Age | Commit message (Collapse) | Author | Files | Lines |
|
be done on flows from one address to another; reassembly for protocols
running atop TCP should be done on flows from one TCP endpoint to
another.
We do this by:
adding "reassembly table" as a data structure;
associating hash tables for both in-progress reassemblies and
completed reassemblies with that data structure (currently, not
all reassemblies use the latter; they might keep completed
reassemblies in the first table);
having functions to create and destroy keys in that table;
offering standard routines for doing address-based and
address-and-port-based flow processing, so that dissectors not
needing their own specialized flow processing can just use them.
This fixes some mis-reassemblies of NIS YPSERV YPALL responses (where
the second YPALL response is processed as if it were a continuation of
a previous response between different endpoints, even though said
response is already reassembled), and also allows the DCE RPC-specific
stuff to be moved out of epan/reassembly.c into the DCE RPC dissector.
svn path=/trunk/; revision=48491
|
|
remove C++ incompatibilities
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8416
svn path=/trunk/; revision=48400
|
|
See bug 8155 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8155)
svn path=/trunk/; revision=47031
|
|
are like the non-TVB versions except that they take a TVB and an offset
instead of (frequently) a pointer into the TVB.
Calling tvb_get_ptr() before modifying the rest of the fields should help fix
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7960 (though I can't
reproduce that problem).
Replace a bunch of calls like:
SET_ADDRESS(..., AT_XXX, length, tvb_get_ptr(tvb, offset, length));
with:
TVB_SET_ADDRESS(..., AT_XXX, tvb, offset, length);
svn path=/trunk/; revision=46324
|
|
svn path=/trunk/; revision=46214
|
|
Also:
- Create/use several extended value strings;
- Reformat hf[] array;
- Do various whitespace and formatting changes to use a consistent style.
svn path=/trunk/; revision=46210
|
|
svn path=/trunk/; revision=45017
|
|
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7683 :
The reassembled fragments tree in the Packet Details view is awesome, but it
lacks one thing: a field that exposes the reassembled data.
tcp.data already exists for exposing a single TCP segment's payload as a byte
array. It would be handy to have something similar for a single application
layer PDU when TCP segment reassembly is involved. I propose
tcp.reassembled.data, named and placed after the already existing field
tcp.reassembled.length.
My primary use case for this feature is outputting tcp.reassembled.data with
tshark for further processing with a script.
The attached patch implements this very feature. Because the reassembled
fragment tree code is general purpose, i.e. not specific to just TCP, any
dissector that relies upon it can add a similar field very cheaply. In that
vein I've also implemented ip.reassembled.data and ipv6.reassembled.data, which
expose reassembled fragment data as a single byte stream for IPv4 and IPv6,
respectively. All other protocols that use the reassembly code have been left
alone, other than inserting NULL into their initializer lists for the newly
introduced struct field reassemble.h:fragment_items.hf_reassembled_data.
svn path=/trunk/; revision=44802
|
|
Essentially: 'fid' & 'fragment' hash tables can be global (i.e., need not be 'per call')
thus removing g_malloc'd storage never freed because it was pointed to in
se_alloc'd structs.
Fixes Bug #4134: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4134
Also: fix a compile error when compiling with '#define DEBUG_DESEGMENT'
svn path=/trunk/; revision=44685
|
|
svn path=/trunk/; revision=44682
|
|
assertion "fixed_item->parent == tree"'
svn path=/trunk/; revision=44681
|
|
Also (for a few files):
- create/use some extended value strings;
- remove unneeded #include files;
- remove unneeded variable initialization;
- re-order fcns slightly so prefs_reg_handoff...() at end, etc
svn path=/trunk/; revision=44438
|
|
svn path=/trunk/; revision=44413
|
|
svn path=/trunk/; revision=43538
|
|
proto_tree_add_item() calls.
Update the introductory comment to give the RFC for IAX2.
(tools.ietf.org rules.)
svn path=/trunk/; revision=42490
|
|
IAX2 trunk packets display misleading call information.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6818
svn path=/trunk/; revision=41220
|
|
proto_tree_move_item(): that function will expects the item, not its parent.
