Age | Commit message (Collapse) | Author | Files | Lines |
|
Show Neighbor Discovery option lifetime values as time string.
|
|
|
|
See https://www.rfc-editor.org/rfc/rfc8505#section-4.1 Table 1
|
|
RFC 8505 introduces the Extended Address Registration Option (EARO)
which uses some previously reserved fields from the Neighbor Discovery
Address Registration Option (ARO) defined in RFC 6775.
https://www.rfc-editor.org/rfc/rfc8505#section-4.1
https://www.rfc-editor.org/rfc/rfc6775#section-4.1
|
|
DNS names technically have arbitrary unknown encoding.
When adding them as a string for output, format as UTF-8.
Fix #18689
|
|
Only dissectors are using this function and there is no use case,
as far as I know, that requires its use. Any limitation of length
is imposed transparently by the UI backend.
This function is problematic because it is not Unicode aware and
will truncate a string on an arbitrary byte boundary for multibyte
strings.
Replace its use with a normal strbuf without a length limite and
remove the function because it is not useful and the ITEM_LABEL_LENGTH
parameter does not belong in wmem anyway.
|
|
A conversation in Wireshark might have two endpoints or might have no
endpoints; few if any have one endpoint. Distinguish between
conversations and endpoints.
|
|
This allows flags to be passed by the registering listener
to the collection of information
|
|
RFC 8781 shows in section 4 that the prefix field of the PREF64 option
header is always 96 bits (or 12 bytes), regardless of the prefix length
code that only specifies which parts of the prefix are significant. The
option itself thus always has a fixed length. Even if they are not used
in the significant part of the prefix itself, the unused bits are still
part of the prefix field of the PREF64 option and the offset must be
adapted accordingly.
The previous implementation would fail to correctly parse any PREF64
option with a PLC other than 0 (i.e. the full 96 bits) due to the unused
remaining bits in the option not being consumed.
Closes #18033.
|
|
Do not require a useless ENC_NA parameter for string encodings.
FT_STRING and FT_STRINGZ types don't have any ndianness.
Follow-up to 6ec429622c9258eefd388caf21ce92ab5b9f54b4.
|
|
|
|
Fixes more repeated words seen throughout
the code base.
|
|
|
|
These three all had pretty minimal usage, so do them together.
|
|
There are a bunch of near-identical macros here, but I'm gonna change
one at a time or else the builder times out at the number of files
changed in one merge.
|
|
|
|
Automated find/replace of wmem_packet_scope() with pinfo->pool in all
files where it didn't cause a build failure.
|
|
|
|
Detected by check_typed_item_calls.py.
Change-Id: I08081c6619f3e1cd1b6733c8a2864bf9ac2a16aa
Reviewed-on: https://code.wireshark.org/review/38162
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
The static arrays are supposed to be arrays of const pointers to int,
not arrays of non-const pointers to const int.
Fixing that means some bugs (scribbling on what's *supposed* to be a
const array) will be caught (see packet-ieee80211-radiotap.c for
examples, the first of which inspired this change and the second of
which was discovered while testing compiles with this change), and
removes the need for some annoying casts.
Also make some of those arrays static while we're at it.
Update documentation and dissector-generator tools.
Change-Id: I789da5fc60aadc15797cefecfd9a9fbe9a130ccc
Reviewed-on: https://code.wireshark.org/review/37517
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I24b6108e6f0e37d3634fa4629cf77bc2446a901d
Reviewed-on: https://code.wireshark.org/review/36957
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Following commit c397adda8a7 there was some missing change
* Some `cur_offset += name_len` instead of `cur_offset += used_bytes`
* Some missing format_text
I took a look at the code after observing a bug with RRSIG record.
The signature in RRSIG was dissecting with some strange offset.
You can easily generate some pcap with those commands
delv @1.1.1.1 A www.cloudflare.com
and/or
dig @1.1.1.1 +dnssec www.cloudflare.com
Change-Id: Ibd6a6248b7497b8409d7797dc320035c8c2d1ed8
Reviewed-on: https://code.wireshark.org/review/36080
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Apply the change proposed by Chris Maynard in
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16334
Bug: 16334
Change-Id: I91d79d992c107ca4ddaa17c25c3629424cc240f6
Reviewed-on: https://code.wireshark.org/review/35878
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I52d24560d4061c996c25b290ee347cc55404c216
Reviewed-on: https://code.wireshark.org/review/33914
Tested-by: Petri Dish Buildbot
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Change all wireshark.org URLs to use https.
Fix some broken links while we're at it.
Change-Id: I161bf8eeca43b8027605acea666032da86f5ea1c
Reviewed-on: https://code.wireshark.org/review/34089
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Convert our various PROTO_ITEM_ macros to inline functions and document
them.
Change-Id: I070b15d4f70d2189217a177ee8ba2740be36327c
Reviewed-on: https://code.wireshark.org/review/32706
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
That way there isn't a need for packet-icmp-int.h.
Change-Id: Ib523c36ab2fdf6a43ee6ff32dadfcd53e9d9bf14
Reviewed-on: https://code.wireshark.org/review/31290
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
This allows taps that can fail to report an error and fail; a failed
tap's packet routine won't be called again, so they don't have to keep
track of whether they've failed themselves.
We make the return value from the packet routine an enum.
Don't have a separate type for the per-packet routine for "follow" taps;
they're expected to act like tap packet routines, so just use the type
for tap packet routines.
One tap packet routine returned -1; that's not a valid return value, and
wasn't one before this change (the return value was a boolean), so
presume the intent was "don't redraw".
Another tap routine's early return, without doing any work, returned
TRUE; this is presumably an error (no work done, no need to redraw), so
presumably it should be "don't redraw".
Clean up some white space while we're at it.
Change-Id: Ia7d2b717b2cace4b13c2b886e699aa4d79cc82c8
Reviewed-on: https://code.wireshark.org/review/31283
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Implementing ICMP extended echo (RFC8335) for IPv6.
To dissect ICMP Extension objects we use the IPv4
implementation.
Bug: 14457
Change-Id: I5be59ccf9058466369c072cfed3ad1cd17bf243b
Reviewed-on: https://code.wireshark.org/review/30563
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I5cff197ad15ce5848cfa764c8b3dd23bea56f048
Reviewed-on: https://code.wireshark.org/review/28740
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Ping-Bug: 14755
Fixes: v2.3.0rc0-1236-gdcb49539d ("ICMPv6: Convert flag fields to use proto_tree_add_bitmask")
Change-Id: I5ba03391739b34fcba60f636d87d46ec5a3f7660
Reviewed-on: https://code.wireshark.org/review/27847
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Renumbering)
Bug: 14755
Change-Id: Ie7edc6d7eeb74b968f1358d980bdb86f41ae85ec
Reviewed-on: https://code.wireshark.org/review/27846
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Add col_data_changed, which checks to see if we have updated column
info. Add col_append_frame_number, which adds a frame number and sets
col_data_changed. Call col_append_frame_number instead of
col_append_fstr from some dissectors.
Add PacketListRecord::invalidateAllRecords, which invalidates any cached
record data. Add PacketListModel::invalidateAllColumnStrings which calls
invalidateAllRecords and signals that our data has changed. Call
invalidateAllColumnStrings when we have new name resolution or column
information.
Bug: 11414
Bug: 11468
Change-Id: I2671594a722f4f9436fe1df84d43489a148e0cee
Reviewed-on: https://code.wireshark.org/review/26373
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
|
|
Change-Id: I4df1b35d8d2233c301f0ba9e119d012aebe9cd17
Reviewed-on: https://code.wireshark.org/review/25913
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
You don't need floating-point, you can just calculate 1<<2N.
Change-Id: Iec9ebf02bba3e8bcce344be7f0366f7f258da403
Reviewed-on: https://code.wireshark.org/review/25912
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I92c94448e6641716d03158a5f332c8b53709423a
Reviewed-on: https://code.wireshark.org/review/25756
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
For the moment this mirrors the port_type enumeration (PT_XXX), but the
intent is to move away from using "port types", eliminating most (if not
all)
Added conversation_pt_to_endpoint_type() so that conversations deal with the
correct enumeration. This is for dissector that use pinfo->ptype as input
to conversation APIs. Explicit use of port types are converted to using
ENDPOINT_XXX type.
