| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
A tap_id is never 0, so initializing tap variables to -1 is not
necessary.
|
|
Remove init of proto, header field, expert info and subtree variables.
This will reduces the binary size by approximate 1266320 bytes due to
using .bss to zero-initialize the fields.
The conversion is done using the tools/convert-proto-init.py script.
|
|
Change checks for valid hf values to include 0 as not valid.
This will prepare the dissectors for a change to initialize
proto values to 0 instead of -1.
|
|
|
|
ENC_BCD_DIGITS_0_9 and other encodings for packed BCD values are
hard-wired to little endian for multi-byte fields.
Some dissectors like zvt work around this by calling tvb_get_bcd_string
and proto_tree_add_string. The mdb protocol is also using multi-byte
packed BCD fields in big-endian order.
This patch allows setting ENC_BIG_ENDIAN or ENC_LITTLE_ENDIAN in
combination with the BCD encodings. Unfortunately, we have to default to
big endian and fix up all existing users.
|
|
As requested [here][1] by @eapache, help with removing calls to
`wmem_packet_scope()` in favour of references to `pinfo->pool`.
* Plugins chosen semi-alphabetically.
* When a calling function already has a `pinfo` argument, use that.
* Remove `_U_` from its signature if it was there.
* If a function seems narrowly focused on getting and (possibly)
returning memory, change the function signature to take a
`wmem_allocator_t *`.
* If it seems more focused on packet-based operations, pass in a
`packet_info *` instead and use `pinfo->pool` within.
* Some of the files in this MR still have references to
`wmem_packet_scope()` where it would take significant work to remove.
These will need revisiting later.
[1]: https://www.wireshark.org/lists/wireshark-dev/202107/msg00052.html
|
|
Ping #19116.
|
|
|
|
Fix a leak of a GArray introduced by
commit f4fb92745e9f02fc1e5bc5d1bfa68c757a254
|
|
|
|
line 2198 Although the value stored to 'vnd' is used in the enclosing expression, the value is never actually read from 'vnd'
|
|
A given protocol's packet format may depend, for example, on which
lower-level protocol is transporting the protocol in question. For
example, protocols that run atop both byte-stream protocols such as TCP
and TLS, and packet-oriented protocols such as UDP or DTLS, might begin
the packet with a length when running atop a byte-stream protocol, to
indicate where this packet ends and the next packet begins in the byte
stream, but not do so when running atop a packet-oriented protocol.
Dissectors can handle this in various ways:
For example, the dissector could attempt to determine the protocol over
which the packet was transported.
Unfortunately, many of those mechanisms do so by fetching data from the
packet_info structure, and many items in that structure act as global
variables, so that, for example, if there are two two PDUs for protocol
A inside a TCP segment, and the first protocol for PDU A contains a PDU
for protocol B, and protocol B's dissector, or a dissector it calls,
modifies the information in the packet_info structure so that it no
longer indicates that the parent protocol is TCP, the second PDU for
protocol A might not be correctly dissected.
Another such mechanism is to query the previous element in the layers
structure of the packet_info structure, which is a list of protocol IDs.
Unfortunately, that is not a list of earlier protocols in the protocol
stack, it's a list of earlier protocols in the dissection, which means
that, in the above example, when the second PDU for protocol A is
dissected, the list is {...,TCP,A,B,...,A}, which means that the
previous element in the list is not TCP, so, again, the second PDU for
protocol A will not be correctly dissected.
An alternative is to have multiple dissectors for the same protocol,
with the part of the protocol that's independent of the protocol
transporting the PDU being dissected by common code. Protocol B might
have an "over a byte-stream transport" dissector and an "over a packet
transport" dissector, with the first dissector being registered for use
over TCP and TLS and the other dissector being registered for use over
packet protocols. This mechanism, unlike the other mechanisms, is not
dependent on information in the packet_info structure that might be
affected by dissectors other than the one for the protocol that
transports protocol B.
Furthermore, in a LINKTYPE_WIRESHARK_UPPER_PDU pcap or pcapng packet for
protocol B, there might not be any information to indicate the protocol
that transports protocol B, so there would have to be separate
dissectors for protocol B, with separate names, so that a tag giving the
protocol name would differ for B-over-byte-stream and B-over-packets.
