Age | Commit message (Collapse) | Author | Files | Lines |
|
Add a preference to the DNS dissector to specify how many seconds can
elapse before a DNS query is considered a retransmission because the
transaction ID is shared with a previous request.
If retransmission is found, add expert info and hf_ field linking to
the original request.
If a retransmission of a response is found, add expert info and hf_ field
linking to the original response.
Bug: 14178
Bug: 13313
Change-Id: Idd77ab7f7638f5056d5690633c787a4d52285aee
Reviewed-on: https://code.wireshark.org/review/24525
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
That allows a parallel typedef of ws_in4_addr for guint32.
Change-Id: I03b230247065e0e3840eb87635315a8e523ef562
Reviewed-on: https://code.wireshark.org/review/24073
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
It avoids leaking memory in case an exception is thrown during
dissection
Change-Id: Iab72bcb4cc1ac56e7ce5ff2693e3111aead03e7d
Reviewed-on: https://code.wireshark.org/review/23464
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I1bb25125d9bd7b62b5784bd43d933dc5ff13987c
Reviewed-on: https://code.wireshark.org/review/23005
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I710d9c519ccf012d3e74e7c2087d0f9fc5cfca12
Reviewed-on: https://code.wireshark.org/review/23004
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Id0f9fd6d49669f5d4606448788658e5a8ed89f8d
Reviewed-on: https://code.wireshark.org/review/23003
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Iec47e262beb9600fc6596242c4ce0d56162be74f
Reviewed-on: https://code.wireshark.org/review/22881
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
|
|
Add support for draft-bellis-dnsop-xpf to the DNS dissector:
- Parse the XPF additional RR (currently using a temp value of 65422)
Bug: 13928
Change-Id: I2d4fa23a8d3828db483bc41fafe6cbd8885514dc
Reviewed-on: https://code.wireshark.org/review/22803
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
The LOC records LATITUDE and LONGITUDE angle values may become too
large. Find these and stop conversion into invalid values.
Bug: 13914
Change-Id: Ia01ac1ecf5080350454f06536c9be1cf758d6f3c
Reviewed-on: https://code.wireshark.org/review/22847
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
When getting the (partial) IPv4 address make sure to pass the full
32 bits of the address when adding the proto tree item.
Bug: 13923
Change-Id: I5b849705e723efd1269a64ee28b8d93724ab769a
Reviewed-on: https://code.wireshark.org/review/22838
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I56b99941db63ca87cd233112967592c948d2a390
Reviewed-on: https://code.wireshark.org/review/22361
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This was inspired by using the Decode-As UI to decode Field "SSL TCP Dissector"
Value (port) XXX as YYY. "SSL Port" makes more sense as the UI name.
Change-Id: Id6398a5dc79e32bddc4f1bfcf0a468ae1364808f
Reviewed-on: https://code.wireshark.org/review/19573
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Previously the number of allowed pointers within a message is equal to
the data in a tvb (16575 in one example). This is still expensive, so
implement an alternative detection mechanism that looks for a direct
self-loop and limits the total pointers to about 256.
Bug: 13633
Change-Id: I803873e24ab170c7ef0b881d3bdc9dfd4014de97
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1206
Reviewed-on: https://code.wireshark.org/review/21507
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
found by gcc7
and add also a missing (optional) break after default
Change-Id: I03d594db4702ccb4ebab3fca6b071d323e7f8d39
Reviewed-on: https://code.wireshark.org/review/20994
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Get rid of extra blank lines.
Clean up indentation.
Use the same style for switch statements inside cases for the main
switch statement in dissect_dns_answer() that's used for the main switch
statement.
Change-Id: I77da88a9ffcbf176d27e16222e75c778202c651b
Reviewed-on: https://code.wireshark.org/review/20907
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Bug: 13548
Change-Id: I4c018ae7a46ebb3e667004293b3f6e180f9d693f
Reviewed-on: https://code.wireshark.org/review/20855
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
When a packet contains multiple conflicting names for the same address,
it would result in modification of the resolved name every time this DNS
packet is selected. In Qt, this causes a periodic (one second)
redissection of the current (DNS!) packet which interferes with user
interaction. To avoid this, only add the address on the first visit.
Bug: 13533
Change-Id: Ic71515131da4d666bfd589df9ff90a866a30778c
Reviewed-on: https://code.wireshark.org/review/20800
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Add some new encodings for absolute time stamps, and use them as
appropriate; this fixes some cases where the time stamps in question
were being dissected incorrectly.
For the encodings with seconds and 1/2^32s of a second, don't
arbitrarily give only microsecond resolution; 2^32 is greater than 1
million, and, in fact, at least some NTP RFCs explicitly talk about time
resolution greater than 1 microsecond.
Update references in the RELOAD dissector to reflect the documents in
question having been updated and published as RFCs.
