Age | Commit message (Collapse) | Author | Files | Lines |
|
Rename range_foreach_r() to range_foreach(), getting rid of the old
range_foreach().
If your callback doesn't require an additional argument, just pass NULL
when calling range_foreach(), and declare the argument as unused.
Change-Id: I49a56f90610e39cf2ddc398c9e30ed11a6ca90db
Reviewed-on: https://code.wireshark.org/review/23025
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Flows records can span multiple PDUs (e.g when using TCP).
This commit adds the preference to reassemble flows.
Bug: 13915
Change-Id: I10eb0d9ee5ff5cc06ff52d0d0c8c468140e0273b
Reviewed-on: https://code.wireshark.org/review/22792
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
It's not a requirement, but some dissectors didn't provide a static
summary because expert "format" was used.
While at it, fix a misleading expert info description, rename expert
info variables to ei_... and remove an unused hf entry.
Change-Id: Ib81a0d0a3950b3c90954d0053b8dae49dbb0cd51
Reviewed-on: https://code.wireshark.org/review/20567
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
"enterprise-numbers" is converted to tab-separated values and renamed
"enterprises". Unused fields are stripped.
PENs are stored in a hash table loaded at run-time.
User "enterprises" file is loaded from the personal config dir.
Misc make-sminmpec.pl improvements and fixes.
Note: names of type "Entity (formerly ...)" have the formerly part commented out for a cleaner output.
Change-Id: I60c533afbe3e399077fbf432088064471ad3e1e2
Reviewed-on: https://code.wireshark.org/review/22246
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: João Valverde <j@v6e.pt>
|
|
Change-Id: I8578f86f75b1a7278ad71d8671ce4e2dbc4f0c82
Reviewed-on: https://code.wireshark.org/review/22081
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
'cflow.pie.ntop.retransmitted_out_bytes' exists multiple times with NOT compatible types: FT_IPv6 and FT_UINT32
Change-Id: I9caed4c28a5e8322008b4cae4f625a681343a136
Reviewed-on: https://code.wireshark.org/review/21984
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
and fix also some typo
Change-Id: I7892e715af56ebd1abb3fb36110200e2e992e9b1
Reviewed-on: https://code.wireshark.org/review/21901
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
items exported by nProbe.
Change-Id: I476c970d1abb7e1776da01bbdbf74e255387c917
Reviewed-on: https://code.wireshark.org/review/21825
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
It's a little more efficient to use proto_tree_add_item, than
proto_tree_add_xxx, passing it the returned tvb_get_xxx value.
Change-Id: I22ddd7ab36e1ee5aae78fc693d7dbac4b4f802f2
Reviewed-on: https://code.wireshark.org/review/21691
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
-- Elements to be decoded described in IE-doctor format (RFC 7013 section 10)
httprequrl(26866/1)<string>
httprspstatus(26866/2)<unsigned16>{identifier}
sslcertificateissuercommonname(26866/101)<string>
sslcertificatesubjectcommonname(26866/102)<string>
sslcertificateissuer(26866/103)<string>
sslcertificatesubject(26866/104)<string>
sslcertificatevalidnotbefore(26866/105)<string>
sslcertificatevalidnotafter(26866/106)<string>
sslcetificateserialnumber(26866/107)<octetArray>
sslcertificatesignaturealgorithm(26866/108)<octetArray>
sslcertificatesubjectpubalgorithm(26866/109)<octetArray>
sslcertificatesubjectpubkeysize(26866/110)<unsigned16>
sslcertificatesubjectaltname(26866/111)<string>
sslservernameindication(26866/112)<string>
sslserverversion(26866/113)<unsigned16>
sslservercipher(26866/114)<unsigned16>
sslservercompressionmethod(26866/115)<unsigned8>
sslserversessionid(26866/116)<octetArray>
