| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
The "short_name" parameter of heur_dissector_add is defined as const
(and was assumed to be a string literal). This was no longer the case
though since a change in Lua where "short_name" is a dynamically
allocated string.
This "simple" fix clones the memory for internal use to avoid a
heap-use-after-free when heur_dissector_delete tries to access
"short_name".
An alternative option is to make Proto_register_heuristic track the
memory, but since there are multiple possible heuristics lists for a
protocol, the Proto (struct _wslua_field_t) structure is not
appropriate. A possible working alternative is to store the string into
lua_heur_dissectors_table_ref (replacing the value (function) by a tuple
{function,short_name}).
Change-Id: I6c6b393f4d304dd847e864da6ad17b54c8cd80e2
Fixes: v2.3.0rc0-1474-g7f2a838922 ("lua: Allow proto:register_heuristic to be used on multiple list names")
Reviewed-on: https://code.wireshark.org/review/19365
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Franklin Mathieu <snaipe@diacritic.io>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
As per glib manual, GSLists need to be NULL initialized.
Change-Id: If78904b900f6ddd7a0afaf3a1c480ec7626f2027
Reviewed-on: https://code.wireshark.org/review/19281
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Allows for better code reuse.
Change-Id: I0f929e2548cf60905285d62c1095f85565a1c147
Reviewed-on: https://code.wireshark.org/review/18439
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
|
|
Change-Id: I60d71e0e4e7f3c35bec33910ecf4230569a1718c
Reviewed-on: https://code.wireshark.org/review/18438
Reviewed-by: João Valverde <j@v6e.pt>
|
|
1. Fix bug caught by scan build (module not read)
2. Remove range preference call that should have been part of original patch.
Change-Id: I24b1fb253548bffddc4c8ebfc3ede666d8fd9dcd
Reviewed-on: https://code.wireshark.org/review/18143
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This patch introduces new APIs to allow dissectors to have a preference for
a (TCP) port, but the underlying data is actually part of Decode As functionality.
For now the APIs are intentionally separate from the regular APIs that register a
dissector within a dissector table. It may be possible to eventually combine the
two so that all dissectors that register with a dissector table have an opportunity
to "automatically" have a preference to adjust the "table value" through the
preferences dialog.
The tcp.port dissector table was used as the guinea pig. This will eventually be
expanded to other dissector tables as well (most notably UDP ports). Some
dissectors that "shared" a TCP/UDP port preference were also converted. It also
removed the need for some preference callback functions (mostly when the callback
function was the proto_reg_handoff function) so there is cleanup around that.
Dissectors that has a port preference whose default was 0 were switched to using
the dissector_add_for_decode_as_with_preference API rather than dissector_add_uint_with_preference
Also added comments for TCP ports used that aren't IANA registered.
Change-Id: I99604f95d426ad345f4b494598d94178b886eb67
Reviewed-on: https://code.wireshark.org/review/17724
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Have all dissector tables have a "supports Decode As" flag, which
defaults to FALSE, and which is set to TRUE if a register_decode_as()
refers to it.
When adding a dissector to a dissector table with a given key, only add
it for Decode As if the dissector table supports it.
For non-FT_STRING dissector tables, always check for multiple entries
for the same protocol with different dissectors, and report an error if
we found them.
This means there's no need for the creator of a dissector table to
specify whether duplicates of that sort should be allowed - we always do
the check when registering something for "Decode As" (in a non-FT_STRING
dissector table), and just don't bother registering anything for "Decode
As" if the dissector table doesn't support "Decode As", so there's no
check done for those dissector tables.
Change-Id: I4a1fdea3bddc2af27a65cfbca23edc99b26c0eed
Reviewed-on: https://code.wireshark.org/review/17402
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
rejects packet
This can happen for example is the heuristics changed between the Wireshark
version used to export PDUs, and the one used to open the file.
Instead, call data dissector.
