubscribe 
everyone from the following mailing lists:

wireshark-announce
wireshark-bugs
wireshark-commits
wireshark-dev
wireshark-users

At that point, if you wish to continue receiving emails from this list you must 
go to

https://www.wireshark.org/mailman/listinfo/wireshark-dev

and re-subscribe.

I've opened a ticket to track any issues related to this at

https://gitlab.com/wireshark/wireshark/-/issues/17978

If you have any questions, feel free to ask in the ticket or contact me 
directly.

If you're subscribed to multiple lists, I'd like to apologize in advance for 
the multiple copies of this message coming your way.
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Wireshark 3.4.12 is now available

[Gerald Combs]

I'm proud to announce the release of Wireshark 3.4.12.


 What is Wireshark?

  Wireshark is the world’s most popular network protocol analyzer. It is
  used for troubleshooting, analysis, development and education.

 What’s New

  Bug Fixes

   The following vulnerabilities have been fixed:

 • wnpa-sec-2021-22[1] Kafka dissector infinite loop. Issue
   17811[2].

 • wnpa-sec-2022-01[3] RTMPT dissector infinite loop. Issue
   17813[4].

 • wnpa-sec-2022-02[5] Large loops in multiple dissectors. Issue
   17829[6], Issue 17842[7], Issue 17847[8], Issue 17855[9], Issue
   17891[10], Issue 17925[11], Issue 17926[12], Issue 17931[13],
   Issue 17932[14], Issue 17933[15].

 • wnpa-sec-2022-03[16] PVFS dissector crash. Issue 17840[17].

 • wnpa-sec-2022-04[18] CSN.1 dissector crash. Issue 17882[19].

 • wnpa-sec-2022-05[20] CMS dissector crash. Issue 17935[21].

   The following bugs have been fixed:

 • Support for GSM SMS TPDU in HTTP2 body Issue 17784[22].

 • macos-setup.sh: ftp.pcre.org no longer exists Issue 17834[23].

 • MPLS ECHO FEC stack change TLV not dissected correctly Issue
   17868[24].

 • Dissector bug on 802.11ac packets Issue 17878[25].

 • The Info column shows only one NGAP/S1AP packet of several
   packets inside an SCTP packet Issue 17886[26].

 • Fuzz job crash output: fuzz-2022-01-26-6940.pcap Issue 17909[27].

  New and Updated Features

  New Protocol Support

   There are no new protocols in this release.

  Updated Protocol Support

   AMP, ASN.1 PER, ATN-ULCS, BP, CMS, CSN.1, GDSDB, GSM RP, GTP, IEEE
   802.11 Radiotap, IPDC, ISAKMP, Kafka, MP2T, MPEG SECT, MPLS ECHO,
   NGAP, OpenFlow 1.4, OpenFlow 1.5, P_MUL, PN-RT, PROXY, PVFS, RSL,
   RTMPT, rtnetlink, S1AP, TDS, WAP, and ZigBee ZCL

  New and Updated Capture File Support

   There is no new or updated capture file support in this release.

 Getting Wireshark

  Wireshark source code and installation packages are available from
  https://www.wireshark.org/download.html.

  Vendor-supplied Packages

   Most Linux and Unix vendors supply their own Wireshark packages. You
   can usually install or upgrade Wireshark using the package management
   system specific to that platform. A list of third-party packages can
   be found on the download page[28] on the Wireshark web site.

 File Locations

  Wireshark and TShark look in several different locations for
  preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
  locations vary from platform to platform. You can use About → Folders
  to find the default locations on your system.

 Getting Help

  The User’s Guide, manual pages and various other documentation can be
  found at https://www.wireshark.org/docs/

  Community support is available on Wireshark’s Q site[29] and on the
  wireshark-users mailing list. Subscription information and archives
  for all of Wireshark’s mailing lists can be found on the web site[30].

  Issues and feature requests can be reported on the issue tracker[31].

 Frequently Asked Questions

  A complete FAQ is available on the Wireshark web site[32].

  Last updated 2022-02-10 18:45:05 UTC

 References

   1. https://www.wireshark.org/security/wnpa-sec-2021-22
   2. https://gitlab.com/wireshark/wireshark/-/issues/17811
   3. https://www.wireshark.org/security/wnpa-sec-2022-01
   4. https://gitlab.com/wireshark/wireshark/-/issues/17813
   5. https://www.wireshark.org/security/wnpa-sec-2022-02
   6. https://gitlab.com/wireshark/wireshark/-/issues/17829
   7. https://gitlab.com/wireshark/wireshark/-/issues/17842
   8. https://gitlab.com/wireshark/wireshark/-/issues/17847
   9. https://gitlab.com/wireshark/wireshark/-/issues/17855
  10. https://gitlab.com/wireshark/wireshark/-/issues/17891
  11. https://gitlab.com/wireshark/wireshark/-/issues/17925
  12. https://gitlab.com/wireshark/wireshark/-/issues/17926
  13. https://gitlab.com/wireshark/wireshark/-/issues/17931
  14. https://gitlab.com/wireshark/wireshark/-/issues/17932
  15. https://gitlab.com/wireshark/wireshark/-/issues/17933
  16. https://www.wireshark.org/security/wnpa-sec-2022-03
  17. https://gitlab.com/wireshark/wireshark/-/issues/17840
  18. https://www.wireshark.org/security/wnpa-sec-2022-04
  19. https://gitlab.com/wireshark/wireshark/-/issues/17882
  20. https://www.wireshark.org/security/wnpa-sec-2022-05
  21. https://gitlab.com/wireshark/wireshark/-/issues/17935
  22. https://gitlab.com/wireshark/wireshark/-/issues/17784
  23. https://gitlab.com/wireshark/wireshark/-/issues/17834
  24. https://gitlab.com/wireshark/wireshark/-/issues/17868
  25. https://gitlab.com/wireshark/wireshark/-/issues/17878
  26. https://gitlab.com/wireshark/wireshark/-/issues/17886
  27. https://gitlab.com/wireshark/wireshark/-/issues/17909
  28. https://www.wireshark.org/download.html#thirdparty
  29. https://ask.wireshark.org/
  30. https://www.wireshark.org/lists/
  31. https://gitlab.com/wireshark/wireshark/-/issues
  

[Wireshark-dev] Wireshark 3.6.2 is now available

[Gerald Combs]

I'm proud to announce the release of Wireshark 3.6.2.


 What is Wireshark?

  Wireshark is the world’s most popular network protocol analyzer. It is
  used for troubleshooting, analysis, development and education.

 What’s New

  Bug Fixes

   The following vulnerabilities have been fixed:

 • wnpa-sec-2022-01[1] RTMPT dissector infinite loop. Issue
   17813[2].

 • wnpa-sec-2022-02[3] Large loops in multiple dissectors. Issue
   17829[4], Issue 17842[5], Issue 17847[6], Issue 17855[7], Issue
   17891[8], Issue 17925[9], Issue 17926[10], Issue 17931[11], Issue
   17932[12], Issue 17933[13].

 • wnpa-sec-2022-03[14] PVFS dissector crash. Issue 17840[15].

 • wnpa-sec-2022-04[16] CSN.1 dissector crash. Issue 17882[17].

 • wnpa-sec-2022-05[18] CMS dissector crash. Issue 17935[19].

   The following bugs have been fixed:

 • Support for GSM SMS TPDU in HTTP2 body Issue 17784[20].

 • Wireshark 3.6.1 broke the ABI by removing ws_log_default_writer
   from libwsutil Issue 17822[21].

 • Fedora RPM package build failing with RPATH of /usr/local/lib64
   Issue 17830[22].

 • macos-setup.sh: ftp.pcre.org no longer exists Issue 17834[23].

 • nmap.org/npcap → npcap.com: domain/URL change Issue 17838[24].

 • MPLS ECHO FEC stack change TLV not dissected correctly Issue
   17868[25].

 • Attempting to open a systemd journal export file segfaults Issue
   17875[26].

 • Dissector bug on 802.11ac packets Issue 17878[27].

 • The Info column shows only one NGAP/S1AP packet of several
   packets inside an SCTP packet Issue 17886[28].

 • Uninstalling Wireshark 3.6.1 on Windows 10 fails to remove the
   installation directory because it doesn’t remove the User’s Guide
   subdirectory and all its contents. Issue 17898[29].

 • 3.6 doesn’t build without zlib Issue 17899[30].

 • SIP Statistics no longer properly reporting method type
   accounting Issue 17904[31].

 • Fuzz job crash output: fuzz-2022-01-26-6940.pcap Issue 17909[32].

 • SCTP retransmission detection broken for the first data chunk of
   each association with relative TSN Issue 17917[33].

 • “Show In Folder” doesn’t work correctly for filenames with spaces
   Issue 17927[34].

  New and Updated Features

  New Protocol Support

   There are no new protocols in this release.

  Updated Protocol Support

   AMP, ASN.1 PER, ATN-ULCS, BGP, BP, CFLOW, CMS, CSN.1, GDSDB, GSM RP,
   GTP, HTTP3, IEEE 802.11 Radiotap, IPDC, ISAKMP, Kafka, MP2T, MPEG
   PES, MPEG SECT, MPLS ECHO, NGAP, NTLMSSP, OpenFlow 1.4, OpenFlow 1.5,
   P_MUL, PN-RT, PROXY, PTP, PVFS, RSL, RTMPT, rtnetlink, S1AP, SCTP,
   Signal PDU, SIP, TDS, USB, WAP, and ZigBee ZCL

  New and Updated Capture File Support

   BLF and libpcap

  New File Format Decoding Support

   There is no new or updated file format support in this release.

 Getting Wireshark

  Wireshark source code and installation packages are available from
  https://www.wireshark.org/download.html.

  Vendor-supplied Packages

   Most Linux and Unix vendors supply their own Wireshark packages. You
   can usually install or upgrade Wireshark using the package management
   system specific to that platform. A list of third-party packages can
   be found on the download page[35] on the Wireshark web site.

 File Locations

  Wireshark and TShark look in several different locations for
  preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
  locations vary from platform to platform. You can use Help › About
  Wireshark › Folders or tshark -G folders to find the default locations
  on your system.

 Getting Help

  The User’s Guide, manual pages and various other documentation can be
  found at https://www.wireshark.org/docs/

  Community support is available on Wireshark’s Q site[36] and on the
  wireshark-users mailing list. Subscription information and archives
  for all of Wireshark’s mailing lists can be found on the web site[37].

  Bugs and feature requests can be reported on the issue tracker[38].

 Frequently Asked Questions

  A complete FAQ is available on the Wireshark web site[39].

  Last updated 2022-02-10 18:32:36 UTC

 References

   1. https://www.wireshark.org/security/wnpa-sec-2022-01
   2. https://gitlab.com/wireshark/wireshark/-/issues/17813
   3. https://www.wireshark.org/security/wnpa-sec-2022-02
   4. https://gitlab.com/wireshark/wireshark/-/issues/17829
   5. https://gitlab.com/wireshark/wireshark/-/issues/17842
   6. https://gitlab.com/wireshark/wireshark/-/issues/17847
   7. https://gitlab.com/wireshark/wireshark/-/issues/17855
   8. https://gitlab.com/wireshark/wireshark/-/issues/17891
   9. https://gitlab.com/wireshark/wireshark/-/issues/17925
  10. https://gitlab.com/wireshark/wireshark/-/issues/17926
  11. https://gitlab.com/wireshark/wireshark/-/issues/17931
  12. https://gitlab.com/wireshark/wireshark/-/issues/17932
  13. 

Re: [Wireshark-dev] Future of Wireshark's shared library ABI stability

[Gerald Combs]

If I understand the discussion in issue 17822 and here, we're looking at the 
following questions (feel free to correct me where needed):

Q: Should we commit to a stable ABI between minor releases?

I think everyone agrees that we should, or at least that it's a worthwhile goal.

Q: Should *wsutil* be part of that stable ABI?

Debian, Ubuntu and (according to rpmfind.net) OpenSuSE and Mageia treat it as 
such. It would be helpful to know what non-Wireshark packages depend on wsutil 
in those distributions and elsewhere.

Q: What's the best way to ensure stability?

That's a tricky one. We did so in the past using abi-compliance-checker, but 
that was removed in 6e5ba74b. I think it would be worthwhile to try adding it 
back in a more simplified form for release branches, but I'm not sure when I 
would have time to work on that.

On 1/20/22 7:29 AM, Roland Knall wrote:

For clarification: " but the change should most certainly happen with a version 
beyond 3.6" means, that the break should be reverted for 3.6.x, but it should be put 
in place for -dev to be in the next major release

cheers

Am Do., 20. Jan. 2022 um 16:28 Uhr schrieb Roland Knall mailto:rkn...@gmail.com>>:

I think it is reasonable to assume that libraries provided with the project 
are being used by external programs. I know one utility which is being used in 
a rather closed-off community (but nonetheless widely adopted by around 200-300 
people), which got broken by this. Their solution is to stay on 3.4 until 
either 3.6 is fixed or the utility (which probably will be done in this case).

I also think it is the right thinking to allow libraries and more 
specifically ABI breaks between releases. But those should never occur in a 
maintenance release, which is what happened here if I got the gist of it. If 
the break would be between 3.4.x and 3.6.0 it would be fine by me. But breaking 
between 3.6.0 and 3.6.1 should not happen. I consider this an issue that must 
be fixed - but the change should most certainly happen with a version beyond 
3.6.

And just additionally my 2 cents. Please always consider that although the 
download rates of Wireshark are mind-blowing and wonderful, the adoption within 
companies might be even greater with special build versions. There exists many 
reasons for those versions, be it not enough resources available to bring 
changes to mainline or having code and adaptations which are for whatever 
(legal mostly) reasons not able to be publicly available. Changes like these i 
would see as a risk to those practices, and one of the reasons Wireshark has 
such a good standing within the community are our policies for long-time 
stability and maintainability.

Just my own thoughts on this.
cheers
Roland

Am Do., 20. Jan. 2022 um 13:42 Uhr schrieb Bálint Réczey mailto:bal...@balintreczey.hu>>:

Hi All,

João shared his opinion about the project's commitment to maintain
stable shared library ABI within stable branches:
https://gitlab.com/wireshark/wireshark/-/issues/17822 


I believe the current practice is reasonable and beneficial enough for
many parties to warrant the work, but I could be wrong.

Comments are welcome.

Cheers,
Balint

___
Sent via:    Wireshark-dev mailing list mailto:wireshark-dev@wireshark.org>>
Archives: https://www.wireshark.org/lists/wireshark-dev 

Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev 

              mailto:wireshark-dev-requ...@wireshark.org 
?subject=unsubscribe


___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
  mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe


___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Visual Studio 2022

[Gerald Combs]

On 1/15/22 4:37 AM, Guy Harris wrote:

On Jan 15, 2022, at 3:09 AM, Gisle Vanem  wrote:


Anders Broman wrote:


Hi,
Yes sounds like a good idea. Have been contemplating testing it too.


I just installed the "Build Tools for Visual Studio 2022"
  
https://visualstudio.microsoft.com/downloads/#build-tools-for-visual-studio-2022


"These Build Tools allow you to build Visual Studio projects from a command-line 
interface."

Does that mean

this is Visual Studio without the "Visual", i.e. it's all the 
command-line tools, but without the IDE

or

if you just install Visual Studio, you don't get the command-line tools 
- you also have to install this?

The former sounds like "Command Line Tools for Xcode {version}" on macOS or "don't 
install any IDE" on the free-software UN*Xes (I don't know whether Oracle Studio offers that).

The latter seems less likely, as I think most IDEs either run the 
compiler/linker/other tools directly or run some builder program (make, 
msbuild, etc.) that runs the compiler/linker/other tools, but I guess if the 
core of the compiler/linker are in libraries that the command-line tools link 
with and that an IDE program could link with as well (say hello, LLVM), it 
would be possible.


The Developer's Guide recommends installing the Native Desktop workload. 
Reading through the list of components at

https://docs.microsoft.com/en-us/visualstudio/install/workload-component-id-vs-build-tools?view=vs-2022#desktop-development-with-c

it looks like Microsoft.VisualStudio.Component.VC.CoreBuildTools corresponds to 
"Build Tools for Visual Studio 2022" and 
Microsoft.VisualStudio.Component.VC.Tools.x86.x64 includes the compiler.


I set up my environment by running


choco install -y visualstudio2022community 
visualstudio2022-workload-nativedesktop
C:\Program Files\Microsoft Visual 
Studio\2022\Community\VC\Auxiliary\Build\vcvars64.bat


The first line of `cl.exe /?` returns


Microsoft (R) C/C++ Optimizing Compiler Version 19.30.30706 for x64

___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Visual Studio 2022

[Gerald Combs]

Would it make sense to migrate the master GitLab builds to Visual Studio 2022? 
I was able to build Wireshark with it on my Windows development VM and didn't 
run into any obvious problems.
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] We have a new sponsor!

[Gerald Combs]

Hi all,

In case you missed today's big announcement we have a new sponsor (and I have a 
new employer), Sysdig:

https://blog.wireshark.org/2022/01/we-have-a-new-sponsor/

https://sysdig.com/press-releases/creator-of-wireshark-joins-sysdig-to-extend-the-open-source-project-for-cloud-security/

As I mentioned in my blog post, it's great to work with Loris again, and he and 
Sysdig are committed to supporting Wireshark and its community, including 
hosting SharkFest. If you have any questions please don't hesitate to reply to 
this message or contact me directly. I can also answer any questions you might 
have at our next Developer Den:

https://www.wireshark.org/lists/wireshark-dev/202201/msg00012.html
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Remote Developer Den, February 2022

[Gerald Combs]

Hi all,

I've scheduled the next remote Developer Den for Tuesday, February 1st. This is 
a remote version of the Developer Den at SharkFest, a room that is set aside 
for office hours where everyone is welcome to stop in, say hello, ask 
questions, etc.

The link below has a "join from browser" option, so it should be possible to 
connect without installing Zoom's client.

----

Gerald Combs is inviting you to a scheduled Zoom meeting.

