Age | Commit message (Collapse) | Author | Files | Lines |
|
Bug: 11591
Change-Id: I2c76938234da076fd22f77dc0ce04d09a9a0ba6c
Reviewed-on: https://code.wireshark.org/review/11142
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Change-Id: I739262c0d6b8bd961cc75a18e7bdbb794806e2b7
Reviewed-on: https://code.wireshark.org/review/10668
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This simplifies some of the logic required for field formatting.
Change-Id: I2f9a612b18e3e4ca01311683d9cf61cbad9950f4
Reviewed-on: https://code.wireshark.org/review/10649
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
directly instead of the homegrown nds_val.
Change-Id: Ie67892caec2cddee591631045233f8a3f1cc0bc6
Reviewed-on: https://code.wireshark.org/review/10648
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
(TAKE 2)
The "old" method of populating the INFO column was to dissect all fields of a function/subfunction, then do a search in the tree to find the hf_ values of interest to then format into something for the INFO column. This is very expensive and requires "low level" APIs (for tree manipulation) which really shouldn't be used in a dissector.
The "new" method populates the INFO column at the same time a field is parsed, so nothing has to be revisited (and allows for more fields to be displayed on some malformed packets).
There are still expert infos (and possibly column APIs) under if (tree)s, but I'm not sure how FAKE_TREE_IS_VISIBLE factors into that. Removing the FAKE_TREE_IS_VISIBLE seems to negatively affect dissection.
Change-Id: Ie487e851c2f6558dd12f0c7010757b4a5f36226b
Reviewed-on: https://code.wireshark.org/review/10631
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
fly."
This reverts commit 38b6f306a70905be8b29ffaeb75288d315ff9b04.
Change-Id: I6ec83b94811be7699880e9a741c68faaac175bd0
Reviewed-on: https://code.wireshark.org/review/10613
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
The "old" method of populating the INFO column was to dissect all fields of a function/subfunction, then do a search in the tree to find the hf_ values of interest to then format into something for the INFO column. This is very expensive and requires "low level" APIs (for tree manipulation) which really shouldn't be used in a dissector.
The "new" method populates the INFO column at the same time a field is parsed, so nothing has to be revisited.
There are still expert infos (and possibly column APIs) under if (tree)s, but with the FAKE_TREE_IS_VISIBLE "hacks" removed, there should be less fear in removing the tree checks.
Change-Id: I847827395fc28704f468df8bc8b47b297dde8479
Reviewed-on: https://code.wireshark.org/review/10572
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Including:
1. Using ENC_BIG_ENDIAN and ENC_LITTLE_ENDIAN instead of self made macros
2. Creating an "expert info hook" so that fields can be parsed "in real time" and added as expert info instead of searching by field name and manually getting values. Most of the expert info is still under if (tree)s, but this is another step closer to removing all of the "manual labor" done that requires "special handling" of all tree functionality. Once the "manual labor" is removed, this dissector can behave like every other dissector and the if (tree)s can be removed with more abandon.
Change-Id: If2c6a4c723e12e070e68d6df2d492d4b5ac35123
Reviewed-on: https://code.wireshark.org/review/10555
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
The dissector is doing a lot of unnecessary "manual" operations. Start the process of simplifying that to encourage use of general APIs and put control of the "field name" in the hands of the hf_ entry it belongs with.
Change-Id: I5b048c04858ac4a846a276ba12d61c665deb66f8
Reviewed-on: https://code.wireshark.org/review/10547
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
I'm guessing fix-encoding-args.pl doesn't work on packet-ncp2222.inc because the hf_ declarations/definitions aren't in the file itself, so it can't figure out endianness or field type. So to bring the file up to modern coding standards, I did it "manually". In general I think this file has escaped critique because of the "generated" nature of the dissector.
Also removed tvb_ensure_bytes_exist and tvb_get_ptr use as both were superfluous.
Change-Id: I224f0ce15f8eb93c48ecb8eea66d161d98468f23
Reviewed-on: https://code.wireshark.org/review/10502
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Modifications to ncp2222.py
Add absolute time values eptime for file/volume info
Add support for 64 bit File Transfer NCP's (22/54, 22/55, 22/56, 22/57, 22/58, 87/70, 87/71, 87/72, 87/73, 89/41, 123/35)
Fix numerous dissection errors in NWInfo and ExtNWInfo structures
Fix some indention (white space) in source
Modifications to packet-ncp2222.inc
Change seq count rollover value to 16 instead of 255 to make it more robust
Add ncp 87,72 reply
Add ncp 8x20 request
Fix ncp 8x20 reply
Change-Id: I80bdcc5854c02edd4ea51c74aa0bbc9c0e062bc1
Reviewed-on: https://code.wireshark.org/review/10017
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
|
|
Change-Id: I551204d7546c05ab277bbb299a44b4625475d1a0
Reviewed-on: https://code.wireshark.org/review/10501
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I8161423ae270f685c28003eac36adf15be83c5fd
Reviewed-on: https://code.wireshark.org/review/9922
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
And remove the shims themselves!
