wireshark - wireshark.org protocol dissector with Osmocom additions (obsolete)

Age	Commit message (Collapse)	Author	Files	Lines
2018-11-26	PCAP: Add expert info to too long frames	Jaap Keuter	1	-1/+13
	When frame data exceeds the snap length given in the PCAP file header, add an expert item warning of this inconsistency. Change-Id: I700fd987320d7505aee33158895ba32ec2b480f6 Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl> Reviewed-on: https://code.wireshark.org/review/30788 Tested-by: Petri Dish Buildbot Petri-Dish: Anders Broman <a.broman58@gmail.com> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-04-13	file-pcap: expert info if captured len > reported len	Martin Kaiser	1	-1/+20
	Bring up an expert info if the file contains a record whose captured length is larger than the reported length. Abort the dissection in this case since we rely on those lengths to find the next record. Change-Id: If249d0fe670373417bbfef6759edc0b020a9f5cb Reviewed-on: https://code.wireshark.org/review/26885 Reviewed-by: Martin Kaiser <wireshark@kaiser.cx> Petri-Dish: Martin Kaiser <wireshark@kaiser.cx> Tested-by: Petri Dish Buildbot Reviewed-by: Craig Jackson <cejackson51@gmail.com> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-02-12	dissectors: use SPDX identifiers.	Dario Lombardo	1	-13/+1
	Change-Id: I92c94448e6641716d03158a5f332c8b53709423a Reviewed-on: https://code.wireshark.org/review/25756 Petri-Dish: Dario Lombardo <lomato@gmail.com> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2017-01-10	Rename tvb_new_subset() to tvb_new_subset_length_caplen().	Guy Harris	1	-1/+1
	This emphasizes that there is no such thing as the routine to construct a subset tvbuff; you need to choose one of tvb_new_subset_remaining() (if you want a new tvbuff that contains everything past a certain point in an existing tvbuff), tvb_new_subset_length() (if you want a subset that contains everything past a certain point, for some number of bytes, in an existing tvbuff), and tvb_new_subset_length_caplen() (for all other cases). Many of the calls to tvb_new_subset_length_caplen() should really be calling one of the other routines; that's the next step. (This also makes it easier to find the calls that need fixing.) Change-Id: Ieb3d676d8cda535451c119487d7cd3b559221f2b Reviewed-on: https://code.wireshark.org/review/19597 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-03-20	Manually add protocol dependencies derived from find_dissector.	Michael Mann	1	-1/+1
	Started by grepping call_dissector_with_data, call_dissector_only and call_dissector and traced the handles passed into them to a find_dissector within the dissector. Then replaced find_dissector with find_dissector_add_dependency and added the protocol id from the dissector. "data" dissector was not considered to be a dependency. Change-Id: I15d0d77301306587ef8e7af5876e74231816890d Reviewed-on: https://code.wireshark.org/review/14509 Petri-Dish: Michael Mann <mmann78@netscape.net> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-01-24	Add the packet number to the packet_info structure, and use it.	Guy Harris	1	-1/+1
	That removes most of the uses of the frame number field in the frame_data structure. Change-Id: Ie22e4533e87f8360d7c0a61ca6ffb796cc233f22 Reviewed-on: https://code.wireshark.org/review/13509 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-23	Add more fields to packet_info structure and use them.	Guy Harris	1	-1/+1
	Add fields for the absolute time stamp (and another field for a presence flag for the absolute time stamp) and the packet encapsulation for the packet. This lets us remove the field for the packet encapsulation in the frame_data structure; do so. Change-Id: Ifb910a9a192414e2a53086f3f7b97f39ed36aa39 Reviewed-on: https://code.wireshark.org/review/13499 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-23	Avoid inhaling fumes. Do not use near open flame.	Guy Harris	1	-1/+1
	Change-Id: I9040745b2878a9ba8a0677e19af6702c2a766ce2 Reviewed-on: https://code.wireshark.org/review/13496 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-23	Get rid of now-unused expert info.	Guy Harris	1	-10/+0
	(If the magic number isn't something we recognize, we don't treat the file as a pcap file, so it can never be "unknown".) Change-Id: I7e8bac1ebd2cbfd6d603035428274a1098ff7544 Reviewed-on: https://code.wireshark.org/review/13491 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-23	Fix handling of the magic number.	Guy Harris	1	-23/+44
	Just treat it as an array of bytes. When checking for whether it's a pcap file, also determine whether it's big-endian or little-endian. Note that reading it in host byte order will tell you whether it's in your byte order or byte-swapped; you have to know your byte order to know whether that means little-endian or big-endian. Have a #define for the magic number size, as all magic number values must be that size, and use that as the size of the magic-number arrays. Handle nanosecond timestamp resolution while we're at it. Change-Id: I4d83579d919ae9f15888afca14317631d413ca51 Reviewed-on: https://code.wireshark.org/review/13490 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2015-12-09	new_register_dissector -> register_dissector for dissector directory.	Michael Mann	1	-1/+1
	Change-Id: Ie39ef054a4a942687bd079f3a4d8c2cc55d5f22c Reviewed-on: https://code.wireshark.org/review/12485 Petri-Dish: Michael Mann <mmann78@netscape.net> Reviewed-by: Michael Mann <mmann78@netscape.net>
2015-11-21	Have a separate dissector for pcap/pcapng-format packet data.	Guy Harris	1	-234/+6
	Put that dissector into its own file, and get handles for it from the pcap and pcapng file dissectors. Put the value_string of pcap/pcapng LINKTYPE_ values there, and have the pcap and pcapng file dissectors import it. Expand that table to include all LINKTYPE_ values in the current libpcap. Change-Id: I9397035efa5711e8a18a26e056d3b54494fd3148 Reviewed-on: https://code.wireshark.org/review/12000 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2015-11-20	File-format: Add ISO_14443 linktype for PCAP/PCAPNG	Michal Labedzki	1	-0/+1
	Assign numbers for LinkTypes on webpage http://www.tcpdump.org/linktypes.html were changed, so update it for file dissector for PCAP/PCAPNG. Change-Id: Icb52c2a8f19bd056723de155700b83497d5fded4 Reviewed-on: https://code.wireshark.org/review/11983 Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com> Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
2015-08-20	file-pcap: differentiate captured length and reported length when calling ↵	Pascal Quantin	1	-8/+17
	next dissector and catch bound errors Otherwise dissection will fail when analyzing a capture with a snap length set Change-Id: I764f48c624d0cc411b04ee62f8ecccaf6abb6f0c Reviewed-on: https://code.wireshark.org/review/10134 Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2015-08-18	pcap: add init value.	Dario Lombardo	1	-1/+1
	Found compiling with gcc version 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04). Change-Id: I21bd3a5ab3365f0065c919aba7d6bd00b878d041 Reviewed-on: https://code.wireshark.org/review/10105 Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com> Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
2015-08-18	File-format: Add PCAP and PCAPNG dissectors	Michal Labedzki	1	-0/+545
	They have educational values and can be used to debugging some issues. Now Wireshark can open three files (BTSNOOP, PCAP, PCAPNG) in two modes: Capture (Traditional) and File-Format. Change-Id: I833b2464d11864f170923dc989a1925d3d217943 Reviewed-on: https://code.wireshark.org/review/10089 Reviewed-by: Anders Broman <a.broman58@gmail.com>