Topic: Wireshark Developer Den
Time: Feb 1, 2022 09:00 AM Pacific Time (US and Canada)

Join Zoom Meeting
https://zoom.us/j/92147153080?pwd=MTljOUdIUktlRDZLRDRHR2NOVnlYdz09

Meeting ID: 921 4715 3080
Passcode: 332386
One tap mobile
+16699009128,,92147153080#*332386# US (San Jose)
+12532158782,,92147153080#*332386# US (Tacoma)

Dial by your location
+1 669 900 9128 US (San Jose)
+1 253 215 8782 US (Tacoma)
+1 346 248 7799 US (Houston)
+1 646 558 8656 US (New York)
+1 301 715 8592 US (Washington DC)
+1 312 626 6799 US (Chicago)
+1 587 328 1099 Canada
+1 647 374 4685 Canada
+1 647 558 0588 Canada
+1 778 907 2071 Canada
+1 204 272 7920 Canada
+1 438 809 7799 Canada
+45 32 72 80 10 Denmark
+45 32 72 80 11 Denmark
+45 47 37 25 75 Denmark
+45 89 88 37 88 Denmark
+45 32 70 12 06 Denmark
+45 32 71 31 57 Denmark
+33 1 7037 2246 France
+33 1 7037 9729 France
+33 1 7095 0103 France
+33 1 7095 0350 France
+33 1 8699 5831 France
+49 69 5050 0951 Germany
+49 69 5050 0952 Germany
+49 695 050 2596 Germany
+49 69 7104 9922 Germany
+49 69 3807 9883 Germany
+49 69 3807 9884 Germany
+43 120 609 3072 Austria
+43 12 535 501 Austria
+43 12 535 502 Austria
+43 670 309 0165 Austria
+43 72 011 5988 Austria
+44 208 080 6591 United Kingdom
+44 208 080 6592 United Kingdom
+44 330 088 5830 United Kingdom
+44 131 460 1196 United Kingdom
+44 203 481 5237 United Kingdom
+44 203 481 5240 United Kingdom
+44 203 901 7895 United Kingdom
+81 524 564 439 Japan
+81 3 4578 1488 Japan
+81 363 628 317 Japan
+47 2400 4735 Norway
+47 2400 4736 Norway
+46 8 5050 0828 Sweden
+46 8 5050 0829 Sweden
+46 8 5052 0017 Sweden
+46 850 539 728 Sweden
+46 8 4468 2488 Sweden
+46 8 5016 3827 Sweden
Meeting ID: 921 4715 3080
Passcode: 332386
Find your local number: https://zoom.us/u/adcjvzOGNN

___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] wslog, windows, pytest, and heap corruption

[Gerald Combs]

On 12/29/21 5:15 PM, John Thacker wrote:

I was working on a MR for moving the text2pcap/text_import debug over to the 
ws_log features and I ran into a seemingly bizarre problem. Setting the log 
level to a non-default value causes the pytest procedures to fail with heap 
corruption on the Gitlab Windows CI.

Some of the text2pcap pytests depend on grepping through the stderr output for some of the debug information. 
Those tests originally passed the -d flag to text2pcap, so I replaced it with setting the log level to 
"debug" (and later "info") with the standard "--log-level debug" argument read 
by ws_log_parse_args().

On Windows (but not Linux or MacOS, not clang or gcc, nor with either using 
ASAN), those tests which set the log level (and only those tests) started 
failing with a return code of 0xc374, heap corruption.

As I looked into it closer, all the debug information that those tests used ought to be logged at 
"warning" or "message," which are at the default log level, so I was able to 
remove that flag, and then it passed.

It looks like it might be related to some of the things discussed here, though 
I'm not 100% sure because I'm not a Windows programmer:

https://discuss.wxpython.org/t/heap-corruption-on-windows/35583 

https://bugs.python.org/issue36792 
https://bugs.python.org/issue37945 

There's some kind of issue seen in Python 3.8 and higher, with Windows 10 build 
1809 (which is a long term support build that is what the CI build server 
uses), with UTF-8 locales, with log systems that get system locale information 
and print dates, the Windows 10 Universal CRT, and heap corruption.

It might have something to do with the tests spawning a lot of subprocesses in 
parallel and setting the log level to a different value eventually calling 
free_log_filter() from ws_log_set_debug_filter().

John Thacker


Is https://gitlab.com/wireshark/wireshark/-/pipelines/438735249 one of the 
pipelines that failed? If so, it looks like Wireshark is crashing and Python is 
complaining about its return code:


Traceback (most recent call last):
  File "C:\builds\wireshark\wireshark\test\fixtures.py", line 54, in wrapped
test_fn(self, *fixtures)
  File "C:\builds\wireshark\wireshark\test\suite_text2pcap.py", line 186, in 
test_text2pcap_ikev1_certs_pcap
check_text2pcap(self, 'ikev1-certs.pcap', 'pcap')
  File "C:\builds\wireshark\wireshark\test\suite_text2pcap.py", line 144, in 
check_text2pcap_real
self.assertRun(text2pcap_cmd, shell=True)
  File "C:\builds\wireshark\wireshark\test\subprocesstest.py", line 304, in 
assertRun
self.assertEqual(process.returncode, expected_return)
AssertionError: 3221226356 != 0


Just a wild guess, but maybe we need to call setlocale at the beginning of 
text2pcap similar to our other executables?
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Wireshark 3.6.1 is now available

[Gerald Combs]

I'm proud to announce the release of Wireshark 3.6.1.


 What is Wireshark?

  Wireshark is the world’s most popular network protocol analyzer. It is
  used for troubleshooting, analysis, development and education.

 What’s New

  Bug Fixes

   The following vulnerabilities have been fixed:

 • wnpa-sec-2021-17[1] RTMPT dissector infinite loop. Issue
   17745[2]. CVE-2021-4185[3].

 • wnpa-sec-2021-18[4] BitTorrent DHT dissector infinite loop. Issue
   17754[5]. CVE-2021-4184[6].

 • wnpa-sec-2021-19[7] pcapng file parser crash. Issue 17755[8].
   CVE-2021-4183[9].

 • wnpa-sec-2021-20[10] RFC 7468 file parser infinite loop. Issue
   17801[11]. CVE-2021-4182[12].

 • wnpa-sec-2021-21[13] Sysdig Event dissector crash.
   CVE-2021-4181[14].

 • wnpa-sec-2021-22[15] Kafka dissector infinite loop. Issue
   17811[16].

   The following bugs have been fixed:

 • Allow sub-second timestamps in hexdumps Issue 15562[17].

 • GRPC: An unnecessary empty Protobuf tree item is displayed if the
   GRPC message body length is 0 Issue 17675[18].

 • Can’t install "ChmodBPF.pkg" or "Add Wireshark to the system
   path.pkg" on M1 MacBook Air Monterey without Rosetta 2 Issue
   17757[19].

 • TECMP: LIN Payload is cut off by 1 byte Issue 17760[20].

 • Wireshark crashes if a 64 bit field of type BASE_CUSTOM is
   applied as a column Issue 17762[21].

 • Command line option "-o console.log.level" causes wireshark and
   tshark to exit on start Issue 17763[22].

 • Setting WIRESHARK_LOG_LEVEL=debug breaks interface capture Issue
   17764[23].

 • Unable to build without tshark Issue 17766[24].

 • IEEE 802.11 action frames are not getting parsed and always seen
   as malformed Issue 17767[25].

 • IEC 60870-5-101 link address field is 1 byte, but should have
   configurable length of 0,1 or 2 bytes Issue 17775[26].

 • dfilter: 'tcp.port not in {1}' crashes Wireshark Issue 17785[27].

  New and Updated Features

 • The 'console.log.level' preference was removed in Wireshark
   3.6.0. This release adds an '-o console.log.level:'
   backward-compatibilty option on the CLI that maps to the new
   logging sub-system. Note that this does not have bitmask
   semantics and does not correspond to any actual preference. It is
   just a transition mechanism for users that were relying on this
   CLI option and will be removed in the future. To see the new
   diagnostic output options consult the manpages or the output of
   '--help'.

  New Protocol Support

   There are no new protocols in this release.

  Updated Protocol Support

   ANSI A I/F, AT, BitTorrent DHT, FF, GRPC, IEC 101/104, IEEE 802.11,
   IEEE 802.11 Radiotap, IPsec, Kafka, QUIC, RTMPT, RTSP, SRVLOC, Sysdig
   Event, and TECMP

  New and Updated Capture File Support

   BLF and RFC 7468

  New File Format Decoding Support

   There is no new or updated file format support in this release.

 Getting Wireshark

  Wireshark source code and installation packages are available from
  https://www.wireshark.org/download.html.

  Vendor-supplied Packages

   Most Linux and Unix vendors supply their own Wireshark packages. You
   can usually install or upgrade Wireshark using the package management
   system specific to that platform. A list of third-party packages can
   be found on the download page[28] on the Wireshark web site.

 File Locations

  Wireshark and TShark look in several different locations for
  preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
  locations vary from platform to platform. You can use Help › About
  Wireshark › Folders or tshark -G folders to find the default locations
  on your system.

 Getting Help

  The User’s Guide, manual pages and various other documentation can be
  found at https://www.wireshark.org/docs/

  Community support is available on Wireshark’s Q site[29] and on the
  wireshark-users mailing list. Subscription information and archives
  for all of Wireshark’s mailing lists can be found on the web site[30].

  Bugs and feature requests can be reported on the issue tracker[31].

 Frequently Asked Questions

  A complete FAQ is available on the Wireshark web site[32].

  Last updated 2021-12-29 19:11:55 UTC

 References

   1. https://www.wireshark.org/security/wnpa-sec-2021-17
   2. https://gitlab.com/wireshark/wireshark/-/issues/17745
   3. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4185
   4. https://www.wireshark.org/security/wnpa-sec-2021-18
   5. https://gitlab.com/wireshark/wireshark/-/issues/17754
   6. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4184
   7. https://www.wireshark.org/security/wnpa-sec-2021-19
   8. https://gitlab.com/wireshark/wireshark/-/issues/17755
   9. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4183
  10. https://www.wireshark.org/security/wnpa-sec-2021-20
  11. 

Re: [Wireshark-dev] Windows build fails

[Gerald Combs]

In my Windows VM I did the following:

- Opened "Visual Studio Installer".
- In the Visual Studio 2019 box, clicked "Modify".
- In the "Installation Details" list on the right, checked the highest-numbered SDK, 
which was "Windows 11 SDK (10.0.22000.0)" and made sure any other Windows SDKs were 
unchecked.
- Muttered under my breath about 2021 being 10 whole years after 2011 and maybe 
Microsoft should have added C11 support a long time ago.

On 12/17/21 2:11 PM, chuck c wrote:

Any recommendations for upgrading the pieces for a "pet" build environment vs the CI/CD 
"cattle" method?

https://www.wireshark.org/docs/wsdg_html/#_windows_platform_sdk 
<https://www.wireshark.org/docs/wsdg_html/#_windows_platform_sdk>
"4.5.5. Windows Platform SDK
The Windows Platform SDK (PSDK) or Windows SDK is a free (as in beer) download 
and contains platform specific headers and libraries (e.g. windows.h, 
WSock32.lib, etc.).
As new Windows features evolve in time, updated SDKs become available that 
include new and updated APIs.

When you purchase a commercial Visual Studio or use the Community Edition, it will 
include an SDK."

C:\Development\wsbuild64>cmake -G "Visual Studio 16 2019" -A x64 ..\wireshark
-- Selecting Windows SDK version 10.0.19041.0 to target Windows 10.0.19042.
-- Generating build using CMake 3.19.8
-- Using "Visual Studio 16 2019" generator (multi-config)
-- LTO/IPO is not enabled
-- Using 3rd party repository
-- Building for win64 and CPU target amd64
Working in W:\Development\wireshark-win64-libs
Tag 2021-12-09 found. Skipping.
-- V: 3.7.0-CDC_211217, MaV: 3, MiV: 7, PL: 0, EV: -CDC_211217.
CMake Warning at CMakeLists.txt:593 (message):
   Windows SDK 10.0.19041.0 doesn't support C11.  Please make sure you're
   using 10.0.20348.0 or later.

On Fri, Dec 17, 2021 at 3:15 AM Dario Lombardo mailto:lom...@gmail.com>> wrote:

I've forced sdk 10.0.20348.0, and indeed it looks like cmake is using it.

https://github.com/crondaemon/wireshark/runs/4558028604?check_suite_focus=true 
<https://github.com/crondaemon/wireshark/runs/4558028604?check_suite_focus=true>

However the error still persists. Any other hint?

On Thu, Dec 16, 2021 at 5:50 PM Gerald Combs mailto:ger...@wireshark.org>> wrote:

We recently added a requirement for C11, which requires a relatively 
recent Windows SDK. The build is failing with

CMake Error at CMakeLists.txt:589 (message):
    Windows SDK 10.0.17763.0 doesn't support C11.  Please make sure 
you're
    using 10.0.20348.0 or later.

Is there any way to switch the GitHub builders to a newer Windows SDK?

On 12/16/21 3:31 AM, Dario Lombardo wrote:
 > Hi
 > The github windows builder is failing
 >
 > https://github.com/wireshark/wireshark/runs/4546222143?check_suite_focus=true 
<https://github.com/wireshark/wireshark/runs/4546222143?check_suite_focus=true> 
<https://github.com/wireshark/wireshark/runs/4546222143?check_suite_focus=true 
<https://github.com/wireshark/wireshark/runs/4546222143?check_suite_focus=true>>
 >
 > It started to show up around a couple of days ago, around commit 
77b6bca3870d5ef63303e637cc39e2cf83f49ddc, as seen on
 >
 > 
https://github.com/wireshark/wireshark/actions/workflows/windows.yml?query=branch%3Amaster 
<https://github.com/wireshark/wireshark/actions/workflows/windows.yml?query=branch%3Amaster> 
<https://github.com/wireshark/wireshark/actions/workflows/windows.yml?query=branch%3Amaster 
<https://github.com/wireshark/wireshark/actions/workflows/windows.yml?query=branch%3Amaster>>
 >
 > --
 >
 > Naima is online.
 >
 >
 > 
___
 > Sent via:    Wireshark-dev mailing list mailto:wireshark-dev@wireshark.org>>
 > Archives: https://www.wireshark.org/lists/wireshark-dev 
<https://www.wireshark.org/lists/wireshark-dev>
 > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev 
<https://www.wireshark.org/mailman/options/wireshark-dev>
 >               mailto:wireshark-dev-requ...@wireshark.org 
<mailto:wireshark-dev-requ...@wireshark.org>?subject=unsubscribe



-- 


Naima is online.

___
Sent via:    Wireshark-dev mailing list mailto:wireshark-dev@wireshark.org>>
Archives: https://www.wireshark.org/lists/wireshark-dev 
<https://www.wireshark.org/lists/wireshark-dev>
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev 
<https://www.wireshark.org/mailman/options/wireshark-dev>
              mailto:wiresha

Re: [Wireshark-dev] Windows automated builds still running?

[Gerald Combs]

The GitLab CI config was missing a variable. Fix inbound in MR 5477.

On 12/17/21 8:20 AM, chuck c wrote:

https://www.wireshark.org/download/automated/win64/ 

The last build available for download is:
Wireshark-win64-3.7.0rc0-715-g7d88f1e2b17a.exe 2021-12-17 03:50 74M
(https://gitlab.com/wireshark/wireshark/-/merge_requests/5468 
)

Should there be a download for 
https://gitlab.com/wireshark/wireshark/-/merge_requests/5471 
 ?

___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
  mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe


___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Windows build fails

[Gerald Combs]

We recently added a requirement for C11, which requires a relatively recent 
Windows SDK. The build is failing with

CMake Error at CMakeLists.txt:589 (message):
  Windows SDK 10.0.17763.0 doesn't support C11.  Please make sure you're
  using 10.0.20348.0 or later.

Is there any way to switch the GitHub builders to a newer Windows SDK?

On 12/16/21 3:31 AM, Dario Lombardo wrote:

Hi
The github windows builder is failing

https://github.com/wireshark/wireshark/runs/4546222143?check_suite_focus=true 


It started to show up around a couple of days ago, around commit 
77b6bca3870d5ef63303e637cc39e2cf83f49ddc, as seen on

https://github.com/wireshark/wireshark/actions/workflows/windows.yml?query=branch%3Amaster
 


--

Naima is online.


___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
  mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe


___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] My latest Merge Request pipeline failed in a weird way in the Windows build

[Gerald Combs]

On 12/14/21 7:22 PM, Richard Sharpe wrote:

Hi folks,

This pipeline failed:
https://gitlab.com/wireshark/wireshark/-/pipelines/429686197

The failure is:

$ cmake -G "Visual Studio 16 2019" -A x64 -DENABLE_LTO=off ..
57-- Selecting Windows SDK version to target Windows 10.0.17763.
58-- The C compiler identification is unknown
59-- The CXX compiler identification is unknown
60CMake Error at CMakeLists.txt:43 (project):
61 No CMAKE_C_COMPILER could be found.
62CMake Error at CMakeLists.txt:43 (project):
63 No CMAKE_CXX_COMPILER could be found.
64-- Configuring incomplete, errors occurred!



I updated the Windows MR Docker image earlier and ended up breaking it. It 
should be fixed now.
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] code.wireshark.org shutdown

[Gerald Combs]

Hi all,

A severe vulnerability was recently discovered in log4j (CVE-2021-44228), which 
allows remote code execution:

https://www.lunasec.io/docs/blog/log4j-zero-day/

Code.wireshark.org was running Gerrit 2.14.11, which includes log4j 1.2.17, 
which appears to be vulnerable to this issue:

https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126

Our Gerrit instance was scheduled to be decommissioned on February 23rd, but 
given the potential severity of the issue I did so a few minutes ago.
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Wireshark 3.6.0 is now available

[Gerald Combs]

I'm proud to announce the release of Wireshark 3.6.0.


 What is Wireshark?

  Wireshark is the world’s most popular network protocol analyzer. It is
  used for troubleshooting, analysis, development and education.

 What’s New

  Many improvements have been made. See the “New and Updated Features”
  section below for more details. You might want to pay particular
  attention to the display filter syntax updates.

  New and Updated Features

   The following features are new (or have been significantly updated)
   since version 3.6.0rc3:

 • The macOS Intel packages now ship with Qt 5.15.3 and require
   macOS 10.13 or later.

   The following features are new (or have been significantly updated)
   since version 3.6.0rc2:

 • Display filter set elements must now be comma-separated. See
   below for more details.

   The following features are new (or have been significantly updated)
   since version 3.6.0rc1:

 • The display filter expression “a != b” now has the same meaning
   as “!(a == b)”.

   The following features are new (or have been significantly updated)
   since version 3.5.0:

 • Nothing of note.

   The following features are new (or have been significantly updated)
   since version 3.4.0:

 • Several changes have been made to the display filter syntax:

• The expression “a != b” now always has the same meaning as
   “!(a == b)”. In particular this means filter expressions with
   multi-value fields like “ip.addr != 1.1.1.1” will work as
   expected (the result is the same as typing “ip.src != 1.1.1.1 and
   ip.dst != 1.1.1.1”). This avoids the contradiction (a == b and a
   != b) being true.

• It is possible to use the syntax “a ~= b” or “a any_ne b” to
   recover the previous (inconsistent with "==") logic for not
   equal.

• Literal strings can now be specified using raw string syntax,
   identical to raw strings in the Python programming language. This
   can be used to avoid the complexity of using two levels of
   character escapes with regular expressions.

• Set elements must now be separated using a comma. A filter
   such as http.request.method in {"GET" "HEAD"} must be written as
   …​ in {"GET", "HEAD"}. Whitespace is not significant. The
   previous use of whitespace as separator is deprecated and will be
   removed in a future version.

• Support for the syntax "a not in b" with the same meaning as
   "not a in b" has been added.