dnsidentifier(26866/201)<unsigned16>{identifier}
dnsopcode(26866/202)<unsigned8>{identifier}
dnsresponsecode(26866/203)<unsigned8>{identifier}
dnsqueryname(26866/204)<string>
dnsresponsename(26866/205)<string>
dnsresponsettl(26866/206)<unsigned32>
dnsresponseipv4address(26866/207)<ipv4Address>
dnsresponseipv6address(26866/208)<ipv6Address>
dnsbits(26866/209)<string>
dnsqdcount(26866/210)<unsigned16>
dnsancount(26866/211)<unsigned16>
dnsnscount(26866/212)<unsigned16>
dnsarcount(26866/213)<unsigned16>
dnsquerytype(26866/214)<unsigned16>
dnsqueryclass(26866/215)<unsigned16>
dnsresponsetype(26866/216)<unsigned16>
dnsresponseclass(26866/217)<unsigned16>
dnsresponserdlength(26866/218)<unsigned16>
dnsresponserdata(26866/219)<string>
dnsauthorityname(26866/220)<string>
dnsauthoritytype(26866/221)<unsigned16>
dnsauthorityclass(26866/222)<unsigned16>
dnsauthorityttl(26866/223)<unsigned32>
dnsauthorityrdlength(26866/224)<unsigned16>
dnsauthorityrdata(26866/225)<string>
dnsadditionalname(26866/226)<string>
dnsadditionaltype(26866/227)<unsigned16>
dnsadditionalclass(26866/228)<unsigned16>
dnsadditionalttl(26866/229)<unsigned32>
dnsadditionalrdlength(26866/230)<unsigned16>
dnsadditionalrdata(26866/231)<string>
Bug: 13688
Change-Id: I4a2472d9bb86d195851edd3a1f5e688ba31dde89
Reviewed-on: https://code.wireshark.org/review/21519
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Treat any prefix length larger than 32 as 32 (effectively not masking
anything) and treat a zero-length prefix as the empty mask (matching
anything).
Change-Id: If96b03c2f76ff7624d50fefdf0b025ab373c07dc
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1152
Bug: 13607
Reviewed-on: https://code.wireshark.org/review/21189
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Add some new encodings for absolute time stamps, and use them as
appropriate; this fixes some cases where the time stamps in question
were being dissected incorrectly.
For the encodings with seconds and 1/2^32s of a second, don't
arbitrarily give only microsecond resolution; 2^32 is greater than 1
million, and, in fact, at least some NTP RFCs explicitly talk about time
resolution greater than 1 microsecond.
Update references in the RELOAD dissector to reflect the documents in
question having been updated and published as RFCs.
Change-Id: Icbe0b696d65eb622978eb71e99ddf699b84e4fca
Reviewed-on: https://code.wireshark.org/review/20759
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I880044c0a91e471c8eb6f98c9ee9aede6877bed2
Ping-Bug: 13497
Reviewed-on: https://code.wireshark.org/review/20734
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
'cflow.transport_rtt' exists multiple times with NOT compatible types: FT_RELATIVE_TIME and FT_UINT32
'cflow.transport_jitter_mean' exists multiple times with NOT compatible types: FT_UINT32 and FT_RELATIVE_TIME
'cflow.transport_jitter_min' exists multiple times with NOT compatible types: FT_UINT32 and FT_RELATIVE_TIME
'cflow.transport_jitter_max' exists multiple times with NOT compatible types: FT_UINT32 and FT_RELATIVE_TIME
Change-Id: I3ee220646412235eb3bce58ce3a7bc0547a5a90d
Reviewed-on: https://code.wireshark.org/review/20735
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Uli Heilmeier <openid@heilmeier.eu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Bug: 13497
Change-Id: Ifa1679c95893268a70f201626d4c534d9bb54bcd
Reviewed-on: https://code.wireshark.org/review/20648
Reviewed-by: Nick Brown <nickbroon@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Many of the register_init_routine/register_cleanup_routine functions
are for initializing and cleaning up a GHashtable.
wmem_map_new_autoreset can do that automatically, so convert many
of the simple cases.
