| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Fill in the "gaps" so that all dissectors that verify checksums have both a
status and expert info field.
Also address comments from original proto_tree_add_checksum patch that didn't make it.
Ping-Bug: 8859
Change-Id: I2e6640108fd6bb218cb959fe9e4ba98a13e43a2f
Reviewed-on: https://code.wireshark.org/review/16590
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
This is an attempt to standardize display/handling of checksum fields for all dissectors.
The main target is for dissectors that do validation, but dissectors that just report the
checksum were also included just to make them easier to find in the future.
Bug: 10620
Bug: 12058
Ping-Bug: 8859
Change-Id: Ia8abd86e42eaf8ed50de6b173409e914b17993bf
Reviewed-on: https://code.wireshark.org/review/16380
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
It seems that not all Cisco IOS implementations adhere to RFC2332
with respect to having the source address after the SPI in the
authentication extension. This change adds a preference to suppress
the interpretation of the bytes following the SPI as the source
address. The default is to adhere to the RFC.
Bug: 12569
Change-Id: I00d3c1b90ace54f16f0fe4704e6127a5c4881c82
Reviewed-on: https://code.wireshark.org/review/16231
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This saves many dissectors the need to find the data dissector and store a handle to it.
There were also some that were finding it, but not using it.
For others this was the only reason for their handoff function, so it could be eliminated.
Change-Id: I5d3f951ee1daa3d30c060d21bd12bbc881a8027b
Reviewed-on: https://code.wireshark.org/review/14530
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This will make it easier to mold into (capture) dissector tables.
Change-Id: Iad63f2c2869782977992a3a072adb020be4b1818
Reviewed-on: https://code.wireshark.org/review/12587
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Some of the ASN.1 dissectors still generate a new_create_dissector_handle from the tool itself, so leave those for now.
Change-Id: Ic6e5803b1444d7ac24070949f5fd557909a5641f
Reviewed-on: https://code.wireshark.org/review/12484
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Picking off "easy" dissectors that only have one or two exit points at most.
Change-Id: I96aa9cf53533cbb07105aa400d42922baf3016b3
Reviewed-on: https://code.wireshark.org/review/11860
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I123c591cb0eb83b561163119a4b00c616bcd0990
Reviewed-on: https://code.wireshark.org/review/7666
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Model get_manuf_name after get_ether_name so that a string (either name resolved or colon-separated bytes) is always stored in a hash table. This will make name resolution of addresses perform a little better because it doesn't have to worry about the wmem_allocator.
Change-Id: If976fe7b0c3f9cd053225096c2ac05418f061af6
Reviewed-on: https://code.wireshark.org/review/7081
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This reverts commit 797ea88aefc2f45dba7e77d2dcaebe68ac1a4fac.
Change-Id: I9bc2cef0051d88c6374c6f1868b0250cba3edbd4
Reviewed-on: https://code.wireshark.org/review/7076
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Model get_manuf_name after get_ether_name so that a string (either name resolved or colon-separated bytes) is always stored in a hash table. This will make name resolution of addresses perform a little better because it doesn't have to work about the wmem_allocator.
Change-Id: I80f465ae0845290255a659ab63310ac3cc35506e
Reviewed-on: https://code.wireshark.org/review/7075
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I5de4c34e2acafbe47a8ca3f07040a774e72d0d3e
Reviewed-on: https://code.wireshark.org/review/6787
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I973c672e9d573ad67e9b9fd82a5610aaf8a74efa
Reviewed-on: https://code.wireshark.org/review/6605
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I79c613cbdd8dc939dd4c29ebc477fb6eefd5bfc4
Reviewed-on: https://code.wireshark.org/review/6371
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Fourth batch (packet-mac-lte.c -> packet-rtp.c).
Will look at cleaning up and committing script afterwards.
Change-Id: Id921f07f4b274f0cfb77ce81abe4a285fdb8b644
Reviewed-on: https://code.wireshark.org/review/6023
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
|
|
Specifically:
- Set packet.h to be the first wireshark #include after
config.h and "system" #includes.
packet.h added as an #include in some cases when missing.
- Remove some #includes included (directly/indirectly) in
packet.h. E.g., glib.h.
(Done only for those files including packet.h).