 • Packaging updates:

• A macOS Arm 64 (Apple Silicon) package is now available.

• The macOS Intel packages now ship with Qt 5.15.3 and require
   macOS 10.13 or later.

• The Windows installers now ship with Npcap 1.55.

• A 64-bit Windows PortableApps package is now available.

 • TCP conversations now support a completeness criteria, which
   facilitates the identification of TCP streams having any of
   opening or closing handshakes, a payload, in any combination. It
   can be accessed with the new tcp.completeness filter.

 • Protobuf fields that are not serialized on the wire or otherwise
   missing in capture files can now be displayed with default values
   by setting the new “add_default_value” preference. The default
   values might be explicitly declared in “proto2” files, or false
   for bools, first value for enums, zero for numeric types.

 • Wireshark now supports reading Event Tracing for Windows (ETW). A
   new extcap named ETW reader is created that now can open an etl
   file, convert all events in the file to DLT_ETW packets and write
   to a specified FIFO destination. Also, a new packet_etw dissector
   is created to dissect DLT_ETW packets so Wireshark can display
   the DLT_ETW packet header, its message and packet_etw dissector
   calls packet_mbim sub_dissector if its provider matches the MBIM
   provider GUID.

 • “Follow DCCP stream” feature to filter for and extract the
   contents of DCCP streams.

 • Wireshark now supports dissecting RTP packets with OPUS payloads.

 • Importing captures from text files based on regular expressions
   is now possible. By specifying a regex capturing a single packet
   including capturing groups for relevant fields a textfile can be
   converted to a libpcap capture file. Supported data encodings are
   plain-hexadecimal, -octal, -binary and base64. Also the timestamp
   format now allows the second-fractions to be placed anywhere in
   the timestamp and it will be stored with nanosecond instead of
   microsecond precision.

 • The RTP Player has been significatnly redesigned and improved.
   See Playing VoIP Calls[1] and RTP Player Window[2] in the User’s
   Guide for more details.

• The RTP Player can play many streams in row.

• The UI is more responsive.

• The 

Re: [Wireshark-dev] Remote Developer Den, November 2021

[Gerald Combs]

Quick reminder: the next Developer Den will be this upcoming Tuesday, November 
23rd.

On 11/11/21 1:37 PM, Gerald Combs wrote:

Hi all,

I've scheduled the next remote Developer Den for Tuesday, November 23rd. This 
is a remote version of the Developer Den at SharkFest, a room that is set aside 
for office hours where everyone is welcome to stop in, say hello, ask 
questions, etc.

The link below has a "join from browser" option, so it should be possible to 
connect without installing Zoom's client.

----

Gerald Combs is inviting you to a scheduled Zoom meeting.

Topic: Wireshark Developer Den
Time: Nov 23, 2021 09:00 AM Pacific Time (US and Canada)

Join Zoom Meeting
https://zoom.us/j/95476565415?pwd=UjVyc2o1TzhXeHFLY0pFTUVYZXJ3Zz09

Meeting ID: 954 7656 5415
Passcode: 713057
One tap mobile
+16699009128,,95476565415#*713057# US (San Jose)
+13462487799,,95476565415#*713057# US (Houston)

Dial by your location
     +1 669 900 9128 US (San Jose)
     +1 346 248 7799 US (Houston)
     +1 253 215 8782 US (Tacoma)
     +1 301 715 8592 US (Washington DC)
     +1 312 626 6799 US (Chicago)
     +1 646 558 8656 US (New York)
     +1 647 374 4685 Canada
     +1 647 558 0588 Canada
     +1 778 907 2071 Canada
     +1 204 272 7920 Canada
     +1 438 809 7799 Canada
     +1 587 328 1099 Canada
     +45 32 72 80 11 Denmark
     +45 47 37 25 75 Denmark
     +45 89 88 37 88 Denmark
     +45 32 70 12 06 Denmark
     +45 32 71 31 57 Denmark
     +45 32 72 80 10 Denmark
     +33 1 7037 2246 France
     +33 1 7037 9729 France
     +33 1 7095 0103 France
     +33 1 7095 0350 France
     +33 1 8699 5831 France
     +49 69 5050 0952 Germany
     +49 695 050 2596 Germany
     +49 69 7104 9922 Germany
     +49 69 3807 9883 Germany
     +49 69 3807 9884 Germany
     +49 69 5050 0951 Germany
     +43 120 609 3072 Austria
     +43 12 535 501 Austria
     +43 12 535 502 Austria
     +43 670 309 0165 Austria
     +43 72 011 5988 Austria
     +44 131 460 1196 United Kingdom
     +44 203 481 5237 United Kingdom
     +44 203 481 5240 United Kingdom
     +44 203 901 7895 United Kingdom
     +44 208 080 6591 United Kingdom
     +44 208 080 6592 United Kingdom
     +44 330 088 5830 United Kingdom
     +81 3 4578 1488 Japan
     +81 363 628 317 Japan
     +81 524 564 439 Japan
     +47 2400 4736 Norway
     +47 2400 4735 Norway
     +46 8 5050 0829 Sweden
     +46 8 5052 0017 Sweden
     +46 850 539 728 Sweden
     +46 8 4468 2488 Sweden
     +46 8 5016 3827 Sweden
     +46 8 5050 0828 Sweden
Meeting ID: 954 7656 5415
Passcode: 713057
Find your local number: https://zoom.us/u/aCsIbcXv1



___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Gerrit - 404 page not found

[Gerald Combs]

On 11/17/21 9:57 AM, chuck c wrote:

https://code.wireshark.org/review/32179 


https://code.wireshark.org/review/#/c/13828/ 


Was working yesterday.


It should be fixed now. BTW, I'm considering decommissioning code.wireshark.org 
on February 23, which would be 18 months after the migration to GitLab. There 
doesn't appear to be a feasible way to convert it to a static site and I don't 
think it's a good idea to leave it up and running indefinitely.
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Wireshark 3.4.10 is now available

[Gerald Combs]

I'm proud to announce the release of Wireshark 3.4.10.


 What is Wireshark?

  Wireshark is the world’s most popular network protocol analyzer. It is
  used for troubleshooting, analysis, development and education.

 What’s New

  This release fixes a forward compatibility issue[1] with the I/O
  Graphs preferences.

  Bug Fixes

   The following vulnerabilities have been fixed:

 • wnpa-sec-2021-07[2] Bluetooth DHT dissector crash. Issue
   17651[3]. CVE-2021-39929[4].

 • wnpa-sec-2021-08[5] Bluetooth HCI_ISO dissector crash. Issue
   17649[6]. CVE-2021-39926[7].

 • wnpa-sec-2021-09[8] Bluetooth SDP dissector crash. Issue
   17635[9]. CVE-2021-39925[10].

 • wnpa-sec-2021-10[11] Bluetooth DHT dissector large loop. Issue
   17677[12]. CVE-2021-39924[13].

 • wnpa-sec-2021-11[14] PNRP dissector large loop. Issue 17684[15].

 • wnpa-sec-2021-12[16] C12.22 dissector crash. Issue 17636[17].
   CVE-2021-39922[18].

 • wnpa-sec-2021-13[19] IEEE 802.11 dissector crash. Issue
   17704[20]. CVE-2021-39928[21].

 • wnpa-sec-2021-14[22] Modbus dissector crash. Issue 17703[23].
   CVE-2021-39921[24].

 • wnpa-sec-2021-15[25] IPPUSB dissector crash. Issue 17705[26].
   CVE-2021-39920[27].

   The following bugs have been fixed:

 • OSS-Fuzz: Heap-use-after-free in ROS Issue 16342[28].

 • Allow for '\0' (NULL) character as filter instead of requiring
   0x00 for the character match Issue 16525[29].

 • Dumpcap with threads reports double received count vs captured
   Issue 17089[30].

 • I/O Graphs values reset to default with 3.5 due to change of UAT
   Issue 17623[31].

 • HTTP2 dissector reports an assertion error on large data frames
   Issue 17633[32].

 • TShark stops capturing when capturing with multiple files and
   packet printing enabled Issue 17654[33].

 • Wireshark is unable to decode the IMSI IE received in BSSMAP
   Perform Location request Issue 17667[34].

 • WSLUA: Crash on reload if Proto has no fields Issue 17668[35].

 • Crash in flow analysis for TCP Issue 17722[36].

  New and Updated Features

  New Protocol Support

   There are no new protocols in this release.

  Updated Protocol Support

   BT HCI_ISO, BT SDP, BT-DHT, C12.22, CAN FD, CSN1, EAPOL-MKA, EVS, GSM
   BSSMAP LE, HTTP2, IDMP, IEEE 1905.1a, IEEE 802.11, IPPUSB, Modbus,
   PNRP, and TCP

  New and Updated Capture File Support

   pcap

 Getting Wireshark

  Wireshark source code and installation packages are available from
  https://www.wireshark.org/download.html.

  Vendor-supplied Packages

   Most Linux and Unix vendors supply their own Wireshark packages. You
   can usually install or upgrade Wireshark using the package management
   system specific to that platform. A list of third-party packages can
   be found on the download page[37] on the Wireshark web site.

 File Locations

  Wireshark and TShark look in several different locations for
  preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
  locations vary from platform to platform. You can use About → Folders
  to find the default locations on your system.

 Getting Help

  The User’s Guide, manual pages and various other documentation can be
  found at https://www.wireshark.org/docs/

  Community support is available on Wireshark’s Q site[38] and on the
  wireshark-users mailing list. Subscription information and archives
  for all of Wireshark’s mailing lists can be found on the web site[39].

  Issues and feature requests can be reported on the issue tracker[40].

 Frequently Asked Questions

  A complete FAQ is available on the Wireshark web site[41].

  Last updated 2021-11-17 17:47:32 UTC

 References

   1. https://gitlab.com/wireshark/wireshark/-/issues/17623
   2. https://www.wireshark.org/security/wnpa-sec-2021-07
   3. https://gitlab.com/wireshark/wireshark/-/issues/17651
   4. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39929
   5. https://www.wireshark.org/security/wnpa-sec-2021-08
   6. https://gitlab.com/wireshark/wireshark/-/issues/17649
   7. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39926
   8. https://www.wireshark.org/security/wnpa-sec-2021-09
   9. https://gitlab.com/wireshark/wireshark/-/issues/17635
  10. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39925
  11. https://www.wireshark.org/security/wnpa-sec-2021-10
  12. https://gitlab.com/wireshark/wireshark/-/issues/17677
  13. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39924
  14. https://www.wireshark.org/security/wnpa-sec-2021-11
  15. https://gitlab.com/wireshark/wireshark/-/issues/17684
  16. https://www.wireshark.org/security/wnpa-sec-2021-12
  17. https://gitlab.com/wireshark/wireshark/-/issues/17636
  18. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39922
  19. https://www.wireshark.org/security/wnpa-sec-2021-13
  20. https://gitlab.com/wireshark/wireshark/-/issues/17704
  21. 

[Wireshark-dev] Remote Developer Den, November 2021

[Gerald Combs]

Hi all,

I've scheduled the next remote Developer Den for Tuesday, November 23rd. This 
is a remote version of the Developer Den at SharkFest, a room that is set aside 
for office hours where everyone is welcome to stop in, say hello, ask 
questions, etc.

The link below has a "join from browser" option, so it should be possible to 
connect without installing Zoom's client.

----

Gerald Combs is inviting you to a scheduled Zoom meeting.

Topic: Wireshark Developer Den
Time: Nov 23, 2021 09:00 AM Pacific Time (US and Canada)

Join Zoom Meeting
https://zoom.us/j/95476565415?pwd=UjVyc2o1TzhXeHFLY0pFTUVYZXJ3Zz09

Meeting ID: 954 7656 5415
Passcode: 713057
One tap mobile
+16699009128,,95476565415#*713057# US (San Jose)
+13462487799,,95476565415#*713057# US (Houston)

Dial by your location
+1 669 900 9128 US (San Jose)
+1 346 248 7799 US (Houston)
+1 253 215 8782 US (Tacoma)
+1 301 715 8592 US (Washington DC)
+1 312 626 6799 US (Chicago)
+1 646 558 8656 US (New York)
+1 647 374 4685 Canada
+1 647 558 0588 Canada
+1 778 907 2071 Canada
+1 204 272 7920 Canada
+1 438 809 7799 Canada
+1 587 328 1099 Canada
+45 32 72 80 11 Denmark
+45 47 37 25 75 Denmark
+45 89 88 37 88 Denmark
+45 32 70 12 06 Denmark
+45 32 71 31 57 Denmark
+45 32 72 80 10 Denmark
+33 1 7037 2246 France
+33 1 7037 9729 France
+33 1 7095 0103 France
+33 1 7095 0350 France
+33 1 8699 5831 France
+49 69 5050 0952 Germany
+49 695 050 2596 Germany
+49 69 7104 9922 Germany
+49 69 3807 9883 Germany
+49 69 3807 9884 Germany
+49 69 5050 0951 Germany
+43 120 609 3072 Austria
+43 12 535 501 Austria
+43 12 535 502 Austria
+43 670 309 0165 Austria
+43 72 011 5988 Austria
+44 131 460 1196 United Kingdom
+44 203 481 5237 United Kingdom
+44 203 481 5240 United Kingdom
+44 203 901 7895 United Kingdom
+44 208 080 6591 United Kingdom
+44 208 080 6592 United Kingdom
+44 330 088 5830 United Kingdom
+81 3 4578 1488 Japan
+81 363 628 317 Japan
+81 524 564 439 Japan
+47 2400 4736 Norway
+47 2400 4735 Norway
+46 8 5050 0829 Sweden
+46 8 5052 0017 Sweden
+46 850 539 728 Sweden
+46 8 4468 2488 Sweden
+46 8 5016 3827 Sweden
+46 8 5050 0828 Sweden
Meeting ID: 954 7656 5415
Passcode: 713057
Find your local number: https://zoom.us/u/aCsIbcXv1

___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Wireshark 3.6.0rc3 is now available

[Gerald Combs]

I'm proud to announce the release of Wireshark 3.6.0rc3.


 This is the third release candidate for Wireshark 3.6.

 What is Wireshark?

  Wireshark is the world’s most popular network protocol analyzer. It is
  used for troubleshooting, analysis, development and education.

 What’s New

  Many improvements have been made. See the “New and Updated Features”
  section below for more details.

  New and Updated Features

   The following features are new (or have been significantly updated)
   since version 3.6.0rc2:

 • Display filter set elements must now be comma-separated.

   The following features are new (or have been significantly updated)
   since version 3.6.0rc1:

 • The display filter expression “a != b” now has the same meaning
   as “!(a == b)”.

   The following features are new (or have been significantly updated)
   since version 3.5.0:

 • Nothing of note.

   The following features are new (or have been significantly updated)
   since version 3.4.0:

 • The Windows installers now ship with Npcap 1.55.

 • A 64-bit Windows PortableApps package is now available.

 • A macOS Arm 64 (Apple Silicon) package is now available.

 • TCP conversations now support a completeness criteria, which
   facilitates the identification of TCP streams having any of
   opening or closing handshakes, a payload, in any combination. It
   is accessed with the new tcp.completeness filter.

 • Protobuf fields that are not serialized on the wire (missing in
   capture files) can now be displayed with default values by
   setting the new “add_default_value” preference. The default
   values might be explicitly declared in “proto2” files, or false
   for bools, first value for enums, zero for numeric types.

 • Wireshark now supports reading Event Tracing for Windows (ETW). A
   new extcap named ETW reader is created that now can open an etl
   file, convert all events in the file to DLT_ETW packets and write
   to a specified FIFO destination. Also, a new packet_etw dissector
   is created to dissect DLT_ETW packets so Wireshark can display
   the DLT_ETW packet header, its message and packet_etw dissector
   calls packet_mbim sub_dissector if its provider matches the MBIM
   provider GUID.

 • “Follow DCCP stream” feature to filter for and extract the
   contents of DCCP streams.

 • Wireshark now supports dissecting the rtp packet with OPUS
   payload.

 • Importing captures from text files is now also possible based on
   regular expressions. By specifying a regex capturing a single
   packet including capturing groups for relevant fields a textfile
   can be converted to a libpcap capture file. Supported data
   encodings are plain-hexadecimal, -octal, -binary and base64. Also
   the timestamp format now allows the second-fractions to be placed
   anywhere in the timestamp and it will be stored with nanosecond
   instead of microsecond precision.

 • Display filter literal strings can now be specified using raw
   string syntax, identical to raw strings in the Python programming
   language. This is useful to avoid the complexity of using two
   levels of character escapes with regular expressions.

 • Significant RTP Player redesign and improvements (see Wireshark
   User Documentation, Playing VoIP Calls[1] and RTP Player
   Window[2])

• RTP Player can play many streams in row

• UI is more responsive

• RTP Player maintains playlist, other tools can add/remove
   streams to it

• Every stream can be muted or routed to L/R channel for replay

• Save audio is moved from RTP Analysis to RTP Player. RTP
   Player saves what was played. RTP Player can save in multichannel
   .au or .wav.

• RTP Player added to menu Telephony>RTP>RTP Player

 • VoIP dialogs (VoIP Calls, RTP Streams, RTP Analysis, RTP Player,
   SIP Flows) are non-modal, can stay opened on background

• Same tools are provided across all dialogs (Prepare Filter,
   Analyse, RTP Player …​)

 • Follow stream is now able to follow SIP calls based on their
   Call-ID value.

 • Follow stream YAML output format’s has been changed to add
   timestamps and peers information (for more details see the user’s
   guide, Following Protocol Streams[3])

 • IP fragments between public IPv4 addresses are now reassembled
   even if they have different VLAN IDs. Reassembly of IP fragments
   where one endpoint is a private (RFC 1918 section 3) or
   link-local (RFC 3927) IPv4 address continues to take the VLAN ID
   into account, as those addresses can be reused. To revert to the
   previous behavior and not reassemble fragments with different
   VLAN IDs, turn on the “Enable stricter conversation tracking
   heuristics” top level protocol preference.

 • USB 

Re: [Wireshark-dev] Wiki editor permission request

[Gerald Combs]

Done.

On 10/31/21 12:59 AM, manabu hirose wrote:

Hi,

I would like permission to edit the Wireshark wiki. My GitLab username is 
@manabapp.


___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
  mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe



___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] pipeline failed

[Gerald Combs]

On 10/28/21 12:29 PM, Zoran Bošnjak wrote:

Hello wireshark developers,
please advice how do I reproduce the pipeline build failure in local 
environment.

In particular, this one:
https://gitlab.com/zoranbosnjak/wireshark/-/pipelines/397393242

The following problems are reported on merge request:

1. Checking cache for Code Checks + Clang Warnings-master...
FATAL: file does not exist
I have no idea, which file does not exist.


The file that doesn't exist is GitLab CI's job cache[1]. The job cache lets you share 
files between builds, and many of our jobs use it to store ccache data. I'm not sure why 
it prints a red "FATAL" message; it's not fatal. Other than disabling the cache 
it's not something we have direct control over.


