| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Offloading seems to be very common nowadays and having this option
enabled by default generates a lot of false positives. Suggested by
Laura Chappell.
Change-Id: I285f218efb3c9f164d8ad7a6d6de8270e442ffff
Reviewed-on: https://code.wireshark.org/review/426
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
[-Werror,-Wunreachable-code]
Change-Id: Id368fdb7025260cb1fc261f844eae8c018c65edd
Reviewed-on: https://code.wireshark.org/review/325
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
|
|
svn path=/trunk/; revision=54334
|
|
svn path=/trunk/; revision=54089
|
|
svn path=/trunk/; revision=53831
|
|
Set .display to STR_UNICODE (instead of STR_ASCII).
svn path=/trunk/; revision=53827
|
|
svn path=/trunk/; revision=53759
|
|
Part of the fix includes having the IPv6 dissector populate as much of a ws_ip structure as possible to pass to subdissectors of the "ip.proto" table, so the ttl value can be picked up.
svn path=/trunk/; revision=53522
|
|
the GUI. Bug 9450 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9450)
The basic idea behind this design is to have dissectors register with a "decode as list" with their name and dissector table. When "Decode As" dialog is launched, any "registered" dissector found in the packet will cause a tab to be created in the dialog.
This patch includes just the dissector portion of the functionality (minus packet-dcerpc.[ch] because it has hooks to the current GUI)
svn path=/trunk/; revision=53445
|
|
protocol IDs. This is substantially more efficient, which means we can build it
all the time rather than only if tree (in my benchmarks the extra time taken is
not large enough to be statistically significant even over tens of thousands of
packets).
This fixes what was probably a bug in btobex that relied on layer_names for
non-tree dissection. It also enables a much simpler fix for
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9303
svn path=/trunk/; revision=53089
|
|
Dissectors should just use (reported) tvb length and taps have other ways to get the data.
svn path=/trunk/; revision=52899
|
|
supports heuristics.
IP heuristics pass in IP header to help subdissectors decide what to do.
svn path=/trunk/; revision=52835
|
|
hf_ field name is the first part of the formatted string. This was all manual inspection and most cases were either:
1. Case sensitivity differences between hf_ field name and formatted string.
2. Unnecessary whitespace between hf_ field name and colon in formatted string
There are cases where the hf_ field name doesn't quite match the proto_tree_add_uint_format, but it's close enough that one of them should be "right", I'm just not sure which is, I just know the string in proto_tree_add_uint_format is the one displayed.
svn path=/trunk/; revision=52098
|
|
hf_ field name is the first part of the formatted string. This was done with a perl script on the dissectors directory (packet-*.c), followed by manual inspection of the output. The manual inspection yielded a few cases that really should have been proto_tree_add_uint or proto_tree_add_item, so I updated them accordingly.
The script didn't catch as many as I would have liked, but it's a start.
The most common (ab)use of proto_tree_add_uint_format was for appending strings to CRC/checksum values to note good or bad CRC/checksum.
svn path=/trunk/; revision=52045
|
|
svn path=/trunk/; revision=51960
|
|
chdlc.protocol and change the UI name to match. It is by far much more common to name the tables after the field than to pick another name.
svn path=/trunk/; revision=51958
|
|
svn path=/trunk/; revision=51852
|
|
the same structure.
This is begin of work to split fragment head and fragments items.
svn path=/trunk/; revision=50708
|
|
proto_tree_add_expert_format, where applicable.
svn path=/trunk/; revision=50377
|
|
a bit duplicative, but the byte highlighting over the whole option is nice.
svn path=/trunk/; revision=50248
|
|
svn path=/trunk/; revision=50247
|
|
dissect_ip_tcp_options(). Bug 8823 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8823)
svn path=/trunk/; revision=50230
|
|
the CARP dissector, bug 8633 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8633)
This should allow the ugly IPIP/TAPA hack to be replaced with a proper heuristic, but I don't see any sample TAPA traces to feel confident in making the change myself.
svn path=/trunk/; revision=49930
|
|
svn path=/trunk/; revision=49845
|
|
was done using textual search+replace, not anything syntax-aware, so presumably
it got most comments as well (except where there were typos).
Use a consistent coding style, and make proper use of the WS_DLL_* defines.
Group the functions appropriately in the header.
I ended up getting rid of most of the explanatory comments since many of them
duplicated what was in the value_string.c file (and were out of sync with the
recent updates I made to those in r48633). Presumably most of the comments
should be in the .h file not the .c file, but there's enough churn ahead that
it's not worth fixing yet.
Part of https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8467
svn path=/trunk/; revision=48634
|
|
being incorporated inside an ICMP error packet.
svn path=/trunk/; revision=48518
|
|
be done on flows from one address to another; reassembly for protocols
running atop TCP should be done on flows from one TCP endpoint to
another.