This avoids dissector bugs such as the one reported in
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6768 :
** (process:745): WARNING **: Dissector bug, protocol RTP, in packet 82:
proto.c:4273: failed assertion "fixed_item->parent == tree"
svn path=/trunk/; revision=41021
|
|
Don't use tvb_get_ptr() to retrieve a string being sent into
proto_tree_add_string_format(): use tvb_get_ephemeral_string() instead.
svn path=/trunk/; revision=40944
|
|
Some commands and IEs from the current release of Asterisk are missing from the
IAX protocol dissector. This patch provides them.
svn path=/trunk/; revision=40141
|
|
Also: remove trailing whitespace for a number of files.
svn path=/trunk/; revision=39503
|
|
svn path=/trunk/; revision=39467
|
|
(previously missed).
57 FT_BOOLEAN: FALSE-->ENC_BIG_ENDIAN
31 FT_BOOLEAN: TRUE-->ENC_LITTLE_ENDIAN
10 FT_BYTES: ENC_BIG_ENDIAN-->ENC_NA
1 FT_BYTES: ENC_LITTLE_ENDIAN-->ENC_NA
21 FT_BYTES: FALSE-->ENC_NA
2 FT_BYTES: TRUE-->ENC_NA
2 FT_IPXNET: ENC_BIG_ENDIAN-->ENC_NA
6 FT_IPv6: ENC_BIG_ENDIAN-->ENC_NA
1 FT_IPv6: FALSE-->ENC_NA
6 FT_NONE: ENC_BIG_ENDIAN-->ENC_NA
19 FT_NONE: FALSE-->ENC_NA
3 FT_NONE: TRUE-->ENC_NA
1 FT_STRING: ENC_BIG_ENDIAN-->ENC_ASCII|ENC_NA
1 FT_STRING: ENC_LITTLE_ENDIAN-->ENC_ASCII|ENC_NA
5 FT_STRING: FALSE-->ENC_ASCII|ENC_NA
1 FT_STRING: TRUE-->ENC_ASCII|ENC_NA
4 FT_STRINGZ: ENC_NA-->ENC_ASCII|ENC_NA
8 FT_STRINGZ: FALSE-->ENC_ASCII|ENC_NA
1 FT_INT32: FALSE-->ENC_BIG_ENDIAN
1 FT_INT32: TRUE-->ENC_LITTLE_ENDIAN
11 FT_UINT8: 0-->ENC_BIG_ENDIAN
111 FT_UINT8: FALSE-->ENC_BIG_ENDIAN
17 FT_UINT8: TRUE-->ENC_LITTLE_ENDIAN
1 FT_UINT16: 0-->ENC_BIG_ENDIAN
68 FT_UINT16: FALSE-->ENC_BIG_ENDIAN
18 FT_UINT16: TRUE-->ENC_LITTLE_ENDIAN
4 FT_UINT24: FALSE-->ENC_BIG_ENDIAN
70 FT_UINT32: FALSE-->ENC_BIG_ENDIAN
1 FT_UINT32: TRUE-->ENC_LITTLE_ENDIAN
4 FT_UINT64: FALSE-->ENC_BIG_ENDIAN
1 FT_UINT64: TRUE-->ENC_LITTLE_ENDIAN
1 FT_UINT_STRING: FALSE-->ENC_ASCII|ENC_BIG_ENDIAN
svn path=/trunk/; revision=39442
|
|
FT_STRINGZ, FT_UINT_STRING as follows:
1. If there's no character encoding (ENC_ASCII, ...) specified
then use ENC_ASCII.
