Age | Commit message (Collapse) | Author | Files | Lines |
|
- Remove an incorrect call to conversation_new()
(which messed up TCP sequence number analysis).
- hislip Request/Response analysis must be done during 'pass1'
(i.e. when 'flags.visited == 0');
Not doing so caused various problems including
tshark '1 pass' poor dissection.
- Remove 'if (tree)' around a call to expert_...().
- Don't show "unknown" for Async/Sync when the value is actually known.
- Simplify some code.
- Mark a field as GENERATED.
Change-Id: I286c12f52e5f73377bed3a2792f3ff0003e2785f
Reviewed-on: https://code.wireshark.org/review/3541
Petri-Dish: Bill Meier <wmeier@newsguy.com>
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
|
- tvb_length() --> tvb_reported_length();
- Add an XXX comment re use of 'get_length' for tcp_dissect_pdus();
- Remove a few unneeded initializers;
- Simplify/adjust code in a few places;
- Remove some boilerplate comments;
- Reformat some whitespace and long-lines.
Change-Id: I17b9750cc1bdb5140edc28efbae5bf0f6ec23b6e
Reviewed-on: https://code.wireshark.org/review/3538
Petri-Dish: Bill Meier <wmeier@newsguy.com>
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
|
Change-Id: Ia8af5d6ff496c099ba3c38d393a622f3a6c8fe67
Reviewed-on: https://code.wireshark.org/review/3540
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
|
Change-Id: I55d9fef94467d03f88f5acad6cb6ada3fc873b7c
Reviewed-on: https://code.wireshark.org/review/3539
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
|
Other minor cleanup while in the neighborhood.
Change-Id: Ib76f4a9f89b5933425760af0a980c6a549031b8f
Reviewed-on: https://code.wireshark.org/review/3537
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Ia3bd392b2223cf666828d65a61e069c465d3894a
Reviewed-on: https://code.wireshark.org/review/3536
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
The "Payload" field only makes sense for packets that have unknown
type or are unexpectedly long. For normal traces, it will always be
empty, so hide it.
Note: this length check used to be implicitly performed by
ssh_proto_tree_add_item before 2aa66aa2b2daf0693e405371a5f9037a43896441,
so this just restores the former behaviour.
Change-Id: I948935bce660018377a004c661b829a19eb0a53b
Reviewed-on: https://code.wireshark.org/review/3535
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Change-Id: I052b92f415e7ccfb84db47d0d3102d4bdfcfe25c
Reviewed-on: https://code.wireshark.org/review/3531
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Bug: 10358
Change-Id: Iddfd5dcd53e80a18cb253834920d9625195b3669
Reviewed-on: https://code.wireshark.org/review/3529
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Change-Id: I87d0f212f485b9e28fa00101eec9e3c07bc57c67
Reviewed-on: https://code.wireshark.org/review/3528
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
According to Microsoft documentation, valid values for the Version field are 2 and 3. Newer servers (like Windows 2012 R2) respond with Version=3.
Change-Id: Ifb0c6f52d09c75bbde2b4a46d13366461736b9c0
Reviewed-on: https://code.wireshark.org/review/3527
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Change-Id: Icf09e430a1732708ddd9e7abb49f7b1a6225afde
Reviewed-on: https://code.wireshark.org/review/3526
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Change-Id: I2ca6abb372ec4bda0af1aa40089082533a61df3a
Reviewed-on: https://code.wireshark.org/review/3392
Petri-Dish: Evan Huus <eapache@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
I made a stupid when simplifying the bit-twiddling, and accidentally reversed
two of the bytes which completely broke MAC address name resolution.
Bug: 10344
Change-Id: I0720755fb290423150e4d84da9d45cb0b76341e4
Reviewed-on: https://code.wireshark.org/review/3522
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Also put back initial text indentation
Change-Id: I6fe207086018a806a258b1de2888ac0b9310aac6
Reviewed-on: https://code.wireshark.org/review/3524
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
StyleName is not available in Qt < 4.8
Change-Id: Icbfcef7c62b124ce67f1a02ed928a96233ae2d9d
Reviewed-on: https://code.wireshark.org/review/3508
Reviewed-by: Christopher Maynard <Christopher.Maynard@gtech.com>
|
|
Change-Id: I49d00f73e3e1cf662ead1b01e5d1c0b420c6ccef
Reviewed-on: https://code.wireshark.org/review/3504
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Bug: 10334
Change-Id: If2da1c5ed63d7e2684a107181d56be38ed921106
Reviewed-on: https://code.wireshark.org/review/3519
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
This mostly involved adding expert info capabilities to many of the dissectors so that they could correctly flag error conditions.