So:
We rename EXP_PDU_TAG_PROTO_NAME and EXP_PDU_TAG_HEUR_PROTO_NAME to
EXP_PDU_TAG_DISSECTOR_NAME and EXP_PDU_TAG_HEUR_DISSECTOR_NAME, to
emphasize that they are *not* protocol names, they are dissector names
(which has always been the case - if there's a protocol with that name,
but no dissector with that name, Wireshark will not be able to handle
the packet, as it will try to look up a dissector given that name and
fail).
We fix that exported PDU dissector to refer to those tags as dissector
names, not protocol names.
We update documentation to refer to them as DISSECTOR_NAME tags, not
PROTO_NAME tags. (If there is any documentation for this outside the
Wireshark source, it should be updated as well.)
We add comments for calls to dissector_handle_get_dissector_name() where
the dissector name is shown to the user, to indicate that it might be
that the protocol name should be used.
We update the TLS and DTLS dissectors to show the encapsulated protocol
as the string returned by dissector_handle_get_long_name(); as the
default is "Application Data", it appeaers that a descriptive name,
rather than a short API name, should be used. (We continue to use the
dissector name in debugging messages, to indicate which dissector was
called.)
|
|
Move the rest of the SCTP port preferences to auto prefs
with ranges. Ping #14319.
|
|
Create the command value string when loading the dictionary and
assign it to the command code field when registering it. This
makes it behave like any other value_string for adding to a custom
column (allowing resolved and unresolved), etc.
It could be changed to use a wmem_array instead of a GArray, as is
currently done with the AVPs.
Fix #16833. (Note that solving the analogous issue for the AVP
code text is more complicated, since the interpretation depends
on the vendor ID.)
|
|
There's some code intended to decode an older Internet Draft version
of Diameter, before December 2002. It's supposed to be set by an
obsolete enum preference, but due to a misunderstanding, it's
been dead code for the last 15 years. No one has complained in that
time, so instead of bringing the preference back and resurrecting
it, remove it and shrink the memory usage of the diameter dissector.
Related to #16833, as it will make adding the command code value
string simpler.
|
|
The Diameter message length must be a multiple of 4, something
implicitly true in RFC 3588 and make explicit in RFC 6733.
|
|
Add a heuristic dissector for Diameter over TCP, disabled by default.
We shouldn't need one for Diameter over SCTP, the PPID should take
care of it.
|
|
Port 5868 is IANA registered for Diameter over TLS/TCP and
DTLS/SCTP. Register the diameter TCP handle by name so that
it can be registered to tls.
|
|
This allows flags to be passed by the registering listener
to the collection of information
|
|
3GPP.User-Equipment-Info AVP should contain the IMEISV (if type is 0).
However some implementations put the IMEI there: decode it but display a
protocol error indication too.
|
|
Do not require a useless ENC_NA parameter for string encodings.
FT_STRING and FT_STRINGZ types don't have any ndianness.
Follow-up to 6ec429622c9258eefd388caf21ce92ab5b9f54b4.
|
|
Fixes more repeated words seen throughout
the code base.
|
|
|
|
|
|
|
|
dissect_diameter_mip6_feature_vector is checking whether the data argument
(assigned to diam_sub_dis_inf) is null, but later dereferences it outside
the conditional, so if it was null it would crash anyway. It doesn't seem
possible for the data argument to actually be null, so this commit removes
the redundant check. I'm also adding an assert to document the non-null
assumption.
Bug found by clang static analyzer.
Fixes #17427.
|
|
Some example captures of DIAMETER show the IMEISV in User-Equipment-Info
being BCD encoded (as commonly seen in other protocols.) If the number
of octets used is 8, assume it is BCD encoded. If the number of octets
used is 16, assume it is ASCII. Otherwise, set an expert info for the
wrong length like the other types.
