| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
1. CIP Safety: SERCOS Safety Network Number attribute should be 6 bytes. Don't just use all remaining bytes
2. Remove cip_byte_array type. The last remaining usage was #1 above and it really shouldn't be used in the future. Any attribute that would eat up all remaining bytes would have issues with Get Attribute List responses and Set Attribute List requests.
3. Optional Attribute List: Display the attribute name if known.
4. Port: Display Port Number name
5. Port: Associated Communication Objects attribute
Change-Id: I94d99bb1f07aa4b8c44949b2ffb5d75e72483459
Reviewed-on: https://code.wireshark.org/review/19374
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
1. Generically handle/display all unparsed data. Any unparsed data can be found with cip.data
2. This now shows at least some unparsed data that was not previously displayed. Previously, extra data sent with Get Attribute List requests was not displayed. It was difficult to tell why devices were returning errors, without knowing there was extra data.
3. Make most functions return the number of bytes processed to support the above points.
Change-Id: I290c09d76e74c18facaef99c8903e7937fbdd710
Reviewed-on: https://code.wireshark.org/review/19263
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Several calls to proto_tree_add_uint_format_value could be better served
using BASE_UNIT_STRING with a "unit string" in hf_ field. There also
a few cases where proto_tree_add_uint_format_value could just be
proto_tree_add_uint.
Added a few more "common" unit string values to unit_strings.[ch]
Change-Id: Iaedff82c515269c9c31ab9100dff19f5563c932d
Reviewed-on: https://code.wireshark.org/review/19242
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
1. ENIP: Display the CIP Forward Open Request packet number for connected data
2. CIP: Extended Network: Display expert info when the expected bytes does not match actual bytes
3. CIP: Look up more data fields as CIP service or Device Type
4. CIP: Display data as Dec/Hex, depending on how the spec shows things
5. Minor: Pull out common code into load_cip_request_data()
6. Minor: Text corrections
Change-Id: I184ac3899786f650e4d4643a5dfe68bba785d6e0
Reviewed-on: https://code.wireshark.org/review/19092
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Most attributes specify the path length before the EPATH data, but some do not. The previous code for parsing EPATHs just looped until there was no more data. This is a problem for EPATH that do not specify a length, because it will eat up too many bytes. This mainly affects Get Attribute List Responses and Set Attribute List Requests. For the small number of attributes like this, the Spec says exactly what kind of segment should be in the EPATH, so just parse a single segment.
This fixes: Port attributes: 'Port Number and Node Address' and 'Chassis Identity'
There is still one that is a problem in packet-cipsafety.c, but we will have to deal with it later. See the TODO in that file.
I use the .pcap attached to https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12049, to make sure I didn't break any existing path/segment handling.
Ping-Bug: 12049
Change-Id: Id035f9809f6cc747ea7b6327d94dd26dc66cb466
Reviewed-on: https://code.wireshark.org/review/18675
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
ANSI C says it can return NULL - and, at least on Windows with the MSVC
library, it *will* return null for dates prior to the Epoch. Check for
a null return and handle it.
Fixes CID 1374110.
Change-Id: I78bf92cfbb94a86544442269cc3b53338eb19778
Reviewed-on: https://code.wireshark.org/review/18361
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
[-Wmissing-prototypes]
Change-Id: I61f388b136e66db9c4b909c4509db0441b1f1865
Reviewed-on: https://code.wireshark.org/review/18221
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
1. Add support for STRINGI
2. Add File Name attribute that is a STRINGI
3. CCO Get/Set Attr All: Connection Name is STRING2 not ASCII
4. TCP/IP Host Name attribute is not just a STRING. It also needs a pad byte.
5. Minor: Fix byte highlighting for CCO I/O Mapping tree
6. Minor: All back byte highlighting for Get Attr All Rsp individual attributes
Change-Id: Ib10d6f2e86e39e8cd6335dc6b6dbebbd1c4d8e64
Reviewed-on: https://code.wireshark.org/review/18166
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
1. Combine various Attribute ID filters into a single one "cip.attribute", so that it's easier to find a certain attribute in any part of the packet. This makes sense because Attributes refer to the same property, but various types of messages can have that field in different locations. This applies to Get/Set Attribute Single, Get/Set Attribute List, Get Attributes All.
2. Connection Manager: Dissect more attributes
3. Port: Display the Port Type name
4. Get/Set Attribute Single: Show unparsed data as raw bytes. Previously, if there were extra bytes they were not displayed.
