Age | Commit message (Collapse) | Author | Files | Lines |
|
Since ssl_dissector_[add|delete] only take TCP dissectors, remove the parameter and just use it within the "internal" ssl_association_add call.
Change-Id: I0fdf941389934c20cbacf910250e17520614e706
Reviewed-on: https://code.wireshark.org/review/11591
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
SSDP now has its own protocol id to filter on (and use in Decode As), but all other fields are still HTTP as SSDP still doesn't have its own dissector.
Bug: 6190
Change-Id: I43394fb78ac699f0b06b9aa29df11a4e5345e260
Reviewed-on: https://code.wireshark.org/review/11616
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
The target here is the Decode As dialog where protocols have multiple registrations into a dissector table and that shows up as multiple entries in the Decode As dialog list with the same name so users are unsure which "dissector" they are choosing.
The "default" behavior (done in this commit) is to not allow duplicates for a dissector table, whether its part of Decode As or not. It's just ENFORCED for Decode As.
Bug: 3949
Change-Id: Ibe14fa61aaeca0881f9cc39b78799e314b5e8127
Reviewed-on: https://code.wireshark.org/review/11405
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I8bc9af431e70243b05f4f0ce8c2b8ee451383788
Reviewed-on: https://code.wireshark.org/review/11463
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Success Response message
According to RFC 6062, once the connection is established, data is sent as-is
To stop the STUN dissector from interfering, add the ability to specify a starting
frame for a conversation dissector and use it
Bug: 11641
Change-Id: I65ca96bddacf70444009c0642ea22173fa68992e
Reviewed-on: https://code.wireshark.org/review/11372
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
When the HTTP dissector passes data to a subdissector, it should also
propagate the desegmentation ability. Otherwise subdissectors (such as
HTTP2) will not be able to handle large DATA frames.
Reported by Alexis, verified with his capture.
Change-Id: I831a78e8d1ad08536e3d0d870012e427ce289b1b
Reviewed-on: https://code.wireshark.org/review/10544
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
The fix for bug 11331 has as side-effect that the HTTP part of a
conversation is not dissected on the second pass.
Fix it by calling the HTTP2 dissector only when it was detected via
heuristics, and not via Upgrade (since that would be handled by the
http loop).
While at it, remove the use of tvb_new_subset_remaining since the
original tvb is not touched and move the comment about the proxy to the
right place.
Tested with the capture from Alexis (plain HTTP2 via Upgrade), the one
from bug 11331 (plain HTTP2 via heuristics) and a HTTP2 in SSL capture
(via heuristics).
Change-Id: Iead7682aa8d5114e4edcfd54eabcd0d659056cc1
Reviewed-on: https://code.wireshark.org/review/10541
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
This is initial support for reloading Lua plugins without
restarting the application.
Still todo:
- Deregister FileHandlers
- Support deregister ProtoField with existing abbrev (same_name_hfinfo)
- Add a progress dialog when reloading many plugins
- Search for memory leakages in wslua functions
Change-Id: I48870d8741251705ca15ffe1068613fcb0cb18c1
Reviewed-on: https://code.wireshark.org/review/5028
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
The reported length should be the size of the chunk, not the remaining
size of dechunked data.
Update some comments while we're at it.
Change-Id: Ia71948fb5ecebdaae3e171c53fd88cf72dcf76a3
Reviewed-on: https://code.wireshark.org/review/9846
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
The preferences are still supported for backwards compatibility, but the heuristic_protos file has final say on the "preference" to enable/disable a heuristic dissector.
Also add parameter to heur_dissector_add() for the "default" enable/disable of a heuristic dissector. With this parameter, a few more (presumably weak) heuristic dissectors have been "registered" but of course default to being disabled.
Change-Id: I51bebb2146ef3fbb8418d4f5c7f2cb2b58003a22
Reviewed-on: https://code.wireshark.org/review/9610
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This allows better presentation of heuristic dissectors to the end user.
Change-Id: I2ff3985ab914e83c2989880cc0c7b9904045b3f6
Reviewed-on: https://code.wireshark.org/review/9602
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Bug: 11331
Change-Id: Ib85e18ebb3c958d68ee3a4295d35982ffcd375ee
Reviewed-on: https://code.wireshark.org/review/9525
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
This replaces the single preference editor dialog in the GTK+ UI.