Use the defined constants to verify the lengths of the MAC, EUI64, and
MODIFIED_EUI64 types. Correct the length of the Modified EUI64 type,
as it is also 8 bytes, the same as EUI64 (there must have been confusion
with IPv6 addresses, which contain a Modified EUI64 in their 8 least
significant bytes.)
|
|
The Diameter type Address hase a two byte address type family field
previously only IPv4 and IPv6 was handled. Add handling of E.164 when
encoded as a string.
|
|
Define a bew type name type-name="OctetStringOrUTF8" type-parent="OctetString"
to be used with OctetStrings that CAN be strings. This is a Wireshark
unique addition to the xml dixtionarys and makes use of BASE_SHOW_ASCII_PRINTABLE.
|
|
The static arrays are supposed to be arrays of const pointers to int,
not arrays of non-const pointers to const int.
Fixing that means some bugs (scribbling on what's *supposed* to be a
const array) will be caught (see packet-ieee80211-radiotap.c for
examples, the first of which inspired this change and the second of
which was discovered while testing compiles with this change), and
removes the need for some annoying casts.
Also make some of those arrays static while we're at it.
Update documentation and dissector-generator tools.
Change-Id: I789da5fc60aadc15797cefecfd9a9fbe9a130ccc
Reviewed-on: https://code.wireshark.org/review/37517
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
This commit replaces instances of
(myobj *)wmem_alloc(wmem_file_scope(), sizeof(myobj))
and replaces them with:
wmem_new(wmem_file_scope(), myobj)
to improve the readability of Wireshark's code.
The replacement locations were identified with grep
and replaced with the Python script below.
grep command:
egrep "wmem_alloc0?\(wmem_file_scope\(\), sizeof\([a-z_]+\)\)" . -R -l
python script:
import re
import sys
import fileinput
pattern = r'\(([^\s]+) ?\*\) ?wmem_alloc(0?)\((wmem_[a-z]+_scope\(\)), sizeof\(\1\)\)'
replacewith = r'wmem_new\2(\3, \1)'
fname = sys.argv[1]
for line in fileinput.input(fname, inplace=1, mode='rb'):
output = re.sub(pattern, replacewith, line)
sys.stdout.write(output)
Change-Id: Ieac246c104bf01e32cbc6e11e53e81c7f639d870
Reviewed-on: https://code.wireshark.org/review/37158
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
|
|
Prefer:
- html (rather than txt)
- https
Also includes the script check_dissector_urls.py,
that can be used to find links in code and test them.
Change-Id: Iafd8bb8948674a38ad5232bf5b5432ffb2b1251b
Reviewed-on: https://code.wireshark.org/review/36821
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
check_dissector_urls.py was written and used to
find URLs within epan/dissectors/*.c and try to
fetch them using 'requests'. Will be commmitted
separately.
Most of the changes were to adapt to reorganisation
of IETF or 3gpp2 links, but many of the broken links
are for websites or companies that no longer exist.
Change-Id: Ie9afdb95099218402a61626a0cd5193c6f781b96
Reviewed-on: https://code.wireshark.org/review/36769
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
|
|
Update the Service Response Time section of the User's Guide. The sample
captures page had a nice SMB2 capture file, so use that for the example.
Use title case for "Diameter" to match the RFCs.
Change-Id: Icff510dbe2d77db9cd42548ad58439d17282e851
Reviewed-on: https://code.wireshark.org/review/36421
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I5a1eb1a431cad6ca07ef0db00fbe1c3192709d58
Reviewed-on: https://code.wireshark.org/review/34922
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
|
|
Created the Microsoft Diameter file based on MS-CHAP-* AVPs listed at
https://www.iana.org/assignments/eap-numbers/eap-numbers.xhtml#eap-numbers-10
Many values are displayed as bytes for simplicit. The MS-CHAP2-Success
attribute could for example be dissected further as 1 byte followed by a
string, but that requires more effort.
Allow padding to be missing since the eap-ttls-mschapv2.pcapng capture
would throw a Malformed Packet exception otherwise.
Bug: 15603
Change-Id: I9efc322a86802e78bb6cd4bc3df1c1282a45fe9e
Reviewed-on: https://code.wireshark.org/review/34291
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Add support for dissecting the decrypted TLS payload as Diameter.
Add support for dissecting the EAP-Message attribute as EAP.
Disable retransmission detection when EAP-Message is detected (EAP in
TLS in EAP) since this results in false positives.
Tested with captures from Bug 15603:
* eap-ttls-pap.pcapng - ok, User-Name and User-Password AVPs.
* eap-ttls-eap-gtc.pcapng, eap-ttls-eap-md5.pcapng - EAP-Message AVP.