Change-Id: I93e1f435845fd5a5e5286487e9f0092fae052f3e
Reviewed-on: https://code.wireshark.org/review/19912
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This is mostly to address memory leaks in range preferences (the biggest
user of range functionality) on shutdown.
Now range preferences must use epan scoped memory when referencing
internal preference structures to keep consistency.
Change-Id: Idc644f59b5b42fa1d46891542b53ff13ea754157
Reviewed-on: https://code.wireshark.org/review/19387
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Latency
Change-Id: I48c0cb58cd5643ad1c930b668b81cc3cc7270afa
Reviewed-on: https://code.wireshark.org/review/18837
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I6010669b880b772ba4a22f13ba03fe48b438e8b7
Reviewed-on: https://code.wireshark.org/review/18644
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This patch introduces new APIs to allow dissectors to have a preference for
a (TCP) port, but the underlying data is actually part of Decode As functionality.
For now the APIs are intentionally separate from the regular APIs that register a
dissector within a dissector table. It may be possible to eventually combine the
two so that all dissectors that register with a dissector table have an opportunity
to "automatically" have a preference to adjust the "table value" through the
preferences dialog.
The tcp.port dissector table was used as the guinea pig. This will eventually be
expanded to other dissector tables as well (most notably UDP ports). Some
dissectors that "shared" a TCP/UDP port preference were also converted. It also
removed the need for some preference callback functions (mostly when the callback
function was the proto_reg_handoff function) so there is cleanup around that.
Dissectors that has a port preference whose default was 0 were switched to using
the dissector_add_for_decode_as_with_preference API rather than dissector_add_uint_with_preference
Also added comments for TCP ports used that aren't IANA registered.
Change-Id: I99604f95d426ad345f4b494598d94178b886eb67
Reviewed-on: https://code.wireshark.org/review/17724
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Stringify the correct macro so that we print
(default: 60)
instead of
(default: V9TEMPLATE_MAX_FIELDS_DEF)
Change-Id: Ie2068eaf577f6024d4a9b64ef5ce761944f269a2
Reviewed-on: https://code.wireshark.org/review/17998
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Also some other tricks to remove unnecessary tvb_get_string_enc calls.
Change-Id: I2f40d9175b6c0bb0b1364b4089bfaa287edf0914
Reviewed-on: https://code.wireshark.org/review/16158
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Change-Id: I38c2b337bf276f6edc6b5d3f10e47ae81a1610b5
Reviewed-on: https://code.wireshark.org/review/15167
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
That removes most of the uses of the frame number field in the
frame_data structure.
Change-Id: Ie22e4533e87f8360d7c0a61ca6ffb796cc233f22
Reviewed-on: https://code.wireshark.org/review/13509
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change some Netscaler ICA fields to display absolute time and
not epoch timestamp seconds.
Change Process ID field to display decimal number
Change-Id: I57eb8883f4699072df90c0ea351e4bce3313dc0e
Reviewed-on: https://code.wireshark.org/review/13049
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Patch to decode the TCP Flags field (tcpControlBits, ID 6) in Netflow/Ipfix
data to see the used TCP Flags of a flow.
Documentation can be found at http://tools.ietf.org/html/rfc5102#section-5.8.7
and https://www.iana.org/assignments/ipfix/ipfix.xhtml
Unfortunately I can't provide a sanitized pcap.
Change-Id: I1674ff926525124902518fc4b1cebc2d6f38fc6c
Reviewed-on: https://code.wireshark.org/review/12927
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Add support for Barracuda NGFirewall Ipfix Audit. Used documentation
found at https://techlib.barracuda.com/NG61/ConfigAuditReportingIPFIX
The configuration allows to switch between little endian and big
endian for a Ipfix collector. This commit expects big endian encoding.
However it seems that there is a bug in NGFirewall 6.1.1 which
interchanges the encoding (little-endian instead of big endian and vice
versa).
Bug: 11902
Change-Id: I84c497188eadedf6781dce309888242b0dc1592f
Reviewed-on: https://code.wireshark.org/review/12703
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Some of the ASN.1 dissectors still generate a new_create_dissector_handle from the tool itself, so leave those for now.