Change-Id: I511c06eb21eaf68d1dc36bbb9558408807472f9c
Reviewed-on: https://code.wireshark.org/review/9088
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
The variable is assigned values twice successively. Perhaps this is a mistake.
Change-Id: I3b567626c6046be8898db70580e98b339c0c8c2a
Reviewed-on: https://code.wireshark.org/review/8819
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Caught by ASAN (thanks Alexis!)
Change-Id: Ibbe2c405ba1a3ba0d5a5b9ffff9e95282526028b
Reviewed-on: https://code.wireshark.org/review/6652
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Have dfilter_compile() take an additional gchar ** argument, pointing to
a gchar * item that, on error, gets set to point to a g_malloc()ed error
string. That removes one bit of global state from the display filter
parser, and doesn't impose a fixed limit on the error message strings.
Have fvalue_from_string() and fvalue_from_unparsed() take a gchar **
argument, pointer to a gchar * item, rather than an error-reporting
function, and set the gchar * item to point to a g_malloc()ed error
string on an error.
Allow either gchar ** argument to be null; if the argument is null, no
error message is allocated or provided.
Change-Id: Ibd36b8aaa9bf4234aa6efa1e7fb95f7037493b4c
Reviewed-on: https://code.wireshark.org/review/6608
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I65df0c40d771c4854b73fd5c35d1af600f15f324
Reviewed-on: https://code.wireshark.org/review/6445
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Change-Id: Ifcda8328dedec0ef4104c3a124d6246f99493750
Reviewed-on: https://code.wireshark.org/review/6389
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
We do a bunch of conditional logic to fill in the buffer, and then were checking
strlen(buffer) to see if we'd actually filled it in or not, but if we hadn't
then the buffer was garbage and strlen(buffer) was throwing valgrind warnings.
Ensure this works as intended by setting the first byte of the buffer
unconditionally at the beginning, so strlen(buffer) returns 0 as expected in
that case.
Bug: 10628
Change-Id: I6f6c29fbbcb601b6ebccb3a4b312f0fa72c169ae
Reviewed-on: https://code.wireshark.org/review/4924
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
Change-Id: Idc8f8f3177703ce5546b8a472034705cb6070707
Reviewed-on: https://code.wireshark.org/review/4666
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Change-Id: I0b93c4faab52d830b8160d89b9bb8026ab2a216e
Reviewed-on: https://code.wireshark.org/review/4657
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Fixes stack-smashing vuln.
Somehow there was already an XXX in the code about this, but nobody realized at
the time it was worth fixing... really?
Bug: 10552
Change-Id: I849068bd6c45146339444f295b72430d3c6e08f2
Reviewed-on: https://code.wireshark.org/review/4653
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
Change-Id: Ia17e189baed05d8020654e6702a51f51bd384f26
Reviewed-on: https://code.wireshark.org/review/4589
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
The WRETH dissector showed up some garbage in the column display. Upon
further inspection, it turns out that the format string had a trailing
percent sign which caused (unsigned)-1 to be returned by
g_printf_string_upper_bound (in emem_strdup_vprintf). Then ep_alloc is
called with (unsigned)-1 + 1 = 0 memory, no wonder that garbage shows
up. ASAN could not even catch this error because EP is in charge of
this.
So, start adding G_GNUC_PRINTF annotations in each header that uses
the "fmt" or "format" paramters (grepped + awk). This revealed some
other errors. The NCP2222 dissector was missing a format string (not
a security vuln though).
Many dissectors used val_to_str with a constant (but empty) string,
these have been replaced by val_to_str_const. ASN.1 dissectors
were regenerated for this.
Minor: the mate plugin used "%X" instead of "%p" for a pointer type.
The ncp2222 dissector and wimax plugin gained modelines.
Change-Id: I7f3f6a3136116f9b251719830a39a7b21646f622
Reviewed-on: https://code.wireshark.org/review/2881
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
https://www.wireshark.org/lists/wireshark-dev/201406/msg00131.html
This reverts commit 246fe2ca4c67d8c98caa84e2f57694f6322e2f96.