Change-Id: I29f7754f883fd710c3557a610583ef988ca13e43
Reviewed-on: https://code.wireshark.org/review/17280
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Many of the complaints from checkAPI.pl for use of printf are when its embedded
in an #ifdef and checkAPI isn't smart enough to figure that out.
The other (non-ifdef) use is dumping internal structures (which is a type of
debug functionality)
Add a "ws_debug_printf" macro for printf to pacify the warnings.
Change-Id: I63610e1adbbaf2feffb4ec9d4f817247d833f7fd
Reviewed-on: https://code.wireshark.org/review/16623
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Use wmem_strdup + the pinfo pool instead of g_strdup.
Change-Id: I11fbb5ce31b7139421c558ee65ca43c8d8e85900
Reviewed-on: https://code.wireshark.org/review/16445
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Dissector handles created with create_dissector_handle() don't have a
name; report them as "(anonymous)" (there's no guarantee that the printf
family of routines don't crash when a null pointer is provided to %s -
the printf routines in at least some versions of Solaris *do* crash in
that case).
Change-Id: I561ff855a46eeb442299011d567f20751c5c6869
Reviewed-on: https://code.wireshark.org/review/16399
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Improve the error message for a null disssector handle.
Fix indentation while we're at it.
Change-Id: I1cb2f8ac52e56fc98f6b3ad981018f571e5a7bf0
Reviewed-on: https://code.wireshark.org/review/16060
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: Icb5d4f0f3bc60970737abbf62044f4550e8d3ca3
Reviewed-on: https://code.wireshark.org/review/16059
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
|
|
Add REC_TYPE_SYSCALL to wiretap and use it for Sysdig events. Call the
Sysdig event dissector from the frame dissector. Create a "syscall"
protocol for system calls, but add "frame" items to it for now.
Add the ability to write Sysdig events. This lets us merge packet
capture and syscall capture files.
Change-Id: I12774ec69c89d8e329b6130c67f29aade4e3d778
Reviewed-on: https://code.wireshark.org/review/15078
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Most protocols just want to limit COL_INFO or COL_PROTOCOL
so give that level of granularity.
Bug: 12144
Bug: 5117
Bug: 11144
Change-Id: I8de9b7d2c69e90d3fbfc0a52c2bd78c3de58e2f8
Reviewed-on: https://code.wireshark.org/review/15894
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: Ida9384dccb0e8bacbc9aad39515c3dae9c5ce563
Reviewed-on: https://code.wireshark.org/review/14768
Reviewed-by: João Valverde <j@v6e.pt>
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
type.
Change-Id: I7af0d89441b9ab87e9ed8dd0d52ca7f6ad82b896
Reviewed-on: https://code.wireshark.org/review/15458
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Ie1bcbffdc0040bf25e32c763185befb0231f4173
Reviewed-on: https://code.wireshark.org/review/15320
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Report the names for the dissectors as well as the protocol and
dissector table name.
Change-Id: I901b396a1310f0d98b68c9499038fe2f38498ee1
Reviewed-on: https://code.wireshark.org/review/14948
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
When deregister_dissector is called by Lua, the protocol was not
property removed from the dependent dissectors list. Fix this and also
duplicate the memory for keys and values since these strings might be
dynamically allocated.
Fixes a use-after-free after reloading Lua dissectors that use
DissectorTable:add() and opening a new/closing an existing capture file.
Change-Id: If2ae02f155e7ab8fc653c08003755897471f9be0
Reviewed-on: https://code.wireshark.org/review/14735
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This saves many dissectors the need to find the data dissector and store a handle to it.
There were also some that were finding it, but not using it.
For others this was the only reason for their handoff function, so it could be eliminated.
Change-Id: I5d3f951ee1daa3d30c060d21bd12bbc881a8027b
Reviewed-on: https://code.wireshark.org/review/14530
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Dissector and heuristic tables now setup protocol dependencies.
"Manual" dependencies in separate patch.
Ping-Bug: 1402
Change-Id: I8da1239306de8676dcb05f8807914376816fc44f
Reviewed-on: https://code.wireshark.org/review/14447
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This will make it easier to determine protocol dependencies.