- As needed, move "system" #includes to be after config.h and
before wireshark #includes.
- Rework various #include file specifications for consistency.
- Misc.
Change-Id: Ifaa1a14b50b69fbad38ea4838a49dfe595c54c95
Reviewed-on: https://code.wireshark.org/review/5923
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
|
(for some dissectors which fetch all other integral fields using
ENC_BIG_ENDIAN).
Change-Id: Ic18e3172aad76af12b12d6732c88497be22aed56
Reviewed-on: https://code.wireshark.org/review/5748
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
|
bytes consumed
Change-Id: I528ad736caee1f29e2f0abfc0afcca6587d74eca
Reviewed-on: https://code.wireshark.org/review/5743
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Part 2 of many
Change-Id: I50815e7738b011382392f3078a7107d3d9eec4ec
Reviewed-on: https://code.wireshark.org/review/5542
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I51702e9372551a28ea604d21d4bbf0eb4d9588ae
Reviewed-on: https://code.wireshark.org/review/4831
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I1ad94654343e5a018a0b3159481d45ffb3a91263
Reviewed-on: https://code.wireshark.org/review/4363
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
|
Add macros to set entries of a vec_t, one for use when you have a
pointer to private data, and one for use when you have data in a tvbuff.
The latter wraps the use of tvb_get_ptr(), so that you're not directly
calling it in a dissector.
Move ip_checksum() to epan/in_cksum.c, and add an ip_checksum_tvb() that
wraps the use of tvb_get_ptr().
In the CARP dissector, give the length variable an unsigned type -
there's no benefit to it being signed, and that requires some casts to
be thrown around.
In the DCCP dissector, check only against the coverage length to see if
we have enough data, combine the "should we check the checksum?" check
with the "*can* we check the checksum?" check in a single if, and throw
a dissector assertion if the source network address type isn't IPv4 or
IPv6.
Get rid of inclues of <epan/in_cksum.h> in dissectors that don't use any
of the Internet checksum routines.
In the HIP dissector, make sure we have the data to calculate the
checksum before doing so.
Change-Id: I2f9674775dbb54c533d33082632809f7d32ec8ae
Reviewed-on: https://code.wireshark.org/review/3517
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: Idd1b20ab32c0960ea52c6f3bc5346462c37c5684
Reviewed-on: https://code.wireshark.org/review/2853
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
obvious that the returned string is ephemeral, and opens up the original names
in the API for versions that take a wmem pool (and thus can work in any scope).
svn path=/trunk/; revision=54249
|
|
svn path=/trunk/; revision=54201
|
|
svn path=/trunk/; revision=54095
|
|
proto_tree_add_bytes_format_value.
svn path=/trunk/; revision=52272
|
|
hf_ field name is the first part of the formatted string. This was all manual inspection and most cases were either:
1. Case sensitivity differences between hf_ field name and formatted string.
2. Unnecessary whitespace between hf_ field name and colon in formatted string
There are cases where the hf_ field name doesn't quite match the proto_tree_add_uint_format, but it's close enough that one of them should be "right", I'm just not sure which is, I just know the string in proto_tree_add_uint_format is the one displayed.
svn path=/trunk/; revision=52098
|
|
hf_ field name is the first part of the formatted string. This was done with a perl script on the dissectors directory (packet-*.c), followed by manual inspection of the output. The manual inspection yielded a few cases that really should have been proto_tree_add_uint or proto_tree_add_item, so I updated them accordingly.
The script didn't catch as many as I would have liked, but it's a start.
The most common (ab)use of proto_tree_add_uint_format was for appending strings to CRC/checksum values to note good or bad CRC/checksum.
svn path=/trunk/; revision=52045
|
|
svn path=/trunk/; revision=51982
|
|
svn path=/trunk/; revision=51852
|
|
svn path=/trunk/; revision=51823
|
|
hf_nhrp_flag_U1 and hf_nhrp_flag_U2, but change the common display filter from "nhrp.flag.u1" to simply "nhrp.flag.u".