2. For all but FT_UINT_STRING, always use ENC_NA
(replacing any existing True/1/FALSE/0
/ENC_BIG_ENDIAN/ENC_LITTLE_ENDIAN).
svn path=/trunk/; revision=39426
|
|
non-autogenerated epan/dissectors:
Specifically: Replace FALSE|0 and TRUE|1 by ENC_BIG_ENDIAN|ENC_LITTLE_ENDIAN as
the encoding parameter for proto_tree_add_item() calls which directly reference
an item in hf[] which has a type of:
FT_BOOLEAN
FT_IPv4
FT_EUI64
FT_GUID
FT_UINT_STRING
Also: For type FT_ITv6 use ENC_NA. (This was missed in SVN #39260)
svn path=/trunk/; revision=39328
|
|
non-autogenerated epan/dissectors:
Specifically: Replace FALSE|0 and TRUE|1 by ENC_BIG_ENDIAN|ENC_LITTLE_ENDIAN as
the encoding parameter for proto_tree_add_item() calls which directly reference
an item in hf[] which has a type of:
FT_UINT8
FT_UINT16
FT_UINT24
FT_UINT32
FT_UINT64
FT_INT8
FT_INT16
FT_INT24
FT_INT32
FT_INT64
FT_FLOAT
FT_DOUBLE
svn path=/trunk/; revision=39288
|
|
reference an hf item (in hf[] with types:
FT_NONE
FT_BYTES
FT_IPV6
FT_IPXNET
FT_OID
Note: Encoding field set to ENC_NA only if the field was previously TRUE|FALSE|ENC_LITTLE_ENDIAN|ENC_BIG_ENDIAN
svn path=/trunk/; revision=39260
|
|
Use consistent indentation;
Convert "4 space tabs" to spaces;
Remove trailing whitespace.
svn path=/trunk/; revision=39082
|
|
See https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5748
svn path=/trunk/; revision=39081
|
|
fixes by me.
Reference: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6240
svn path=/trunk/; revision=38571
|
|
svn path=/trunk/; revision=36986
|
|
to itself. Found by clang 3.0 (trunk 129935) compiler.
svn path=/trunk/; revision=36821
|
|
svn path=/trunk/; revision=36699
|
|
svn path=/trunk/; revision=36007
|
|
svn path=/trunk/; revision=35705
|
|
keys to have _uint in their names, to match the routines that handle
dissector tables with string keys. (Using _port can confuse people into
thinking they're intended solely for use with TCP/UDP/etc. ports when,
in fact, they work better for things such as Ethernet types, where the
binding of particular values to particular protocols are a lot
stronger.)
svn path=/trunk/; revision=35224
|
|
svn path=/trunk/; revision=35126
|
|
data"
See: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4868
A field length was being set incorrectly (too large) thus causing
packet_hex_apply_reverse_tag() to run off the end of a text_view buffer
(thus causing a crash) when attempting to highlight the field bytes
in the hex-view pane.
ToDo: Add some sanity checking in packet_hex_apply_reverse_tag().
svn path=/trunk/; revision=33212
|
|
Trunk packet support in IAX2 dissector
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4783
svn path=/trunk/; revision=32942
|
|
svn path=/trunk/; revision=32587
|
|
Removed some check_col().
svn path=/trunk/; revision=31809
|
|
svn path=/trunk/; revision=31776
|
|
reassembly.
svn path=/trunk/; revision=31767
|
|
check_col.diff
Remove redundant calls to check_col() if it guards only one columns function with one parameter after the column type.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4394
svn path=/trunk/; revision=31519
|
|
ABSOLUTE_TIME_LOCAL or ABSOLUTE_TIME_UTC, indicating whether to display
the date/time in local time or UTC. (int)ABSOLUTE_TIME_LOCAL ==
(int)BASE_NONE, so there's no source or binary compatiblity issue,
although we might want to eliminate BASE_NONE at some point and have the
BASE_ values used with integral types start at 0, so that you can't
specify BASE_NONE for an integral field.
svn path=/trunk/; revision=31319
|
|
svn path=/trunk/; revision=30823
|
|
svn path=/trunk/; revision=30560
|
|
Adjust some spacing.
svn path=/trunk/; revision=30552
|
|
* Remove check_col guards
svn path=/trunk/; revision=30127
|
|
1) This indicates that the string has ephemeral lifetime
2) More consistent with its existing seasonal counterpart, se_address_to_str().
svn path=/trunk/; revision=29747
|
|
* Deprecate COL_CIRCUIT_ID (Circuit ID). Use iax2.call
svn path=/trunk/; revision=29515
|