Change-Id: Icbe0b696d65eb622978eb71e99ddf699b84e4fca
Reviewed-on: https://code.wireshark.org/review/20759
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I39a8c6639174e73f90bc4c3d8bccf628c3a477c3
Reviewed-on: https://code.wireshark.org/review/20179
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: Ifbee604f25c27076750f41ada9dfef6157ac7819
Reviewed-on: https://code.wireshark.org/review/20180
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
All cases of the "original" format_text have been handled to add the
proper wmem allocator scope. Remove the "original" format_text
and replace it with one that has a wmem allocator as a parameter.
Change-Id: I278b93bcb4a17ff396413b75cd332f5fc2666719
Reviewed-on: https://code.wireshark.org/review/19884
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This allows for a wmem_allocator for users of format_text who want
it (dissectors for wmem_packet_scope()). This lessens the role of
current format_text functionality in hopes that it will eventually
be replaced.
Change-Id: I970557a65e32aa79634a3fcc654ab641b871178e
Reviewed-on: https://code.wireshark.org/review/19855
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Ib376127546aa15806ed37a7c26fe29b0fa80225c
Reviewed-on: https://code.wireshark.org/review/19722
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Since the fix for bug 13289, an empty string can be returned by get_dns_name.
Ensure that:
- a malformed encoding with no characters and a length > 1 triggers an exception
- the formatted version is used to add info in tree.
Bug: 13339
Change-Id: I88125a351904eabb5cededfbfe1d5ef14ea61ecc
Reviewed-on: https://code.wireshark.org/review/19714
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Bug: 13334
Change-Id: I07248747f678d4f89bbde33280b4d596462a4429
Reviewed-on: https://code.wireshark.org/review/19688
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Because of the DNS name encoding, the consumed bytes in the tvb and
the length of the string of the dns name can be different. We need
to handle them separately for the purpose they are. Moreover the
name string can contain null bytes, then we can't rely on strlen()
but we need the actual length.
Subsequent calls to proto_tree_add_string() will require to pass
the string to format_text() in order have non-printable characters
printed.
Bug: 13289
Change-Id: I6d0b295867ece265f8995f82da2c629992aeb703
Reviewed-on: https://code.wireshark.org/review/19539
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Similar to the "tcp.port" changes in I99604f95d426ad345f4b494598d94178b886eb67,
convert dissectors that use "udp.port".
More cleanup done on dissectors that use both TCP and UDP dissector
tables, so that less preference callbacks exist.
Change-Id: If07be9b9e850c244336a7069599cd554ce312dd3
Reviewed-on: https://code.wireshark.org/review/18120
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This patch introduces new APIs to allow dissectors to have a preference for
a (TCP) port, but the underlying data is actually part of Decode As functionality.
For now the APIs are intentionally separate from the regular APIs that register a
dissector within a dissector table. It may be possible to eventually combine the
two so that all dissectors that register with a dissector table have an opportunity
to "automatically" have a preference to adjust the "table value" through the
preferences dialog.
The tcp.port dissector table was used as the guinea pig. This will eventually be
expanded to other dissector tables as well (most notably UDP ports). Some
dissectors that "shared" a TCP/UDP port preference were also converted. It also
removed the need for some preference callback functions (mostly when the callback
function was the proto_reg_handoff function) so there is cleanup around that.
Dissectors that has a port preference whose default was 0 were switched to using
the dissector_add_for_decode_as_with_preference API rather than dissector_add_uint_with_preference
Also added comments for TCP ports used that aren't IANA registered.
Change-Id: I99604f95d426ad345f4b494598d94178b886eb67
Reviewed-on: https://code.wireshark.org/review/17724
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Have all dissector tables have a "supports Decode As" flag, which
defaults to FALSE, and which is set to TRUE if a register_decode_as()
refers to it.
When adding a dissector to a dissector table with a given key, only add
it for Decode As if the dissector table supports it.
For non-FT_STRING dissector tables, always check for multiple entries
for the same protocol with different dissectors, and report an error if
we found them.
This means there's no need for the creator of a dissector table to
specify whether duplicates of that sort should be allowed - we always do
the check when registering something for "Decode As" (in a non-FT_STRING
dissector table), and just don't bother registering anything for "Decode
As" if the dissector table doesn't support "Decode As", so there's no
check done for those dissector tables.
Change-Id: I4a1fdea3bddc2af27a65cfbca23edc99b26c0eed
Reviewed-on: https://code.wireshark.org/review/17402
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: Ia4066ae3fc31fb43d4cc63cfb739f22738581831
Reviewed-on: https://code.wireshark.org/review/16256
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
|
|
Also some other tricks to remove unnecessary tvb_get_string_enc calls.
Change-Id: I2f40d9175b6c0bb0b1364b4089bfaa287edf0914
Reviewed-on: https://code.wireshark.org/review/16158
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Change-Id: I1a6409262614a87c159236375223707c85114650
Reviewed-on: https://code.wireshark.org/review/15972
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
|
|
The stats for mDNS and llmnr are pending. The change just resolves a bug
in the stats that are wrongly generated when the traffic is mDNS or LLMR.
