Age | Commit message (Collapse) | Author | Files | Lines |
|
Changes several calls of `create_dissector_handle()` to instead call
`register_dissector()` with a name for the dissector.
This should handle all dissectors in `epan/` from `packet-j*` to
`packet-o*`.
This change allows affected dissectors to be findable by calls to
`find_dissector()`. In turn, this opens up more command-line use for
these protocols, including fuzzshark and rawshark, as well as lua use
via `Dissector.get()`.
Where needed, move the call from the protocol handoff function to the
protocol register function, save the result in a static variable,
and use that variable in the handoff function.
There were some calls to `create_dissector_handle()` or
`register_dissector()` which passed `-1` as the protocol argument. When
I saw those I corrected them to pass the actual `proto_foo` identifier
instead.
Partially addresses #5612
|
|
|
|
|
|
|
|
epan/dissectors/packet-netlink-netfilter.c: FT_UINT32: proto_tree_add_item(tree, hf_nfq_hwaddr_addr, tvb, offset, addrlen, [[ENC_BIG_ENDIAN]-->[ENC_NA]]);
(These messages are wrong, this field is FT_ETHER, not FT_UINT32).
|
|
|
|
Instead of passing a pointer to a header_field_info structure,
pass an integer index to the registry.
This allows each dissector to be converted to a more conventional
structure.
|
|
Remove experimental new API.
Fix Netlink dissector to compile with normal proto tree API.
Closes #17774.
|
|
These display bases work to replace unprintable characters so the
name is a misnomer. In addition they are the same option and this
display behaviour is not something that is configurable.
This does not affect encodings because all our internal text strings
need to be valid UTF-8 and the source encoding is specified using
ENC_*.
Remove the assertion for valid UTF-8 in proto.c because
tvb_get_*_string() must return a valid UTF-8 string, always, and we
don't need to assert that, it is expensive.
|
|
Add dissect_netlink_attributes_to_end(), which takes no length argument,
and uses tvb_ensure_reported_length() to get the remaining length in the
packet.
In dissect_netlink_attributes_common(), treat negative lengths as if
they were a positive length >= 2^31, and throw a reported bounds error.
Also, throw a bounds error if there's more padding to a 4-byte boundary
than there is data in the packet.
At that point, we know the length is positive, so assign it to an
unsigned variable and use *that* in the loop. Throw an error if the
attribute goes past the end of the packet (although we presumably would
have done that already).
(We really should eliminate all use of -1 as "to the end", and make
lengths unsigned. We should also get rid of any places where we're
using negative offsets as offsets from the end of the packet - in the
few cases where you're dealing with trailers, you want to do that
carefully, so as not to throw an exception dissecting the trailer before
you get around to dissecting the rest of the packet - and make offsets
unsigned as well.)
|
|
The static arrays are supposed to be arrays of const pointers to int,
not arrays of non-const pointers to const int.
Fixing that means some bugs (scribbling on what's *supposed* to be a
const array) will be caught (see packet-ieee80211-radiotap.c for
examples, the first of which inspired this change and the second of
which was discovered while testing compiles with this change), and
removes the need for some annoying casts.
Also make some of those arrays static while we're at it.
Update documentation and dissector-generator tools.
Change-Id: I789da5fc60aadc15797cefecfd9a9fbe9a130ccc
Reviewed-on: https://code.wireshark.org/review/37517
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
This change fixes the problem of value retrieval being done:
1. without regard for the declared encoding,
2. multiple times, for addition to other tree items.
The first issue can result in two different representations of the
same field. The second is an optimization, and a way to make sure
a consistent interpretation of the protocol field is made.
Change-Id: Id521f4deafe381322195b1eb998138efcaa51f30
Reviewed-on: https://code.wireshark.org/review/35745
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
The underlying netlink dissector sets up a data structure to help maintain
information about the netlink packet. This contains the encoding information
as determined for this packet. Use this value in place of the copy that
every netlink dissector makes in its private data structure.
As a consequence the encoding field can be removed from these private data
structures. Since the encoding field is now directly available from the
data structure setup by the underlying netlink dissector, the private data
structures also do not need to keep a pointer to this underlying netlink
dissector data structure.
This change replaces the use of the local copy of encoding with the
original one. This change, by extension, also removes the encoding field and
the pointer to the underlying netlink dissector data structure as these are
no longer needed. The exception is the generic netlink dissector, which
implements the dynamic netlink famiily subdissector table.