Change-Id: I10e030981e9f7d1ec121811593586b65cf0797c5
Reviewed-on: https://code.wireshark.org/review/8966
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
This avoids assertions when the field is added with proto_tree_add_string*()
(some of which show up in the fuzzed capture in bug 11254).
Ping-Bug: 11254
Change-Id: Iaf02f59443da0cf279d65eed049122d4dfaf7bcd
Reviewed-on: https://code.wireshark.org/review/8829
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Change-Id: Ib94eabeea865ef5c5d9ce4cef26d9faa51c5659d
Reviewed-on: https://code.wireshark.org/review/8715
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Bug: 11229
Change-Id: I915d2efb873bfa72d500070f382dad10a991ecd4
Reviewed-on: https://code.wireshark.org/review/8673
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I31a676f5e514b32f891496230eb70cac571730f9
Reviewed-on: https://code.wireshark.org/review/7511
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
I happened across the discussion in Ia44e0791b6ee78ad594de342c4f2401bad9beb4e
which indicates that protocols running over SSL can use tcp_dissect_pdus() too.
So do it in the SSTP dissector.
Change-Id: I3de14c1b2af5e4e5fe3630121366b71a5ad223cf
Reviewed-on: https://code.wireshark.org/review/7333
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
|
|
Use tcp_dissect_pdus to handle reassembly and avoid a recursion in
dissect_websocket. The HTTP dissector is modified to preserve
desegmentation functionality (tested with the capture from bug 8448).
As tcp_dissect_pdus is used now, the workaround for bug 8448 can be
removed and the actual frame dissection logic becomes simpler (the
length is checked in get_websocket_frame_length).
Bug: 10989
Change-Id: I67af96a6c7be88c2a77e1c4138abe90bdb880774
Reviewed-on: https://code.wireshark.org/review/7285
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
... with some changes from Jeff Morriss:
- Change how SSTP is "registered": rather than trying something complicated,
just put the intelligence for recognizing SSTP into the HTTP dissector.
(This does mean the SSTP dissector needs to do its own desegmentation now
but it makes things much cleaner.)
- Use proto_tree_add_subtree_format() instead of proto_tree_add_text() +
proto_item_add_subtree().
- The messagetype is 16 bits, use tvb_get_guint16() instead of tvb_get_guint8()
(fixes COL_INFO display)
- A few other few misc. cleanups
(I didn't update NEWS because I can no longer build NEWS without adding UTF8
fancy quotes and so forth.)
Bug: 8239
Change-Id: I3631ae65f67bea69815ccf43472fdbcac3ca3499
Reviewed-on: https://code.wireshark.org/review/7227
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Have them return TRUE on success and FALSE on failure. Check the return
value rather than whether the error string pointer is null or not.
Change-Id: I800a03bcd70a6bbb7b217cf7c4800e9cdcf2189c
Reviewed-on: https://code.wireshark.org/review/7222
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
if captured length < reported length, this will trigger an infinite loop
Change-Id: I6557b455e7bbff12658a934e5bb13a42c023e133
Reviewed-on: https://code.wireshark.org/review/7053
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
As indicated in the comment above, the previous code was done on purpose to handle the NUL case
Bug: 10866
Change-Id: I66eb9f6fbc9477456310978b420ba30975d81b0a
Reviewed-on: https://code.wireshark.org/review/6621
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Copy addresses with wmem-scope instead of (forced) seasonal scope. All existing instances were converted to wmem_file_scope, but the flexibility is there for other scopes.
Change-Id: I8e58837b9ef574ec7dd87e278470d7063ae8c1c2
Reviewed-on: https://code.wireshark.org/review/6564
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I83749a1b30059cc8e8f13b58fbde74e9ab873582
Reviewed-on: https://code.wireshark.org/review/6562
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
|
|
It will be make Mac OS X buildbot happy
Change-Id: I628445c1358675a58cc2d26ce1ca3007dd619ff3
Reviewed-on: https://code.wireshark.org/review/6551
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Citrix uses a proprietary authentication schema called CitrixAGBasic for
their StoreFront/Web Interface product.
The Header looks like:
Authorization: CitrixAGBasic username="dGVzdHVzZXI="; domain= \
"dGVzdGRvbWFpbg=="; password="c2VjcmV0"; AGESessionId= \
"YzI0NmRkMmFmYmE5ZTk5M2I5ZDRkN2UwYzYzZWExN2U="
This patch enhances the HTTP dissector to decode this authentication data.