2. GCC warnings
Based on error output, I have found some unit tests that indeed fail and I will 
try to fix them. But I am getting a different error locally.
I would appreciate an exact command, to reproduce the same error.


The relevant errors are near the bottom on line 62 and 63:


License 'UNKNOWN' for 'tools/asterix/update-specs.py' is not allowed.
License 'UNKNOWN' for 'tools/asterix/README.md' is not allowed.
FAILED


The first failure is valid. You should add an "SPDX-License-Identifier:" line 
to update-specs.py. The second failure is a false positive. A fix for that is inbound in 
MR 4889.

[1]https://docs.gitlab.com/ee/ci/caching/
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] How to test legacy (glib-compat) code

[Gerald Combs]

The oldest version of GLib that we build with is 2.56.1 on the CentOS 7 builder:

CentOS 7   2.56.1
CentOS 8   2.56.4
Debian 2.66.8
Fedora 2.68.4
macOS ARM  2.68.4
macOS Intel2.58.3
openSUSE 15.2  2.62.6
Ubuntu 2.64.6
Win32  2.66.4
Win64  2.66.4

Is there any reason we shouldn't increase the minimum GLib version to 2.56 in the master 
and 3.6 branches? That would mean that we no longer support RHEL 6, but it's currently in 
"extended life cycle support": 
https://access.redhat.com/support/policy/updates/errata

On 10/27/21 2:27 AM, Joerg Mayer wrote:

Hello,

I've created a merge request 
(https://gitlab.com/wireshark/wireshark/-/merge_requests/4820)
that requires a newer version (2.56) of glib than the minimum we require in 
cmake (2.38), so
I created a glib-compat entry to emulate the required functionality via an 
older function that
has been deprecated (2.62)

Two questions:
1) Is any of our buildbots running on such an old version of glib so I know 
that it compiles?
2) Is there a way to test whether the compat code (text2pcap) actually works? I 
have no problem
to provide/commit a testfile.

Thanks!
Jörg



___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Swap 'v'|'V' options for editcap and mergecap

[Gerald Combs]

I'm not sure if we've ever swapped flags, but Wireshark's "-m" flag was marked as deprecated prior 
to the 2.2 release (bcae998048) and removed prior to 2.4 (37252634c4). I don't have any objections to doing 
something similar for the "-v" and "-V" flags.

On 10/16/21 11:35 AM, chuck c wrote:

Is there any precedent for changing command line options after a program has 
been in production for some time?

Swapping "v" and "V" for editcap and mergecap would bring them in line with the 
other binaries for calling show_version().
And also align with the verbose option ('V') for tshark and tfshark.
(little disruption depending on how many scripts exist that use these commands)

Another approach would be to drop "-v" for version and only support "--version" 
as tcpdump does:
https://www.tcpdump.org/manpages/tcpdump.1.html 

(big disruption since it's muscle memory to have Q people run "wireshark -v" 
and paste the output)

https://code.wireshark.org/review/#/c/2489/ 

Add command-line argument to request the version to a number of the utilities.

https://gitlab.com/wireshark/wireshark/-/commit/3773a756 


___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
  mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe



___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] captype program not in Windows installers

[Gerald Combs]

It looks like it was simply forgotten. The RPM and macOS packages pick up new 
binaries automatically, but they have to be added explicitly to the NSIS and 
WiX packages. Fix inbound in MR 4605.

On 10/12/21 7:31 PM, chuck c wrote:

Is there a reason the "captype" binary and HTML file are not included in the 
Windows installers?

C:\Development\wsbuild64\run\RelWithDebInfo>captype.exe

Usage: captype  ...

C:\Development\wsbuild64\run\RelWithDebInfo>captype.exe -v
Captype (Wireshark) 3.7.0-CDC_211006 (v3.7.0rc0-59-g01e858e0a3ef)

Copyright 1998-2021 Gerald Combs mailto:ger...@wireshark.org>> and contributors.
License GPLv2+: GNU GPL version 2 or later <https://www.gnu.org/licenses/gpl-2.0.html 
<https://www.gnu.org/licenses/gpl-2.0.html>>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) using Microsoft Visual Studio 2019 (VC++ 14.29, build 30037),
with GLib 2.66.4, with zlib 1.2.11.

Running on 64-bit Windows 10 (20H2), build 19042, with Intel(R) Xeon(R) CPU
      E5645  @ 2.40GHz (with SSE4.2), with 8190 MB of physical memory, with GLib
2.66.4, with LC_TYPE=English_United States.utf8, binary plugins supported (0
loaded).

C:\Development\wsbuild64\run\RelWithDebInfo>dir captype*
  Volume in drive C has no label.
  Volume Serial Number is 12C4-AC21

  Directory of C:\Development\wsbuild64\run\RelWithDebInfo

10/12/2021  08:45 PM           315,392 captype.exe
10/12/2021  12:46 PM             3,526 captype.html
10/12/2021  08:45 PM           552,960 captype.pdb
                3 File(s)        871,878 bytes
                0 Dir(s)  21,933,711,360 bytes free

P:\>C:\Development\wsbuild64\run\RelWithDebInfo\captype.exe *
captype: The file "#recycle" could not be created because an invalid filename 
was specified.
2: eri_enb_log
200401_BHIS_VM_download.pcapng: pcapng
200415_LJ_bootup_dhcp_mdns.pcapng: pcapng
210409_npcap_1_30_radiotap.pcapng: pcapng
210411_npcap_1_30_radiotap.pcapng: pcapng
210411_win10_radiotap.pcapng: pcapng
210623_statusBar_test.pcapng: pcapng



___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
  mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe



___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] 3.6.0 release schedule

[Gerald Combs]

The release-3.6 branch has been created. I'll probably wait a few days to 
release 3.6.0rc1.

On 9/30/21 2:29 PM, Gerald Combs wrote:

Hi all,

I have the 3.5.1 release scheduled for next Thursday, October 7, but I'm 
wondering if we shouldn't create the 3.6 branch and release 3.6.0rc1 instead. 
Unless anyone needs to delay the 3.6 branch I plan on doing the following:

Oct  6 : Release 3.4.9 & 3.2.17
Oct  7 : Create the release-3.6 branch
Oct  8 : Release 3.6.0rc1
Oct 20 : Release 3.6.0 and wind down the 3.2 branch
Nov 17 : Release 3.6.1 & 3.4.10


___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Wireshark 3.4.9 is now available

[Gerald Combs]

I'm proud to announce the release of Wireshark 3.4.9.


 What is Wireshark?

  Wireshark is the world’s most popular network protocol analyzer. It is
  used for troubleshooting, analysis, development and education.

 What’s New

  Bug Fixes

   The following bugs have been fixed:

 • TShark PDML output embeds "proto" elements within other "proto"
   elements Issue 10588[1].

 • Filter expressions comparing against single-octet hex strings
   where the hex digit string equals a protocol name don’t work
   Issue 12810[2].

 • AMQP 0.9: dissector fails to handle Content-Body frame split
   across TCP packets Issue 14217[3].

 • IEEE 802.15.4: Missing check on "PAN ID Present" bit of the
   Multipurpose Frame Control field Issue 17496[4].

 • Wireshark ignored some character in filename when exporting SMB
   objects. Issue 17530[5].

 • tshark -z credentials: assertion failed: (allocator→in_scope)
   Issue 17576[6].

 • IS-IS Extended IP Reachability Prefix-SID not decoded properly
   Issue 17610[7].

 • Error when reloading lua plugins with a capture file loaded via a
   custom lua file handler Issue 17615[8].

 • Absolute time UTC field filters are constructed incorrectly,
   don’t match the packet Issue 17617[9].

 • GUI freezes when clicking on large (non-capture) file in File
   chooser Issue 17620[10].

 • Crash after selecting a different profile while capturing Issue
   17622[11].

 • BT-DHT reports malformed packets that are actually uTP on same
   connection Issue 17626[12].

  New and Updated Features

  New Protocol Support

   There are no new protocols in this release.

  Updated Protocol Support

   AMQP, Aruba IAP, BGP, BT-DHT, CoAP, DCERPC SPOOLSS, Diameter, EPL,
   GSM A-bis OML, GSM A-I/F COMMON, GSM SIM, IEEE 1905.1a, IEEE
   802.15.4, IMAP, InfiniBand, ISIS LSP, ISObus VT, JPEG, MP2T,
   NORDIC_BLE, QUIC, RTCP, SDP, SMB, TWAMP-Control, USB HID, and VSS
   Monitoring

  New and Updated Capture File Support

   CAM Inspector, Ixia IxVeriWave, pcapng, and USBDump

 Getting Wireshark

  Wireshark source code and installation packages are available from
  https://www.wireshark.org/download.html.

  Vendor-supplied Packages

   Most Linux and Unix vendors supply their own Wireshark packages. You
   can usually install or upgrade Wireshark using the package management
   system specific to that platform. A list of third-party packages can
   be found on the download page[13] on the Wireshark web site.

 File Locations

  Wireshark and TShark look in several different locations for
  preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
  locations vary from platform to platform. You can use About → Folders
  to find the default locations on your system.

 Getting Help

  The User’s Guide, manual pages and various other documentation can be
  found at https://www.wireshark.org/docs/

  Community support is available on Wireshark’s Q site[14] and on the
  wireshark-users mailing list. Subscription information and archives
  for all of Wireshark’s mailing lists can be found on the web site[15].

  Issues and feature requests can be reported on the issue tracker[16].

 Frequently Asked Questions

  A complete FAQ is available on the Wireshark web site[17].

  Last updated 2021-10-06 17:20:36 UTC

 References

   1. https://gitlab.com/wireshark/wireshark/-/issues/10588
   2. https://gitlab.com/wireshark/wireshark/-/issues/12810
   3. https://gitlab.com/wireshark/wireshark/-/issues/14217
   4. https://gitlab.com/wireshark/wireshark/-/issues/17496
   5. https://gitlab.com/wireshark/wireshark/-/issues/17530
   6. https://gitlab.com/wireshark/wireshark/-/issues/17576
   7. https://gitlab.com/wireshark/wireshark/-/issues/17610
   8. https://gitlab.com/wireshark/wireshark/-/issues/17615
   9. https://gitlab.com/wireshark/wireshark/-/issues/17617
  10. https://gitlab.com/wireshark/wireshark/-/issues/17620
  11. https://gitlab.com/wireshark/wireshark/-/issues/17622
  12. https://gitlab.com/wireshark/wireshark/-/issues/17626
  13. https://www.wireshark.org/download.html#thirdparty
  14. https://ask.wireshark.org/
  15. https://www.wireshark.org/lists/
  16. https://gitlab.com/wireshark/wireshark/-/issues
  17. https://www.wireshark.org/faq.html


Digests

wireshark-3.4.9.tar.xz: 32335284 bytes
SHA256(wireshark-3.4.9.tar.xz)=c6525e829bd24525ee699aa207ecd27c50646d64263a669671badfb71cd99620
RIPEMD160(wireshark-3.4.9.tar.xz)=7fd30ef3b906fa2301b6a77bd4623633d0b46f23
SHA1(wireshark-3.4.9.tar.xz)=0ed390387d9d6201cdd6364e782cb58c8ad4d9ce

Wireshark-win32-3.4.9.exe: 55411320 bytes
SHA256(Wireshark-win32-3.4.9.exe)=c48ccab1dd950582071d885d89881b201aac505163f190c253ab3b9ea2666118
RIPEMD160(Wireshark-win32-3.4.9.exe)=e625c52faa448a6bf0fbfac97371001a4bc2cf3b
SHA1(Wireshark-win32-3.4.9.exe)=1fe4a6091f89151079799185de3a25e575079796

Wireshark-win64-3.4.9.exe: 71374760 bytes

Re: [Wireshark-dev] pod2adoc and the man pages

[Gerald Combs]

On 9/25/21 9:59 AM, Gerald Combs wrote:

On 9/25/21 1:17 AM, Jaap Keuter wrote:

Hi,

In reference to https://gitlab.com/wireshark/wireshark/-/merge_requests/4294

What is supposed to happen to the man pages themselves? Will they now be 
generated from the AsciiDoc files? I think I’m missing the point to this change.


The man pages themselves would be generated using Asciidoctor's man page 
backend[1]. The primary advantage of the change is that we would use the same 
markup for all of our documentation, but this would also make it easier to 
include the Wireshark version if needed and other things that POD doesn't 
directly support.

The MR in its current form should definitely not be merged. I intentionally 
left the .pod versions of each man page in place in order to make it easier to 
compare with the .adoc version. Assuming no one strongly objects to this, the 
next steps would be

- Add a ASCIIDOCTOR2MAN macro to cmake/modules/FindAsciidoctor.cmake.
- Make the necessary changes doc/CMakeLists.txt.
- Remove the .pod files

It would probably make sense to consolidate the man pages and guides into the 
same directory as well.

[1]https://docs.asciidoctor.org/asciidoctor/latest/manpage-backend/


The MR should be ready to go now, and I plan on merging it tomorrow. Note that 
this will Asciidoctor a requirement for packaging.
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] 3.6.0 release schedule

[Gerald Combs]

Hi all,

I have the 3.5.1 release scheduled for next Thursday, October 7, but I'm 
wondering if we shouldn't create the 3.6 branch and release 3.6.0rc1 instead. 
Unless anyone needs to delay the 3.6 branch I plan on doing the following:

Oct  6 : Release 3.4.9 & 3.2.17
Oct  7 : Create the release-3.6 branch
Oct  8 : Release 3.6.0rc1
Oct 20 : Release 3.6.0 and wind down the 3.2 branch
Nov 17 : Release 3.6.1 & 3.4.10
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] pod2adoc and the man pages

[Gerald Combs]

On 9/25/21 1:17 AM, Jaap Keuter wrote:

Hi,

In reference to https://gitlab.com/wireshark/wireshark/-/merge_requests/4294

What is supposed to happen to the man pages themselves? Will they now be 
generated from the AsciiDoc files? I think I’m missing the point to this change.


The man pages themselves would be generated using Asciidoctor's man page 
backend[1]. The primary advantage of the change is that we would use the same 
markup for all of our documentation, but this would also make it easier to 
include the Wireshark version if needed and other things that POD doesn't 
directly support.

The MR in its current form should definitely not be merged. I intentionally 
left the .pod versions of each man page in place in order to make it easier to 
compare with the .adoc version. Assuming no one strongly objects to this, the 
next steps would be

- Add a ASCIIDOCTOR2MAN macro to cmake/modules/FindAsciidoctor.cmake.
- Make the necessary changes doc/CMakeLists.txt.
- Remove the .pod files

It would probably make sense to consolidate the man pages and guides into the 
same directory as well.

[1]https://docs.asciidoctor.org/asciidoctor/latest/manpage-backend/
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Wiki editor permission request

[Gerald Combs]

Done.

On 9/22/21 7:53 AM, Frank Wayne wrote:

Hi,

I would like permission to edit the Wireshark wiki. My GitLab username is 
@thatfrankwayne.

*Frank Wayne
*Senior Systems Engineer, Collaboration Services - Cyberinfrastructure
Northwestern University
2020 Ridge Ave, 2nd Floor
Evanston, IL 60201
frank.wa...@northwestern.edu 
+1.847.467.1767
LinkedIn 



___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
  mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe



___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Wiki editor permission request

[Gerald Combs]

Done.

On 9/20/21 12:02 PM, Jose Oliveira wrote:

Hi,

I would like permission to edit the Wireshark wiki.
My GitLab username is "jpoliv".

Short term plans:
Start by updating the lldp software links/versions on the page
https://gitlab.com/wireshark/wireshark/-/wikis/LinkLayerDiscoveryProtocol 


Regards,
Jose Oliveira

___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
  mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe



___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Triggering "Windows Build" job

[Gerald Combs]

How long does the GitHub action take to run? The "Windows Build" job currently uses a 
dedicated runner, which is why it only gets run if a maintainer submits, rebases or otherwise 
"lays hands" the MR. We use a dedicated runner because installing all of our 
prerequisites, building Wireshark, and running tests on GitLab's shared Windows builders took a 
very long time. It might make sense to make another attempt at getting that working.

On 9/13/21 6:01 AM, Dario Lombardo wrote:

You can also leverage github actions: it has a windows build. Just push on a 
github fork of yours and you'll trigger a windows build.

https://github.com/wireshark/wireshark/actions/workflows/windows.yml 


On Mon, Sep 13, 2021 at 2:48 PM Ivan Nardi mailto:nardi.i...@gmail.com>> wrote:

Hi Roland
I thought that the present configuration was a trade-off between
flexibility and resource constraints.
Thank you very much for the suggestions, very appreciated! I will
definitely compile Wireshark with both gcc and clang from now on.

Thanks for your reply
Kind regards


Ivan

On Mon, 13 Sept 2021 at 11:24, Roland Knall mailto:rkn...@gmail.com>> wrote:
 >
 > Hi Ivan
 >
 > We have a limited number of machines for our build-jobs. Therefore only 
when we set the merge-request to a semi-done level, buildjobs are triggered. What 
you can do though, is run your own pipeline, and use our .gitlab-ci.yml file as a 
template.
 >
 > At this point we do not plan on making the builders available to 
everyone. But if you submit your changes, we can trigger it for you.
 >
 > Btw, as a Mac & Linux user myself, I keep a virtualbox around just for 
that purpose. To be able to build Wireshark. It is not required, but certainly helps. 
Also, building Wireshark on your local Linux machine with a clang compiler instead of 
gcc, will also identify most issues with the Microsoft VS compilers (as was my 
experience in the past)
 >
 > kind regards
 > Roland
 >
 > Am Mo., 13. Sept. 2021 um 11:17 Uhr schrieb Ivan Nardi mailto:nardi.i...@gmail.com>>:
 >>
 >> Hi
 >>
 >> If I am not wrong, the "Windows Build" job is triggered only after a
 >> maintainer picks up the MR and assigns it to the "Wireshark GitLab
 >> Utility".
 >> Is there any way I can trigger it myself?
 >>
 >> Some background.
 >> I don't have a Windows machine to build Wireshark myself.
 >> My last MR (https://gitlab.com/wireshark/wireshark/-/merge_requests/3628 
)
 >> triggers a warning only in the Windows build.
 >> I **think** to have a fix for it. I could push it, wait for a
 >> maintainer to pick it up again and cross my fingers...
 >> But if I could trigger the Windows test myself it should be less a
 >> bother to anyone.
 >> Can I do that somehow?
 >>
 >> I hope I made myself clear
 >> Thanks
 >>
 >> Ivan
 >> 
___
 >> Sent via:    Wireshark-dev mailing list mailto:wireshark-dev@wireshark.org>>
 >> Archives: https://www.wireshark.org/lists/wireshark-dev 

 >> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev 

 >>              mailto:wireshark-dev-requ...@wireshark.org 
?subject=unsubscribe
 >
 > 
___
 > Sent via:    Wireshark-dev mailing list mailto:wireshark-dev@wireshark.org>>
 > Archives: https://www.wireshark.org/lists/wireshark-dev 

 > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev 

 >              mailto:wireshark-dev-requ...@wireshark.org 
?subject=unsubscribe
___
Sent via:    Wireshark-dev mailing list mailto:wireshark-dev@wireshark.org>>
Archives: https://www.wireshark.org/lists/wireshark-dev 

Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev 

              mailto:wireshark-dev-requ...@wireshark.org 
?subject=unsubscribe



--

Naima is online.