Change-Id: Ida0065379c19ae68caf6d87860828b48766c1998
Reviewed-on: https://code.wireshark.org/review/35698
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
The underlying netlink dissector sets up a data structure to help maintain
information about this netlink packet. It gets passed through the familiy
specific netlink dissectors private data structures to reappear when
support funtions of the underlying netlink dissector are needed. In the
mean time a copy of data (the value 'encoding' to be precise) in this
structure is also maintained in these familiy specific netlink dissectors,
adding to the confusion.
This change is to make the underlying netlink dissector data structure
a normal part of the function interfaces, so that it is present without
being dependant on another private data structure.
This change is a first step towards removing the unnessesary copy of the
encoding value.
Change-Id: I69e78a2b15e58e149e82e89c19e519ef041ee6b1
Reviewed-on: https://code.wireshark.org/review/35688
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Changes consist of:
- Addition of new enum values
- Header file references now point to kernel sources
- Dissection of few more fields
- Fixes to some dissections
Change-Id: I4cda045153ab0971b0b09ce59a7363238fe627ee
Reviewed-on: https://code.wireshark.org/review/35571
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change all wireshark.org URLs to use https.
Fix some broken links while we're at it.
Change-Id: I161bf8eeca43b8027605acea666032da86f5ea1c
Reviewed-on: https://code.wireshark.org/review/34089
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Add ENC_TIME_SECS_NSECS and ENC_TIME_SECS_USECS; they make it more
explicit (especially to those not familiar with UN*X data types) what
the representation is, allow for ENC_TIME_SECS_MSECS etc. if they're
needed, and match names such as ENC_TIME_SECS and ENC_TIME_MSECS.
Change-Id: I6ab36fb4da70563587141cd65ffff8523477b0c4
Reviewed-on: https://code.wireshark.org/review/28564
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I862a7870d335f8b0b57d13e2981a8bb1a02b2726
Reviewed-on: https://code.wireshark.org/review/28563
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
"redefined" to handle the same way as before.
In dissectors using the new API, add all currently used proto_tree_add_xxx
functions to the list of functions that take care of NEW_PROTO_TREE_API changes.
Modify the dissectors that worked around the missing change.
Change-Id: Ib6d6ec2c225d96c98c2a8f507648d7ad4bfb6c68
Reviewed-on: https://code.wireshark.org/review/28002
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
|
|
Change-Id: I92c94448e6641716d03158a5f332c8b53709423a
Reviewed-on: https://code.wireshark.org/review/25756
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Add a trailing NULLs so that we don't read past the end of
hfi_nfct_attr_status_flags and hfi_nfexp_attr_flags_bitfield.
Bug: 14336
Change-Id: I1e96a89f60df2d653c4f3ad63f29cf57eb0224a5
Reviewed-on: https://code.wireshark.org/review/25290
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Add support for the netlink messages used by userspace conntrack
helpers.
Change-Id: I37d3829399834f578a0ab0f08eab99f119445ff5
Reviewed-on: https://code.wireshark.org/review/24695
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Problem seems to stem from handling of enum (and that first value has to be 0)
Change-Id: I4c5d749cc53c73988c54f2aa08e60b7f55779348
Reviewed-on: https://code.wireshark.org/review/21136
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Let subdissectors handle parsing and addition of the Netlink header
instead of doing this before calling subdissectors. After this patch:
- Protocol filters like "netlink-netfilter" can be used to match
packets (previously only a text item was added to the tree).
- Subdissectors have more freedom in modifying the type field, so now
it shows the correct type directly rather than "Message type:
Protocol-specific".
- netfilter: the type fields are now actually linked to a tvb,
previously it was linked to a NULL tvb.
- netfilter: fix unintended rejection of packets (the length should
have been added to the offset, otherwise it would fallback to the
data dissector).
- Now subdissectors will not be called for control messages (so the
netlink-conntrack.pcap sample now shows "Netlink" instead of "Netlink
route" for the "End of dump" control message).
Change-Id: I2ab1bef91fb0080664195b281a6a45c9702914e5
Reviewed-on: https://code.wireshark.org/review/20910
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Always give the netlink data struct to dissect_netlink_attributes() so
we can extract which endianness we should use. This fixes the netlink
dissector on big endian.
Change-Id: Ia485a29035c947908c29a9e30d0aba8d4fc94093
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
Reviewed-on: https://code.wireshark.org/review/17636
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
See net/netfilter/nfnetlink_log.c, that is the only place that sets
NFULA_PACKET_HDR to struct nfulnl_msg_packet_hdr.
