Age | Commit message (Collapse) | Author | Files | Lines |
|
Bug: 13548
Change-Id: I4c018ae7a46ebb3e667004293b3f6e180f9d693f
Reviewed-on: https://code.wireshark.org/review/20855
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
When a packet contains multiple conflicting names for the same address,
it would result in modification of the resolved name every time this DNS
packet is selected. In Qt, this causes a periodic (one second)
redissection of the current (DNS!) packet which interferes with user
interaction. To avoid this, only add the address on the first visit.
Bug: 13533
Change-Id: Ic71515131da4d666bfd589df9ff90a866a30778c
Reviewed-on: https://code.wireshark.org/review/20800
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Add some new encodings for absolute time stamps, and use them as
appropriate; this fixes some cases where the time stamps in question
were being dissected incorrectly.
For the encodings with seconds and 1/2^32s of a second, don't
arbitrarily give only microsecond resolution; 2^32 is greater than 1
million, and, in fact, at least some NTP RFCs explicitly talk about time
resolution greater than 1 microsecond.
Update references in the RELOAD dissector to reflect the documents in
question having been updated and published as RFCs.
Change-Id: Icbe0b696d65eb622978eb71e99ddf699b84e4fca
Reviewed-on: https://code.wireshark.org/review/20759
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I39a8c6639174e73f90bc4c3d8bccf628c3a477c3
Reviewed-on: https://code.wireshark.org/review/20179
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: Ifbee604f25c27076750f41ada9dfef6157ac7819
Reviewed-on: https://code.wireshark.org/review/20180
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
All cases of the "original" format_text have been handled to add the
proper wmem allocator scope. Remove the "original" format_text
and replace it with one that has a wmem allocator as a parameter.
Change-Id: I278b93bcb4a17ff396413b75cd332f5fc2666719
Reviewed-on: https://code.wireshark.org/review/19884
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This allows for a wmem_allocator for users of format_text who want
it (dissectors for wmem_packet_scope()). This lessens the role of
current format_text functionality in hopes that it will eventually
be replaced.
Change-Id: I970557a65e32aa79634a3fcc654ab641b871178e
Reviewed-on: https://code.wireshark.org/review/19855
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Ib376127546aa15806ed37a7c26fe29b0fa80225c
Reviewed-on: https://code.wireshark.org/review/19722
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Since the fix for bug 13289, an empty string can be returned by get_dns_name.
Ensure that:
- a malformed encoding with no characters and a length > 1 triggers an exception
- the formatted version is used to add info in tree.
Bug: 13339
Change-Id: I88125a351904eabb5cededfbfe1d5ef14ea61ecc
Reviewed-on: https://code.wireshark.org/review/19714
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Bug: 13334
Change-Id: I07248747f678d4f89bbde33280b4d596462a4429
Reviewed-on: https://code.wireshark.org/review/19688
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Because of the DNS name encoding, the consumed bytes in the tvb and
the length of the string of the dns name can be different. We need
to handle them separately for the purpose they are. Moreover the
name string can contain null bytes, then we can't rely on strlen()
but we need the actual length.
Subsequent calls to proto_tree_add_string() will require to pass
the string to format_text() in order have non-printable characters
printed.
Bug: 13289
Change-Id: I6d0b295867ece265f8995f82da2c629992aeb703
Reviewed-on: https://code.wireshark.org/review/19539
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Similar to the "tcp.port" changes in I99604f95d426ad345f4b494598d94178b886eb67,
convert dissectors that use "udp.port".
More cleanup done on dissectors that use both TCP and UDP dissector
tables, so that less preference callbacks exist.
Change-Id: If07be9b9e850c244336a7069599cd554ce312dd3
Reviewed-on: https://code.wireshark.org/review/18120
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This patch introduces new APIs to allow dissectors to have a preference for
a (TCP) port, but the underlying data is actually part of Decode As functionality.
For now the APIs are intentionally separate from the regular APIs that register a
dissector within a dissector table. It may be possible to eventually combine the
two so that all dissectors that register with a dissector table have an opportunity
to "automatically" have a preference to adjust the "table value" through the
preferences dialog.
The tcp.port dissector table was used as the guinea pig. This will eventually be
expanded to other dissector tables as well (most notably UDP ports). Some
dissectors that "shared" a TCP/UDP port preference were also converted. It also
removed the need for some preference callback functions (mostly when the callback
function was the proto_reg_handoff function) so there is cleanup around that.
Dissectors that has a port preference whose default was 0 were switched to using
the dissector_add_for_decode_as_with_preference API rather than dissector_add_uint_with_preference
Also added comments for TCP ports used that aren't IANA registered.
Change-Id: I99604f95d426ad345f4b494598d94178b886eb67
Reviewed-on: https://code.wireshark.org/review/17724
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Have all dissector tables have a "supports Decode As" flag, which
defaults to FALSE, and which is set to TRUE if a register_decode_as()
refers to it.
When adding a dissector to a dissector table with a given key, only add
it for Decode As if the dissector table supports it.