* eap-ttls-mschapv2.pcapng - partially supported, does not conform to
Diameter AVP requirements as it is not padded. Microsoft vendor types
are also not yet supported. To be fixed later.
* eapttls-diameter-avp.pcapng (Bug 12880) - EAP-Message AVP.
Bug: 12880
Bug: 15603
Change-Id: Ie7ea282d05c1d3ff8463c34bf259107562714440
Reviewed-on: https://code.wireshark.org/review/34281
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change all wireshark.org URLs to use https.
Fix some broken links while we're at it.
Change-Id: I161bf8eeca43b8027605acea666032da86f5ea1c
Reviewed-on: https://code.wireshark.org/review/34089
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I1b4e4567dcafef88fcb5d2157899dfb88a8e2640
Reviewed-on: https://code.wireshark.org/review/33657
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I818e00fc3e8e2ff3da50f2075f6e7f9ec085ca2d
Reviewed-on: https://code.wireshark.org/review/32876
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Convert our various PROTO_ITEM_ macros to inline functions and document
them.
Change-Id: I070b15d4f70d2189217a177ee8ba2740be36327c
Reviewed-on: https://code.wireshark.org/review/32706
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
This allows taps that can fail to report an error and fail; a failed
tap's packet routine won't be called again, so they don't have to keep
track of whether they've failed themselves.
We make the return value from the packet routine an enum.
Don't have a separate type for the per-packet routine for "follow" taps;
they're expected to act like tap packet routines, so just use the type
for tap packet routines.
One tap packet routine returned -1; that's not a valid return value, and
wasn't one before this change (the return value was a boolean), so
presume the intent was "don't redraw".
Another tap routine's early return, without doing any work, returned
TRUE; this is presumably an error (no work done, no need to redraw), so
presumably it should be "don't redraw".
Clean up some white space while we're at it.
Change-Id: Ia7d2b717b2cace4b13c2b886e699aa4d79cc82c8
Reviewed-on: https://code.wireshark.org/review/31283
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Make the time stamp precision a 4-bit bitfield, so, when combined with
the other bitfields, we have 32 bits. That means we put the flags at
the same structure level as the time stamp precision, so they can be
combined; that gets rid of an extra "flags." for references to the flags.
Put the two pointers next to each other, and after a multiple of 8 bytes
worth of other fields, so that there's no padding before or between them.
It's still not down to 64 bytes, which is the next lower power of 2, so
there's more work to do.
Change-Id: I6f3e9d9f6f48137bbee8f100c152d2c42adb8fbe
Reviewed-on: https://code.wireshark.org/review/31213
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
RFC 6733, ch3. specifies message length field as three octets and indicates the
length of the Diameter message including headers and padding.
Change-Id: I73694a085bbafb3ae280e02fa4c9e26868b31f76
Reviewed-on: https://code.wireshark.org/review/30772
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I0f293ea529dce5147eef5bfb9d8d4b39640fd0aa
Reviewed-on: https://code.wireshark.org/review/30554
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
That way, we don't need a chunk of code in epan/prefs.c that knows about
various preference module mappings; individual dissectors can register
aliases as appropriate.
(The Nortel Discovery Protocol never *had* any preferences, even when
it was the SynOptics Network Management Protocol, so there's no need for
it to register an alias.)
Change-Id: I4a718dac6bb06801cc06a6ee5a28d7ed81e67e5d
Reviewed-on: https://code.wireshark.org/review/29914
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
g_array_free(a, FALSE) returns "a->data". Callers that do not handle
this will leak memory. Convert other users to use the return value
instead of direct access to "a->data".
Change-Id: I0a29864e8106c0bf09e9573ef29e4474179c4171
Reviewed-on: https://code.wireshark.org/review/27438
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Change-Id: I841a1cdb637f37673466e4d065474c0f7e2dfc56
Reviewed-on: https://code.wireshark.org/review/27512
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I92c94448e6641716d03158a5f332c8b53709423a
Reviewed-on: https://code.wireshark.org/review/25756
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Bug introduced in g7ade1695ba
Change-Id: I83e2c2df4f7764130ebe342170f40de5e7610611
Reviewed-on: https://code.wireshark.org/review/25164
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