Only remaining proto_tree_add_text calls are in H248.cnf, which has a convoluted way of using hf_ data to make its tree.
Change-Id: I6412150c2ec1977d7fa38f3f0ed416680bdfb141
Reviewed-on: https://code.wireshark.org/review/3500
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I55ce6396b943ce9376649a9a8973a6e1cadcced7
Reviewed-on: https://code.wireshark.org/review/3518
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Add macros to set entries of a vec_t, one for use when you have a
pointer to private data, and one for use when you have data in a tvbuff.
The latter wraps the use of tvb_get_ptr(), so that you're not directly
calling it in a dissector.
Move ip_checksum() to epan/in_cksum.c, and add an ip_checksum_tvb() that
wraps the use of tvb_get_ptr().
In the CARP dissector, give the length variable an unsigned type -
there's no benefit to it being signed, and that requires some casts to
be thrown around.
In the DCCP dissector, check only against the coverage length to see if
we have enough data, combine the "should we check the checksum?" check
with the "*can* we check the checksum?" check in a single if, and throw
a dissector assertion if the source network address type isn't IPv4 or
IPv6.
Get rid of inclues of <epan/in_cksum.h> in dissectors that don't use any
of the Internet checksum routines.
In the HIP dissector, make sure we have the data to calculate the
checksum before doing so.
Change-Id: I2f9674775dbb54c533d33082632809f7d32ec8ae
Reviewed-on: https://code.wireshark.org/review/3517
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Bug: 10356
Change-Id: Ie3846d6462f212c7fd5162e65e9f83c1524aee36
Reviewed-on: https://code.wireshark.org/review/3515
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Use it in the MBMS synchronisation protocol dissector, rather than
calling tvb_get_ptr() there.
Change-Id: I7ddb3c6b30547826cb5372352c7c483d8a24dc8e
Reviewed-on: https://code.wireshark.org/review/3514
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Use it in the ATM dissector, and use a tvbuff version, so that we don't
do tvb_get_ptr() ourselves.
Change-Id: I0bd3594bc739e0cca447ac06f34a471441cf2e70
Reviewed-on: https://code.wireshark.org/review/3513
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
And note that it's the same polynomial for the MPEG-2 CRC.
Change-Id: Ie89e392156ae77a2adeec3eb8e704aa75c0cd0dc
Reviewed-on: https://code.wireshark.org/review/3512
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I4683d0eeb06e5616103f3e6e25ce7f1549a2bb05
Reviewed-on: https://code.wireshark.org/review/3510
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
The length passed to it already has 4 subtracted from it by the caller.
Change-Id: I6e047c6c4c4cd5220be923b4663088b6b275d768
Reviewed-on: https://code.wireshark.org/review/3511
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Have the wsutil routine just accumulate the stuff from the buffer handed
to us. Have the IUUP dissector deal with the extra stuff. Add a
update_crc10_by_bytes_tvb() routine, which is passed a tvbuff, offset,
and length, and use that rather than using tvb_get_ptr() in dissectors.
Change-Id: Iadd0823c764080e60d1339abb94d2e19150eabfe
Reviewed-on: https://code.wireshark.org/review/3509
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
So just use crc16_x25_ccitt_tvb(), which goes a byte at a time rather
than a bit at a time, and which takes a tvbuff rather than requiring you
to call tvb_get_ptr().
It also doesn't 1's-complement the result, so we can compare it against the
0x1D0F in ETSI TS 102 821 V1.4.1 (2012-10) rather than against a
1's-complement version, 0xE2F0.
Change-Id: Ia513f851f0a8ff1e7853278ddf3618c532fb2aba
Reviewed-on: https://code.wireshark.org/review/3507
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: Idf275d89591558fd2ea082c886ce07e62523807a
Reviewed-on: https://code.wireshark.org/review/3506
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
There are routines that take a buffer and a length and that take a
tvbuff, offset, and length; use those routines in the DNP dissector
(which no longer needs its own table and loop), and use the tvbuff
routine instead of calling tvb_get_ptr().
Change-Id: Ic67b0f3b65b94ea47c0fdc2f3d3b6f88df77f9c6
Reviewed-on: https://code.wireshark.org/review/3505
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
A little bit of guess work is involved as the group key can use a
different cipher to the pairwise key, and we are trying to do this
purely based on the EAPOL messages with no prior knowledge of the
associate request. We try to guess the cipher based on the lengths.