Change-Id: Ic6e5803b1444d7ac24070949f5fd557909a5641f
Reviewed-on: https://code.wireshark.org/review/12484
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
We actually have to *use* the return value of the method, which the macro did
for us.
Change-Id: I240ca7e526a18054fe39c6c4ded902998dc2fef0
Reviewed-on: https://code.wireshark.org/review/12389
Petri-Dish: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Jim Young <jim.young.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
It ends up dragging in libwireshark headers, which programs not linking
with libwireshark shouldn't do. In particular, including
<epan/address.h> causes some functions that refer to libwireshark
functions to be defined if the compiler doesn't handle "static inline"
the way GCC does, and you end up requiring libwireshark even though you
shouldn't require it.
Move plurality() to wsutil/str_util.h, so that non-libwireshark code can
get it without include epan/packet.h. Fix includes as necessary.
Change-Id: Ie4819719da4c2b349f61445112aa419e99b977d3
Reviewed-on: https://code.wireshark.org/review/11545
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I8bc9af431e70243b05f4f0ce8c2b8ee451383788
Reviewed-on: https://code.wireshark.org/review/11463
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Replace remaining calls to SET_ADDRESS, CMP_ADDRESS, ADDRESSES_EQUAL,
COPY_ADDRESS, and COPY_ADDRESS_SHALLOW with their lower-case
equivalents.
Replace all ADD_ADDRESS_TO_HASH calls with add_address_to_hash.
Change-Id: I4cff857d7a84085abe0bccd52d2605d2a468bf6f
Reviewed-on: https://code.wireshark.org/review/11229
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Replace CMP_ADDRESS, COPY_ADDRESS, et al with their lower-case
equivalents in the asn1 and epan directories.
Change-Id: I4043b0931d4353d60cffbd829e30269eb8d08cf4
Reviewed-on: https://code.wireshark.org/review/11200
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I4f2f90ab87eafda954f6161a319976b56c7c3cf1
Reviewed-on: https://code.wireshark.org/review/11081
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Remove variadic macros restriction (c99, c++11 feature) from
README.developer. GCC, Clang, MSVC 2005 all support it.
Enable -Wno-variadic-macros in configure.ac and CMakeLists.txt when
-Wpedantic is enabled (which would enable -Wvariadic-macros).
For all files matching 'define\s*\w+[0-9]\(', replace "FOO[0-9]" by
"FOO" and adjust the macro definition accordingly. The nbap dissector
was regenerated after adjusting its template and .cnf file. The
generated code is the same since all files disabled the debug macros.
Discussed at:
https://www.wireshark.org/lists/wireshark-dev/201209/msg00142.html
https://www.wireshark.org/lists/wireshark-dev/201510/msg00012.html
Change-Id: I3b2e22487db817cbbaac774a592669a4f44314b2
Reviewed-on: https://code.wireshark.org/review/10781
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: Iaf7cb50e88e81578f79f92a2387c29c71e0e1d9d
Reviewed-on: https://code.wireshark.org/review/9574
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
|
|
This patch moves g_hash_table_destroy calls from the init routine to
the cleanup routine. Besides that, the conditional check for the hash
table has been removed, assuming that init is always paired with a
cleanup call.
If reassembly_table_init is found, a reassembly_table_destroy call is
prepended to the cleanup function as well.
Comments have been removed from the init function as well as these did
not seem to have additional value ("destroy hash table" is clear from
the context).
The changes were automatically generated using
https://git.lekensteyn.nl/peter/wireshark-notes/diff/one-off/cleanup-rewrite.py?id=4d11f07180d9c115eb14bd860e9a47d82d3d1dcd
Manually edited files (for assignment auditing): dvbci, ositp, sccp,
tcp.
Other files that needed special attention due to the use of
register_postseq_cleanup_routine:
- ipx: keep call, do not add another cleanup routine.