___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
  

[Wireshark-dev] Wireshark 3.5.0 is now available

[Gerald Combs]

I'm proud to announce the release of Wireshark 3.5.0.


 This is an experimental release intended to test new features for
 Wireshark 3.6.

 What is Wireshark?

  Wireshark is the world’s most popular network protocol analyzer. It is
  used for troubleshooting, analysis, development and education.

 What’s New

  Many improvements have been made. See the “New and Updated Features”
  section below for more details.

  New and Updated Features

   The following features are new (or have been significantly updated)
   since version 3.4.0:

 • The Windows installers now ship with Npcap 1.50.

 • A 64-bit Windows PortableApps package is now available.

 • A macOS Arm 64 (Apple Silicon) package is now available.

 • TCP conversations now support a completeness criteria, which
   facilitates the identification of TCP streams having any of
   opening or closing handshakes, a payload, in any combination. It
   is accessed with the new tcp.completeness filter.

 • Protobuf fields that are not serialized on the wire (missing in
   capture files) can now be displayed with default values by
   setting the new 'add_default_value' preference. The default
   values might be explicitly declared in 'proto2' files, or false
   for bools, first value for enums, zero for numeric types.

 • Wireshark now supports reading Event Tracing for Windows (ETW). A
   new extcap named ETW reader is created that now can open an etl
   file, convert all events in the file to DLT_ETW packets and write
   to a specified FIFO destination. Also, a new packet_etw dissector
   is created to dissect DLT_ETW packets so Wireshark can display
   the DLT_ETW packet header, its message and packet_etw dissector
   calls packet_mbim sub_dissector if its provider matches the MBIM
   provider GUID.

 • "Follow DCCP stream" feature to filter for and extract the
   contents of DCCP streams.

 • Wireshark now supports dissecting the rtp packet with OPUS
   payload.

 • Importing captures from text files is now also possible based on
   regular expressions. By specifying a regex capturing a single
   packet including capturing groups for relevant fields a textfile
   can be converted to a libpcap capture file. Supported data
   encodings are plain-hexadecimal, -octal, -binary and base64. Also
   the timestamp format now allows the second-fractions to be placed
   anywhere in the timestamp and it will be stored with nanosecond
   instead of microsecond precision.

 • Display filter literal strings can now be specified using raw
   string syntax, identical to raw strings in the Python programming
   language. This is useful to avoid the complexity of using two
   levels of character escapes with regular expressions.

 • Significant RTP Player redesign and improvements (see Wireshark
   User Documentation, Playing VoIP Calls[1] and RTP Player
   Window[2])

 • RTP Player can play many streams in row

 • UI is more responsive

 • RTP Player maintains playlist, other tools can add/remove streams
   to it

 • Every stream can be muted or routed to L/R channel for replay

 • Save audio is moved from RTP Analysis to RTP Player. RTP Player
   saves what was played. RTP Player can save in multichannel .au or
   .wav.

 • RTP Player added to menu Telephony>RTP>RTP Player

   VoIP dialogs (VoIP Calls, RTP Streams, RTP Analysis, RTP Player, SIP
   Flows) are non-modal, can stay opened on background

 • Same tools are provided across all dialogs (Prepare Filter,
   Analyse, RTP Player …​)

   Follow stream is now able to follow SIP calls based on their Call-ID
   value.

   Follow stream YAML output format’s has been changed to add timestamps
   and peers information (for more details see the user’s guide,
   Following Protocol Streams[3])

   IP fragments between public IPv4 addresses are now reassembled even
   if they have different VLAN IDs. Reassembly of IP fragments where one
   endpoint is a private (RFC 1918 section 3) or link-local (RFC 3927)
   IPv4 address continues to take the VLAN ID into account, as those
   addresses can be reused. To revert to the previous behavior and not
   reassemble fragments with different VLAN IDs, turn on the "Enable
   stricter conversation tracking heuristics" top level protocol
   preference.

   USB Link Layer reassembly has been added, which allows hardware
   captures to be analyzed at the same level as software captures.

   TShark can now export TLS session keys with the
   --export-tls-session-keys option.

   Wireshark participated in the Google Season of Docs 2020 and the
   User’s Guide has been extensively updated.

   Format of export to CSV in RTP Stream Analysis dialog was slightly
   changed. First line of export contains names of columns as in other
   CSV exports.

   Wireshark now supports the Turkish language.

  

Re: [Wireshark-dev] Wireshark 3.4.8 build from source tarball fails generating build files

[Gerald Combs]

On 8/26/21 1:43 PM, Michael Lum wrote:

Hi,
I'm using the source tarball from the download page, extracted into 
c:\wireshark-3.4.8
I've got multiple Wireshark builds and multiple VS installations.
The last Wireshark build I did was 3.0.1.
I was following the Developer's Guide for the most part.
I am not using Git, Asciidoctor, Xsltproc or DocBook.
I installed strawberryperl.
I have nuked the ws348-64 directory and retried a couple of times and
always get the same results. (That's good ;))
These are my build settings:
   set WIRESHARK_BASE_DIR=C:\ws348-64
   set WIRESHARK_VERSION_EXTRA=-StarSolutions-1
   set CYGWIN=nodosfilewarning
   set WIRESHARK_TARGET_PLATFORM=win64
set QT5_BASE_DIR=C:\Qt\5.15.2\5.15.2\msvc2019_64
   set WIRESHARK_CYGWIN_INSTALL_PATH=c:/cygwin64
Running this with administrator rights:
x64 Native Tools Command Prompt for VS 2019
The command I ran:
"WIRESHARK_CYGWIN_INSTALL_PATH=c:/cygwin64"
cmake -G "Visual Studio 16 2019" -A x64 c:\wireshark-3.4.8\
-- Selecting Windows SDK version 8.1 to target Windows 6.1.7601.
-- Generating build using CMake 3.21.2
-- LTO/IPO is enabled
-- Building for win64 using Visual Studio 16 2019
Working in C:\ws348-64\wireshark-win64-libs-3.4
Tag 2021-05-29-3.4 found. Skipping.
-- CMake build type: RelWithDebInfo
-- V: 3.4.8-StarSolutions-1, MaV: 3, MiV: 4, PL: 8, EV: -StarSolutions-1.
-- Linker flags: /LARGEADDRESSAWARE /MANIFEST:NO /INCREMENTAL:NO /RELEASE 
/guard:cf
-- Could NOT find Git (missing: GIT_EXECUTABLE)
Java HotSpot(TM) Client VM warning: TieredCompilation is disabled in this 
release.
-- Could NOT find DOXYGEN (missing: DOXYGEN_EXECUTABLE)
-- Could NOT find SpeexDSP (missing: SPEEXDSP_LIBRARY SPEEXDSP_INCLUDE_DIR) (found 
version "")
Java HotSpot(TM) Client VM warning: TieredCompilation is disabled in this 
release.
-- C-Flags:  /MP /Zo /utf-8 /guard:cf /w34295 /w34100 /w34189 /wd4200 /DWIN32 
/D_WINDOWS /W3 /MD /Zi /O2 /Ob1 /DNDEBUG
-- CXX-Flags:  /MP /Zo /utf-8 /guard:cf /w34295 /w34100 /w34189 /wd4200 /DWIN32 
/D_WINDOWS /W3 /GR /EHsc /MD /Zi /O2 /Ob
1 /DNDEBUG
-- Warnings as errors disabled
-- The following OPTIONAL packages have been found:
...
I get the following errors when generating the build files:
...
-- Using VCINSTALLDIR: C:\Program Files (x86)\Microsoft Visual 
Studio\2019\Community\VC
-- Using C:\Program Files (x86)\Microsoft Visual 
Studio\2019\Community\VC\Redist\MSVC\14.29.30133\vcredist_x64.exe for the NSIS 
installer.
-- Configuring done
CMake Error in epan/CMakeLists.txt:
   Target "epan" INTERFACE_INCLUDE_DIRECTORIES property contains path:
"C:/ws348-64/wireshark-win64-libs-3.4/vcpkg-export-20190318-win64ws/installed/x64-windows/include"
   which is prefixed in the build directory.

CMake Error in epan/CMakeLists.txt:
   Target "epan" INTERFACE_INCLUDE_DIRECTORIES property contains path:
"C:/ws348-64/wireshark-win64-libs-3.4/vcpkg-export-20190318-win64ws/installed/x64-windows/include"
   which is prefixed in the build directory.

CMake Error in wsutil/CMakeLists.txt:
   Target "wsutil" INTERFACE_INCLUDE_DIRECTORIES property contains path:
"C:/ws348-64/wireshark-win64-libs-3.4/libgcrypt-1.8.3-win64ws/include"
   which is prefixed in the build directory.

CMake Error in wsutil/CMakeLists.txt:
   Target "wsutil" INTERFACE_INCLUDE_DIRECTORIES property contains path:
"C:/ws348-64/wireshark-win64-libs-3.4/gnutls-3.6.3-1-win64ws/include"
   which is prefixed in the build directory.

-- Generating done
CMake Generate step failed.  Build files cannot be regenerated correctly.
C:\ws348-64>
I saw there was an old issue related to these kind of errors but that was fixed.
https://gitlab.com/wireshark/wireshark/-/issues/17477 

Any help would be appreciated.


I ended up reverting the fix for issue 17477 since it caused problems for 
people doing external plugin development 
(https://gitlab.com/wireshark/wireshark/-/merge_requests/3945). It looks like 
you're build directory and WIRESHARK_BASE_DIR are the same. Can you try using 
different directories?
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] macOS Arm packages now available

[Gerald Combs]

Thanks to Michael Tüxen we now have a macOS Arm builder which is producing 
packages:

https://www.wireshark.org/download/automated/osx/

They currently untested, so please open an issue if you run into any problems.
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Code of conduct?

[Gerald Combs]

On 5/4/21 6:19 PM, Gerald Combs wrote:

Hi all,

We've discussed adopting a code of conduct for Wireshark a few times over the 
years, most recently at 
https://www.wireshark.org/lists/wireshark-dev/202008/msg3.html. I think it 
would be beneficial for the project, and toward that end I've created a 
question at https://ask.wireshark.org/question/22598 along with answers 
proposing three CoCs that I think would work well for us. You're welcome to 
suggest a different CoC, comment on submissions, and vote for any that you 
like. I'm hoping that this will give us a clear enough consensus to adopt a CoC 
in the next couple of weeks.


It ended up being months instead of weeks, but I finally got around to 
following up on this. There weren't very many votes, but most of them were for 
the KDE CoC. I've submitted a proposed modified version at 
https://gitlab.com/wireshark/wireshark/-/merge_requests/3864. As noted in the 
merge request, it might make more sense to add it to www.wireshark.org instead 
of the Wireshark source code repository.
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Remote Developer Den, August 2021

[Gerald Combs]

Hi all,

I've scheduled the next remote Developer Den for Thursday, August 26th. This is 
the remote version of the Developer Den at SharkFest, a room that is set aside 
for office hours where everyone is welcome to stop in, say hello, ask 
questions, etc.

The September Developer Den will be held during SharkFest.

The link below has a "join from browser" option, so it should be possible to 
connect without installing Zoom's client.

----

Gerald Combs is inviting you to a scheduled Zoom meeting.

Topic: Wireshark Developer Den
Time: Aug 26, 2021 09:00 AM Pacific Time (US and Canada)

Join Zoom Meeting
https://riverbed.zoom.us/j/94499474119?pwd=Ylh1bnh5T0lUemx0OU42T0tPOHdpdz09

Meeting ID: 944 9947 4119
Passcode: 091792
One tap mobile
+16699006833,,94499474119#*091792# US (San Jose)
+13462487799,,94499474119#*091792# US (Houston)

Dial by your location
+1 669 900 6833 US (San Jose)
+1 346 248 7799 US (Houston)
+1 253 215 8782 US (Tacoma)
+1 929 205 6099 US (New York)
+1 301 715 8592 US (Washington DC)
+1 312 626 6799 US (Chicago)
888 475 4499 US Toll-free
877 853 5257 US Toll-free
+43 12 535 501 Austria
+43 12 535 502 Austria
+43 670 309 0165 Austria
+43 72 011 5988 Austria
+43 120 609 3072 Austria
0 800 104 430 Austria Toll-free
0 800 102 309 Austria Toll-free
+33 1 7037 9729 France
+33 1 7095 0103 France
+33 1 7095 0350 France
+33 1 8699 5831 France
+33 1 7037 2246 France
0 800 944 049 France Toll-free
0 800 940 415 France Toll-free
+49 69 3807 9883 Germany
+49 69 3807 9884 Germany
+49 695 050 2596 Germany
+49 69 7104 9922 Germany
+49 30 5679 5800 Germany
0 800 1800 150 Germany Toll-free
0 800 000 1590 Germany Toll-free
0 800 000 6954 Germany Toll-free
+39 069 480 6488 Italy
+39 020 066 7245 Italy
+39 021 241 28 823 Italy
800 790 654 Italy Toll-free
800 088 202 Italy Toll-free
800 125 671 Italy Toll-free
+351 308 810 988 Portugal
+351 211 202 618 Portugal
+351 308 804 188 Portugal
800 780 072 Portugal Toll-free
800 780 052 Portugal Toll-free
+48 22 398 7356 Poland
+48 22 306 5342 Poland
+48 22 307 3488 Poland
00 800 321 1464 Poland Toll-free
00 800 112 5171 Poland Toll-free
+34 917 873 431 Spain
+34 84 368 5025 Spain
+34 91 787 0058 Spain
900 053 647 Spain Toll-free
800 654 404 Spain Toll-free
800 906 063 Spain Toll-free
+46 850 539 728 Sweden
+46 8 4468 2488 Sweden
+46 8 5016 3827 Sweden
+46 8 5050 0828 Sweden
+46 8 5050 0829 Sweden
+46 8 5052 0017 Sweden
0 200 123 720 Sweden Toll-free
0 200 123 514 Sweden Toll-free
+41 44 529 92 72 Switzerland
+41 22 591 00 05 Switzerland
+41 22 591 01 56 Switzerland
+41 31 528 09 88 Switzerland
+41 43 210 70 42 Switzerland
+41 43 210 71 08 Switzerland
0 800 561 252 Switzerland Toll-free
0 800 002 622 Switzerland Toll-free
+44 330 088 5830 The United Kingdom
+44 131 460 1196 The United Kingdom
+44 203 481 5237 The United Kingdom
+44 203 481 5240 The United Kingdom
+44 203 901 7895 The United Kingdom
+44 208 080 6591 The United Kingdom
+44 208 080 6592 The United Kingdom
0 800 358 2817 The United Kingdom Toll-free
0 800 031 5717 The United Kingdom Toll-free
0 800 260 5801 The United Kingdom Toll-free
Meeting ID: 944 9947 4119
Passcode: 091792
Find your local number: https://riverbed.zoom.us/u/abNuud6qyl

BEGIN:VCALENDAR
PRODID:-//zoom.us//iCalendar Event//EN
VERSION:2.0
CALSCALE:GREGORIAN
METHOD:PUBLISH
CLASS:PUBLIC
BEGIN:VTIMEZONE
TZID:America/Los_Angeles
LAST-MODIFIED:20201011T015911Z
TZURL:http://tzurl.org/zoneinfo-outlook/America/Los_Angeles
X-LIC-LOCATION:America/Los_Angeles
BEGIN:DAYLIGHT
TZNAME:PDT
TZOFFSETFROM:-0800
TZOFFSETTO:-0700
DTSTART:19700308T02
RRULE:FREQ=YEARLY;BYMONTH=3;BYDAY=2SU
END:DAYLIGHT
BEGIN:STANDARD
TZNAME:PST
TZOFFSETFROM:-0700
TZOFFSETTO:-0800
DTSTART:19701101T02
RRULE:FREQ=YEARLY;BYMONTH=11;BYDAY=1SU
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
DTSTAMP:20210809T232940Z
DTSTART;TZID=America/Los_Angeles:20210826T09
DTEND;TZID=America/Los_Angeles:20210826T10
SUMMARY:Wireshark Developer Den
UID:20210809T232940Z-94499474119@fe80:0:0:0:10c3:33ff:fe7a:89edens3
TZID:America/Los_Angeles
DESCRIPTION:Gerald Combs is inviting you to a scheduled Zoom meeting.\n\n
 Join Zoom Meeting\nhttps://riverbed.zoom.us/j/94499474119?pwd=Ylh1bnh5T0
 lUemx0OU42T0tPOHdpdz09\n\nMeeting ID: 944 9947 4119\nPasscode: 091792\nO
 ne tap mobile\n+16699006833\,\,94499474119#\,\,\,\,*091792# US (San Jose
 )\n+13462487799\,\,9

Re: [Wireshark-dev] Missing User Guide

[Gerald Combs]

On 7/15/21 9:57 AM, Graham Bloice wrote:



On Thu, 15 Jul 2021 at 16:28, WQ mailto:wqua...@belgacom.net>> wrote:

Hi,

I just downloaded the latest 3.4.7 Wireshark release and noticed that the 
"*user-guide.chm* version 3.5.0" is missing in the download area !
Could this be made available again ?
A *.chm is much easier to navigate then the *.pdf !


It's gone, see https://gitlab.com/wireshark/wireshark/-/merge_requests/3213 


I also miss the chm.


Would an EPUB version be a sufficent replacement? I created one using 
asciidoctor-epub3, and can open it in both Apple Books on my Mac and Okular on 
Windows just fine. Okular's UI looks and works better than HTML Help on my 
HiDPI display, IMO.
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Wireshark 3.4.7 is now available

[Gerald Combs]

I'm proud to announce the release of Wireshark 3.4.7.


 What is Wireshark?

  Wireshark is the world’s most popular network protocol analyzer. It is
  used for troubleshooting, analysis, development and education.

 What’s New

  Bug Fixes

   The following vulnerabilities have been fixed:

 • wnpa-sec-2021-06[1] DNP dissector crash. Issue 17462[2].
   CVE-2021-22235[3].

   The following bugs have been fixed:

 • TCP dissector - Erroneous DSACK reporting Issue 17315[4].

 • No wlan_radio.duration calculated for PHY type: 802.11ac (VHT)
   Issue 17419[5].

 • NAN Dissector has wrong minimum length for availability attribute
   Issue 17431[6].

  New and Updated Features

  New Protocol Support

   There are no new protocols in this release.