Some LLC OUI dissector tables didn't have an associated protocol, so they were left without one (-1 used)
Change-Id: I6339f16476510ef3f393d6fb5d8946419bfb4b7d
Reviewed-on: https://code.wireshark.org/review/14446
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
When reloading Lua plugins all registered heuristic dissectors
must be removed.
Bug: 12251
Change-Id: Ib7da6df347fb9294f5394ae531b582bf6d2730bb
Reviewed-on: https://code.wireshark.org/review/14429
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
Try to improve address API and also fix some constness warnings
by not overloading the 'data' pointer to store malloc'ed buffers
(use private pointer for that instead).
Second try, now passing test suite.
Change-Id: Idc101cd866b6d4f13500c9d59da5c7a38847fb7f
Reviewed-on: https://code.wireshark.org/review/13946
Petri-Dish: João Valverde <j@v6e.pt>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
|
|
'const gpointer' is the same as 'void *const'. Replace with gconstpointer
where straightforward (assuming that was the intent) and use gpointer everywhere
else for clarity (that does not change *API* constness contract; it just means
a variable is not declared immutable inside the called funtion).
Change-Id: Iad2ef13205bfb4ff0056b2bce056353b58942267
Reviewed-on: https://code.wireshark.org/review/13945
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
This reverts commit 13ec77a9fc3af3b0b502820d0b55796c89997896.
This commit introduces a segmentation fault for Lua code (uncovered by the test suite).
Change-Id: Ibc273d1915cda9632697b9f138f0ae104d3fb65e
Reviewed-on: https://code.wireshark.org/review/13813
Reviewed-by: João Valverde <j@v6e.pt>
|
|
Try to improve 'address' API (to be easier/safer) and also avoid
some constness warnings by not overloading the 'data' pointer to
store malloc'ed buffers (use private pointer for that instead).
Change-Id: I7456516b12c67620ceadac447907c12f5905bd49
Reviewed-on: https://code.wireshark.org/review/13463
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
|
|
That removes most of the uses of the frame number field in the
frame_data structure.
Change-Id: Ie22e4533e87f8360d7c0a61ca6ffb796cc233f22
Reviewed-on: https://code.wireshark.org/review/13509
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
That takes into account any time-shifting that's been done.
Change-Id: Ib4c01e7b055f5ac2f1111bcbe946c6094dcb70ae
Reviewed-on: https://code.wireshark.org/review/13502
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Add fields for the absolute time stamp (and another field for a presence
flag for the absolute time stamp) and the packet encapsulation for the
packet.
This lets us remove the field for the packet encapsulation in the
frame_data structure; do so.
Change-Id: Ifb910a9a192414e2a53086f3f7b97f39ed36aa39
Reviewed-on: https://code.wireshark.org/review/13499
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
There are no longer any "old" dissectors, so "new_" is redundant.
Change-Id: I5fee51228c2a8562166f5991e1f30c2c697e45c8
Reviewed-on: https://code.wireshark.org/review/13273
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Due to integer overflow (unsigned -1 + 1 = 0), a call to
dissector_add_uint_range would be stuck in an infinite loop, eventually
crashing due to out of memory.
Found when setting radius.alternate_port:-1, but could happen with any
dissector using similar ports_range constructs.
Change-Id: Ia234e94516446250e959e0f51d552bef704cddff
Reviewed-on: https://code.wireshark.org/review/13153
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I8512cfa1d424f82a873a0e0e1d22c7b075fdd7f3
Reviewed-on: https://code.wireshark.org/review/13069
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Color filters can be seen as a function that takes a tree and display
filters as input and a (possibly empty) coloring rule as output.
This coloring rule is then added to the frame tree and used by the GUI
for coloring the packets list.
From an architectural POV, "coloring" is part of the UI component, but
since it influences the tree, it is something for the dissection
component.