#BACKPORT(1.6, 1.8)???
svn path=/trunk/; revision=48626
|
|
unused hf[] entries (which I should have done in the first place).
svn path=/trunk/; revision=47390
|
|
svn path=/trunk/; revision=47302
|
|
svn path=/trunk/; revision=45017
|
|
(COPYING will be updated in next commit)
svn path=/trunk/; revision=43536
|
|
argument is an uninitialized value" msg
Also:
- #if 0 out some unused hf[] entries;
- use val_to_str_const() in a few places;
- remove some unneeded initializers;
- do col_set_str()/col_clear() before referencing tvb;
- reformat hf[] entries;
- Fix whitespace (4-space tabs, etc).
svn path=/trunk/; revision=42746
|
|
In a few cases: do some whitespace, indentation cleanup & reformatting.
svn path=/trunk/; revision=42632
|
|
proto_tree_add_item() call.
svn path=/trunk/; revision=42500
|
|
svn path=/trunk/; revision=41848
|
|
svn path=/trunk/; revision=39764
|
|
non-autogenerated epan/dissectors:
Specifically: Replace FALSE|0 and TRUE|1 by ENC_BIG_ENDIAN|ENC_LITTLE_ENDIAN as
the encoding parameter for proto_tree_add_item() calls which directly reference
an item in hf[] which has a type of:
FT_BOOLEAN
FT_IPv4
FT_EUI64
FT_GUID
FT_UINT_STRING
Also: For type FT_ITv6 use ENC_NA. (This was missed in SVN #39260)
svn path=/trunk/; revision=39328
|
|
non-autogenerated epan/dissectors:
Specifically: Replace FALSE|0 and TRUE|1 by ENC_BIG_ENDIAN|ENC_LITTLE_ENDIAN as
the encoding parameter for proto_tree_add_item() calls which directly reference
an item in hf[] which has a type of:
FT_UINT8
FT_UINT16
FT_UINT24
FT_UINT32
FT_UINT64
FT_INT8
FT_INT16
FT_INT24
FT_INT32
FT_INT64
FT_FLOAT
FT_DOUBLE
svn path=/trunk/; revision=39288
|
|
keys to have _uint in their names, to match the routines that handle
dissector tables with string keys. (Using _port can confuse people into
thinking they're intended solely for use with TCP/UDP/etc. ports when,
in fact, they work better for things such as Ethernet types, where the
binding of particular values to particular protocols are a lot
stronger.)
svn path=/trunk/; revision=35224
|
|
Also: packet-nhrp.c: #include sminmpec.h not req'd;
svn path=/trunk/; revision=34143
|
|
svn path=/trunk/; revision=32367
|
|
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3950 :
The attached patch improves NHRP dissection and encompasses the following
changes:
1) Now displays Request ID and CIE Reply code or Error code in Info column.
2) Added support for RFC 2520 and RFC 2735 extensions and error codes.
References:
-> http://www.ietf.org/rfc/rfc2520.txt?number=2520
-> http://www.ietf.org/rfc/rfc2735.txt?number=2735
Note: Cisco's NAT Address Extension conflicts with RFC 2735's published
Device Capabilities Extension. Both are assigned type 9. As such, I have had
to add some heuristics to differentiate between them. It should be reliable
though since the former carries a CIE with length > 8 bytes, and the latter a
fixed-length payload of 8 bytes.
3) A few fields previously not filterable now are: hf_nhrp_hdr_op_type,
hf_nhrp_hdr_version and hf_nhrp_error_code.
4) Added support for authentication and vendor-private extension header decode.
NOTE: The authentication extension has been added according to RFC 2332. In
practice, it seems that at least with certain Cisco equipment (I tested with
cisco 2851 IOS version 12.4(15)T), they use their own non-standard
authentication extension format. Because of this, Cisco's version of the
extension will likely either be displayed a little differently than one may
expect or be indicated as being mal-formed ... because in reality, it is.
5) Utilizes expert info in a couple more places to indicate mal-formed packets.
Cisco's Error Indication packet, for example, violates RFC 2332 Section 5.2.7
by including extensions in the Error Indication packet as well as by including
erroneous data following the End Extension. Both cases are reported via expert
info now. Previously, at least with the case of the erroneous data following
the End Extension, the packet would almost certainly have been marked
mal-formed anyway. I now just prevent Wireshark from even attempting to decode
the non-sensical mess.
svn path=/trunk/; revision=29833
|
|
svn path=/trunk/; revision=29446
|