- ncp: remove empty mncp_postseq_cleanup. mncp_hash_lookup is used
even if a frame is visited before (see dissect_ncp_common), hence
the hash table cannot be destroyed here. Do it in cleanup instead.
- ndps: add cleanup routine to kill reassembly table, but do not
destroy the hash table as it is already done in ndps_postseq_cleanup.
Change-Id: I95a72b3df2978b2c13fefff6bd6821442193d0ed
Reviewed-on: https://code.wireshark.org/review/9223
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Bug: 11295
Change-Id: Id732dd77609bc453e81703595882b20f68742618
Reviewed-on: https://code.wireshark.org/review/9121
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
|
|
Bug: 11295
Change-Id: I71493e13989dbc29e3e3e7d518d3b6686fbec01a
Reviewed-on: https://code.wireshark.org/review/9063
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
|
|
Change-Id: I714078683cff517c79a15abf29e1ae4a9a60271d
Reviewed-on: https://code.wireshark.org/review/8365
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
This commit adds dissection of Citrix Ntscaler Appflow
templates to Netflow/Ipfix.
The documenation for the templates was found at:
https://raw.githubusercontent.com/splunk/ipfix/master/app/Splunk_TA_IPFIX/bin/IPFIX/information-elements/5951.xml
Due to non-disclosure I can't provide any sample pcap.
Change-Id: I1d34ad4298a51c71986bc8565cc5f3802b0df3c2
Reviewed-on: https://code.wireshark.org/review/7740
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Add a CF_FUNC macro to match VALS, TFS, etc. This should help us to avoid
the following warning:
warning: ISO C forbids initialization between function pointer and 'void *' [-Wpedantic]
We could start adding DIAG_OFF+DIAG_ON everywhere but this seems to be
more consistent with the other macros in proto.h. Update each instance
of BASE_CUSTOM to use CF_FUNC.
Adjust a dummy variable name generated by asn2wrs.py that was triggering
an invalid error in checkhf.pl.
Fix an encoding arguement in packet-elasticsearch.c found by
fix-encoding-args.pl.
Change-Id: Id0e75076c2d71736639d486f47b87bab84e07d22
Reviewed-on: https://code.wireshark.org/review/7150
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Change-Id: I09b2cc3739628b5de706659731e37fa345804254
Reviewed-on: https://code.wireshark.org/review/7043
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
|
|
Including:
Remove dead initializers;
Remove boilerplate comments;
Localize some variables;
tvb_length...() ==> tvb_reported_length...();
Use TRUE/FALSE when assigning a value to a gboolean;
whitespace/indentaion.
Change-Id: I09e1f15611011bbe393d23e1cb54568ddd3cebc6
Reviewed-on: https://code.wireshark.org/review/6771
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
|
Incorrect because of one or both of the following:
- col_...()/expert...() called under 'if (tree)'
- vars set under 'if (tree)' used later (not under 'if (tree)'
as args to col_...()/expert_...()
Change-Id: I89f7d453f2d6eaa40d51cbd794ed2c9be7e549de
Reviewed-on: https://code.wireshark.org/review/6754
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
|
Copy addresses with wmem-scope instead of (forced) seasonal scope. All existing instances were converted to wmem_file_scope, but the flexibility is there for other scopes.
Change-Id: I8e58837b9ef574ec7dd87e278470d7063ae8c1c2
Reviewed-on: https://code.wireshark.org/review/6564
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Idc2c2e02b973f65c6c2f22f2d1bfd8545cd23f63
Reviewed-on: https://code.wireshark.org/review/6554
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
|
|
Change-Id: Iaae40f4a191e458645263c8d7a114392cd063707
Reviewed-on: https://code.wireshark.org/review/6543
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
|
|
Change-Id: I8fc3675f03b7eaec6a9385638197067981762a70
Reviewed-on: https://code.wireshark.org/review/6474
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
|
|
Change-Id: I077bdd6394898a445c00a1e7aec1c4c11b3e9ec2
Reviewed-on: https://code.wireshark.org/review/6450
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
|