Bug:8734
Change-Id: I4c456b45939c00a9d1122406891f704fa037349c
Reviewed-on: https://code.wireshark.org/review/3183
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I8903a097a59bf9bf1ec62b59e57cdc60e382bdb5
Reviewed-on: https://code.wireshark.org/review/3490
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
Change-Id: If6dc8e3a9328571ccdb106b0aabc617889c434c7
Reviewed-on: https://code.wireshark.org/review/3465
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
Change-Id: Ib7399c4b5457c5810df3ce2160a56813785b11ec
Reviewed-on: https://code.wireshark.org/review/3498
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
This adds "Remove unused hf entries" from Anders.
Change-Id: I1150f34f0eafab03415339d4b34f5f2e7f69f85b
Reviewed-on: https://code.wireshark.org/review/3499
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
* fix exporting "beginning of" frame logs into info field
* add missing "Failure" level to regexp in wiretap part
* remove usage of GDateTime from wiretap part
Change-Id: Ibdea730623241cccbbc1694a34daa308e48c0a89
Reviewed-on: https://code.wireshark.org/review/3493
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Change-Id: I9462d45c5db6d54c0ee695046cb72be1acf379e8
Reviewed-on: https://code.wireshark.org/review/3497
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
One fewer tvb_get_ptr() call. Yay!
Change-Id: I08ac4888d696f0b6b6a17e9e22f3dfec5aedad59
Reviewed-on: https://code.wireshark.org/review/3496
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I63bde706a6561c834aab9b10975dbb242c65d998
Reviewed-on: https://code.wireshark.org/review/3495
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I64d1177b9a424ede9d1f687843e38bd37723c137
Reviewed-on: https://code.wireshark.org/review/3494
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I4342ec7723c43f8e12d6187609a1493a61725d31
Reviewed-on: https://code.wireshark.org/review/3492
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
capture_interfaces_dialog.cpp: In member function ‘void CaptureInterfacesDialog::updateStatistics()’:
capture_interfaces_dialog.cpp:483:100: error: operation on ‘points’ may be undefined [-Werror=sequence-point]
QList<int> *points = points = ti->data(col_traffic_, Qt::UserRole).value<QList<int> *>();
Change-Id: I63afb0f207142d516403968f6a3e988f8ad61d4d
Reviewed-on: https://code.wireshark.org/review/3491
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
While nominally optional, building without it doesn't work, so just make it
mandatory.
The verify_tools target already passes $(PYTHON) to win-setup.sh --appverify;
we just need to supply a default value for PYTHON, so that $(PYTHON) doesn't
expand to an empty string. It's also convenient for the developer if Python
can be automatically found on the PATH.
Change-Id: I4f54695625b74c5b4c758ef1e3bc9ed4467db514
Reviewed-on: https://code.wireshark.org/review/3391
Petri-Dish: Jörg Mayer <jmayer@loplof.de>
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
Tested-by: Jörg Mayer <jmayer@loplof.de>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Even though Qt's widget naming suggests otherwise, a QTreeWidget is
usually a better choice for tables than QTableWidget. The former gives
you a nice, clean Plain Old Table while the latter gives you something
that looks and acts like a spreadsheet.
In this particular instance using QTreeWidget also gives us the option
of adding sub-items with detailed information. Do so for attached
addresses.
Allow sorting by traffic while we're here. Simplify the column hiding
logic. Make sure the sparkline delegate isn't editable.
Change-Id: Ia36ba2e12c1c0cb86ae5b2154e6afcf6549ae049
Reviewed-on: https://code.wireshark.org/review/3466
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Tested-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
It's only available from GLib 2.26 while we only require 2.16
Change-Id: I3c2e6748aa93b9af7158f5051433baff6a7c0324
Reviewed-on: https://code.wireshark.org/review/3480
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Per Android documentation, the PID and TID are int
Change-Id: I05326d134047315d61a873c33dd02a48d1849f8d
Reviewed-on: https://code.wireshark.org/review/3481
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I6f1710a093fc548c718defa9b40ab68877ede977
Reviewed-on: https://code.wireshark.org/review/3470
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
That doesn't eliminate them, but at least it encapsulates them.
Change-Id: I78f0202cb7d2eb86e2dce220b2b97acc256d1e42
Reviewed-on: https://code.wireshark.org/review/3489
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
This eliminates some tvb_get_ptr calls from dissectors, as part of
trying to minimize if not eliminate its use in dissectors (it's a bit of
what's called an "attractive nuisance", in that users who don't
understand what it does - and doesn't! - do may use it in ways that are
unsafe, e.g. thinking you can use it to get a null-terminated string
from a packet).
It also eliminates the possibility of passing one length to
tvb_get_ptr() and another to crc32c_calculate().
Change-Id: I8a07168d0bc088b45d607e00c5bb1d98421ebc73
Reviewed-on: https://code.wireshark.org/review/3488
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|