Due to non-discolsure I can only provide a faked GET request as a pcap
capture (attached to this bug).
Bug: 10851
Change-Id: Ic8e48db94809c9c64889cd050911de3fe23cdcdd
Reviewed-on: https://code.wireshark.org/review/6526
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
While we are at it, factorize the copy of value string
Change-Id: I2a16155641b8bd8623baf51f787a5f450e7b3803
Reviewed-on: https://code.wireshark.org/review/6530
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
UAT error strings are usually allocated by g_strdup() or
g_strdup_printf(), and must ultimately be freed by the caller.
Make the pointer-to-error-string-pointer arguments to various functions
be "char **", not "const char **".
Fix cases that finds where a raw string was being used, as that won't
work if you try to free it; g_strdup() it instead.
Add a missing free of an error string.
Remove some no-longer-necessary casts.
Remove some unnecessary g_strdup()s (the string being handed to it was
already g_malloc()ated).
Change some variable declarations to match.
Put in XXX comments for some cases where the error string is just freed,
without being shown to the user.
Change-Id: I40297746a2ef729c56763baeddbb0842386fa0d0
Reviewed-on: https://code.wireshark.org/review/6525
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Second batch (packet-eth.c -> packet-icmpv6.d).
Will look at cleaning up and committing script afterwards.
Change-Id: I14295758b81a59115d8c88899f166cc3d5d17594
Reviewed-on: https://code.wireshark.org/review/6013
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
|
|
Specifically:
- Set packet.h to be the first wireshark #include after
config.h and "system" #includes.
packet.h added as an #include in some cases when missing.
- Remove some #includes included (directly/indirectly) in
packet.h. E.g., glib.h.
(Done only for those files including packet.h).
- As needed, move "system" #includes to be after config.h and
before wireshark #includes.
- Rework various #include file specifications for consistency.
- Misc.
Change-Id: Ifaa1a14b50b69fbad38ea4838a49dfe595c54c95
Reviewed-on: https://code.wireshark.org/review/5923
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
|
This allows dissector lists to be looked up by name, so they can be
shared by multiple dissectors.
(This means that there's no "udplite" heuristic dissector list, but
there shouldn't be one - protocols can run atop UDP or UDPLite equally
well, and they share a port namespace and uint dissector table, so they
should share a heuristic dissector table as well.)
Change-Id: Ifb2d2c294938c06d348a159adea7a57db8d770a7
Reviewed-on: https://code.wireshark.org/review/5936
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
only one protocol is desired.
Also use proto_get_frame_protocols in main_menubar.c instead of doing it "manually".
Change-Id: Ie7a365c538700f2cebdd1e3d253f2fd9b189f5cf
Reviewed-on: https://code.wireshark.org/review/5851
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
It was previously assumed that the remainder of a packet contains a
chunked-body response. This does not have be the case, and if the
assumption is violated, then the dissector would add multiple parts to a
single "De-chunked entity body".
This patch properly calculates the end of a chunked-body response,
taking the optional trailer-part into account and adjusting the size of
the chunked-body data as needed.
The CRLF in last-chunk that was previously dissected as "Chunk Boundary"
is the last CRLF that closes chunked-body, it is not part of last-chunk
(as it has no chunk-data to terminate).
A new header field is added for this trailer-part (RFC 7230 sec. 4.1).
Bug: 10707
Change-Id: Ifef1cc7dd0443edca4198eb1c27f58719f85fa9f
Reviewed-on: https://code.wireshark.org/review/5526
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Evan Huus <eapache@gmail.com>
Petri-Dish: Evan Huus <eapache@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
passing data between dissectors using the "media_type" subdissector.
Change-Id: I82cbfed770b41404bc42cb6a4413db07d04dffdc
Reviewed-on: https://code.wireshark.org/review/5462
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
parameter instead of pinfo->private_data.
Change-Id: I0a0cb0b4838bc4e55a759fb6031355892c220c8e
Reviewed-on: https://code.wireshark.org/review/5461
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
This improvement avoids use of deallocated memory (crash) if using a
deregistered field in display filter, color filter, custom column and
other cases when the field is used as "interesting field".
This functionality is currently used in http, imf and ldap preferences.