For non-FT_STRING dissector tables, always check for multiple entries
for the same protocol with different dissectors, and report an error if
we found them.
This means there's no need for the creator of a dissector table to
specify whether duplicates of that sort should be allowed - we always do
the check when registering something for "Decode As" (in a non-FT_STRING
dissector table), and just don't bother registering anything for "Decode
As" if the dissector table doesn't support "Decode As", so there's no
check done for those dissector tables.
Change-Id: I4a1fdea3bddc2af27a65cfbca23edc99b26c0eed
Reviewed-on: https://code.wireshark.org/review/17402
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: Ia4066ae3fc31fb43d4cc63cfb739f22738581831
Reviewed-on: https://code.wireshark.org/review/16256
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
|
|
Also some other tricks to remove unnecessary tvb_get_string_enc calls.
Change-Id: I2f40d9175b6c0bb0b1364b4089bfaa287edf0914
Reviewed-on: https://code.wireshark.org/review/16158
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Change-Id: I1a6409262614a87c159236375223707c85114650
Reviewed-on: https://code.wireshark.org/review/15972
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
|
|
The stats for mDNS and llmnr are pending. The change just resolves a bug
in the stats that are wrongly generated when the traffic is mDNS or LLMR.
Bug: 12492
Change-Id: Ie772e204d0ddea997dd8cbf609725605c8a507c8
Reviewed-on: https://code.wireshark.org/review/15897
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
and fix Bad cookie text
Change-Id: Ie9e2629a9f6cff4e2a35fcf4bf399858dd21c5ef
Reviewed-on: https://code.wireshark.org/review/15721
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I34d6fc5a59af7cfd39a1181e71788dfee617cc22
Reviewed-on: https://code.wireshark.org/review/15497
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
|
|
Also update comment about RFC7830
Issue reported by Alex Mayrhofer
Ping-bug:11759
Change-Id: I4e70a32ddca6de43cb97f921b027e167170bf16d
Reviewed-on: https://code.wireshark.org/review/15017
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
|
|
Indicate whether they take a signed time delta or an unsigned time
delta.
Export unsigned_time_secs_to_str() while we're at it.
Change-Id: I0fbe87f1825efa886364caa61a3358b79d285947
Reviewed-on: https://code.wireshark.org/review/15324
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
As stated in the RFC1035 the TTL is a signed int.
https://tools.ietf.org/html/rfc1035#section-3.2.1
Change-Id: I07e57309f83f1877b1b4cb6a085bc3dabf053379
Reviewed-on: https://code.wireshark.org/review/14759
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Started by grepping call_dissector_with_data, call_dissector_only and call_dissector and traced the handles passed into them to a find_dissector within the dissector. Then replaced find_dissector with find_dissector_add_dependency and added the protocol id from the dissector.
"data" dissector was not considered to be a dependency.
Change-Id: I15d0d77301306587ef8e7af5876e74231816890d
Reviewed-on: https://code.wireshark.org/review/14509
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This will make it easier to determine protocol dependencies.
Some LLC OUI dissector tables didn't have an associated protocol, so they were left without one (-1 used)
Change-Id: I6339f16476510ef3f393d6fb5d8946419bfb4b7d
Reviewed-on: https://code.wireshark.org/review/14446
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
cur_offset was not incremented for the server part, causing a
"Malformed packet" message.
Change-Id: I21cb876e0d70b1de0cb2f76d37edec4c2ec7c788
Reviewed-on: https://code.wireshark.org/review/14402
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Dissectors registered with SSL must be registered for Export PDU to
work properly. Otherwise the dissector name could be NULL, resulting
in a capture file that cannot properly be dissected.
Add an assertion to ssl-utils to catch this situation. Note that this
results in an "wmem_alloc: assertion failed: (allocator->in_scope)"
report because these functions are possibly called in the protocol
handoff routines... Can be fixed later.
The DNS dissector is fixed by merging the UDP/TCP dissectors into a
single dns handle which recognizes TCP and then assumes the length
prefix if TCP.
Change-Id: If73b9b09a4682d66fb8fa026c42a3475648f9bf1
Reviewed-on: https://code.wireshark.org/review/13194
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
That removes most of the uses of the frame number field in the
frame_data structure.
Change-Id: Ie22e4533e87f8360d7c0a61ca6ffb796cc233f22
Reviewed-on: https://code.wireshark.org/review/13509
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Add fields for the absolute time stamp (and another field for a presence
flag for the absolute time stamp) and the packet encapsulation for the
packet.
This lets us remove the field for the packet encapsulation in the
frame_data structure; do so.
Change-Id: Ifb910a9a192414e2a53086f3f7b97f39ed36aa39
Reviewed-on: https://code.wireshark.org/review/13499
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I3d2d83d60f798703ea3fa16ba2d6e95a00f88469
Reviewed-on: https://code.wireshark.org/review/12885
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I14ef5244ddcc34fc0edea159e3e8593da8f50ffe
Reviewed-on: https://code.wireshark.org/review/12819
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Change-Id: Ie39ef054a4a942687bd079f3a4d8c2cc55d5f22c
Reviewed-on: https://code.wireshark.org/review/12485
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Some of the ASN.1 dissectors still generate a new_create_dissector_handle from the tool itself, so leave those for now.