Tested with nflog-ebtables.pcapng from SampleCaptures wiki.
Change-Id: I7e21f8f584f3911b3aa7d0d027ff9624886bef73
Reviewed-on: https://code.wireshark.org/review/17191
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
These constants are mostly overlapping, except for NFPROTO_ARP. A manual
study of the Linux v4.7 code shows which fields to use and also reveal
that nflog.family can never be NFPROTO_ARP because (1) bridge traffic
use NFPROTO_BRIDGE and (2) arptables has no ULOG/NFLOG target.
This patch affects how some family fields are displayed but do not
affect subdissector calls.
Change-Id: I7cc73a8dcf73fe68c7ccaaa0f3b329fe484c8bfe
Reviewed-on: https://code.wireshark.org/review/17190
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Based on Linux 4.7 headers, this decodes many interesting fields like
the setname, IP address and more. Many attributes are not fully
dissected, but at least the attribute names are visible now.
Tested with netlink-ipset.pcap, posted on the SampleCaptures wiki.
Change-Id: Ibd430e9d0f177d5f21753ac1206541b4e50329f2
Reviewed-on: https://code.wireshark.org/review/17031
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
NLA types consist of a type and two flags, add new fields for this.
Add a new parameter to restrict the data consumed by the
dissect_netlink_attributes function, this is needed when implementing
nested attributes using another call to this function. This also avoids
adding padding to the payload and matches the comment in
include/uapi/linux/netlink.h (Linux 4.7).
Change-Id: I34dbfa466081b6c6c4580941aff568bd120b4210
Reviewed-on: https://code.wireshark.org/review/17030
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Update fields to Linux 4.7, add dissection for most important NFQUEUE
structures and attributes. The shared Netfilter header is also dissected
here (except when the NFLOG subdissector is called). Based on the source
code of Linux and libnl, it seems that most (all?) fields are big
endian.
Tested with netlink.pcap and netlink-nflog.pcap from the SampleCaptures
wiki page.
Change-Id: I93bb8e528fdd2575acdae31a17b9b62aaa90fdbc
Reviewed-on: https://code.wireshark.org/review/16933
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Started by grepping call_dissector_with_data, call_dissector_only and call_dissector and traced the handles passed into them to a find_dissector within the dissector. Then replaced find_dissector with find_dissector_add_dependency and added the protocol id from the dissector.
"data" dissector was not considered to be a dependency.
Change-Id: I15d0d77301306587ef8e7af5876e74231816890d
Reviewed-on: https://code.wireshark.org/review/14509
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Some of the ASN.1 dissectors still generate a new_create_dissector_handle from the tool itself, so leave those for now.
Change-Id: Ic6e5803b1444d7ac24070949f5fd557909a5641f
Reviewed-on: https://code.wireshark.org/review/12484
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Specifically:
- Set packet.h to be the first wireshark #include after
config.h and "system" #includes.
packet.h added as an #include in some cases when missing.
- Remove some #includes included (directly/indirectly) in
packet.h. E.g., glib.h.
(Done only for those files including packet.h).
- As needed, move "system" #includes to be after config.h and
before wireshark #includes.
- Rework various #include file specifications for consistency.
- Misc.
Change-Id: Ifaa1a14b50b69fbad38ea4838a49dfe595c54c95
Reviewed-on: https://code.wireshark.org/review/5923
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
|
Change-Id: I6e70c933ae61a97377235d67b2f6a1b3d67dc155
Reviewed-on: https://code.wireshark.org/review/4484
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
|
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
- set pinfo->p2p_dir based on portid
- check for nlmsg type in dissect_netlink_sock_diag()
- sock diag support LINUX_AF_INET6, LINUX_AF_PACKET
- naming cleanup
svn path=/trunk/; revision=54073
|
|
- add netlink socket diag,
- dissect socket diag meminfo structures,
- add prototypes.
svn path=/trunk/; revision=54006
|
|
svn/trunk/epan/dissectors/packet-netlink-netfilter.c:164:11: error: variable ‘is_req’ set but not used [-Werror=unused-but-set-variable]
gboolean is_req;
^
cc1: all warnings being treated as errors
svn path=/trunk/; revision=53951
|
|
packet-netlink-netfilter.c:94: warning: 'dissect_netlink_netfilter_queue' defined but not used
svn path=/trunk/; revision=53950
|
|
packet-netlink-netfilter.c:93: warning: unused parameter 'tvb'
svn path=/trunk/; revision=53947
|
|
svn path=/trunk/; revision=53943
|