We do this by:
adding "reassembly table" as a data structure;
associating hash tables for both in-progress reassemblies and
completed reassemblies with that data structure (currently, not
all reassemblies use the latter; they might keep completed
reassemblies in the first table);
having functions to create and destroy keys in that table;
offering standard routines for doing address-based and
address-and-port-based flow processing, so that dissectors not
needing their own specialized flow processing can just use them.
This fixes some mis-reassemblies of NIS YPSERV YPALL responses (where
the second YPALL response is processed as if it were a continuation of
a previous response between different endpoints, even though said
response is already reassembled), and also allows the DCE RPC-specific
stuff to be moved out of epan/reassembly.c into the DCE RPC dissector.
svn path=/trunk/; revision=48491
|
|
svn path=/trunk/; revision=48423
|
|
remove C++ incompatibilities
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8416
svn path=/trunk/; revision=48400
|
|
IPv4 is *everywhere*.
svn path=/trunk/; revision=46471
|
|
svn path=/trunk/; revision=46199
|
|
zero as the total length is the result of TSO, report that specially, so
that it's clearer why the we're reporting the length as non-zero when
it's zero in the packet data.
See
http://ask.wireshark.org/questions/16279/why-are-the-bytes-00-00-but-wireshark-shows-an-ip-total-length-of-2016
svn path=/trunk/; revision=46198
|
|
number of SACK ranges found in the SACK option.
This involved extending the IP options framework to include an extra
void* data field, which in the case of TCP is filled in with the tap
struct - other users currently pass NULL.
I first implemented the graph to sort the SACK ranges and show (in red)
the unacknowledged regions between them, but this became confusing where
the number of ranges is limited by TCP padding bytes. i.e. you can't
tell how many SACKs could have been encoded, so some of the gaps between
ranges may already have been received.
svn path=/trunk/; revision=46006
|
|
- ipv6.traffic_class.dscp use ext string so and need BASE_EXT_STRING flag (fix SIGSEGV)
- dscp_vals was removed from .h file, so make it static
- export dscp_vals_ext
svn path=/trunk/; revision=45380
|
|
svn path=/trunk/; revision=45017
|
|
svn path=/trunk/; revision=44939
|
|
svn path=/trunk/; revision=44938
|
|
svn path=/trunk/; revision=44901
|
|
svn path=/trunk/; revision=44900
|
|
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7683 :
The reassembled fragments tree in the Packet Details view is awesome, but it
lacks one thing: a field that exposes the reassembled data.
tcp.data already exists for exposing a single TCP segment's payload as a byte
array. It would be handy to have something similar for a single application
layer PDU when TCP segment reassembly is involved. I propose
tcp.reassembled.data, named and placed after the already existing field
tcp.reassembled.length.
My primary use case for this feature is outputting tcp.reassembled.data with
tshark for further processing with a script.
The attached patch implements this very feature. Because the reassembled
fragment tree code is general purpose, i.e. not specific to just TCP, any
dissector that relies upon it can add a similar field very cheaply. In that
vein I've also implemented ip.reassembled.data and ipv6.reassembled.data, which
expose reassembled fragment data as a single byte stream for IPv4 and IPv6,
respectively. All other protocols that use the reassembly code have been left
alone, other than inserting NULL into their initializer lists for the newly
introduced struct field reassemble.h:fragment_items.hf_reassembled_data.
svn path=/trunk/; revision=44802
|
|
packet-ax25.c and packet-arp.c.
Add an "ax25.pid" dissector table for those protocol IDs, use it in the
AX.25 dissector, and have dissectors register in that table with their
protocol IDs.
Get rid of some unneeded includes.
Clean up some "AX25"s in user-visible strings - say "AX.25" instead.
Clean up some indentation.
svn path=/trunk/; revision=44235
|
|
They made cppcheck unhappy.
svn path=/trunk/; revision=43779
|
|
(COPYING will be updated in next commit)
svn path=/trunk/; revision=43536
|
|
Convert some proto_tree_add_string_format_value(..., val, "%s", val); to use new function.
svn path=/trunk/; revision=43363
|
|
BACKPORT to 1.8
svn path=/trunk/; revision=43222
|
|
BACKPORT to 1.8
svn path=/trunk/; revision=43221
|
|
svn path=/trunk/; revision=43216
|
|
Also:
- don't use val_to_str_const() with a "format" default string;
- rename 'opt_len_type' enumeration identifiers to be less generic.
svn path=/trunk/; revision=43210
|
|
appropriate.
Also:
- use val_to_str_const() [instead of val_to_str()] in a few cases;
- do some trivial formatting cleanup.
svn path=/trunk/; revision=43204
|
|
and TCP.
svn path=/trunk/; revision=42533
|
