Age | Commit message (Collapse) | Author | Files | Lines |
|
Dissector has always been able to cope with unknown record types so pass them
through (and call the data dissector from the ERF dissector in this case).
Previously was stopping processing on the first unrecognized record which is
very unhelpful for otherwise valid files that have new types mixed in.
Remove ERF type check altogether from open heuristic as ERF type could be past
48 in future and with more extension headers bit any byte value could be valid.
Also allow setting ERF_RECORDS_TO_CHECK to 0 to force skipping the heuristic.
Change-Id: I8331eef30ba2e949564f418b3100bd73b8f58116
Reviewed-on: https://code.wireshark.org/review/15361
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Fix sanity checking overflow in wiretap ERF_TYPE_META parsing segfault.
Fix final tag of exactly 4 bytes not being dissected.
Fix not setting bitfield tag subtree (was working due to proto.c internal behaviour).
Add dissector expertinfo for truncated tags. Dissect type and length on error.
Bug: 12352
Change-Id: I3fe6644f369e4d6f1f64270cb83c8d0f8a1f1a94
Reviewed-on: https://code.wireshark.org/review/15357
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Added dissectors for OPA Fabric Executive (FE) Header, OPA Snoop and
Capture (SnC) MetaData Header, OPA 9B Packets, and OPA MAD Packets.
Bug: 12114
Change-Id: I6acd3c9e266e4b638167abbdd275ec7c1d472b4f
Reviewed-on: https://code.wireshark.org/review/13473
Reviewed-by: Adam Goldman <adam.goldman@intel.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Wiretap support had already been added for old type variants COLOR_HASH_ETH and
COLOR_HASH_POS, dissect them like the other variants.
Change-Id: I60b83c50a258a27c31a498382c276bc4f4a34cbb
Reviewed-on: https://code.wireshark.org/review/15397
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Use eth_maybefcs instead of eth_withoutfcs.
ERF_TYPE_ETH records almost always have FCS, but using maybe means the "Assume
packets have FCS" is respected.
Mark the erf_ethfcs preference as obsolete. It was being ignored.
This was broken by Change 3670 which changed the ERF dissector to use
a dissector table.
Change-Id: I45cffdaed3890f8a0f505b2011be8c5204d9b2a6
Reviewed-on: https://code.wireshark.org/review/15360
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Use wmem_strdup and wmem_strconcat instead of wmem_strdup_printf.
This shaves a small amount of time off of register_all_protocols on
Windows according to the Visual Studio profiler.
Change-Id: Ib6991e8de5b4fc30e960c513a3028c09dfe6a0a4
Reviewed-on: https://code.wireshark.org/review/14770
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Ib1d0c3d44d404dba2edca0d330693cde55beff25
Reviewed-on: https://code.wireshark.org/review/14781
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
ERF Dissector:
Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers.
Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h.
The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type
field describing what the hash was computed over. The Host ID extension header
contains a 48-bit organizationally unique Host Identifier. Both extension
headers contain the same 8-bit Source ID used for distinguishing records from
multiple sources in the same file and for metadata linking to ERF_TYPE_META
records. Host ID is used to identify the capturing host and can also be used to
distinguish records from multiple hosts in the same file.
ERF_TYPE_META records have a payload consisting of TLV metadata, divided into
sections which define the context of the TLV tag. The dissector registers
a field for each tag for each section type based on a template.
ERF_TYPE_META records generally have a Host ID extension header used to link
metadata to packet records with the same Host ID and Source ID. The associated
Host ID can either be explicit on all records, or implicit where the Host ID
extension header is only present on MetaERF records and other records are
associated using only the Source ID in the Flow ID extension header.
Includes per-record generated Source summary and frame linking. These have the
'correct' Host ID and Source IDs from either extension header, including
applying the Implicit Host ID, and links to the most recent ERF_TYPE_META
record. Relies on Wireshark doing more than one pass to associate the correct
implicit Host ID tree items for records before the first ERF_TYPE_META record.
The metadata is technically not associated at that point anyway.
ERF Wiretap:
Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support.
Adds read support for displaying some fields of the 'first'
ERF_TYPE_META record in the Capture File Properties screen. Concatenates
and merges some summary fields to provide more useful information and
attempt to combine ERF sources, streams and interfaces into wtap interfaces.
Interface naming gracefully degrades when Host ID and Source ID are not present
and is intended to be parseable for use by DAG software.
Supports Implicit Host ID, but assumes it does not change.
NOTE: Now only ERF interfaces that are present in the file are added.
Only works with native ERF files for now. Written such that it is easily
adapted for use by pcap dissector.
Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records.
Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META
and ft_specific_record_phdr clashes with erf_mc_phdr.
Only when native ERF file (as uses wth->file_type_subtype).
Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF.
Bug: 12303
Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d
Reviewed-on: https://code.wireshark.org/review/14510
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This saves many dissectors the need to find the data dissector and store a handle to it.
There were also some that were finding it, but not using it.
For others this was the only reason for their handoff function, so it could be eliminated.