Change-Id: Ic6e5803b1444d7ac24070949f5fd557909a5641f
Reviewed-on: https://code.wireshark.org/review/12484
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
https://tools.ietf.org/html/draft-ietf-dnsop-edns-chain-query
Bug:11759
Change-Id: I631bf381dbfed956285855083a00a91f54a3c39c
Reviewed-on: https://code.wireshark.org/review/12064
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
https://tools.ietf.org/html/draft-ietf-dprive-edns0-padding
Bug:11759
Change-Id: Ic71406dee2e5f44c6d2393bb325907f13222cf6f
Reviewed-on: https://code.wireshark.org/review/11815
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
https://tools.ietf.org/html/draft-ietf-dnsop-edns-tcp-keepalive (draft-04)
Bug:11759
Change-Id: I12461d69f49068bfe46de76bc26f30d7374fc9c3
Reviewed-on: https://code.wireshark.org/review/11814
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Id218dec9e5a721d6c63fd34962ffe50b6ab8dd56
Reviewed-on: https://code.wireshark.org/review/11946
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Diederik de Groot <dkgroot@talon.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Picking off "easy" dissectors that only have one or two exit points at most.
Change-Id: Ie514f126352e7598acc4f7c38db9c61d105d5e48
Reviewed-on: https://code.wireshark.org/review/11850
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
See http://tools.ietf.org/html/draft-ietf-dprive-dns-over-tls-01
and https://www.ietf.org/id/draft-ietf-dprive-dnsodtls-02.txt
Bug: 11679
Change-Id: I5ebc43008951ddbb4570f5aeb55093aaf84f3401
Reviewed-on: https://code.wireshark.org/review/11528
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I0eb03f2452c4f7fef0f527c7ce7154d479fcc3fd
Reviewed-on: https://code.wireshark.org/review/11544
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
The target here is the Decode As dialog where protocols have multiple registrations into a dissector table and that shows up as multiple entries in the Decode As dialog list with the same name so users are unsure which "dissector" they are choosing.
The "default" behavior (done in this commit) is to not allow duplicates for a dissector table, whether its part of Decode As or not. It's just ENFORCED for Decode As.
Bug: 3949
Change-Id: Ibe14fa61aaeca0881f9cc39b78799e314b5e8127
Reviewed-on: https://code.wireshark.org/review/11405
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Oh, and the "S" in "DNS" stands for "System", not "Service"; see RFC
1034 and 1035.
Change-Id: Iff1904dbe245db68880b3336d744460f21fb8fd8
Reviewed-on: https://code.wireshark.org/review/11408
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Replace CMP_ADDRESS, COPY_ADDRESS, et al with their lower-case
equivalents in the asn1 and epan directories.
Change-Id: I4043b0931d4353d60cffbd829e30269eb8d08cf4
Reviewed-on: https://code.wireshark.org/review/11200
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
tvb_get_ipv6() takes a struct e_in6_addr *, use that here too.
Change-Id: Id8b368daa05c151a61d4bc01dc88c00da13e9c88
Reviewed-on: https://code.wireshark.org/review/10953
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Balint Reczey <balint@balintreczey.hu>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Change-Id: I8cfd1c223c70c7e03728af8b2f7cbf9354d7ad86
Ping-Bug: 3949
Reviewed-on: https://code.wireshark.org/review/10865
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
* draft-ietf-dnsop-delegation-trust-maintainance-14 => RFC 7344
Update also DNS-Based Authentication of Named Entities (DANE) Parameters (
2014-04-23) (no change)
Change-Id: I7aa7dddf8c26d2ea2ccb4a0533d835ce119737bd
Reviewed-on: https://code.wireshark.org/review/10825
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
draft-ietf-dnsop-cookies-05.txt
Change-Id: Ife550d8fe0c6604329c78bb34e94276050148a8a
Reviewed-on: https://code.wireshark.org/review/10824
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
NULL)
Change-Id: Ib7cebd588924270b2003fad575f4cd0c3ec2678e
Reviewed-on: https://code.wireshark.org/review/10698
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I79ecb77ac5ab7e18f9986f2987fafeab8a117644
Reviewed-on: https://code.wireshark.org/review/10697
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Move the boolean flag for using captured DNS packet info for name resolution
to the Name Resolution preferences settings, as it was rather surprising to
disable Name Resolution preferences and still have names being resolved. Also
disble them all if the '-n' command line switch is used, and re-enable it for
a 'd' character in the '-N' option.
Bug: 10337
Change-Id: Ie4d47bab0100db3360cc447cd3e446b2e39aa917
Reviewed-on: https://code.wireshark.org/review/9786
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
|