Also removed unused proto_registrar_n() as this does not work correctly
after deregistering fields.
Change-Id: I043e3bf7a98bd773c9801e712a012d1eab8a7f94
Reviewed-on: https://code.wireshark.org/review/5161
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
Change-Id: Ifa65c3090e204b93ec526358b863fdf9bafc6a03
Reviewed-on: https://code.wireshark.org/review/4857
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
They don't handle values outside the range -1 to 127, and their behavior
is locale-dependent. Use g_ascii_isXXX() and g_ascii_toXXX() instead of
isXXX() and toXXX().
If you're checking for printable ASCII, don't use isascii() and don't
use iscntrl(), use g_ascii_isprint(). If you're checking for graphical
ASCII, i.e. printable ASCII except for a space, use g_ascii_isgraph().
Use ws_xton() to convert a hex digit character to the corresponding
numeric value.
Change-Id: Id3039bc586fbf66d8736c2df248c790c0d7a2330
Reviewed-on: https://code.wireshark.org/review/4851
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Responses to HEAD requests must not have a message body, so do not
attempt to use the Content-Length and similar headers that indicate a
non-empty message body in the response. Those point to the entity that
would be returned for non-HEAD requests.
Requests do not have request_method set, so do not limit desegmentation
by HEAD in that case. Verified by comparing the output of `tshark -O
http` and by looking in the Wireshark GTK UI.
Bug: 6064
Change-Id: I7f027a06d8480673ca9754037d080c3b25cc5816
Reviewed-on: https://code.wireshark.org/review/4357
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Change-Id: I4056d8b876f71c1f9ce4804a4dc4b0d16ab5afda
Reviewed-on: https://code.wireshark.org/review/3409
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
stream.RFC 2626 In the interest of robustness, servers SHOULD ignore any empty line(s) received where a Request-Line is expected. In other words, if the server is reading the protocol stream at the beginning of a message and receives a CRLF first, it should ignore the CRLF.
Change-Id: I97ba94f451463c8facd2c20bf6b7364f095119e7
Reviewed-on: https://code.wireshark.org/review/2808
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: Ieb4a3f07a7831c141ba8ce9c075e72091ef909be
Reviewed-on: https://code.wireshark.org/review/2798
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
At the suggestion of Toralf Förster. This includes an expert info, as well as
making SSL a new-style dissector and rejecting traffic that looks like
unencrypted text.
Change-Id: Ib09ea0d97952330f092590ff3fc6488807cdbb81
Reviewed-on: https://code.wireshark.org/review/2693
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
Change-Id: Ia7014003a3cff5181295172978d6c613c3b83b0b
Reviewed-on: https://code.wireshark.org/review/2676
Tested-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
ep_address_to_str() doesn't crash if called outside packet scope, but
it's still not correct to use outside packet scope. Use
address_to_str(NULL, ...) to allocate those strings, and then explicitly
free them when we're done; exceptions don't get thrown between the
allocate and free, so there's no risk of a leak.
Change-Id: Iea2af93b0757e648d399e2ba64249224eb7e9e3c
Reviewed-on: https://code.wireshark.org/review/2438
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Most (all?) of these functions are being called within GUI, so they can't have packet_scope, which is why they weren't already converted (I made this mistake once already)
This reverts commit 7fea55a0541bcc5059f767970b6f6291f81d7b9c.
Change-Id: I4bf29b206e5e1f5daefcec131309a8f6e78e1eb1
Reviewed-on: https://code.wireshark.org/review/2428
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
https://www.wireshark.org/lists/wireshark-dev/201406/msg00131.html
This reverts commit 246fe2ca4c67d8c98caa84e2f57694f6322e2f96.
Change-Id: Ib24bae0198c13a84bd7f731bf4af921212109a8f
Reviewed-on: https://code.wireshark.org/review/2430
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
tvb_ensure_captured_length_remaining"
See https://www.wireshark.org/lists/wireshark-dev/201406/msg00131.html
This reverts commit 021e7afc9fcba09094d0e2143cc434a34e3b09dc.
Change-Id: I0640eabce5ce8c4ff3a88ebf848b499f8bb8ed2f
Reviewed-on: https://code.wireshark.org/review/2429
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Id49ba07e32a71357b50b32de7cecfd80e412d508
Reviewed-on: https://code.wireshark.org/review/2379
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|