Bug: 12492
Change-Id: Ie772e204d0ddea997dd8cbf609725605c8a507c8
Reviewed-on: https://code.wireshark.org/review/15897
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
and fix Bad cookie text
Change-Id: Ie9e2629a9f6cff4e2a35fcf4bf399858dd21c5ef
Reviewed-on: https://code.wireshark.org/review/15721
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I34d6fc5a59af7cfd39a1181e71788dfee617cc22
Reviewed-on: https://code.wireshark.org/review/15497
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
|
|
Also update comment about RFC7830
Issue reported by Alex Mayrhofer
Ping-bug:11759
Change-Id: I4e70a32ddca6de43cb97f921b027e167170bf16d
Reviewed-on: https://code.wireshark.org/review/15017
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
|
|
Indicate whether they take a signed time delta or an unsigned time
delta.
Export unsigned_time_secs_to_str() while we're at it.
Change-Id: I0fbe87f1825efa886364caa61a3358b79d285947
Reviewed-on: https://code.wireshark.org/review/15324
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
As stated in the RFC1035 the TTL is a signed int.
https://tools.ietf.org/html/rfc1035#section-3.2.1
Change-Id: I07e57309f83f1877b1b4cb6a085bc3dabf053379
Reviewed-on: https://code.wireshark.org/review/14759
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Started by grepping call_dissector_with_data, call_dissector_only and call_dissector and traced the handles passed into them to a find_dissector within the dissector. Then replaced find_dissector with find_dissector_add_dependency and added the protocol id from the dissector.
"data" dissector was not considered to be a dependency.
Change-Id: I15d0d77301306587ef8e7af5876e74231816890d
Reviewed-on: https://code.wireshark.org/review/14509
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This will make it easier to determine protocol dependencies.
Some LLC OUI dissector tables didn't have an associated protocol, so they were left without one (-1 used)
Change-Id: I6339f16476510ef3f393d6fb5d8946419bfb4b7d
Reviewed-on: https://code.wireshark.org/review/14446
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
cur_offset was not incremented for the server part, causing a
"Malformed packet" message.
Change-Id: I21cb876e0d70b1de0cb2f76d37edec4c2ec7c788
Reviewed-on: https://code.wireshark.org/review/14402
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Dissectors registered with SSL must be registered for Export PDU to
work properly. Otherwise the dissector name could be NULL, resulting
in a capture file that cannot properly be dissected.
Add an assertion to ssl-utils to catch this situation. Note that this
results in an "wmem_alloc: assertion failed: (allocator->in_scope)"
report because these functions are possibly called in the protocol
handoff routines... Can be fixed later.
The DNS dissector is fixed by merging the UDP/TCP dissectors into a
single dns handle which recognizes TCP and then assumes the length
prefix if TCP.
Change-Id: If73b9b09a4682d66fb8fa026c42a3475648f9bf1
Reviewed-on: https://code.wireshark.org/review/13194
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
That removes most of the uses of the frame number field in the
frame_data structure.
Change-Id: Ie22e4533e87f8360d7c0a61ca6ffb796cc233f22
Reviewed-on: https://code.wireshark.org/review/13509
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Add fields for the absolute time stamp (and another field for a presence
flag for the absolute time stamp) and the packet encapsulation for the
packet.
This lets us remove the field for the packet encapsulation in the
frame_data structure; do so.
Change-Id: Ifb910a9a192414e2a53086f3f7b97f39ed36aa39
Reviewed-on: https://code.wireshark.org/review/13499
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I3d2d83d60f798703ea3fa16ba2d6e95a00f88469
Reviewed-on: https://code.wireshark.org/review/12885
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I14ef5244ddcc34fc0edea159e3e8593da8f50ffe
Reviewed-on: https://code.wireshark.org/review/12819
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Change-Id: Ie39ef054a4a942687bd079f3a4d8c2cc55d5f22c
Reviewed-on: https://code.wireshark.org/review/12485
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Some of the ASN.1 dissectors still generate a new_create_dissector_handle from the tool itself, so leave those for now.
Change-Id: Ic6e5803b1444d7ac24070949f5fd557909a5641f
Reviewed-on: https://code.wireshark.org/review/12484
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
https://tools.ietf.org/html/draft-ietf-dnsop-edns-chain-query
Bug:11759
Change-Id: I631bf381dbfed956285855083a00a91f54a3c39c
Reviewed-on: https://code.wireshark.org/review/12064
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
https://tools.ietf.org/html/draft-ietf-dprive-edns0-padding
Bug:11759
Change-Id: Ic71406dee2e5f44c6d2393bb325907f13222cf6f
Reviewed-on: https://code.wireshark.org/review/11815
Reviewed-by: Michael Mann <mmann78@netscape.net>
|