Bug: 5703
Bug: 6099
Change-Id: I73d132ec1dca7262bcb1b55c8481ca564c6161d1
Reviewed-on: https://code.wireshark.org/review/12507
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Ibd5cf8947028d90a734de629e3c4202af9d0514b
Reviewed-on: https://code.wireshark.org/review/12887
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Most of the deregister functions are used internally from Lua
while reloading plugins. Don't export them for others to use.
Change-Id: I919dbfa807f696c38d409ca7206104a0fba1ae65
Reviewed-on: https://code.wireshark.org/review/12508
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
The macros are no longer needed because the conversion is complete.
Change-Id: I42c4b937986d9707eff9225c444cbcab73f8e86a
Reviewed-on: https://code.wireshark.org/review/12517
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I32d30ada66ee68782194905a8aa669c07f0dc204
Reviewed-on: https://code.wireshark.org/review/12482
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
The typedef for the "old style" has been removed as well as any old vs new style checks.
The release notes have been updated to reflect the API change, even though the search/replace of the "new style" function names hasn't happen yet. But it will be coming shortly...
Change-Id: I6d1eeb51d30e3b2b27f0eafd85fe0ddc0ca25b14
Reviewed-on: https://code.wireshark.org/review/12153
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I1ad7c112eda45a41c3f94b04348e328d44d8f585
Reviewed-on: https://code.wireshark.org/review/12152
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
new_register_dissector will eventually take its place, but that search/replace should be done when all "old style" APIs have been removed.
Change-Id: Ic3fdec67d5761fd72beeca7355f9de617562bb77
Reviewed-on: https://code.wireshark.org/review/12095
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
The target here is the Decode As dialog where protocols have multiple registrations into a dissector table and that shows up as multiple entries in the Decode As dialog list with the same name so users are unsure which "dissector" they are choosing.
The "default" behavior (done in this commit) is to not allow duplicates for a dissector table, whether its part of Decode As or not. It's just ENFORCED for Decode As.
Bug: 3949
Change-Id: Ibe14fa61aaeca0881f9cc39b78799e314b5e8127
Reviewed-on: https://code.wireshark.org/review/11405
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
It ends up dragging in libwireshark headers, which programs not linking
with libwireshark shouldn't do. In particular, including
<epan/address.h> causes some functions that refer to libwireshark
functions to be defined if the compiler doesn't handle "static inline"
the way GCC does, and you end up requiring libwireshark even though you
shouldn't require it.
Move plurality() to wsutil/str_util.h, so that non-libwireshark code can
get it without include epan/packet.h. Fix includes as necessary.
Change-Id: Ie4819719da4c2b349f61445112aa419e99b977d3
Reviewed-on: https://code.wireshark.org/review/11545
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
It seems like DCE/RPC could benefit from a GUID dissector table, where a dissector can register it's GUID with a dissector handle. So here is a basic start.
Change-Id: Id407117687a1a648d87f6f99c2ecbf858d8c0911
Reviewed-on: https://code.wireshark.org/review/4718
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
With the adjustment to heur_dissector_add passing an enable/disable flag and "global" control of heuristic dissectors just like regular ones, this is no longer needed.
Change-Id: I2d433c7bff8353421eca31f8813992e38b716911
Reviewed-on: https://code.wireshark.org/review/10848
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Add the "Internals" menu under the View menu instead of at the top level
for now at least. Add the Dissector Tables dialog there.
Change-Id: Ieb23b0015591bac196e4ef94e3443832288333f9
Reviewed-on: https://code.wireshark.org/review/10654
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Passing a null pointer probably means there's really something else
wrong at a higher level. If we could arrange that the DISSECTOR_ASSERT
macros do something useful when *not* executed during a dissection, that
would work.
Change-Id: I2605d1e1f97d35370736852aaf29eeaf2c560279
Reviewed-on: https://code.wireshark.org/review/10592
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: Idfc236f712e288662bab618e72cd68263950fff4
Reviewed-on: https://code.wireshark.org/review/10591
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I445e09803023d1a22a663ba0501c013f113b5bfe
Reviewed-on: https://code.wireshark.org/review/10045
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