5. Get/Set Attribute List: Show remaining data for unknown attributes under the main Attribute List tree, instead of under the unknown Attribute ID tree.
6. Display Attribute ID as DEC, since the specification tables are in decimal.
7. Update Class list
8. Minor: Remove some unused variables, typos
Change-Id: I1a65da5f827484a3cd0e49ec944572ea5a166db1
Reviewed-on: https://code.wireshark.org/review/18118
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
1. CIP Safety: Exception Detail Alarm and Exception Detail Warning both were not parsing their 3 parts because the offset was not increased. Fixed the offsets and combined the functions because they have the same format.
2. CIP: Forward Open Safety Response had wrong offsets so it was parsing incorrectly. This incorrectly showed as Malformed.
3. CIP Safety: Pass in tvb to proto_tree_add_subtree() instead of NULL. This was causing a Dissector bug (seems only on trunk, not 2.2). This was already done for packet-cip.c under https://code.wireshark.org/review/#/c/16748/
4. Some minor typos
Change-Id: I63e8d200cd3408c16ca0a1edbc483c3bb8298d3b
Reviewed-on: https://code.wireshark.org/review/18100
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
1. CIP: dissect_cip_set_attribute_list_req - Too many bytes highlighted. Could cause malformed packet
2. CIP: dissect_cip_cco_all_attribute_common - Too many bytes highlighted
3. CIP Motion: dissect_cntr_service - Wrong size passed in which tried to highlight too many bytes. Would cause malformed packet.
4. CIP: Some minor formatting/whitespace changes.
Change-Id: I5899888a3e58452945c8546cf635768cdd3cf738
Reviewed-on: https://code.wireshark.org/review/18000
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Have all dissector tables have a "supports Decode As" flag, which
defaults to FALSE, and which is set to TRUE if a register_decode_as()
refers to it.
When adding a dissector to a dissector table with a given key, only add
it for Decode As if the dissector table supports it.
For non-FT_STRING dissector tables, always check for multiple entries
for the same protocol with different dissectors, and report an error if
we found them.
This means there's no need for the creator of a dissector table to
specify whether duplicates of that sort should be allowed - we always do
the check when registering something for "Decode As" (in a non-FT_STRING
dissector table), and just don't bother registering anything for "Decode
As" if the dissector table doesn't support "Decode As", so there's no
check done for those dissector tables.
Change-Id: I4a1fdea3bddc2af27a65cfbca23edc99b26c0eed
Reviewed-on: https://code.wireshark.org/review/17402
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
functions
Bug: 12676
Change-Id: I1567ecd70d0975ed47d8c659b9086206c2a0a89a
Reviewed-on: https://code.wireshark.org/review/16748
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
1. Skip printing class name in info column when it was an MSP, since it's implied.
2. Don't print response status for embedded messages in info column for MSP. It makes the line too long.
3. Print the response status for embedded messages in the Service Packet tree. This makes it easier to find the packet that may have failed.
Change-Id: I2c60fb9baf113a215ada7301f493cbd51e340dcd
Reviewed-on: https://code.wireshark.org/review/16162
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
|
|
Don't try to add expert items for size < 1 when this code isn't
executed for size == 0. (note: size is unsigned)
Change-Id: Ieb3d2593d4bb5f175ac368ef38571511b4f56f25
Reviewed-on: https://code.wireshark.org/review/15774
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
1. Switched to common way to parse Get Attr All, using dissect_cip_get_attribute_all_rsp, for CCO (class version) and CIP Validator. This also fixed a missing attribute in the old CIP Validator code.
2. Add cip_string2 attribute implementation
3. For CIP Validator, set the protocol as "CIPS Validator", previously this was "CIPS Supervisor".
4. For classes with subdissectors, add the service to the Info column in the response.
Change-Id: Id9593ca39497261075df8146cf63ee9581462e2a
Reviewed-on: https://code.wireshark.org/review/14837
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Change-Id: Ieb3e70a23c1a55b7ba60b1b32f159341adfe65b7
Reviewed-on: https://code.wireshark.org/review/14682
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
|
|
Started by grepping call_dissector_with_data, call_dissector_only and call_dissector and traced the handles passed into them to a find_dissector within the dissector. Then replaced find_dissector with find_dissector_add_dependency and added the protocol id from the dissector.
"data" dissector was not considered to be a dependency.
Change-Id: I15d0d77301306587ef8e7af5876e74231816890d
Reviewed-on: https://code.wireshark.org/review/14509
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This will make it easier to determine protocol dependencies.
Some LLC OUI dissector tables didn't have an associated protocol, so they were left without one (-1 used)
Change-Id: I6339f16476510ef3f393d6fb5d8946419bfb4b7d
Reviewed-on: https://code.wireshark.org/review/14446
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
When the "Display enhanced Info column data" preference is set, ensure that:
1. For non-MSP packets, path information (class/symbol) is displayed in the Info column for Forward Open, Forward Close, regular Message Router Request/Response messages
2. For MSP packets, don't display the class/symbol in the Info column (it's too wordy)
This now relies on an extra boolean passed to dissect_cip_data() to handle #2 above. Previously, this relied on checking a proto_item* for NULL, which is not correct.
Change-Id: I7532660bcb23bd664c1f5532256755922c4937d1
Reviewed-on: https://code.wireshark.org/review/14458
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Bug: 12257
Change-Id: I1859aa11c79f82060ab6051f702e69794f82c0ea
Reviewed-on: https://code.wireshark.org/review/14457
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
A dissector must never assume that it will, or won't, be called with a
protocol tree; it's up to the Wireshark/TShark/etc. core to decide
whether to do it, and it can change its behavior over time or even
change it from release to release.
Have dissect_epath() take an argument that explicitly indicates whether
to add the CIP class to the Info column, rather than assuming that you
do so only if the tree pointer passed to it is null.
Bug: 12257
Change-Id: Ide8a6fc21252880f849a8d0aa4659a675bb3ae04
Reviewed-on: https://code.wireshark.org/review/14456
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
1. Remove "Object" from CIP class names. It was already removed from some of the objects, the string "Object" is implied for all objects, and it helps reduce wordiness in the Info column.
2. Don't display Class/Symbol name in the Info column when it's inside a MSP.
3. Enable enhanced Info column by default now that some of the additional wordiness was removed by the above points.
4. Put single quotes around the symbol name in the Info column. This makes it more obvious that something is a symbol instead of an actual class name from the spec, and would prevent ambiguity if the symbol name was something like "Identity".
5. Print the CIP service for both requests/responses in CIP Safety processing. This was already added to normal CIP.
6. Display Class/Symbol and service on the Service Packet in the MSP tree. This makes it easier to find without expanding every MSP item.
Change-Id: I7197dd4bf3dad6d7bdba247d3d7ab76cca52c785
Reviewed-on: https://code.wireshark.org/review/14325
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: D. Ulis <daulis0@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
1. Expert info for cip_short_string,cip_string
2. Combine dissect_cip_multiple_service_packet_req/dissect_cip_multiple_service_packet_rsp. The formats are the same, and this ensures that all expert info checks are applied to both.
3. Remove some copy-paste in dissect_cip_generic_data
Change-Id: I433990bf4389bee78d414cab8547bd2bb39498c7
Reviewed-on: https://code.wireshark.org/review/14105
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
'ieee17221.clock_source_id' exists multiple times with NOT compatible types: FT_UINT16 and FT_UINT64
'ieee17221.stream_format' exists multiple times with NOT compatible types: FT_NONE and FT_UINT64
'afp.unknown' exists multiple times with NOT compatible types: FT_UINT16 and FT_BYTES
'afp.toc_offset' exists multiple times with NOT compatible types: FT_NONE and FT_UINT64
'bootp.client_id.iaid' exists multiple times with NOT compatible types: FT_UINT32 and FT_STRING
'bthfp.chld.mode' exists multiple times with NOT compatible types: FT_STRING and FT_UINT8
'canopen.pdo.data' exists multiple times with NOT compatible types: FT_STRINGZ and FT_BYTES
'canopen.sdo.data' exists multiple times with NOT compatible types: FT_UINT32 and FT_BYTES
'ceph.msg.' exists multiple times with NOT compatible types: FT_UINT32 and FT_UINT64
'ceph.version' exists multiple times with NOT compatible types: FT_UINT16 and FT_UINT64
'cip.linkaddress' exists multiple times with NOT compatible types: FT_STRING and FT_UINT8
'dnp3.al.ana' exists multiple times with NOT compatible types: FT_FLOAT and FT_INT32
'dnp3.al.anaout' exists multiple times with NOT compatible types: FT_FLOAT and FT_INT32
'dtls.handshake.cert_url.url_hash_len' exists multiple times with NOT compatible types: FT_STRING and FT_UINT16
'ssl.handshake.cert_url.url_hash_len' exists multiple times with NOT compatible types: FT_STRING and FT_UINT16
'dvb-s2_gse.label' exists multiple times with NOT compatible types: FT_UINT24 and FT_ETHER
'fcdns.rply.fc4type' exists multiple times with NOT compatible types: FT_NONE and FT_UINT8
'fcdns.req.fc4type' exists multiple times with NOT compatible types: FT_NONE and FT_UINT8
'icmp.int_info.name' exists multiple times with NOT compatible types: FT_STRING and FT_BOOLEAN
'icmpv6.ilnp.nb_locs' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT8
'icmpv6.ilnp.nb_locs' exists multiple times with NOT compatible types: FT_UINT32 and FT_UINT64
'mausb.clear_transfers.status' exists multiple times with NOT compatible types: FT_BOOLEAN and FT_NONE
'mikey.v' exists multiple times with NOT compatible types: FT_BOOLEAN and FT_NONE
'mswsp.rangeboundry.ultype' exists multiple times with NOT compatible types: FT_STRING and FT_UINT32
'mswsp.arrayvector.address64' exists multiple times with NOT compatible types: FT_UINT32 and FT_UINT64
'nlm.lock.l_offset' exists multiple times with NOT compatible types: FT_UINT32 and FT_UINT64
'nlm.lock.l_len' exists multiple times with NOT compatible types: FT_UINT32 and FT_UINT64
'pflog.saddr' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
'pflog.daddr' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
'pflog.saddr' exists multiple times with NOT compatible types: FT_BYTES and FT_IPv6
'pflog.daddr' exists multiple times with NOT compatible types: FT_BYTES and FT_IPv6
'pgm.spm.path' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
'pgm.nak.src' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
'pgm.nak.grp' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
'pgm.poll.path' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
'pgm.opts.ccdata.acker' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
'pgm.opts.ccdata.acker' exists multiple times with NOT compatible types: FT_IPv4 and FT_IPv6
'pgm.opts.ccdata.acker' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
'pgm.opts.redirect.dlr' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
Change-Id: Iaf694699d108a12db172da8dd9fbab211adb329d
Reviewed-on: https://code.wireshark.org/review/14070
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change g_list into wmem_list to solve the leak. Leak found by valgrind.
==14755== 3,384 (504 direct, 2,880 indirect) bytes in 21 blocks are definitely lost in loss record 3,380 of 3,418
==14755== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==14755== by 0xA806610: g_malloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==14755== by 0xA81C22D: g_slice_alloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==14755== by 0xA7FD4F3: g_list_append (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==14755== by 0x67CD825: build_get_attr_all_table (packet-cip.c:5402)
==14755== by 0x67CD825: proto_register_cip (packet-cip.c:8067)
==14755== by 0x71C83F9: register_all_protocols (register.c:229)
==14755== by 0x65F14D7: proto_init (proto.c:521)
==14755== by 0x65CF961: epan_init (epan.c:126)
==14755== by 0x1153F0: main (tshark.c:1220)
Change-Id: I9c25ee5b5bf04b9afb8b0bf22bb6f3d7022bf4d3
Reviewed-on: https://code.wireshark.org/review/13969
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
1. More Identity attributes
2. Port attributes
3. Set Attribute List request highlighted too much attribute data
4. TCP/IP object, Attr 5 needs padding
5. Switch most attributes to use wrappers instead of dissect_epath() directly.
6. Change new Volume 8 attributes to treat path size as words instead of bytes, when parsing size+EPATH formats.
Change-Id: I1b8c476475c6fbb9c7cdb99ec4a6c28934631a19
Reviewed-on: https://code.wireshark.org/review/13898
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
with gcc-4.4.x
Change-Id: I823787dd7c4c92d74cd294e6e2d44b3574ae4d20
Reviewed-on: https://code.wireshark.org/review/13909
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This includes request/response tracking
Change-Id: I12ac4c198929aa6a75f3f839f9ee52ebf00b8059
Reviewed-on: https://code.wireshark.org/review/13743
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: D. Ulis <daulis0@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
These objects are defined in Volume 8, but it doesn't make sense to create a new dissector file for them, so just distribute them where it makes the most sense in the existing CIP dissectors.
Also do some conversions to proto_tree_add_bitmask while in the neighborhood.
Add support for EtherNet/IP over DTLS/TLS.
Change-Id: I4e658e8871eebb222816229de7594ff766264308
Reviewed-on: https://code.wireshark.org/review/13710
Reviewed-by: D. Ulis <daulis0@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
externed global variable.
Change-Id: Id8156680d67d65d87c156df05e8a66e2531728d2
Reviewed-on: https://code.wireshark.org/review/13709
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
1. ENIP: When there is more than one ENIP command in a given TCP packet, display both in the Info column. Previously, only 1 would be displayed.
2. CIP: Services need a context to be able to interpret properly. Display the Class or Symbol name in the Info column in an object oriented manner for Request Paths, or Connection Paths.
3. CIP: Display the request path/service in a CIP response, instead of just "Success". These changes make it visually easier to identify traffic.
4. CIP: For the Info column, make Multiple Service Packet formatting a little more consistent regarding the divider between embedded packets. Previously, it would display 2 different separator types "," and "|".
5. CIP: Add preference to enable/disable "Display enhanced Info column data"
Change-Id: I7e95bc144588c0925137e01abbc814babb494d19
Reviewed-on: https://code.wireshark.org/review/13632
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
'dissect_segment_network_production_inhibit_us' [-Wmissing-prototypes]
Change-Id: Ic23b26f87f38db0a40213ce7c954c8618dc966eb
Reviewed-on: https://code.wireshark.org/review/13610
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Add support for the following segment types:
1. Port: Extended
2. Logical: Service ID
3. Logical: Extended
4. Symbolic: ASCII, Extended String, including: Double-byte, Triple-byte, Numeric (USINT, UINT, UDINT)
5. Network: Extended
6. Network: Production Inhibit Time in Microseconds
Bug: 12049
Change-Id: I31b269c28c0101205cbc02f858de47106b9e7373
Reviewed-on: https://code.wireshark.org/review/13552
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
It's not tied to the frame_data structure any more, so it belongs by
itself.
Clean up some #includes while we're at it; in particular, frame_data.h
doesn't use anything related to tvbuffs, so don't have it gratuitiously
include tvbuff.h.
Change-Id: Ic32922d4a3840bac47007c5d4c546b8842245e0c
Reviewed-on: https://code.wireshark.org/review/13518
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
That removes most of the uses of the frame number field in the
frame_data structure.
Change-Id: Ie22e4533e87f8360d7c0a61ca6ffb796cc233f22
Reviewed-on: https://code.wireshark.org/review/13509
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Get Attributes All is a predefined list of existing attribute IDs for a given class. Add a new index for each attribute for their place in GetAttributesAll response. Then a hash table of classes for existing attributes are created to handle the GetAttributesAll service.
Added more TCP/IP object attributes since more have been added to the spec.
Moved TCP/IP object attributes all to ENIP dissector.
Bug: 11996
Change-Id: I7f50c9aadf04efdb17ef31f39e6a991c0a84bef2
Reviewed-on: https://code.wireshark.org/review/13186
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Iaa297340708170e8efb2d73d0c164e0358507eb2
Reviewed-on: https://code.wireshark.org/review/12502
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
lengths are set for it.
This ensures:
1. Generated data shows inside brackets [], so it's obvious that the data was actually generated.
2. Clicking on generated data should not highlight bytes in the packet. Previously, this would sometimes highlight parts of the response packet that were unrelated.
3. Fixes some assertions that hit in PDML exporting code, due to wrong data locations being referenced.
Bug: 11863
Change-Id: Ia7ea9d886c8fff0c302088bed44b974ff9447a92
Reviewed-on: https://code.wireshark.org/review/12468
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: Ie39ef054a4a942687bd079f3a4d8c2cc55d5f22c
Reviewed-on: https://code.wireshark.org/review/12485
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Some of the ASN.1 dissectors still generate a new_create_dissector_handle from the tool itself, so leave those for now.
Change-Id: Ic6e5803b1444d7ac24070949f5fd557909a5641f
Reviewed-on: https://code.wireshark.org/review/12484
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
EtherNet/IP
1. EtherNet Link object parsed Physical Address attribute response incorrectly.
2. Display Unknown Commands as ENIP instead of just TCP data.
CIP
1. For connected data, don't interpret it as a Message Router Request/Response format when the Forward Open connection was not directed to the Message Router. Previously, this data would be incorrectly shown as explicit CIP data. In many cases, this would show as malformed. This traffic will now just display as Data in the Wireshark tree, and "Implicit Data - Class (0x123)" in the Info column. Make this data filterable by "cip.conn_path_class == 0x123".
2. Fix parsing of Unconnected Send responses. Previously, for most cases, the response was not fully parsed, and would just show "Data", or it would parse the response as if the request class was the Connection Manager, which is incorrect. Now, also show the request path of the original embedded message in the tree.
3. Add some detailed error data for malformed Forward Close response.
Change-Id: I1c98ce516373d8c0ed6e049e25342f726bc370ea
Reviewed-on: https://code.wireshark.org/review/12339
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: D. Ulis <daulis0@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
EtherNet/IP
1. Only decode 32-bit header if there is enough data. Previously, this would show malformed data, even for I/O packets that have no data, eg: heartbeat data.
2. Typos
CIP
1. Many Time Sync attribute responses were flagged incorrectly as malformed.
2. Create service response highlighted the instance number incorrectly, and showed warnings.
3. Set Attribute List Request should exit early if it doesn't know about a particular attribute.
4. Incorrect format for Safety Network Segment: Router Format.
5. Typos
Change-Id: I506dbb053c247bc8efcbde2cce6ab24d9550c897
Reviewed-on: https://code.wireshark.org/review/12321
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
A change-list is as follows:
- Removed un-necessary dissector revision updates from the file header since GIT tracks these nicely.
- Added proper size detection of Modbus RTU messages (including exception responses), when dealing with partial TCP segment reassembly.
- Moved the 'register' decode preferences to the Modbus dissector as TCP vs. RTU granularity isn't needed in this case.
- Obsoleted un-unused 'address type format' user preferences
- Cleaned up dissect_modbus_data to remove proto_tree_set_text instances.
- For decoded register tree objects, use register 'address' instead of 'value' for the filter field to provide a more useful filter.
- Added in conversation support, to attempt to track responses back to matching requests.
- Use conversation support to attempt to populate proper register address offsets in the response messages. Currently each request is saved and each response looks for the last prior request that matches the function code.
- Re-factored Modbus dissector to split apart request vs. response decoding. This has led to cleaner code paths, but some duplication where replies and requests are identical format.
Change-Id: I0c86ae85b8ae4cc59b037e5f68f408833205fadd
Reviewed-on: https://code.wireshark.org/review/9914
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
The target here is the Decode As dialog where protocols have multiple registrations into a dissector table and that shows up as multiple entries in the Decode As dialog list with the same name so users are unsure which "dissector" they are choosing.
The "default" behavior (done in this commit) is to not allow duplicates for a dissector table, whether its part of Decode As or not. It's just ENFORCED for Decode As.
Bug: 3949
Change-Id: Ibe14fa61aaeca0881f9cc39b78799e314b5e8127
Reviewed-on: https://code.wireshark.org/review/11405
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
The preferences are still supported for backwards compatibility, but the heuristic_protos file has final say on the "preference" to enable/disable a heuristic dissector.
Also add parameter to heur_dissector_add() for the "default" enable/disable of a heuristic dissector. With this parameter, a few more (presumably weak) heuristic dissectors have been "registered" but of course default to being disabled.
Change-Id: I51bebb2146ef3fbb8418d4f5c7f2cb2b58003a22
Reviewed-on: https://code.wireshark.org/review/9610
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This allows better presentation of heuristic dissectors to the end user.
Change-Id: I2ff3985ab914e83c2989880cc0c7b9904045b3f6
Reviewed-on: https://code.wireshark.org/review/9602
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Idfd3bed012e823de544fe4de483c8f095fc7c65d
Reviewed-on: https://code.wireshark.org/review/8086
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I3681462aeb98ca62ed3ec5eb226b2553317391a9
Reviewed-on: https://code.wireshark.org/review/5997
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
|
|
Specifically:
- Set packet.h to be the first wireshark #include after
config.h and "system" #includes.
packet.h added as an #include in some cases when missing.
- Remove some #includes included (directly/indirectly) in
packet.h. E.g., glib.h.
(Done only for those files including packet.h).
- As needed, move "system" #includes to be after config.h and
before wireshark #includes.
- Rework various #include file specifications for consistency.
- Misc.
Change-Id: Ifaa1a14b50b69fbad38ea4838a49dfe595c54c95
Reviewed-on: https://code.wireshark.org/review/5923
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
