| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
That removes most of the uses of the frame number field in the
frame_data structure.
Change-Id: Ie22e4533e87f8360d7c0a61ca6ffb796cc233f22
Reviewed-on: https://code.wireshark.org/review/13509
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Add fields for the absolute time stamp (and another field for a presence
flag for the absolute time stamp) and the packet encapsulation for the
packet.
This lets us remove the field for the packet encapsulation in the
frame_data structure; do so.
Change-Id: Ifb910a9a192414e2a53086f3f7b97f39ed36aa39
Reviewed-on: https://code.wireshark.org/review/13499
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
I have traces where IP reassembly gets confused by multiple frames from
different VLANS and ends up adding fragments from differet messages
togeter after IP Identification is reused.
I think VLAN ID could be useful in other places too to aviliate duplicate
packet detection. Making this a separate patch while testing the usage.
Change-Id: Id7c23dc52f6de2e1f2e980ec8fe61d0598500d0d
Reviewed-on: https://code.wireshark.org/review/13452
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
The last piece was the NTLMSSP dissector and that is now handled by passing a pointer to a tvbuff* as dissector data for the NTLMSSP dissector to (possibly) "return" a tvbuff* with decrypted data.
Change-Id: I2606172e4d0ebb5fc6353921d5b5f41a4792f9e5
Reviewed-on: https://code.wireshark.org/review/12232
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
between dissectors instead of using packet_info.h
The only remaining explicit user of the packet_info members is the NTLMSSP dissector. However, there may be "hidden" use of it in the spnego dissector passing between ASN.1 functions.
Someone more familiar with the protocols could possibly trim some of the "extra copies" between packet_info and gssapi_encrypt_info_t structure, but I went the "better safe than sorry" route.
Change-Id: I160d2cfccadc5f49b128609223cdff0162c3ca85
Reviewed-on: https://code.wireshark.org/review/11575
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Ifd3d201a09944e3fc36188f891ea8a584886101d
Reviewed-on: https://code.wireshark.org/review/5884
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Profinet I/O and DCOM CBA had completely separate uses for the profinet_type member, so it's okay to separate them with different proto ids tracking the proto_data.
Change-Id: I7b9c01b8d4f74d51fe9f9ef2f957479dff0a7157
Reviewed-on: https://code.wireshark.org/review/5852
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I660caa8283aecff5060c6ed476f316bc5793373e
Reviewed-on: https://code.wireshark.org/review/5643
Reviewed-by: Michael Tüxen <tuexen@wireshark.org>
|
|
Dissectors should pass data directly to their subdissectors through the data parameter (of new-style dissectors). This avoids unintentional "trampling" from other dissectors trying to "share" private_data member.
Change-Id: I2efef5c8dfeef64588ba3ac6e695b469238c6468
Reviewed-on: https://code.wireshark.org/review/5487
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
sccp_msg_info_t* is now passed from SCCP dissector to its subdissectors through dissector data parameter.
Change-Id: Iab4aae58f8995e844f72e02e9f2de36e83589fc0
Reviewed-on: https://code.wireshark.org/review/5442
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Just pass the necessary data to the frame dissector.
Change-Id: I1a4bab32f7b5e28f4e7707794d71b04dab388908
Reviewed-on: https://code.wireshark.org/review/5328
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
All situations can be handled with "shimmed" dissector functions.
Change-Id: Ic85483b32d99d3270b193c9f6b29574d8fad46a8
Reviewed-on: https://code.wireshark.org/review/5327
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Add a dissector table indexed by the file type, and, for the
file-type-specific records, have the frame dissector skip the usual
pseudo-header processing, as the pseudo-header has a file-type-specific
record subtype in it, and call the dissector for that file type's
records.
Change-Id: Ibe97cf6340ffb0dabc08f355891bc346391b91f9
Reviewed-on: https://code.wireshark.org/review/1782
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Add editor modelines.
Change-Id: I360a557a1e9753c4ae7ab95213aa8d44000f7dfd
Reviewed-on: https://code.wireshark.org/review/1335
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
|
This adds the ability for Lua scripts to register heuristic dissectors
for any protocol that has registered a heuristic dissector list, such
as UDP, TCP, and ~50 others. The Lua function can also establish a
conversation tied to its Proto dissector, to avoid having to check the
heuristics for the same flow. The example dissector in the testsuite
has also been enhanced to include a heuristic dissector, to verify
the functionality and provide an example implementation.
Change-Id: Ie232602779f43d3418fe8db09c61d5fc0b59597a
Reviewed-on: https://code.wireshark.org/review/576
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Move COL_* enum to <epan/column-utils.h>
XXX Later we can rename epan/column-info.h to column-int.h (or smth like this)
svn path=/trunk/; revision=54352
|
|
fc_hdr or fc_data_t structure passed between all necessary dissectors.
svn path=/trunk/; revision=53569
|
|
proto data.
svn path=/trunk/; revision=53559
|
|
to be "used" by dissectors, just stored (for help in debugging?).
svn path=/trunk/; revision=53552
|
|
Part of the fix includes having the IPv6 dissector populate as much of a ws_ip structure as possible to pass to subdissectors of the "ip.proto" table, so the ttl value can be picked up.
svn path=/trunk/; revision=53522
|
|
(https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9470)
I'm not sold on the name or module the proto_data functions live in, but I believe the function arguments are solid and gives us the most flexibility for the future. And search/replace of a function name is easy enough to do.