  Updated Protocol Support

   ASTERIX, BT LE LL, DCE RPC, DNP, GTPv2, IEEE 802.11 Radio, LDAP, NAN,
   NORDIC_BLE, NR RRC, OSPF, pcapng, PNIO, RSL, S101, Snort config, and
   TCP

  New and Updated Capture File Support

   Catapult DCT2000, ERF, and pcap

 Getting Wireshark

  Wireshark source code and installation packages are available from
  https://www.wireshark.org/download.html.

  Vendor-supplied Packages

   Most Linux and Unix vendors supply their own Wireshark packages. You
   can usually install or upgrade Wireshark using the package management
   system specific to that platform. A list of third-party packages can
   be found on the download page[7] on the Wireshark web site.

 File Locations

  Wireshark and TShark look in several different locations for
  preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
  locations vary from platform to platform. You can use About → Folders
  to find the default locations on your system.

 Getting Help

  The User’s Guide, manual pages and various other documentation can be
  found at https://www.wireshark.org/docs/

  Community support is available on Wireshark’s Q site[8] and on the
  wireshark-users mailing list. Subscription information and archives
  for all of Wireshark’s mailing lists can be found on the web site[9].

  Issues and feature requests can be reported on the issue tracker[10].

 Frequently Asked Questions

  A complete FAQ is available on the Wireshark web site[11].

  Last updated 2021-07-14 17:01:08 UTC

 References

   1. https://www.wireshark.org/security/wnpa-sec-2021-06
   2. https://gitlab.com/wireshark/wireshark/-/issues/17462
   3. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22235
   4. https://gitlab.com/wireshark/wireshark/-/issues/17315
   5. https://gitlab.com/wireshark/wireshark/-/issues/17419
   6. https://gitlab.com/wireshark/wireshark/-/issues/17431
   7. https://www.wireshark.org/download.html#thirdparty
   8. https://ask.wireshark.org/
   9. https://www.wireshark.org/lists/
  10. https://gitlab.com/wireshark/wireshark/-/issues
  11. https://www.wireshark.org/faq.html


Digests

wireshark-3.4.7.tar.xz: 32311140 bytes
SHA256(wireshark-3.4.7.tar.xz)=6c4cee51ef997cb9d9aaee84113525a5629157d3c743d7c4e32de804a09d
RIPEMD160(wireshark-3.4.7.tar.xz)=be6d3f018532d17b0154677c6fd54c61a2f289f3
SHA1(wireshark-3.4.7.tar.xz)=3fa4bb774030442b9908243a9927d38479c52bf5

Wireshark-win64-3.4.7.exe: 71354272 bytes
SHA256(Wireshark-win64-3.4.7.exe)=b61fcdb21a5a1f40d267748300d29b04562277175d827312202c6ea918065238
RIPEMD160(Wireshark-win64-3.4.7.exe)=8789c7d43d7822f83e3887a8584abc262c93f3fa
SHA1(Wireshark-win64-3.4.7.exe)=55620cf189b44e84f654d39299af106b6ea1a5f3

Wireshark-win32-3.4.7.exe: 55389856 bytes
SHA256(Wireshark-win32-3.4.7.exe)=1ff1e362aa96864e2d08e0241d6c36fc2ee2f9bb228695da5a0040e8b2ea1542
RIPEMD160(Wireshark-win32-3.4.7.exe)=a62874a0acfaf48335f8470a9fbc5adbdda68b64
SHA1(Wireshark-win32-3.4.7.exe)=f2970ef2bca028768008d687bc04a678c53c299f

Wireshark-win64-3.4.7.msi: 49106944 bytes
SHA256(Wireshark-win64-3.4.7.msi)=86dd46ede8ce640623686d73b9f1bd5f514428ea3f2d335325db4867330a9d38
RIPEMD160(Wireshark-win64-3.4.7.msi)=aba2d1f6595165bb840bd2b5e74609b010d940e9
SHA1(Wireshark-win64-3.4.7.msi)=f0a1da013a66aa8d138f05d83889df4465b06cd1

Wireshark-win32-3.4.7.msi: 43905024 bytes
SHA256(Wireshark-win32-3.4.7.msi)=d6e900c35637df916d157c1c932dd3a60b6d9e1e4d1b93795efe3208ce016d7f
RIPEMD160(Wireshark-win32-3.4.7.msi)=d0bc87c9ca19a420a367fb91dcc42cd0ab3694b9
SHA1(Wireshark-win32-3.4.7.msi)=f601e8874355c46c0bf836f6e28b48f5f166ae7d

WiresharkPortable_3.4.7.paf.exe: 38205224 bytes
SHA256(WiresharkPortable_3.4.7.paf.exe)=6529ee4f5d6d850dafaea7bbb334c7c9858e24af4a8b48a2e0f1f75204f8b20d
RIPEMD160(WiresharkPortable_3.4.7.paf.exe)=a6333431329c231aca67386840c0725957f69e9a
SHA1(WiresharkPortable_3.4.7.paf.exe)=85f4449bc1295d3a24fe750c211b1fa42724574a

Wireshark 3.4.7 Intel 64.dmg: 131023034 bytes
SHA256(Wireshark 3.4.7 Intel 
64.dmg)=454c2533aed96e3a39d0c21f9edecad0d75ef9c688d3aef7619895fb7a3c5db4
RIPEMD160(Wireshark 3.4.7 Intel 64.dmg)=3dc8b43a2b9173d4e6b79c9313b28558ff957225
SHA1(Wireshark 3.4.7 Intel 64.dmg)=bce18e4357e17be18b822bd8c772bb7637268287

You can 

Re: [Wireshark-dev] Remote Developer Den, July 2021

[Gerald Combs]

[ resending with correct meeting day ]

On 7/12/21 12:57 PM, Gerald Combs wrote:

Hi everyone,

I've scheduled the next remote Developer Den for Wednesday, July 28th. This is 
the remote version of the Developer Den at SharkFest, a room that is set aside 
for office hours where everyone is welcome to stop in, say hello, ask 
questions, etc.

The link below has a "join from browser" option, so it should be possible to 
connect without installing Zoom's client.


----


Gerald Combs is inviting you to a scheduled Zoom meeting.

Topic: Wireshark Developer Den
Time: Jul 28, 2021 09:00 AM Pacific Time (US and Canada)

Join Zoom Meeting
https://riverbed.zoom.us/j/94522032543?pwd=M3g1TXR5RGk3cE53TXhpdGljSG44QT09

Meeting ID: 945 2203 2543
Passcode: 259563
One tap mobile
+16699006833,,94522032543#*259563# US (San Jose)
+13462487799,,94522032543#*259563# US (Houston)

Dial by your location
+1 669 900 6833 US (San Jose)
+1 346 248 7799 US (Houston)
+1 253 215 8782 US (Tacoma)
+1 301 715 8592 US (Washington DC)
+1 312 626 6799 US (Chicago)
+1 929 205 6099 US (New York)
888 475 4499 US Toll-free
877 853 5257 US Toll-free
+43 12 535 502 Austria
+43 670 309 0165 Austria
+43 72 011 5988 Austria
+43 120 609 3072 Austria
+43 12 535 501 Austria
0 800 104 430 Austria Toll-free
0 800 102 309 Austria Toll-free
+33 1 7095 0103 France
+33 1 7095 0350 France
+33 1 8699 5831 France
+33 1 7037 2246 France
+33 1 7037 9729 France
0 800 944 049 France Toll-free
0 800 940 415 France Toll-free
+49 69 3807 9883 Germany
+49 695 050 2596 Germany
+49 69 7104 9922 Germany
+49 30 5679 5800 Germany
0 800 000 1590 Germany Toll-free
0 800 000 6954 Germany Toll-free
0 800 1800 150 Germany Toll-free
+39 020 066 7245 Italy
+39 021 241 28 823 Italy
+39 069 480 6488 Italy
800 088 202 Italy Toll-free
800 125 671 Italy Toll-free
800 790 654 Italy Toll-free
+351 211 202 618 Portugal
+351 308 804 188 Portugal
+351 308 810 988 Portugal
800 780 072 Portugal Toll-free
800 780 052 Portugal Toll-free
+48 22 306 5342 Poland
+48 22 307 3488 Poland
+48 22 398 7356 Poland
00 800 321 1464 Poland Toll-free
00 800 112 5171 Poland Toll-free
+34 84 368 5025 Spain
+34 91 787 0058 Spain
+34 917 873 431 Spain
800 654 404 Spain Toll-free
800 906 063 Spain Toll-free
900 053 647 Spain Toll-free
+46 8 5050 0829 Sweden
+46 8 5052 0017 Sweden
+46 850 539 728 Sweden
+46 8 4468 2488 Sweden
+46 8 5016 3827 Sweden
+46 8 5050 0828 Sweden
0 200 123 720 Sweden Toll-free
0 200 123 514 Sweden Toll-free
+41 43 210 70 42 Switzerland
+41 43 210 71 08 Switzerland
+41 44 529 92 72 Switzerland
+41 22 591 00 05 Switzerland
+41 22 591 01 56 Switzerland
+41 31 528 09 88 Switzerland
0 800 561 252 Switzerland Toll-free
0 800 002 622 Switzerland Toll-free
+44 330 088 5830 The United Kingdom
+44 131 460 1196 The United Kingdom
+44 203 481 5237 The United Kingdom
+44 203 481 5240 The United Kingdom
+44 203 901 7895 The United Kingdom
+44 208 080 6591 The United Kingdom
+44 208 080 6592 The United Kingdom
0 800 031 5717 The United Kingdom Toll-free
0 800 260 5801 The United Kingdom Toll-free
0 800 358 2817 The United Kingdom Toll-free
Meeting ID: 945 2203 2543
Passcode: 259563
Find your local number: https://riverbed.zoom.us/u/acL9Xg4MVq

BEGIN:VCALENDAR
PRODID:-//zoom.us//iCalendar Event//EN
VERSION:2.0
CALSCALE:GREGORIAN
METHOD:PUBLISH
CLASS:PUBLIC
BEGIN:VTIMEZONE
TZID:America/Los_Angeles
LAST-MODIFIED:20201011T015911Z
TZURL:http://tzurl.org/zoneinfo-outlook/America/Los_Angeles
X-LIC-LOCATION:America/Los_Angeles
BEGIN:DAYLIGHT
TZNAME:PDT
TZOFFSETFROM:-0800
TZOFFSETTO:-0700
DTSTART:19700308T02
RRULE:FREQ=YEARLY;BYMONTH=3;BYDAY=2SU
END:DAYLIGHT
BEGIN:STANDARD
TZNAME:PST
TZOFFSETFROM:-0700
TZOFFSETTO:-0800
DTSTART:19701101T02
RRULE:FREQ=YEARLY;BYMONTH=11;BYDAY=1SU
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
DTSTAMP:20210712T201200Z
DTSTART;TZID=America/Los_Angeles:20210728T09
DTEND;TZID=America/Los_Angeles:20210728T12
SUMMARY:Wireshark Developer Den
UID:20210712T201200Z-94522032543@fe80:0:0:0:10ed:dbff:fe09:3dd9ens5
TZID:America/Los_Angeles
DESCRIPTION:Gerald Combs is inviting you to a scheduled Zoom meeting.\n\n
 Join Zoom Meeting\nhttps://riverbed.zoom.us/j/94522032543?pwd=M3g1TXR5RG
 k3cE53TXhpdGljSG44QT09\n\nMeeting ID: 945 2203 2543\nPasscode: 259563\nO
 ne tap mobile\n+16699006833\,\,94522032543#\,\,\,\,*259563# US (San Jose
 )\n+13462487799\,\,9

[Wireshark-dev] Remote Developer Den, July 2021

[Gerald Combs]

Hi everyone,

I've scheduled the next remote Developer Den for Wednesday, July 28th. This is 
the remote version of the Developer Den at SharkFest, a room that is set aside 
for office hours where everyone is welcome to stop in, say hello, ask 
questions, etc.

The link below has a "join from browser" option, so it should be possible to 
connect without installing Zoom's client.

----

Gerald Combs is inviting you to a scheduled Zoom meeting.

Topic: Wireshark Developer Den
Time: Jul 29, 2021 09:00 AM Pacific Time (US and Canada)

Join Zoom Meeting
https://riverbed.zoom.us/j/94522032543?pwd=M3g1TXR5RGk3cE53TXhpdGljSG44QT09

Meeting ID: 945 2203 2543
Passcode: 259563
One tap mobile
+16699006833,,94522032543#*259563# US (San Jose)
+13462487799,,94522032543#*259563# US (Houston)

Dial by your location
+1 669 900 6833 US (San Jose)
+1 346 248 7799 US (Houston)
+1 253 215 8782 US (Tacoma)
+1 301 715 8592 US (Washington DC)
+1 312 626 6799 US (Chicago)
+1 929 205 6099 US (New York)
888 475 4499 US Toll-free
877 853 5257 US Toll-free
+43 12 535 502 Austria
+43 670 309 0165 Austria
+43 72 011 5988 Austria
+43 120 609 3072 Austria
+43 12 535 501 Austria
0 800 104 430 Austria Toll-free
0 800 102 309 Austria Toll-free
+33 1 7095 0103 France
+33 1 7095 0350 France
+33 1 8699 5831 France
+33 1 7037 2246 France
+33 1 7037 9729 France
0 800 944 049 France Toll-free
0 800 940 415 France Toll-free
+49 69 3807 9883 Germany
+49 695 050 2596 Germany
+49 69 7104 9922 Germany
+49 30 5679 5800 Germany
0 800 000 1590 Germany Toll-free
0 800 000 6954 Germany Toll-free
0 800 1800 150 Germany Toll-free
+39 020 066 7245 Italy
+39 021 241 28 823 Italy
+39 069 480 6488 Italy
800 088 202 Italy Toll-free
800 125 671 Italy Toll-free
800 790 654 Italy Toll-free
+351 211 202 618 Portugal
+351 308 804 188 Portugal
+351 308 810 988 Portugal
800 780 072 Portugal Toll-free
800 780 052 Portugal Toll-free
+48 22 306 5342 Poland
+48 22 307 3488 Poland
+48 22 398 7356 Poland
00 800 321 1464 Poland Toll-free
00 800 112 5171 Poland Toll-free
+34 84 368 5025 Spain
+34 91 787 0058 Spain
+34 917 873 431 Spain
800 654 404 Spain Toll-free
800 906 063 Spain Toll-free
900 053 647 Spain Toll-free
+46 8 5050 0829 Sweden
+46 8 5052 0017 Sweden
+46 850 539 728 Sweden
+46 8 4468 2488 Sweden
+46 8 5016 3827 Sweden
+46 8 5050 0828 Sweden
0 200 123 720 Sweden Toll-free
0 200 123 514 Sweden Toll-free
+41 43 210 70 42 Switzerland
+41 43 210 71 08 Switzerland
+41 44 529 92 72 Switzerland
+41 22 591 00 05 Switzerland
+41 22 591 01 56 Switzerland
+41 31 528 09 88 Switzerland
0 800 561 252 Switzerland Toll-free
0 800 002 622 Switzerland Toll-free
+44 330 088 5830 The United Kingdom
+44 131 460 1196 The United Kingdom
+44 203 481 5237 The United Kingdom
+44 203 481 5240 The United Kingdom
+44 203 901 7895 The United Kingdom
+44 208 080 6591 The United Kingdom
+44 208 080 6592 The United Kingdom
0 800 031 5717 The United Kingdom Toll-free
0 800 260 5801 The United Kingdom Toll-free
0 800 358 2817 The United Kingdom Toll-free
Meeting ID: 945 2203 2543
Passcode: 259563
Find your local number: https://riverbed.zoom.us/u/acL9Xg4MVq

BEGIN:VCALENDAR
PRODID:-//zoom.us//iCalendar Event//EN
VERSION:2.0
CALSCALE:GREGORIAN
METHOD:PUBLISH
CLASS:PUBLIC
BEGIN:VTIMEZONE
TZID:America/Los_Angeles
LAST-MODIFIED:20201011T015911Z
TZURL:http://tzurl.org/zoneinfo-outlook/America/Los_Angeles
X-LIC-LOCATION:America/Los_Angeles
BEGIN:DAYLIGHT
TZNAME:PDT
TZOFFSETFROM:-0800
TZOFFSETTO:-0700
DTSTART:19700308T02
RRULE:FREQ=YEARLY;BYMONTH=3;BYDAY=2SU
END:DAYLIGHT
BEGIN:STANDARD
TZNAME:PST
TZOFFSETFROM:-0700
TZOFFSETTO:-0800
DTSTART:19701101T02
RRULE:FREQ=YEARLY;BYMONTH=11;BYDAY=1SU
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
DTSTAMP:20210712T195606Z
DTSTART;TZID=America/Los_Angeles:20210729T09
DTEND;TZID=America/Los_Angeles:20210729T12
SUMMARY:Wireshark Developer Den
UID:20210712T195606Z-94522032543@fe80:0:0:0:1007:2fff:fedc:a2bfens5
TZID:America/Los_Angeles
DESCRIPTION:Gerald Combs is inviting you to a scheduled Zoom meeting.\n\n
 Join Zoom Meeting\nhttps://riverbed.zoom.us/j/94522032543?pwd=M3g1TXR5RG
 k3cE53TXhpdGljSG44QT09\n\nMeeting ID: 945 2203 2543\nPasscode: 259563\nO
 ne tap mobile\n+16699006833\,\,94522032543#\,\,\,\,*259563# US (San Jose
 )\n+13462487799\,\,94522032543#\,\,\,\,*259563# US (Houston)\n\nDial by 
 your location\n+1 669 900 6833 US (S

Re: [Wireshark-dev] here is dead link.

[Gerald Combs]

Fixed. Thanks!

On 7/1/21 9:59 PM, tchksuz...@hotmail.com wrote:

here is dead link.

https://www.wireshark.org/download.html


the link is  "Homebrew"

link to ⇒　http://brewformulas.org/Wireshark


Bestregards.




___
Sent via:    Wireshark-dev mailing list 
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
     mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe


___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] GRegex deprecated

[Gerald Combs]

Has this change actually been committed? It looks like GLib's internal copy of 
PCRE was removed in

https://gitlab.gnome.org/GNOME/glib/-/merge_requests/2144

but meson.build still requires an external libpcre in GLib's main branch.

As MR 1451 points out, PCRE1 is in maintenance mode so it might make sense to 
migrate to PCRE2.

On 6/25/21 9:42 AM, chuck c wrote:

Deprecate GRegex
https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1451 


I guess deprecated is not the same as removed.
Is there a plan to migrate in the future?

(last migration: https://www.wireshark.org/lists/wireshark-dev/201108/msg00501.html 
)

___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
  mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe



___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Wiki editor permission request

[Gerald Combs]

Done.

On 6/22/21 3:57 PM, Dr. Matthias St. Pierre wrote:

Hi,

would you be so kind and grant me permission to edit the WireShark Wiki?  I 
would like upload the IPsec examples
demonstrating the decryption of IKEv2 and ESP packets, which I mentioned in [MR 
3444], to the [SampleCaptures] page.