Change-Id: I5d3f951ee1daa3d30c060d21bd12bbc881a8027b
Reviewed-on: https://code.wireshark.org/review/14530
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Started by grepping call_dissector_with_data, call_dissector_only and call_dissector and traced the handles passed into them to a find_dissector within the dissector. Then replaced find_dissector with find_dissector_add_dependency and added the protocol id from the dissector.
"data" dissector was not considered to be a dependency.
Change-Id: I15d0d77301306587ef8e7af5876e74231816890d
Reviewed-on: https://code.wireshark.org/review/14509
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This will make it easier to determine protocol dependencies.
Some LLC OUI dissector tables didn't have an associated protocol, so they were left without one (-1 used)
Change-Id: I6339f16476510ef3f393d6fb5d8946419bfb4b7d
Reviewed-on: https://code.wireshark.org/review/14446
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Ibdf2eef90dff97498ddf9e11dfa14b7117ea4eab
Reviewed-on: https://code.wireshark.org/review/13326
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Don't use the pseudo-header pointed to by pinfo->pseudo_header; have the
argument either point to a struct atm_phdr or to a pwatm_private_data_t.
Don't *overwrite* the pseudo-header pointed to by pinfo->pseudo_header
if you need to construct an ATM pseudo-header for a dissector; have your
own struct atm_phdr structure, fill it in, and pass a pointer to *that*
to the sub-dissector.
Cleans things up a bit.
Change-Id: I4464924def4de41c625002b2d273592bd529e46e
Reviewed-on: https://code.wireshark.org/review/13270
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
The data before the Ethernet packet isn't a 16-bit little-endian
integer, it's two bytes, one byte of offset and one byte of padding.
Change-Id: I327b88f058dda184b79d3c2c6cf0dea52c0d28b1
Reviewed-on: https://code.wireshark.org/review/13254
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
That's how they're extracted in the libwiretap module, and that's how
they're shown in the ERF spec.
This gets rid of some compiler warnings about type-punning.
Merge some reserved bit fields to match what's in the ERF spec.
Renumber others.
Process the AAL2 and MC headers differently; yes, they're both
big-endian 32-bit values, but that makes the code a bit clearer, and,
heck, the optimizer may well combine the two sequences of code.
Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7
Reviewed-on: https://code.wireshark.org/review/13251
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I8512cfa1d424f82a873a0e0e1d22c7b075fdd7f3
Reviewed-on: https://code.wireshark.org/review/13069
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Update erf_open heuristic to not break when ERF_TYPE_META records are present.
Remove check for maximum non-pad ERF type and add defines for reserved types.
No dissection in this commit beyond record type name, this will come later.
Change-Id: Ib64e450e26b2878b5519fb6afeafa2ce9477ac85
Reviewed-on: https://code.wireshark.org/review/12708
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: Ie39ef054a4a942687bd079f3a4d8c2cc55d5f22c
Reviewed-on: https://code.wireshark.org/review/12485
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Picking off "easy" dissectors that only have one or two exit points at most.
Change-Id: I3d5e576b796556ef070bb36d8b55da0b175dcba8
Reviewed-on: https://code.wireshark.org/review/11805
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
The target here is the Decode As dialog where protocols have multiple registrations into a dissector table and that shows up as multiple entries in the Decode As dialog list with the same name so users are unsure which "dissector" they are choosing.
The "default" behavior (done in this commit) is to not allow duplicates for a dissector table, whether its part of Decode As or not. It's just ENFORCED for Decode As.
Bug: 3949
Change-Id: Ibe14fa61aaeca0881f9cc39b78799e314b5e8127
Reviewed-on: https://code.wireshark.org/review/11405
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Just reduces the overall tvb_get_ptr usage count in the dissector directory.
Change-Id: I455dc4cc9b082ecccdd254a2e5121f3353b5a812
Reviewed-on: https://code.wireshark.org/review/7491
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I3681462aeb98ca62ed3ec5eb226b2553317391a9
Reviewed-on: https://code.wireshark.org/review/5997
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
|
|
Specifically:
- Set packet.h to be the first wireshark #include after
config.h and "system" #includes.
packet.h added as an #include in some cases when missing.
- Remove some #includes included (directly/indirectly) in
packet.h. E.g., glib.h.
(Done only for those files including packet.h).
- As needed, move "system" #includes to be after config.h and
before wireshark #includes.
- Rework various #include file specifications for consistency.
- Misc.
Change-Id: Ifaa1a14b50b69fbad38ea4838a49dfe595c54c95
Reviewed-on: https://code.wireshark.org/review/5923
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
|
Have separate MTP2 dissectors for:
MTP2 frames with no pseudo-header and no CRC;
MTP2 frames with a pseudo-header and no CRC;
MTP2 frames with no pseudo-header and a CRC;
and call the appropriate dissector in the appropriate places.
While we're at it, get rid of a global variable - pass the "use extended
sequence numbers" flag down through the dissection code path, rather
than having it as a global.
Change-Id: Id8da1fbe3529e3ffadd5c30646cbc922f506a01f
Reviewed-on: https://code.wireshark.org/review/5679
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I434da226c842298f4fb2a4335d06d51e164af2af
Reviewed-on: https://code.wireshark.org/review/4394
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
|
1- removed unnecessary include <wiretap/erf.h>
2- used fall through in protocol switch case instead of calling same
function with same params.
fixes/changes after review with Evan Huus, changes ETH/IPv4/IPv6/Infiniband/InfinibandLink
to use dissector table instead of direct function calls.
other protocols should be called in the same way, we'll do it when have
the time.
instead of calling subdissector directly from packet-erf.c code it's
easier to declare this and each time we need to register a new
protocol over erf format we sould easily extend it from the protcol module
instead using "dissector_add_uint()" function.
the change is still backward compatible, if no upper protocol is
registered for the specifc type an old fasion direct function call
is performed.
Change-Id: I3ae1ccfdd49ab8f90667185296cc950dc2184475
Reviewed-on: https://code.wireshark.org/review/3670
Petri-Dish: Evan Huus <eapache@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I525ac2aae2bdbfd5f3a2f3b35f1bf10dde053f66
Reviewed-on: https://code.wireshark.org/review/2667
Tested-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
https://www.wireshark.org/lists/wireshark-dev/201406/msg00131.html
This reverts commit 246fe2ca4c67d8c98caa84e2f57694f6322e2f96.
Change-Id: Ib24bae0198c13a84bd7f731bf4af921212109a8f
Reviewed-on: https://code.wireshark.org/review/2430
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I9209c1271967405c34c1b6fa43e1726a4d3a5a3f
Reviewed-on: https://code.wireshark.org/review/2377
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
svn path=/trunk/; revision=54135
|
|
svn path=/trunk/; revision=53353
|
|
hf_ field name is the first part of the formatted string. This was all manual inspection and most cases were either:
1. Case sensitivity differences between hf_ field name and formatted string.
2. Unnecessary whitespace between hf_ field name and colon in formatted string
There are cases where the hf_ field name doesn't quite match the proto_tree_add_uint_format, but it's close enough that one of them should be "right", I'm just not sure which is, I just know the string in proto_tree_add_uint_format is the one displayed.
svn path=/trunk/; revision=52098
|
|
svn path=/trunk/; revision=52052
|
|
hf_ field name is the first part of the formatted string. This was done with a perl script on the dissectors directory (packet-*.c), followed by manual inspection of the output. The manual inspection yielded a few cases that really should have been proto_tree_add_uint or proto_tree_add_item, so I updated them accordingly.
The script didn't catch as many as I would have liked, but it's a start.
The most common (ab)use of proto_tree_add_uint_format was for appending strings to CRC/checksum values to note good or bad CRC/checksum.
svn path=/trunk/; revision=52045
|
|
svn path=/trunk/; revision=51852
|
|
svn path=/trunk/; revision=51625
|
|
svn path=/trunk/; revision=49920
|
|
SDH dissector calculation fixes.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8767
svn path=/trunk/; revision=49750
|
|
remove C++ incompatibilities
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8416
svn path=/trunk/; revision=48426
|
|
svn path=/trunk/; revision=47891
|
|
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8215 :
Several ERF types are incorrectly calling downstream dissectors under the erf_tree instead of under the top level tree
svn path=/trunk/; revision=47122
|
|
Cast away some implicit 64-bit-to-32-bit conversion errors due to use of
sizeof.
Cast away some implicit 64-bit-to-32-bit conversion errors due to use of
strtol() and strtoul().
Change some data types to avoid those implicit conversion warnings.
When assigning a constant to a float, make sure the constant isn't a
double, by appending "f" to the constant.
Constify a bunch of variables, parameters, and return values to
eliminate warnings due to strings being given const qualifiers. Cast
away those warnings in some cases where an API we don't control forces
us to do so.
Enable a bunch of additional warnings by default. Note why at least
some of the other warnings aren't enabled.
randpkt.c and text2pcap.c are used to build programs, so they don't need
to be in EXTRA_DIST.
If the user specifies --enable-warnings-as-errors, add -Werror *even if
the user specified --enable-extra-gcc-flags; assume they know what
they're doing and are willing to have the compile fail due to the extra
GCC warnings being treated as errors.
svn path=/trunk/; revision=46748
|
|
svn path=/trunk/; revision=46292
|
|
question are 4-byte header fields containing bitfields, so "unsigned" is
appropriate here.)
svn path=/trunk/; revision=45521
|
|
svn path=/trunk/; revision=45017
|
|
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7563 :
Remove another invalid array write.
svn path=/trunk/; revision=44419
|
|
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7563 :
Previous patch solved the reported problem. This patch should cover input
validation for the VC Id and Link Rate fields properly.
Note link_rate==0 (unknown) is supported, as some hardware/firmware may not set
this field, but vc_size==0 is defined invalid.
From me: also initialize m_sdh_line_rate when the input is garbage.
svn path=/trunk/; revision=44377
|
|
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7563 :
Don't overflow in_fmt->m_vc_index_array: verify that speed is less than or
equal to DECHAN_MAX_AUG_INDEX before using it.
Also add a comment: there are comments here that indicate that this array
should have 5 entries but there are only 4.
svn path=/trunk/; revision=44306
|
|
ERF dissector cleanup
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547
svn path=/trunk/; revision=44152
|