The big driving force for getting this in sooner rather than later is the saved memory on ethernet packets (and IP packets soon), that used to have file_scope() proto data when all it needed was packet_scope() data (technically packet_info->pool scoped), strictly for Decode As.
All dissectors that use p_add_proto_data() only for Decode As functionality have been converted to using packet_scope(). All other dissectors were converted to using file_scope() which was the original scope for "proto" data.
svn path=/trunk/; revision=53520
|
|
The information was converted to "proto" data within their respective dissectors strictly for use in "Decode As".
svn path=/trunk/; revision=53489
|
|
subdissectors. There are no subdissectors currently in Wireshark source that use the ppid member so any third party dissectors need to update accordingly.
svn path=/trunk/; revision=53424
|
|
subdissectors. Bug 9413 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9413)
svn path=/trunk/; revision=53274
|
|
All dissectors that call tcp_dissect_pdus() have the same relative tree position, so it doesn't need to be specifically saved in the packet_info.
svn path=/trunk/; revision=53253
|
|
protocol IDs. This is substantially more efficient, which means we can build it
all the time rather than only if tree (in my benchmarks the extra time taken is
not large enough to be statistically significant even over tens of thousands of
packets).
This fixes what was probably a bug in btobex that relied on layer_names for
non-tree dissection. It also enables a much simpler fix for
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9303
svn path=/trunk/; revision=53089
|
|
used strictly for columns that are considered "deprecated" and I think the third could be put in that category as well.
I assume the column enumerations haven't already been removed because of legacy "indexing issues", but if I'm wrong, we should definitely remove the columns altogether. Could also see renaming columns to DEPRECATED_[X].
svn path=/trunk/; revision=52910
|
|
Dissectors should just use (reported) tvb length and taps have other ways to get the data.
svn path=/trunk/; revision=52899
|
|
using struct _packet_info.
svn path=/trunk/; revision=52827
|
|
existing calls.
svn path=/trunk/; revision=52815
|
|
through ipxhdr_t structure.
svn path=/trunk/; revision=52810
|
|
svn path=/trunk/; revision=52806
|
|
Original (read from file) comments can be accessed by pkthdr->opt_comment
Keep user comments in seperated BST, add new method for epan session to get it.
svn path=/trunk/; revision=51090
|
|
svn path=/trunk/; revision=50772
|
|
timestamp of given frame.
Remove ->prev_cap, for testing purpose also replace ->prev_dis with number of previously displayed frame number.
This patch reduce size of frame_data by 8B (amd64)
This is what (I think) was suggested by Guy in comment 13 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5821#c13)
svn path=/trunk/; revision=50765
|
|
svn path=/trunk/; revision=49640
|
|
- Show the number of per-packet-data entries and which protocol has made entries in the frame.
svn path=/trunk/; revision=49313
|
|
the same protocol in a frame.
svn path=/trunk/; revision=48997
|
|
Otherwise wmem tweaks require rebuilding the entire tree for no particular
reason.
svn path=/trunk/; revision=48018
|
|
public header, but since packet_info.h is included in most of the tree it saves
a great deal of recompilation when something in one of the wmem data structures
changes.
svn path=/trunk/; revision=46624
|
|
A (better?) fix for https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8030
See also thread starting at:
http://www.wireshark.org/lists/wireshark-dev/201212/msg00001.html
svn path=/trunk/; revision=46331
|
|
Use pkthdr instead of pseudo_header as argument for dissecting.
svn path=/trunk/; revision=45601
|
|
svn path=/trunk/; revision=44882
|
|
svn path=/trunk/; revision=44748
|
|
(COPYING will be updated in next commit)
svn path=/trunk/; revision=43536
|
|
(I used PPID 0xffffffff as an end-of-list marker so that PPID can no longer
be used in this dialog; if someone starts using that PPID then we'll have
to put a count of PPIDs in pinfo.)
svn path=/trunk/; revision=42991
|
|
make Save-As/Displayed/All-Packets save not only the displayed packets but
also any other packets needed (e.g., for reassembly) to fully dissect the
displayed packets.
This works only for the "All packets" case; choosing only the Selected packet,
the Marked packets, or a range of packets would require actually storing which
packets depend on which (too much memory) or going through the packet list many
times (too slow). Also, this behavior is always the case: you can't save the
displayed packets without their dependencies (I don't see why this would be
desirable).
So far this is done for SCTP and things using the reassembly routines (TCP has
been tested).
The Win32 dialog was modified but hasn't been tested yet.
One confusing aspect of the UI is that the Displayed count in the Save-As
dialog does not match the number of displayed packets. (I tried renaming the
button "Displayed + Dependencies" but it looked too big.) The tooltip tries
to explain this and the fact that this works only in the All-Packets case;
suggestions for improvement are welcome.
Implementation details:
Dissectors (or the reassembly code) can list frames which were needed to
build the current frame's tree. If the current frame passes the display
filter then each listed frame is marked as "depended upon" (this takes up the
last free frame_data flag).
When performing a Save-As/Displayed/All-Packets then choose packets which
passed the dfilter _or_ are depended upon.
svn path=/trunk/; revision=41216
|
|
svn path=/trunk/; revision=39764
|
|
interfaces and one of them is a GRE tunnel. Resolves bug 5770, which was reopened.
svn path=/trunk/; revision=39757
|