Regards,

Matthias  St. Pierre
GitLab:  @mspncp


[MR 3444]:  https://gitlab.com/wireshark/wireshark/-/merge_requests/3444
[SampleCaptures]: https://gitlab.com/wireshark/wireshark/-/wikis/SampleCaptures



Dr. Matthias St. Pierre
Senior Software Engineer
matthias.st.pie...@ncp-e.com
Phone: +49 911 9968-0
  www.ncp-e.com

Headquarters Germany: NCP engineering GmbH • Dombuehler Str. 2 • 90449 • 
Nuremberg
North American HQ: NCP engineering Inc. • 601 Cleveland Str., Suite 501-25 • 
Clearwater, FL 33755

Authorized representatives: Peter Soell, Patrick Oliver Graf, Beate Dietrich
Registry Court: Lower District Court of Nuremberg
Commercial register No.: HRB 7786 Nuremberg, VAT identification No.: DE 
133557619

This e-mail message including any attachments is for the sole use of the 
intended recipient(s) and may contain privileged
or confidential information. Any unauthorized review, use, disclosure or 
distribution is prohibited. If you are not the intended recipient,
please immediately contact the sender by reply e-mail and delete the original 
message and destroy all copies thereof.


___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
  mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe



___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Struggling to build NSIS installation

[Gerald Combs]

The Asciidoctor.js project ships self-contained Windows executables with each 
release:

https://github.com/asciidoctor/asciidoctor.js/releases/tag/v2.2.4

I tried setting ASCIIDOCTOR_EXECUTABLE and ASCIIDOCTOR_PDF_EXECUTABLE to 
/path/to/asciidoctor-win.exe in a Windows VM here, and it was able to build 
what appear to be a valid User's Guide, Developer's Guide, and release notes. 
It looks like we should be able to use it instead, and remove our dependency on 
Java on Windows.

On 6/22/21 10:50 AM, Gerald Combs wrote:

As far as I can tell, Chocolatey doesn't support alternative package 
dependencies, so you get too choose between depending on a specific JRE (which 
might install an unwanted extra copy of java.exe) or none (which requires an 
extra installation step). The AsciidoctorJ package went with the latter. I've 
added a note about installing a JRE separately to the Developer's Guide in MR 
3441.

On 6/22/21 8:17 AM, Martin Mathieson via Wireshark-dev wrote:

Will try this later.  Will be interesting to see if I get an automated 
corporate email telling me to uninstall the Oracle one :)

On Tue, Jun 22, 2021 at 3:59 PM Graham Bloice mailto:graham.blo...@trihedral.com>> wrote:



    On Tue, 22 Jun 2021 at 15:56, Martin Mathieson via Wireshark-dev 
mailto:wireshark-dev@wireshark.org>> wrote:

    I manually installed Java "Windows Offline (64-bit)" from java.com 
<http://java.com> (rather than trying*choco install javaruntime*) and am now able to 
build NSIS packages.


    Note the licencing of Java for Oracle versions.  This may or may not be an issue for 
you.  Much simpler to use an "open" alternative, e.g. adoptopenjdk or others.


    On Tue, Jun 22, 2021 at 3:45 PM chuck c mailto:bubbas...@gmail.com>> wrote:

    Maybe here https://community.chocolatey.org/packages/asciidoctorj 
<https://community.chocolatey.org/packages/asciidoctorj> and 
https://gitlab.com/wireshark/wireshark-containers/-/blob/master/dev/windows/Dockerfile 
<https://gitlab.com/wireshark/wireshark-containers/-/blob/master/dev/windows/Dockerfile>
 ?

    On Tue, Jun 22, 2021 at 9:36 AM Graham Bloice mailto:graham.blo...@trihedral.com>> wrote:

    The infamous "someone" should update the WSDG to call out Java 
(64 bit) as a prerequisite for the docs.

    On Tue, 22 Jun 2021 at 15:27, chuck c mailto:bubbas...@gmail.com>> wrote:

    
https://ask.wireshark.org/question/22386/wireshark-35-nsis-build-error/ 
<https://ask.wireshark.org/question/22386/wireshark-35-nsis-build-error/>
    "First time around building my dev environment (win10 x64), 
the Java installer picked 32-bit packages.
    Similar messages to what you are seeing. Fixed by reinstalling 
64-bit Java."

    On Tue, Jun 22, 2021 at 8:39 AM Graham Bloice 
mailto:graham.blo...@trihedral.com>> wrote:



    On Tue, 22 Jun 2021 at 13:41, Martin Mathieson via Wireshark-dev 
mailto:wireshark-dev@wireshark.org>> wrote:

    Does the Java warning sound important? Is there 
something I should do to try to increase the java heap size?  This machine 
should have loads (c20GB)  of memory available..

    image.png


    Odd, Java isn't called out as an installable by the 
Developers Guide but obviously ascidoctorj requires it.  Looking at my VM I 
have an old version of Oracle Java 8 installed and absolutely no idea where it 
came from:

 > java -version
    java version "1.8.0_221"
    Java(TM) SE Runtime Environment (build 1.8.0_221-b11)
    Java HotSpot(TM) 64-Bit Server VM (build 25.221-b11, 
mixed mode)

 > (Get-Command java.exe).Source
    C:\Program Files (x86)\Common 
Files\Oracle\Java\javapath\java.exe

    The invocation of asciidoctorj (if installed via chocolatey 
it will be 
\lib\asciidoctorj\tools\asciidoctorj-x.x.x\bin\asciidoctorj.bat)
 sets JVM options for memory.

    I've never come across this before, and can't remember 
it being reported elsewhere.

    Best regards,
    Martin



    --     Graham Bloice
    
___
    Sent via:    Wireshark-dev mailing list 
mailto:wireshark-dev@wireshark.org>>
    Archives: https://www.wireshark.org/lists/wireshark-dev 
<https://www.wireshark.org/lists/wireshark-dev>
    Unsubscribe: 
https://www.wireshark.org/mailman/options/wireshark-dev 
<https://www.wireshark.org/mailman/options/wir

Re: [Wireshark-dev] Struggling to build NSIS installation

[Gerald Combs]

As far as I can tell, Chocolatey doesn't support alternative package 
dependencies, so you get too choose between depending on a specific JRE (which 
might install an unwanted extra copy of java.exe) or none (which requires an 
extra installation step). The AsciidoctorJ package went with the latter. I've 
added a note about installing a JRE separately to the Developer's Guide in MR 
3441.

On 6/22/21 8:17 AM, Martin Mathieson via Wireshark-dev wrote:

Will try this later.  Will be interesting to see if I get an automated 
corporate email telling me to uninstall the Oracle one :)

On Tue, Jun 22, 2021 at 3:59 PM Graham Bloice mailto:graham.blo...@trihedral.com>> wrote:



On Tue, 22 Jun 2021 at 15:56, Martin Mathieson via Wireshark-dev 
mailto:wireshark-dev@wireshark.org>> wrote:

I manually installed Java "Windows Offline (64-bit)" from java.com 
 (rather than trying*choco install javaruntime*) and am now able to 
build NSIS packages.


Note the licencing of Java for Oracle versions.  This may or may not be an issue for 
you.  Much simpler to use an "open" alternative, e.g. adoptopenjdk or others.


On Tue, Jun 22, 2021 at 3:45 PM chuck c mailto:bubbas...@gmail.com>> wrote:

Maybe here https://community.chocolatey.org/packages/asciidoctorj 
 and 
https://gitlab.com/wireshark/wireshark-containers/-/blob/master/dev/windows/Dockerfile 

 ?

On Tue, Jun 22, 2021 at 9:36 AM Graham Bloice mailto:graham.blo...@trihedral.com>> wrote:

The infamous "someone" should update the WSDG to call out Java 
(64 bit) as a prerequisite for the docs.

On Tue, 22 Jun 2021 at 15:27, chuck c mailto:bubbas...@gmail.com>> wrote:


https://ask.wireshark.org/question/22386/wireshark-35-nsis-build-error/ 

"First time around building my dev environment (win10 x64), 
the Java installer picked 32-bit packages.
Similar messages to what you are seeing. Fixed by reinstalling 
64-bit Java."

On Tue, Jun 22, 2021 at 8:39 AM Graham Bloice 
mailto:graham.blo...@trihedral.com>> wrote:



On Tue, 22 Jun 2021 at 13:41, Martin Mathieson via Wireshark-dev 
mailto:wireshark-dev@wireshark.org>> wrote:

Does the Java warning sound important? Is there 
something I should do to try to increase the java heap size?  This machine 
should have loads (c20GB)  of memory available..

image.png


Odd, Java isn't called out as an installable by the 
Developers Guide but obviously ascidoctorj requires it.  Looking at my VM I 
have an old version of Oracle Java 8 installed and absolutely no idea where it 
came from:

 > java -version
java version "1.8.0_221"
Java(TM) SE Runtime Environment (build 1.8.0_221-b11)
Java HotSpot(TM) 64-Bit Server VM (build 25.221-b11, 
mixed mode)

 > (Get-Command java.exe).Source
C:\Program Files (x86)\Common 
Files\Oracle\Java\javapath\java.exe

The invocation of asciidoctorj (if installed via chocolatey 
it will be 
\lib\asciidoctorj\tools\asciidoctorj-x.x.x\bin\asciidoctorj.bat)
 sets JVM options for memory.

I've never come across this before, and can't remember 
it being reported elsewhere.

Best regards,
Martin



-- 
Graham Bloice


___
Sent via:    Wireshark-dev mailing list 
mailto:wireshark-dev@wireshark.org>>
Archives: https://www.wireshark.org/lists/wireshark-dev 

Unsubscribe: 
https://www.wireshark.org/mailman/options/wireshark-dev 

              mailto:wireshark-dev-requ...@wireshark.org 
?subject=unsubscribe


___
Sent via:    Wireshark-dev mailing list mailto:wireshark-dev@wireshark.org>>
Archives: https://www.wireshark.org/lists/wireshark-dev 

Unsubscribe: 
https://www.wireshark.org/mailman/options/wireshark-dev 

              

Re: [Wireshark-dev] Wiki editor permission request

[Gerald Combs]

Done!

On 6/17/21 7:04 AM, Ronald Henderson via Wireshark-dev wrote:

I would like permission to edit the Wireshark wiki. My GitLab username is 
Ronald Henderson.

Full name: Ronald Henderson

User ID 7882719

Email: rwh...@verizon.net

I am the Co-Author of the Network Security Toolkit (NST) 
https://networksecuritytoolkit.org 

We have implemented a Web-based frontend to tshark / dumpcap.

I maintained a small section of the Tools Collection about NST and Wireshark on 
your Wiki.

Thanks you for your consideration,

Ron Henderson

Co-Author of NST


___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
  mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe



___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Wiki editor permission request

[Gerald Combs]

Done!

On 6/8/21 11:41 PM, Sun Lin via Wireshark-dev wrote:

Hi,

I would like permission to edit the Wireshark wiki. My GitLab username is @lin.sun 
.
There're two pcap example files for OPUS rtp packets to upload to the 
https://gitlab.com/wireshark/wireshark/-/wikis/SampleCaptures .

B.R.
Lin
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
  mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe



___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Wireshark 3.4.6 is now available

[Gerald Combs]

I'm proud to announce the release of Wireshark 3.4.6.


 What is Wireshark?

  Wireshark is the world’s most popular network protocol analyzer. It is
  used for troubleshooting, analysis, development and education.

 What’s New

  The Windows installers now ship with Npcap 1.31. They previously
  shipped with Npcap 1.10.

  The Windows installers now ship with Qt 5.15.2. They previously
  shipped with Qt 5.12.1.

  Bug Fixes

 • wnpa-sec-2021-04[1] DVB-S2-BB dissector infinite loop

   The following bugs have been fixed:

 • Macro filters can’t handle escaped characters Issue 17160[2].

 • Display filter crashes Wireshark Issue 17316[3].

 • IEEE-1588 Signalling Unicast TLV incorrectly reported as being
   malformed Issue 17355[4].

 • IETF QUIC TLS decryption error with extraneous packets during the
   handshake Issue 17383[5].

 • Statistics → Resolved Addresses: multi-protocol (TCP/UDP/…​)
   ports not displayed Issue 17395[6].

  New and Updated Features

  New Protocol Support

   There are no new protocols in this release.

  Updated Protocol Support

   DNP, DVB-S2-BB, ProtoBuf, PTP, QUIC, RANAP, and TACACS

  New and Updated Capture File Support

   Ascend, ERF, K12, NetScaler, and pcapng

 Getting Wireshark

  Wireshark source code and installation packages are available from
  https://www.wireshark.org/download.html.

  Vendor-supplied Packages

   Most Linux and Unix vendors supply their own Wireshark packages. You
   can usually install or upgrade Wireshark using the package management
   system specific to that platform. A list of third-party packages can
   be found on the download page[7] on the Wireshark web site.

 File Locations

  Wireshark and TShark look in several different locations for
  preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
  locations vary from platform to platform. You can use About → Folders
  to find the default locations on your system.

 Getting Help

  The User’s Guide, manual pages and various other documentation can be
  found at https://www.wireshark.org/docs/

  Community support is available on Wireshark’s Q site[8] and on the
  wireshark-users mailing list. Subscription information and archives
  for all of Wireshark’s mailing lists can be found on the web site[9].

  Issues and feature requests can be reported on the issue tracker[10].

 Frequently Asked Questions

  A complete FAQ is available on the Wireshark web site[11].

  Last updated 2021-06-02 17:49:35 UTC

 References

   1. https://www.wireshark.org/security/wnpa-sec-2021-04
   2. https://gitlab.com/wireshark/wireshark/-/issues/17160
   3. https://gitlab.com/wireshark/wireshark/-/issues/17316
   4. https://gitlab.com/wireshark/wireshark/-/issues/17355
   5. https://gitlab.com/wireshark/wireshark/-/issues/17383
   6. https://gitlab.com/wireshark/wireshark/-/issues/17395
   7. https://www.wireshark.org/download.html#thirdparty
   8. https://ask.wireshark.org/
   9. https://www.wireshark.org/lists/
  10. https://gitlab.com/wireshark/wireshark/-/issues
  11. https://www.wireshark.org/faq.html


Digests

wireshark-3.4.6.tar.xz: 32304604 bytes
SHA256(wireshark-3.4.6.tar.xz)=12a678208f8cb009e6b9d96026e41a6ef03c7ad086b9e1029f42053b249b4628
RIPEMD160(wireshark-3.4.6.tar.xz)=a2e4ab6cdd044495a5e91da23fa1a3d45a17ff39
SHA1(wireshark-3.4.6.tar.xz)=20596183210daeb0070ae43716529caf81c6187a

Wireshark-win64-3.4.6.exe: 61382664 bytes
SHA256(Wireshark-win64-3.4.6.exe)=9021124cd54bbd3301dcd98dbfa32f989ce9631e37cb652c2722bb8a3e561a33
RIPEMD160(Wireshark-win64-3.4.6.exe)=8aa15a4a183b18471643e2cbdbe87d7985797571
SHA1(Wireshark-win64-3.4.6.exe)=7d1686b5850bb2606a257895e3b03fa66d86981d

Wireshark-win32-3.4.6.exe: 56435872 bytes
SHA256(Wireshark-win32-3.4.6.exe)=702d61e63e5496fa7c952b97652cf2455b378b46ca1c808d7f5201bfddb51062
RIPEMD160(Wireshark-win32-3.4.6.exe)=9be64e53ba99f2c36883aa2aac7463a1c467854a
SHA1(Wireshark-win32-3.4.6.exe)=1a3070bb23b31af92b0ac18af7b162aaf4fba6e7

Wireshark-win32-3.4.6.msi: 44642304 bytes
SHA256(Wireshark-win32-3.4.6.msi)=7bcf63fcff3ede139c52f60452bd6f6137052f1f8669cbee3eec4f477becee16
RIPEMD160(Wireshark-win32-3.4.6.msi)=f66801be334f5dedbd28ed68801485930af1f6a7
SHA1(Wireshark-win32-3.4.6.msi)=f8a7231a0709e462b62c051aac723f9043d2fc8f

Wireshark-win64-3.4.6.msi: 49688576 bytes
SHA256(Wireshark-win64-3.4.6.msi)=75f42ee5663079d91cf5f48be0217ac9d97b404ef2f3c5f54639dc1635a943a8
RIPEMD160(Wireshark-win64-3.4.6.msi)=235a1950976dc20e34dc8a61ecf69010408530f3
SHA1(Wireshark-win64-3.4.6.msi)=b8a2969ca69195c132ee150f8aec5b706552be32

WiresharkPortable_3.4.6.paf.exe: 38306544 bytes
SHA256(WiresharkPortable_3.4.6.paf.exe)=5c886584ed761a011c4db01340bc28b1d1b421d2ec5cf00c6298d8944a019339
RIPEMD160(WiresharkPortable_3.4.6.paf.exe)=19f87ccc00f9e88a69714f1632716342f8a71296
SHA1(WiresharkPortable_3.4.6.paf.exe)=9cbb37cf7af0e496b7db30c3a995c029f228dfae

Wireshark 3.4.6 Intel 64.dmg: 130991548 bytes
SHA256(Wireshark 3.4.6 Intel 

Re: [Wireshark-dev] Windows HTML Help

[Gerald Combs]

On 6/1/21 8:08 PM, Guy Harris wrote:

On Jun 1, 2021, at 4:14 PM, Gerald Combs  wrote:


I just discovered that the HTML Help Workshop download link at

https://docs.microsoft.com/en-us/previous-versions/windows/desktop/htmlhelp/microsoft-html-help-downloads

no longer works, and the Chocolatey package now downloads from archive.org:

https://community.chocolatey.org/packages/html-help-workshop#files


Have Microsoft said anything about deprecating HTML Help in favor either of 1) 
some new help mechanism or 2) just use an HTML display tool that you hand the 
URL for your product's documentation?


I can't find any official deprecation notice, but it looks like they stopped 
updating HTML Help Workshop in 2009 and have released two succeeding help 
systems: Microsoft Help 2[1] and Microsoft Help Viewer[2][3]. Both seem to be 
tied closely to Visual Studio, and I'm not sure how easy it is to generate 
content for each format (e.g. Help Viewer topic markup) using our current 
toolchain.

[1]https://en.wikipedia.org/wiki/Microsoft_Help_2
[2]https://en.wikipedia.org/wiki/Microsoft_Help_Viewer
[3]https://docs.microsoft.com/en-us/visualstudio/extensibility/internals/microsoft-help-viewer-sdk?view=vs-2019
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Windows HTML Help

[Gerald Combs]

I just discovered that the HTML Help Workshop download link at

https://docs.microsoft.com/en-us/previous-versions/windows/desktop/htmlhelp/microsoft-html-help-downloads

no longer works, and the Chocolatey package now downloads from archive.org:

https://community.chocolatey.org/packages/html-help-workshop#files

I'll take a look at switching the Windows installers over to plain HTML.

On 5/26/21 2:30 PM, Gerald Combs wrote:

I think the only advantage that HTML Help offers at this point is the ability 
to search for keywords. It otherwise adds a build requirement which results in 
shipping a different help format on Windows, and the HTML Help Viewer seems to 
behave worse as time goes on. I'd be OK with switching to plain HTML.


