Age | Commit message (Collapse) | Author | Files | Lines |
|
A "conversation" is created for MySQL to store "conversation data" including
current state. The problem is that it's updated every time a packet is dissected
so depending on how packets are viewed, dissection may change.
Fix that by only allowing conversation state to be set on first pass and have
the state cached with each individual pdu, keyed by tvb_raw_offset() (the key
when you have multiple pdus in a TCP packet).
Change-Id: I2c7e38be63501360d709210a509aa0dfa482bfd4
Reviewed-on: https://code.wireshark.org/review/20600
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I83322dc432e2f8acbaccdfca600ec891106ae815
Reviewed-on: https://code.wireshark.org/review/20602
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
1. Created a few value_string_ext.
2. Removed tree check for an expert info.
Change-Id: Iadf55ecad1b1ddf249bfccff0d232883313fab83
Reviewed-on: https://code.wireshark.org/review/20599
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This patch introduces new APIs to allow dissectors to have a preference for
a (TCP) port, but the underlying data is actually part of Decode As functionality.
For now the APIs are intentionally separate from the regular APIs that register a
dissector within a dissector table. It may be possible to eventually combine the
two so that all dissectors that register with a dissector table have an opportunity
to "automatically" have a preference to adjust the "table value" through the
preferences dialog.
The tcp.port dissector table was used as the guinea pig. This will eventually be
expanded to other dissector tables as well (most notably UDP ports). Some
dissectors that "shared" a TCP/UDP port preference were also converted. It also
removed the need for some preference callback functions (mostly when the callback
function was the proto_reg_handoff function) so there is cleanup around that.
Dissectors that has a port preference whose default was 0 were switched to using
the dissector_add_for_decode_as_with_preference API rather than dissector_add_uint_with_preference
Also added comments for TCP ports used that aren't IANA registered.
Change-Id: I99604f95d426ad345f4b494598d94178b886eb67
Reviewed-on: https://code.wireshark.org/review/17724
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I419fad047c91ff1d8544eb3458534c132ec23821
Bug: 12791
Reviewed-on: https://code.wireshark.org/review/17368
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Also some other tricks to remove unnecessary tvb_get_string_enc calls.
Change-Id: I2f40d9175b6c0bb0b1364b4089bfaa287edf0914
Reviewed-on: https://code.wireshark.org/review/16158
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Change-Id: I2d0aae95c41f527c4a1e0327bf6c3950204458e1
Reviewed-on: https://code.wireshark.org/review/14637
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
If client and server have the flag set then compression starts
after the greeting,login,ok.
This comments makes it possible to decode packets which
use the compressed protocol but don't have an compressed
payload.
Ping-Bug: 10342
Change-Id: I710f655c86feb9770556d1ffa69edd728e0374c3
Reviewed-on: https://code.wireshark.org/review/14603
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Ia50e06f8e9387ccb5e413f9a77fa811f092cb34a
Reviewed-on: https://code.wireshark.org/review/14602
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Change-Id: I4b4a5e6ca0b10068075767e6eec95c97d32034a1
Reviewed-on: https://code.wireshark.org/review/14561
Reviewed-by: Daniël van Eeden <wireshark@myname.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Ie602d76dfd2366294f2599f6c4d8634d37c6531c
Reviewed-on: https://code.wireshark.org/review/14535
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This is used in MySQL 5.7
https://dev.mysql.com/doc/internals/en/capability-flags.html#flag-CLIENT_DEPRECATE_EOF
Change-Id: I8e00c966628233181e7145d8ed80d51f2acd9517
Reviewed-on: https://code.wireshark.org/review/14536
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I901ebc2128c92ef758b6b400cc8d86488a2115cb
Reviewed-on: https://code.wireshark.org/review/14537
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Idf36ebd7ceb3f87ceb6a68774f5b2810f8cf7b58
Reviewed-on: https://code.wireshark.org/review/14527
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
It's not tied to the frame_data structure any more, so it belongs by
itself.
Clean up some #includes while we're at it; in particular, frame_data.h
doesn't use anything related to tvbuffs, so don't have it gratuitiously
include tvbuff.h.
Change-Id: Ic32922d4a3840bac47007c5d4c546b8842245e0c
Reviewed-on: https://code.wireshark.org/review/13518
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
That removes most of the uses of the frame number field in the
frame_data structure.
Change-Id: Ie22e4533e87f8360d7c0a61ca6ffb796cc233f22
Reviewed-on: https://code.wireshark.org/review/13509
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Assign result of `register_dissector(..., func, proto)` to FOO_handle
and remove `FOO_handle = create_dissector_handle(func, proto)`.
Found by looking for files named packet-FOO.c having the above
create_dissector_handle pattern. Some files (with different dissect
routines for the two functions) remain unchanged.
Change-Id: Ifbed8202c6dbc63a1dae9acc03313980ffbbbb90
Reviewed-on: https://code.wireshark.org/review/13247
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: Ie39ef054a4a942687bd079f3a4d8c2cc55d5f22c
Reviewed-on: https://code.wireshark.org/review/12485
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Some of the ASN.1 dissectors still generate a new_create_dissector_handle from the tool itself, so leave those for now.
Change-Id: Ic6e5803b1444d7ac24070949f5fd557909a5641f
Reviewed-on: https://code.wireshark.org/review/12484
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Bug: 11344
Change-Id: Ibddbcce3e6e98bc3866cab9eb76e9762e4d19138
Reviewed-on: https://code.wireshark.org/review/9538
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
|
|
Make the MYSQL protocol dissector scrub the strings from the packet content by
putting it through format_text() to remove/replace CR, LF, TAB, etc. The
fields affected are: query string, greeting version string, login username,
and login schema.
Bug: 11344
Change-Id: Ie1a593026c21720eecc77e7b3a7e63db11adf2a1
Reviewed-on: https://code.wireshark.org/review/9530
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
|
|
This patch lets a dissector hand over control to the SSL dissector which
simplifies dissector code ("TCP | App | SSL | App" becomes
"TCP | SSL | App").
After this patch, all of the affected dissectors will now be dissected
as SSL with its Application Data being treated as the protocol before
STARTTLS. This was previously not the case because the port was not
registered for dissection via ssl_dissector_add.
The desegmentation issue within the MySQL dissector is now also gone.
Convert some tvb_length[_remaining] users in pop and smtp as well.
Tested against mysql-ssl.pcapng and mysql-ssl-larger.pcapng(*1),
Tested against pop-ssl.pcapng (note: only first stream is decrypted,
either the key after negotiation is wrong or there is a bug),
Tested against smtp-ssl.pcapng and smtp2525-ssl.pcapng (with Decode As)
and smtp-ssl.pcapng with filter "tcp.len>0",
Tested against xmpp-ssl.pcapng,
http://wiki.wireshark.org/SampleCaptures#SSL_with_decryption_keys
*1) mysql-ssl-larger has MySQL dissector errors for the fragmented
SSL packet, but reassembly seems to work. Needs further
investigation.
Bug: 9515
Change-Id: I408ef8ff30d9edc8954dab9b3615900666dfa932
Reviewed-on: https://code.wireshark.org/review/6981
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
From
<http://dev.mysql.com/doc/internals/en/connection-phase-packets.html#packet-Protocol::HandshakeResponse>
(emphasis mine):
Starting with MySQL 5.6.6 the client **may** send attributes if CLIENT_CONNECT_ATTRS is set:
Does this mean that the capability *may* be set, but the list of attributes can be empty?
Issue reported by Peter Wu
Ping-Bug:10351
Change-Id: Ib83c27f4a15341f791c443471d7a3bdbd942aef4
Reviewed-on: https://code.wireshark.org/review/6965
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Ping-Bug: 10346
Change-Id: I1b2bd3e9b1dc01118c48c6e159c9a06d4daa061b
Reviewed-on: https://code.wireshark.org/review/6936
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Merge also mysql_dissect_caps_client and mysql_dissect_caps_server
and rename mysql_dissect_extcaps_client to mysql_dissect_extacps (it will be reused soon)
Ping-Bug: 10346
Change-Id: I6543363a337d7bbfddba6dd699697a257a2cbb49
Reviewed-on: https://code.wireshark.org/review/6935
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Bug: 10351
Ping-Bug: 10346
Change-Id: I730080a0aef293c3c8119f6c762ee246227bd07a
Reviewed-on: https://code.wireshark.org/review/6915
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Daniël van Eeden <wireshark@myname.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Provide a way for Lua-based dissectors to invoke tcp_dissect_pdus()
to make TCP-based dissection easier.
Bug: 9851
Change-Id: I91630ebf1f1fc1964118b6750cc34238e18a8ad3
Reviewed-on: https://code.wireshark.org/review/6778
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Hadriel Kaplan <hadrielk@yahoo.com>
|
|
Fourth batch (packet-mac-lte.c -> packet-rtp.c).
Will look at cleaning up and committing script afterwards.
Change-Id: Id921f07f4b274f0cfb77ce81abe4a285fdb8b644
Reviewed-on: https://code.wireshark.org/review/6023
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
|
|
Specifically:
- Set packet.h to be the first wireshark #include after
config.h and "system" #includes.
packet.h added as an #include in some cases when missing.
- Remove some #includes included (directly/indirectly) in
packet.h. E.g., glib.h.
(Done only for those files including packet.h).
- As needed, move "system" #includes to be after config.h and
before wireshark #includes.
- Rework various #include file specifications for consistency.
- Misc.
Change-Id: Ifaa1a14b50b69fbad38ea4838a49dfe595c54c95
Reviewed-on: https://code.wireshark.org/review/5923
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
|
only one protocol is desired.
Also use proto_get_frame_protocols in main_menubar.c instead of doing it "manually".
Change-Id: Ie7a365c538700f2cebdd1e3d253f2fd9b189f5cf
Reviewed-on: https://code.wireshark.org/review/5851
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
For:
- FT_BYTES: Always use just ENC_NA
- integral/floating (other than FT_[U]INT8): Do ENC_NA --> ENC_BIG_ENDIAN
Also:
- FT_UINT... --> FT_UINT8 in a few cases (to match proto_tree_add_item...)
- Change one case of incorrect '||' to '|'
Change-Id: I427e0e61618ff8faf55691c8a695930f67d455b0
Reviewed-on: https://code.wireshark.org/review/4184
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
|
Change-Id: I2e14328715cd11bc1ce31dad91b1cc5ef4091130
Reviewed-on: https://code.wireshark.org/review/4005
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Change-Id: I5c24f0bf3d756abed0db17bf2ae8ab0dbf695c43
Ping-Bug:10351
Reviewed-on: https://code.wireshark.org/review/4000
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Launch SSL dissector when MySQL switch to SSL
Ping-Bug:9515
Bug:10338
Change-Id: I96487d6d2131db3678f4a24095d702b6cd4ea5b2
Reviewed-on: https://code.wireshark.org/review/3411
Reviewed-by: Daniël van Eeden <wireshark@myname.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I7dfda411ed1d91e9eea43a1eb0cbc70807fedfbb
Reviewed-on: https://code.wireshark.org/review/3451
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
This fixes decoding of authetication data in MySQL 5.6+
It also decodes the charset.
Bug: 10351
Change-Id: Ic76961e94d2e3bf15bc72e279128a5251acfd749
Reviewed-on: https://code.wireshark.org/review/3441
Reviewed-by: Evan Huus <eapache@gmail.com>
Petri-Dish: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
After the MySQL protocol has established a SSL connection the first packet is a HandshakeResponse packet (aka Login Request).
http://dev.mysql.com/doc/internals/en/ssl.html
http://dev.mysql.com/doc/internals/en/connection-phase-packets.html#packet-Protocol::HandshakeResponse
The loginrequest within the SSL stream is not packet_number 1. (it however is the first packet in the ssl stream)
Issue found by Daniël van Eeden
Change-Id: Ic6110c38f7206a9788158c5c6861064939644221
Ping-Bug:10338
Reviewed-on: https://code.wireshark.org/review/3408
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Daniël van Eeden <wireshark@myname.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
MySQL Response packets within an SSL stream are not correctly decoded.
When not using SSL:
- Decoding works
- Multiple MySQL protocol entries per frame
- Info==Response
With SSL:
- Decoding partly works
- One MySQL protocol entry per fram
- Info==Response Tabular
From me:
call dissect_mysql (with tcp_dissect_pdus..) and not dissect_mysql_pdu !
Bug: 10339
Change-Id: I253f6683105ed23b49a72865fea005e31e2594d8
Reviewed-on: https://code.wireshark.org/review/3412
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
This lets us blow up with oversized 64-bit length values, before casting
them to the 31-bit lengths we can actually handle in Wireshark, rather
than blindly casting them with weird results.
Use that in the MySQL dissector, and, if we get past the test, cast the
lengths to int to squelch warnings.
Change-Id: I3a5e9bd0027fa4ddcb9622f77952dba8f6b23c27
Reviewed-on: https://code.wireshark.org/review/3362
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Bug:10294
Signed-off-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: I65ec69821fd562da8f873ae85b1846c79ab400d9
Reviewed-on: https://code.wireshark.org/review/3138
Reviewed-by: Daniël van Eeden <wireshark@myname.nl>
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
Change-Id: I9464e7d188d8e8c027db94c214e692ff233a13fd
Reviewed-on: https://code.wireshark.org/review/3178
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Daniël van Eeden <wireshark@myname.nl>
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
Change-Id: I62d0a26ec1c81efa2ee8dbefcbdb308155f64ad5
Reviewed-on: https://code.wireshark.org/review/3136
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
Change-Id: I887000ac2bb273a0cc0c41709e346e1cf52140d9
Reviewed-on: https://code.wireshark.org/review/3149
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
|
|
Change-Id: I50c1ef94aff4d1067b6561c5a06a397216e49ee2
Reviewed-on: https://code.wireshark.org/review/3148
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
|
|
Change-Id: I862203c9be0cd10c72599609631629bf976a7a22
Reviewed-on: https://code.wireshark.org/review/3137
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
|
|
tvb_length -> tvb_reported_length
tvb_get_string -> tvb_get_string_enc
Change-Id: I98d46b5603e0d840d17968f6c81b33d9bdbb9dea
Reviewed-on: https://code.wireshark.org/review/1687
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
http://dev.mysql.com/doc/internals/en/capability-flags.html
Change-Id: I0aef20fef5346bd24d610444fdbc89cbe720c3c4
Reviewed-on: https://code.wireshark.org/review/1686
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
http://dev.mysql.com/doc/internals/en/status-flags.html
Change-Id: Ic08e2aa449eeb6963c5ebf7e65b5bf39e9da76d9
Reviewed-on: https://code.wireshark.org/review/1685
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
packet-mysql.c(1446) : warning C4244: 'function' : conversion from 'guint64' to 'gint', possible loss of data
Change-Id: Ie0b2e916e0d15287f5a3ededc404b678b45600d8
Reviewed-on: https://code.wireshark.org/review/1525
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Bug 9948.
Change-Id: Ia451bfff571c4da280ccf76b1d5ac9dfcfead78c
Signed-off-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-on: https://code.wireshark.org/review/916
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|