Change-Id: Ia0bf553a3943b702c921f185407e03ce93ebf0ef
Reviewed-on: https://code.wireshark.org/review/24166
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Add global preference to allow for "stricter" conversation tracking
Bug: 13518
Change-Id: I166a084c402374fa76dac7bb54f941e2e9c9325a
Reviewed-on: https://code.wireshark.org/review/22842
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
They test where the address is XXX, for various values of XXX, so name
them accordingly.
Change-Id: I437175f02b3f97fecee77e8bb9416bb5b71cd0d0
Reviewed-on: https://code.wireshark.org/review/24075
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
That allows a parallel typedef of ws_in4_addr for guint32.
Change-Id: I03b230247065e0e3840eb87635315a8e523ef562
Reviewed-on: https://code.wireshark.org/review/24073
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Sequence analysis has its own "filtering" system that required its
tap functions to look for some "filter flags". register_tap_listener()
already comes with a filter argument, so use that to simplify logic
of tap functions in dissectors.
Also have Qt GUI for Flow Graph look like other dialogs that have a
"Limit to display filter" checkbox.
Change-Id: I91d9d9599309786892f5b50c98692e52651e7174
Reviewed-on: https://code.wireshark.org/review/23659
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Functionality for ICMP was "hidden" in the frame/"any" flow.
Pull it out into its own using the new sequence analysis API.
Change-Id: I2035f1a59a9e46ea1086443ad4b4a9723dc13883
Reviewed-on: https://code.wireshark.org/review/23625
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Optimize code and open possibility for enriching IPv6 tap data.
Change-Id: I5a204d7464cde32123d5bfe664cc9b6bcf08dbe1
Reviewed-on: https://code.wireshark.org/review/23340
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
|
|
RFC 7710 (https://tools.ietf.org/html/rfc7710#section-2.3) defines
option 37 Captive Portal URI for Router Advertisments.
Change-Id: I257412ef1cf22d47018974cd0ef9000b748d01ac
Reviewed-on: https://code.wireshark.org/review/22703
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
The length value includes the Type and Length fields. Therefore the
length of the Data field is two bytes smaller.
Change-Id: I93878a016ace083f4e766bee6e16e301d6903967
Reviewed-on: https://code.wireshark.org/review/22702
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
It makes it a bit clearer what its purpose is - to allow a value_string
to be used for numeric rather than enumerated fields, giving certain
values of the field a special meaning.
Change the explanation in the documentation to match as well.
Change-Id: Id07b22eee996b79ea5f3473928d29adcabe09bf3
Reviewed-on: https://code.wireshark.org/review/21209
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
BASE_VALS_NO_UNKNOWN is a special value_string value for only a single
(maybe 2) numerical value(s). If a field has the numerical value
that doesn't match anything in the value_string, just the number
is supplied for the field (no "Unknown")
Dissectors that had this use case have been converted in the patch.
Change-Id: Ie63a36cceec2fe4436938ec7e3d7f9e690d2b8d9
Reviewed-on: https://code.wireshark.org/review/20736
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Bug: 13551
Change-Id: If652f2c7c351cca271e9b08708db7c0b47b82932
Reviewed-on: https://code.wireshark.org/review/20872
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Change-Id: Ieae37af709b670792cca3937674ba0cc1026d45f
Reviewed-on: https://code.wireshark.org/review/20783
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Add some new encodings for absolute time stamps, and use them as
appropriate; this fixes some cases where the time stamps in question
were being dissected incorrectly.
For the encodings with seconds and 1/2^32s of a second, don't
arbitrarily give only microsecond resolution; 2^32 is greater than 1
million, and, in fact, at least some NTP RFCs explicitly talk about time
resolution greater than 1 microsecond.
Update references in the RELOAD dissector to reflect the documents in
question having been updated and published as RFCs.
Change-Id: Icbe0b696d65eb622978eb71e99ddf699b84e4fca
Reviewed-on: https://code.wireshark.org/review/20759
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|