Change-Id: Ib24bae0198c13a84bd7f731bf4af921212109a8f
Reviewed-on: https://code.wireshark.org/review/2430
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I9209c1271967405c34c1b6fa43e1726a4d3a5a3f
Reviewed-on: https://code.wireshark.org/review/2377
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I24fe3cc4a3589dadc4528a77fe7ff13d06b1a983
Reviewed-on: https://code.wireshark.org/review/2245
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I329fd1cec092e425dd0f6c2c1992d278dcdba743
Reviewed-on: https://code.wireshark.org/review/293
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
buffers. Remove two unused functions.
svn path=/trunk/; revision=54250
|
|
obvious that the returned string is ephemeral, and opens up the original names
in the API for versions that take a wmem pool (and thus can work in any scope).
svn path=/trunk/; revision=54249
|
|
svn path=/trunk/; revision=54088
|
|
(https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9470)
I'm not sold on the name or module the proto_data functions live in, but I believe the function arguments are solid and gives us the most flexibility for the future. And search/replace of a function name is easy enough to do.
The big driving force for getting this in sooner rather than later is the saved memory on ethernet packets (and IP packets soon), that used to have file_scope() proto data when all it needed was packet_scope() data (technically packet_info->pool scoped), strictly for Decode As.
All dissectors that use p_add_proto_data() only for Decode As functionality have been converted to using packet_scope(). All other dissectors were converted to using file_scope() which was the original scope for "proto" data.
svn path=/trunk/; revision=53520
|
|
proto_tree_add_time_format_value.
Only proto_tree_add_time_format calls remaining are in packet-ncp2222.inc, which may just need some additional filters.
svn path=/trunk/; revision=52269
|
|
svn path=/trunk/; revision=51852
|
|
svn path=/trunk/; revision=51838
|
|
svn path=/trunk/; revision=51833
|
|
not a Boolean endianness value.
svn path=/trunk/; revision=50803
|
|
the same structure.
This is begin of work to split fragment head and fragments items.
svn path=/trunk/; revision=50708
|
|
(it seems to be working for TCP ^^)
svn path=/trunk/; revision=50580
|
|
This leaves just the Pidl dissectors remaining for removal of check_col() in the dissectors directory. A small handful of check_col() calls remain outside of the dissectors.
svn path=/trunk/; revision=49941
|
|
svn path=/trunk/; revision=49259
|
|
be done on flows from one address to another; reassembly for protocols
running atop TCP should be done on flows from one TCP endpoint to
another.
We do this by:
adding "reassembly table" as a data structure;
associating hash tables for both in-progress reassemblies and
completed reassemblies with that data structure (currently, not
all reassemblies use the latter; they might keep completed
reassemblies in the first table);
having functions to create and destroy keys in that table;
offering standard routines for doing address-based and
address-and-port-based flow processing, so that dissectors not
needing their own specialized flow processing can just use them.
This fixes some mis-reassemblies of NIS YPSERV YPALL responses (where
the second YPALL response is processed as if it were a continuation of
a previous response between different endpoints, even though said
response is already reassembled), and also allows the DCE RPC-specific
stuff to be moved out of epan/reassembly.c into the DCE RPC dissector.
svn path=/trunk/; revision=48491
|
|
remove C++ incompatibilities
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8416
svn path=/trunk/; revision=48384
|
|
svn path=/trunk/; revision=47666
|
|
Cast away some implicit 64-bit-to-32-bit conversion errors due to use of
sizeof.
Cast away some implicit 64-bit-to-32-bit conversion errors due to use of
strtol() and strtoul().
Change some data types to avoid those implicit conversion warnings.
When assigning a constant to a float, make sure the constant isn't a
double, by appending "f" to the constant.
Constify a bunch of variables, parameters, and return values to
eliminate warnings due to strings being given const qualifiers. Cast
away those warnings in some cases where an API we don't control forces
us to do so.
Enable a bunch of additional warnings by default. Note why at least
some of the other warnings aren't enabled.
randpkt.c and text2pcap.c are used to build programs, so they don't need
to be in EXTRA_DIST.
If the user specifies --enable-warnings-as-errors, add -Werror *even if
the user specified --enable-extra-gcc-flags; assume they know what
they're doing and are willing to have the compile fail due to the extra
GCC warnings being treated as errors.
svn path=/trunk/; revision=46748
|
|
svn path=/trunk/; revision=46369
|
|
svn path=/trunk/; revision=45447
|
|
svn path=/trunk/; revision=45178
|