On 5/26/21 12:28 PM, Graham Bloice wrote:

Personally I prefer help to be local and not require internet access, and I 
despise those local help abominations that spew hundreds of html files into the 
filesystem.

Not sure what's up with the links, maybe we need to make them pass off to the 
system default browser rather than trying to render them in the HTML help 
browser.

On Wed, 26 May 2021 at 18:02, chuck c mailto:bubbas...@gmail.com>> wrote:

    https://www.wireshark.org/lists/wireshark-dev/200701/msg00396.html 
<https://www.wireshark.org/lists/wireshark-dev/200701/msg00396.html>

    "Pressing the help button will:
    - on Win32 only: if available, open the Windows Help viewer with locally installed 
user-guide.chm file - and if that fails ... - on all systems: start a web browser and open 
the corresponding wireshark.org <http://wireshark.org> online page"

    Clicking links in Windows HTML Help viewer is painful (and a little 
unnerving) with script errors.

    Is it time to sunset and have Windows help act like non-Windows platforms?
    Or maybe add a step to the CHM build process that makes the links 
non-clickable so the user would need to copy/paste into a browser?

    chuckc

    ___
    Sent via:    Wireshark-dev mailing list mailto:wireshark-dev@wireshark.org>>
    Archives: https://www.wireshark.org/lists/wireshark-dev 
<https://www.wireshark.org/lists/wireshark-dev>
    Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev 
<https://www.wireshark.org/mailman/options/wireshark-dev>
              mailto:wireshark-dev-requ...@wireshark.org 
<mailto:wireshark-dev-requ...@wireshark.org>?subject=unsubscribe



--
Graham Bloice

___
Sent via:    Wireshark-dev mailing list 
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
  mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe





___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Having trouble cloning repo in a new VM

[Gerald Combs]

Is your VM host running VMware? I just ran across this

https://stackoverflow.com/questions/52415943/trying-to-git-clone-via-ssh-but-getting-broken-pipe-error

which mentions that adjusting ServerAliveInterval and IPQoS in your 
~/.ssh/config might help.

The issue that Jim mentions below was due to netfilter triggering RSTs on 
delayed or out of order packets. That might be the issue here as well, but that 
would be something for GitLab to fix:

https://gitlab.com/gitlab-com/gl-infra/infrastructure/-/issues/4849#note_587084318

On 5/19/21 6:53 AM, Martin Mathieson via Wireshark-dev wrote:

I did take a capture.  All I see is a FIN,ACK from the server, after which it 
sent another couple of ACKs.
There are lots of 'TCP Window fulls' detected from the server end.

I tried with ethernet plugged directly  into my home router, but the outcome 
was the same.  Also disabled company VPN.

Martin

On Wed, May 19, 2021 at 2:21 PM Jim Young mailto:jim.young...@gmail.com>> wrote:

Hello Martin,

On Wed, May 19, 2021 at 7:09 AM Martin Mathieson via Wireshark-dev
mailto:wireshark-dev@wireshark.org>> wrote:
 > ... when I try to clone it starts to go through the stages (i.e. 
counting/compressing/ receiving objects/resolving objects) I am told 'Connection to 
gitlab.com  closed by remote host' ...
 >
 > Any ideas?

Have you made a pcap? ;-)

Seriously it might give you a clue as to what side may be responsible
for the issue.

Several years ago (~April thru June 2017) I was having intermittent
problems simply doing a `git pull`. At times I would have to retry the
`git pull` a dozen times or more before it would complete
successfully. A client side packet capture showed that my machine was
receiving TCP RSTs purportedly generated by the git server. These TCP
RSTs had an IP TTL value one higher than the other TCP packets from
the `git pull` conversation. The IP TTL value in the RST packets
implied some middle box was responsible for synthesizing the TCP RSTs.
Interestingly there were lots of TCP RSTs, but most of them were
"benign". The benign RSTs did not cause the TCP session to stop
prematurely because the TCP sequence number in the RST packets were
apparently "too old" (had already been acknowledged) and were
ultimately ignored by the TCP stack. But occasionally these TCP RSTs
would actually cause the TCP connection to fail and the git client
would ultimately time out. I managed to contact the git server admin
;) and we coordinated a packet trace on the server side. We determined
that a middle box would generate the TCP RSTs when the git client's
TCP packets arrived out-of-order. A config change was made on the
middle box to its tcp connection tracking which ultimately resolved
the intermittent `git pull` issues.

Best regards,

Jim Y.
___
Sent via:    Wireshark-dev mailing list mailto:wireshark-dev@wireshark.org>>
Archives: https://www.wireshark.org/lists/wireshark-dev 

Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev 

              mailto:wireshark-dev-requ...@wireshark.org 
?subject=unsubscribe


___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
  mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe



___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Windows HTML Help

[Gerald Combs]

I think the only advantage that HTML Help offers at this point is the ability 
to search for keywords. It otherwise adds a build requirement which results in 
shipping a different help format on Windows, and the HTML Help Viewer seems to 
behave worse as time goes on. I'd be OK with switching to plain HTML.


On 5/26/21 12:28 PM, Graham Bloice wrote:

Personally I prefer help to be local and not require internet access, and I 
despise those local help abominations that spew hundreds of html files into the 
filesystem.

Not sure what's up with the links, maybe we need to make them pass off to the 
system default browser rather than trying to render them in the HTML help 
browser.

On Wed, 26 May 2021 at 18:02, chuck c mailto:bubbas...@gmail.com>> wrote:

https://www.wireshark.org/lists/wireshark-dev/200701/msg00396.html 


"Pressing the help button will:
- on Win32 only: if available, open the Windows Help viewer with locally installed 
user-guide.chm file - and if that fails ... - on all systems: start a web browser and open 
the corresponding wireshark.org  online page"

Clicking links in Windows HTML Help viewer is painful (and a little 
unnerving) with script errors.

Is it time to sunset and have Windows help act like non-Windows platforms?
Or maybe add a step to the CHM build process that makes the links 
non-clickable so the user would need to copy/paste into a browser?

chuckc

___
Sent via:    Wireshark-dev mailing list mailto:wireshark-dev@wireshark.org>>
Archives: https://www.wireshark.org/lists/wireshark-dev 

Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev 

              mailto:wireshark-dev-requ...@wireshark.org 
?subject=unsubscribe



--
Graham Bloice

___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
  mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe



___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Remote Developer Den, May 2021

[Gerald Combs]

Quick reminder: the next Developer Den will be tomorrow, May 19th.

The June Developer Den will be during SharkFest Europe, and it will take the 
form of an open Discord channel June 17th and 18th during central European 
business hours: https://sharkfesteurope.wireshark.org/

On 5/6/21 3:22 PM, Gerald Combs wrote:

Hi everyone,

I've scheduled the next remote Developer Den for Wednesday, May 19. This is 
remote version of the Developer Den at SharkFest, a room that we set aside for 
office hours where everyone is welcome to stop in, say hello, ask questions, 
etc.

The link below has a "join from browser" option, so it should be possible to 
connect without installing Zoom's client.

----

Gerald Combs is inviting you to a scheduled Zoom meeting.

Topic: Wireshark Developer Den
Time: May 19, 2021 09:00 AM Pacific Time (US and Canada)

Join Zoom Meeting
https://riverbed.zoom.us/j/92093036633?pwd=TlRoM1kvQlpJMThVY2VBaUhTdWJZUT09

Meeting ID: 920 9303 6633
Passcode: 783750
One tap mobile
+16699006833,,92093036633#*783750# US (San Jose)
+13462487799,,92093036633#*783750# US (Houston)

Dial by your location
     +1 669 900 6833 US (San Jose)
     +1 346 248 7799 US (Houston)
     +1 253 215 8782 US (Tacoma)
     +1 312 626 6799 US (Chicago)
     +1 929 205 6099 US (New York)
     +1 301 715 8592 US (Washington DC)
     888 475 4499 US Toll-free
     877 853 5257 US Toll-free
     +43 12 535 502 Austria
     +43 670 309 0165 Austria
     +43 72 011 5988 Austria
     +43 120 609 3072 Austria
     +43 12 535 501 Austria
     0 800 104 430 Austria Toll-free
     0 800 102 309 Austria Toll-free
     +33 1 7095 0103 France
     +33 1 7095 0350 France
     +33 1 8699 5831 France
     +33 1 7037 2246 France
     +33 1 7037 9729 France
     0 800 944 049 France Toll-free
     0 800 940 415 France Toll-free
     +49 69 7104 9922 Germany
     +49 30 5679 5800 Germany
     +49 69 3807 9883 Germany
     +49 695 050 2596 Germany
     0 800 000 6954 Germany Toll-free
     0 800 1800 150 Germany Toll-free
     0 800 000 1590 Germany Toll-free
     +39 021 241 28 823 Italy
     +39 069 480 6488 Italy
     +39 020 066 7245 Italy
     800 125 671 Italy Toll-free
     800 790 654 Italy Toll-free
     800 088 202 Italy Toll-free
     +351 308 804 188 Portugal
     +351 308 810 988 Portugal
     +351 211 202 618 Portugal
     800 780 072 Portugal Toll-free
     800 780 052 Portugal Toll-free
     +48 22 307 3488 Poland
     +48 22 398 7356 Poland
     +48 22 306 5342 Poland
     00 800 321 1464 Poland Toll-free
     00 800 112 5171 Poland Toll-free
     +34 91 787 0058 Spain
     +34 917 873 431 Spain
     +34 84 368 5025 Spain
     800 906 063 Spain Toll-free
     900 053 647 Spain Toll-free
     800 654 404 Spain Toll-free
     +46 8 5016 3827 Sweden
     +46 8 5050 0828 Sweden
     +46 8 5050 0829 Sweden
     +46 8 5052 0017 Sweden
     +46 850 539 728 Sweden
     +46 8 4468 2488 Sweden
     0 200 123 720 Sweden Toll-free
     0 200 123 514 Sweden Toll-free
     +41 22 591 01 56 Switzerland
     +41 31 528 09 88 Switzerland
     +41 43 210 70 42 Switzerland
     +41 43 210 71 08 Switzerland
     +41 44 529 92 72 Switzerland
     +41 22 591 00 05 Switzerland
     0 800 561 252 Switzerland Toll-free
     0 800 002 622 Switzerland Toll-free
     +44 208 080 6591 United Kingdom
     +44 208 080 6592 United Kingdom
     +44 330 088 5830 United Kingdom
     +44 131 460 1196 United Kingdom
     +44 203 481 5237 United Kingdom
     +44 203 481 5240 United Kingdom
     +44 203 901 7895 United Kingdom
     0 800 260 5801 United Kingdom Toll-free
     0 800 358 2817 United Kingdom Toll-free
     0 800 031 5717 United Kingdom Toll-free
Meeting ID: 920 9303 6633
Passcode: 783750
Find your local number: https://riverbed.zoom.us/u/ac25wQ0oHJ



___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Wiki editor permission request

[Gerald Combs]

Done.

On 5/16/21 12:59 PM, Isaac Boukris wrote:

Hi,

I would like permission to edit the Wireshark wiki. My GitLab username
is @iboukris.

My objective is to add sample captures to assist with my MR 3020.

Thank you
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
  mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe



___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Issue notifications

[Gerald Combs]

This appears to be a GitLab bug:

https://gitlab.com/gitlab-org/gitlab/-/issues/330033

On 5/11/21 10:54 AM, chuck c wrote:

I don't have a fix but you're not alone.
Unable to change for open issue that I created:
https://gitlab.com/wireshark/wireshark/-/issues/17325 




On Mon, May 10, 2021 at 1:14 PM Ivan Nardi mailto:nardi.i...@gmail.com>> wrote:

Hi
Recently, I haven't been able to enable notifications for the gitlab
issues I am interested in: I can't toggle the "Notifications" button
(it seems disabled; see attachment)
Until some weeks ago I was able to do that.

Something wrong in my environment or is this new behavior the expected one?

Thanks in advance
Ivan
___
Sent via:    Wireshark-dev mailing list mailto:wireshark-dev@wireshark.org>>
Archives: https://www.wireshark.org/lists/wireshark-dev 

Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev 

              mailto:wireshark-dev-requ...@wireshark.org 
?subject=unsubscribe


___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
  mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe



___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Remote Developer Den, May 2021

[Gerald Combs]

Hi everyone,

I've scheduled the next remote Developer Den for Wednesday, May 19. This is 
remote version of the Developer Den at SharkFest, a room that we set aside for 
office hours where everyone is welcome to stop in, say hello, ask questions, 
etc.

The link below has a "join from browser" option, so it should be possible to 
connect without installing Zoom's client.

----

Gerald Combs is inviting you to a scheduled Zoom meeting.

Topic: Wireshark Developer Den
Time: May 19, 2021 09:00 AM Pacific Time (US and Canada)

Join Zoom Meeting
https://riverbed.zoom.us/j/92093036633?pwd=TlRoM1kvQlpJMThVY2VBaUhTdWJZUT09

Meeting ID: 920 9303 6633
Passcode: 783750
One tap mobile
+16699006833,,92093036633#*783750# US (San Jose)
+13462487799,,92093036633#*783750# US (Houston)

Dial by your location
+1 669 900 6833 US (San Jose)
+1 346 248 7799 US (Houston)
+1 253 215 8782 US (Tacoma)
+1 312 626 6799 US (Chicago)
+1 929 205 6099 US (New York)
+1 301 715 8592 US (Washington DC)
888 475 4499 US Toll-free
877 853 5257 US Toll-free
+43 12 535 502 Austria
+43 670 309 0165 Austria
+43 72 011 5988 Austria
+43 120 609 3072 Austria
+43 12 535 501 Austria
0 800 104 430 Austria Toll-free
0 800 102 309 Austria Toll-free
+33 1 7095 0103 France
+33 1 7095 0350 France
+33 1 8699 5831 France
+33 1 7037 2246 France
+33 1 7037 9729 France
0 800 944 049 France Toll-free
0 800 940 415 France Toll-free
+49 69 7104 9922 Germany
+49 30 5679 5800 Germany
+49 69 3807 9883 Germany
+49 695 050 2596 Germany
0 800 000 6954 Germany Toll-free
0 800 1800 150 Germany Toll-free
0 800 000 1590 Germany Toll-free
+39 021 241 28 823 Italy
+39 069 480 6488 Italy
+39 020 066 7245 Italy
800 125 671 Italy Toll-free
800 790 654 Italy Toll-free
800 088 202 Italy Toll-free
+351 308 804 188 Portugal
+351 308 810 988 Portugal
+351 211 202 618 Portugal
800 780 072 Portugal Toll-free
800 780 052 Portugal Toll-free
+48 22 307 3488 Poland
+48 22 398 7356 Poland
+48 22 306 5342 Poland
00 800 321 1464 Poland Toll-free
00 800 112 5171 Poland Toll-free
+34 91 787 0058 Spain
+34 917 873 431 Spain
+34 84 368 5025 Spain
800 906 063 Spain Toll-free
900 053 647 Spain Toll-free
800 654 404 Spain Toll-free
+46 8 5016 3827 Sweden
+46 8 5050 0828 Sweden
+46 8 5050 0829 Sweden
+46 8 5052 0017 Sweden
+46 850 539 728 Sweden
+46 8 4468 2488 Sweden
0 200 123 720 Sweden Toll-free
0 200 123 514 Sweden Toll-free
+41 22 591 01 56 Switzerland
+41 31 528 09 88 Switzerland
+41 43 210 70 42 Switzerland
+41 43 210 71 08 Switzerland
+41 44 529 92 72 Switzerland
+41 22 591 00 05 Switzerland
0 800 561 252 Switzerland Toll-free
0 800 002 622 Switzerland Toll-free
+44 208 080 6591 United Kingdom
+44 208 080 6592 United Kingdom
+44 330 088 5830 United Kingdom
+44 131 460 1196 United Kingdom
+44 203 481 5237 United Kingdom
+44 203 481 5240 United Kingdom
+44 203 901 7895 United Kingdom
0 800 260 5801 United Kingdom Toll-free
0 800 358 2817 United Kingdom Toll-free
0 800 031 5717 United Kingdom Toll-free
Meeting ID: 920 9303 6633
Passcode: 783750
Find your local number: https://riverbed.zoom.us/u/ac25wQ0oHJ

BEGIN:VCALENDAR
PRODID:-//zoom.us//iCalendar Event//EN
VERSION:2.0
CALSCALE:GREGORIAN
METHOD:PUBLISH
CLASS:PUBLIC
BEGIN:VTIMEZONE
TZID:America/Los_Angeles
TZURL:http://tzurl.org/zoneinfo-outlook/America/Los_Angeles
X-LIC-LOCATION:America/Los_Angeles
BEGIN:DAYLIGHT
TZOFFSETFROM:-0800
TZOFFSETTO:-0700
TZNAME:PDT
DTSTART:19700308T02
RRULE:FREQ=YEARLY;BYMONTH=3;BYDAY=2SU
END:DAYLIGHT
BEGIN:STANDARD
TZOFFSETFROM:-0700
TZOFFSETTO:-0800
TZNAME:PST
DTSTART:19701101T02
RRULE:FREQ=YEARLY;BYMONTH=11;BYDAY=1SU
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
DTSTAMP:20210506T221949Z
DTSTART;TZID=America/Los_Angeles:20210519T09
DTEND;TZID=America/Los_Angeles:20210519T12
SUMMARY:Wireshark Developer Den
UID:20210506T221949Z-92093036633@fe80:0:0:0:1424:84ff:fefb:2357ens5
TZID:America/Los_Angeles
DESCRIPTION:Gerald Combs is inviting you to a scheduled Zoom meeting.\n\n
 Join Zoom Meeting\nhttps://riverbed.zoom.us/j/92093036633?pwd=TlRoM1kvQl
 pJMThVY2VBaUhTdWJZUT09\n\nMeeting ID: 920 9303 6633\nPasscode: 783750\nO
 ne tap mobile\n+16699006833\,\,92093036633#\,\,\,\,*783750# US (San Jose
 )\n+13462487799\,\,92093036633#\,\,\,\,*783750# US (Houston)\n\nDial by 
 your location\n+1 669 900 6833 US (San Jose)\n+1 346 248
  7799 US (Houston)\n+1 253 215 8782 US 

[Wireshark-dev] Code of conduct?

[Gerald Combs]

Hi all,

We've discussed adopting a code of conduct for Wireshark a few times over the 
years, most recently at 
https://www.wireshark.org/lists/wireshark-dev/202008/msg3.html. I think it 
would be beneficial for the project, and toward that end I've created a 
question at https://ask.wireshark.org/question/22598 along with answers 
proposing three CoCs that I think would work well for us. You're welcome to 
suggest a different CoC, comment on submissions, and vote for any that you 
like. I'm hoping that this will give us a clear enough consensus to adopt a CoC 
in the next couple of weeks.
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe