Age | Commit message (Collapse) | Author | Files | Lines |
|
Add 8-bit, 16-bit, 24-bit, and 32-bit "fetch signed value" routines, and
use them rather than casting the result of the 8/16/24/32-bit "fetch
unsigned value" routines to a signed type (which, BTW, isn't sufficient
for 24-bit values, so this appears to fix a bug
in epan/dissectors/packet-zbee-zcl.c).
Use numbers rather than sizeof()s in various tvb_get_ routines.
Change-Id: I0e48a57fac9f70fe42de815c3fa915f1592548bd
Reviewed-on: https://code.wireshark.org/review/26844
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: Iac29428b5a6d26896e559f06acf202f03fa8ec90
Reviewed-on: https://code.wireshark.org/review/26366
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
It's not available from cacetech.com any more.
Change-Id: I6627a9102235f07731c55a2fe3cd82adc1899450
Reviewed-on: https://code.wireshark.org/review/23155
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Register all reassembly tables with a central unit, allowing the
central unit to have the callback that initializes and destroys
the reassembly tables, rather than have dissectors do it individually.
Change-Id: Ic92619c06fb5ba6f1c3012f613cae14982e101d4
Reviewed-on: https://code.wireshark.org/review/19834
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This emphasizes that there is no such thing as *the* routine to
construct a subset tvbuff; you need to choose one of
tvb_new_subset_remaining() (if you want a new tvbuff that contains
everything past a certain point in an existing tvbuff),
tvb_new_subset_length() (if you want a subset that contains everything
past a certain point, for some number of bytes, in an existing tvbuff),
and tvb_new_subset_length_caplen() (for all other cases).
Many of the calls to tvb_new_subset_length_caplen() should really be
calling one of the other routines; that's the next step. (This also
makes it easier to find the calls that need fixing.)
Change-Id: Ieb3d676d8cda535451c119487d7cd3b559221f2b
Reviewed-on: https://code.wireshark.org/review/19597
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Mirror it after protocol dissector API.
Change-Id: I7985bcfa9e07654c7cf005efec94efc205d7a304
Reviewed-on: https://code.wireshark.org/review/18496
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
No other flags were verified.
Change-Id: I77e35af8accb83595d3046dc804f0c6a7e1d1000
Reviewed-on: https://code.wireshark.org/review/18295
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
|
|
This saves many dissectors the need to find the data dissector and store a handle to it.
There were also some that were finding it, but not using it.
For others this was the only reason for their handoff function, so it could be eliminated.
Change-Id: I5d3f951ee1daa3d30c060d21bd12bbc881a8027b
Reviewed-on: https://code.wireshark.org/review/14530
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Started by grepping call_dissector_with_data, call_dissector_only and call_dissector and traced the handles passed into them to a find_dissector within the dissector. Then replaced find_dissector with find_dissector_add_dependency and added the protocol id from the dissector.
"data" dissector was not considered to be a dependency.
Change-Id: I15d0d77301306587ef8e7af5876e74231816890d
Reviewed-on: https://code.wireshark.org/review/14509
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I338e7fb60ff62d1d26ca0b32468ada4294d52d8d
Reviewed-on: https://code.wireshark.org/review/13594
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
That removes most of the uses of the frame number field in the
frame_data structure.
Change-Id: Ie22e4533e87f8360d7c0a61ca6ffb796cc233f22
Reviewed-on: https://code.wireshark.org/review/13509
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I725891d40d27ed87963d717c2c69b1288dafd2da
Reviewed-on: https://code.wireshark.org/review/13338
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
That lets us handle pseudo-headers derived from packet data in one
central place.
Change-Id: I25cb7599a8d3c31e5cbcfda94b072557209f5342
Reviewed-on: https://code.wireshark.org/review/13337
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Dissectors that need it should fetch it with
find_dissector_table("wtap_encap").
Change-Id: I4b12888f20182aa529274b934b81d36f7697e1a6
Reviewed-on: https://code.wireshark.org/review/13323
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: Ic4c5c0b86e90dc5f3e5e0a6023e21756fa8015d3
Reviewed-on: https://code.wireshark.org/review/13320
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
If a link-layer header type is one where Wiretap generates a
pseudo-header from the bytes at the beginning of the packet data, we
can't handle it, because we don't have code to process those bytes and
generate a pseudo-header. Punt on it.
Change-Id: I28c585e9d368216411cc841068ce3414f27f2d86
Reviewed-on: https://code.wireshark.org/review/13319
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
The use of a flag field here is aesthetically unpleasing when the flags
are referred to frequently. Convert these into bitfield entries.
Change-Id: I6f47e31558439dfd343ec7f856d04480366a1237
Reviewed-on: https://code.wireshark.org/review/12511
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
While it currently only contains packet_counts, it will hopefully stabilize the capture function signature if more fields are added.
Change-Id: I003552c58043c7c2d67aec458187b12b233057e2
Reviewed-on: https://code.wireshark.org/review/12690
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
These were created from capture dissector functions that had switch statements determine "next" protocol/dissector. The registration decreases the need for function declarations in header files.
Added new capture dissection tables for IP, IPv6, TCP and UDP as that seems like the next logical place to expand
Change-Id: I1ec0cd54eecda4f400669ee5b026bf6e2b46545a
Reviewed-on: https://code.wireshark.org/review/12634
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
They are modeled after dissection dissector tables, but for the moment, don't have/need the flexibility. They are intended to be much simpler/faster than full dissection.
The two most used/needed are "wtap_encap" and "ethertype", so they were the basis of starting to use and test capture dissector table API. Others may be added in the future.
The "capture dissector" function signature needed a bit of tweeking to handling "claiming" of a packet.
The current application of this is capture functions returning TRUE if they affected a "type" of packet count. Returning FALSE ends up considering the packet an "other" type.
Change-Id: I81d06a6ccb2c03665f087258a46b9d78d513d6cd
Reviewed-on: https://code.wireshark.org/review/12607
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
to make sure that it's not used without prior initialisation
Bug: 11876
Change-Id: Ic19279b01dfd7ac4be596b3aeb537e31604e4147
Reviewed-on: https://code.wireshark.org/review/12573
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
|
|
Capture dissectors could be architected like dissection dissectors, with tables and subtables and possibly using tvbs to pass there data instead of raw byte arrays. This is a first step towards that by refactoring capture_info_packet() to work off of a "capture dissector table"
Registering the capture dissection functions instead of calling them directly also clears up a bunch of dissector header files who sole purpose was providing the capture dissection function definition.
Change-Id: I10e9b79e061f32d2572f009823601d4f048d37aa
Reviewed-on: https://code.wireshark.org/review/12581
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Ie39ef054a4a942687bd079f3a4d8c2cc55d5f22c
Reviewed-on: https://code.wireshark.org/review/12485
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I4e01117e0cf0600be75f75336f22d011c4964113
Reviewed-on: https://code.wireshark.org/review/12298
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Also add some expert info and don't stop dissection based on version.
Change-Id: Ia471cb3d517008a486ec9ad8aaf11d06fa55a72d
Reviewed-on: https://code.wireshark.org/review/12082
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
It ends up dragging in libwireshark headers, which programs not linking
with libwireshark shouldn't do. In particular, including
<epan/address.h> causes some functions that refer to libwireshark
functions to be defined if the compiler doesn't handle "static inline"
the way GCC does, and you end up requiring libwireshark even though you
shouldn't require it.
Move plurality() to wsutil/str_util.h, so that non-libwireshark code can
get it without include epan/packet.h. Fix includes as necessary.
Change-Id: Ie4819719da4c2b349f61445112aa419e99b977d3
Reviewed-on: https://code.wireshark.org/review/11545
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
That way, the generic 802.11 radio dissector, and any future taps if we
add a tap with radio information, can get the channel for radiotap and
PPI headers, as we do for some other radio headers that supply just a
frequency.
Change-Id: I9e3037f69938bed3b3ba563689ff00aaed486a16
Reviewed-on: https://code.wireshark.org/review/10821
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
I now read 8.2.4.1.10 "Order field" in 802.11-2012 as saying that, in
management and QoS data frames, the Order bit shouldn't be set for
non-HT, non-VHT frames, so we can just test it for those frame types
without bothering to check the radio metadata to see if the frame is an
HT or VHT frame.
This handles cases where the radio metadata isn't complete, e.g. an HT
frame with a radiotap header but no MCS field.
Handle this for *all* QoS data frames when capturing.
Get rid of the "fixed-length link-layer header" stuff; it's not being
used.
Fix a case where we're appending text to a tree item without a space
separating it from the previous text.
Bug: 11351
Change-Id: I980f5b7509603b0c22c297fddc19434c08817913
Reviewed-on: https://code.wireshark.org/review/10288
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Bug: 11346
Change-Id: I3c80bda24af0c981c75e6d815dd2a1d328e9eb41
Reviewed-on: https://code.wireshark.org/review/9536
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
This patch adds reassembly_table_destroy calls as cleanup function for
dissectors which have a simple init routine that just calls
reassembly_table_init (comments are ignored).
The changes were automatically generated using
https://git.lekensteyn.nl/peter/wireshark-notes/diff/one-off/cleanup-rewrite.py?id=4cc0aec05dc67a51926a045e1955b7a956757b5e
(with the if and assignment parsers disabled).
The only difference from the autogenerated output is that the XXX
comments from the init routines in smb-pipe and tds dissectors are kept.
Change-Id: I64aedf7189877247282b30b0e0f83757be6199e7
Reviewed-on: https://code.wireshark.org/review/9222
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Rather than having a separate "802.11 HT" dissector, just look for the
802.11n (HT) PHY.
(As a side-effect, This also causes PPI HT frames to have the radio
information dissected by the wlan_radio dissector, as is the case with
other 802.11 frames accompanied by radio information.)
Change-Id: I854c42e19481a17767e64a3b92222b09dbaa02dd
Reviewed-on: https://code.wireshark.org/review/9185
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
(Try to keep the same indentation style within a single switch
statement, at least.)
Change-Id: I5b349fd90881d1a1d2be377a291bfceda56476aa
Reviewed-on: https://code.wireshark.org/review/9180
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Have a field that holds the PHY type but nothing else. Have
a union with structures holding PHY-type-specific information, as a
bunch of attributes are PHY-specific.
If we have a channel and band, but don't have the frequency, attempt to
calculate the frequency, and add that to the radio information if we
succeed. If we have the frequency, but don't have the channel, attempt
to calculate the channel, and add that to the radio information if we
succeed.
Handle FHSS information, 11a "half/quarter-clocked" and turbo
information, 11g normal vs. Super G, additional 11n and 11ac
information, and the "short preamble" flag for 11b and 11g.
Add a PHY type for 11 legacy DSSS and detect it if possible.
Clean up the AVS dissector - make all fields wlancap. fields (if you
want generic fields, use the wlan_radio. fields).
Set more fields when writing out Commview Wi-Fi files.
Change-Id: I691ac59f5e9e1a23779b56a65124049914b72e69
Reviewed-on: https://code.wireshark.org/review/9146
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: Ie137e6f4e20fe26b1a4d9510e267896219c1c631
Reviewed-on: https://code.wireshark.org/review/9075
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
The radiotap and PPI specs don't call them type fields, and don't list
them as having type values, they call them flags fields and list the
individual bits.
Listing them as type fields is especially confusing with radiotap, as
you can have multiple fields giving *different* channel types, as per,
for example
https://ask.wireshark.org/questions/42888/multiple-channel-types-and-mcs-missing
where an 802.11ac packet has one "channel type" field claiming it's
802.11a and another one claiming it's 802.11n when it is, in fact,
*neither* 11a *nor* 11n.
If you want to know the channel type, look at the "802.11 radio
information" tree that comes before the 802.11 header tree; it gives a
reasonable summary of most of the radio metadata, giving the *correct*
channel type, and not showing any field multiple times. Look at the
radiotap or PPI or... tree only if either 1) you're debugging a driver
that creates those headers or 2) there's some data in the header that
*doesn't* show up in any form in the 802.11 radio information tree (in
which case the code for radio information probably needs to be changed
to show it).
Change-Id: I545b81b08a993dbb219fa7a4f54daac3637ea071
Reviewed-on: https://code.wireshark.org/review/9051
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Provide that information so that the "802.11 radio information" protocol
can indicate whether a packet was 802.11 legacy/11b/11a/11g/11n/11ac,
and possibly whether it's 2.4 GHz or 5 GHz 11n. (Sometimes the center
frequency might not be supplied, so the band information can be useful.)
Also, provide some 11ac information, now that we can distinguish between
11n and 11ac. Don't calculate the data rate from the MCS index unless
it's 11n; we don't yet have code to calculate it for 11ac.
For radiotap, only provide guard interval information for 11n and 11ac,
not for earlier standards.
Handle the 11ac flag in the Peek remote protocol.
For Peek tagged files, the "extension flags" are 11n/11ac flags, so we
don't have to check for the "MCS used" bit in order to decide that the
packet is 11n or 11ac or to decide whether to provide the "bandwidth" or
"short GI" information.
Change-Id: Ia8a1a9b11a35243ed84eb4e72c384cc77512b098
Reviewed-on: https://code.wireshark.org/review/9032
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Have dissectors of various forms of radio information headers in the
packets fill in a struct ieee_802_11_phdr with radio information as
appropriate, and call the "802.11 radio information" dissector rather
than the raw 802.11 dissector.
This means that the radio information can be found in a
protocol-independent and encapsulation-independent form when you're
looking at the packet; that information can be presented in a form
somewhat easier to read than the raw metadata header format.
It also enables having a single "radio information" tap that allows
statistics to handle all different sorts of radio information
encapsulation.
In addition, it lets us clean up some of the arguments passed to the
common 802.11 dissector routine, by having it pull that information from
the struct ieee_802_11_phdr.
Ensure that the right structure gets passed to that routine, and that
all the appropriate parts of that structure are filled in.
Rename the 802.11 radio protocol to "wlan_radio", rather than just
"radio", as it's 802.11-specific. Give all its fields "wlan_radio."
names rather than "wlan." names.
Change-Id: I78d79afece0ce0cf5fc17293c1e29596413b31c8
Reviewed-on: https://code.wireshark.org/review/8992
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Rather than accessing it through pinfo->pseudo_header, have it passed as
an argument.
This means we no longer tweak the pseudo-header filled in by libwiretap,
but instead construct our own pseudo-header, which is a bit cleaner.
It also opens up the possibility of other dissectors passing radio
information down to the 802.11 dissector, so it can display it in a
better-organized format than the raw metadata headers for
radiotap/PPI/Prism/AVS/etc., and having some of the options for 802.11
dissection (Atheros padding, Centrino stuff, etc.) also passed in
through that pseudo-header so we have fewer arguments to
dissect_ieee80211_common().
Change-Id: I470300a0407ebf029c542f7ca5878593563a70a9
Reviewed-on: https://code.wireshark.org/review/8980
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Add the wireless toolbar to the Qt UI.
Start adding AirPcap support to ui/80211_utils. Add FCS validation
routines to ws80211_utils.
Move a bunch of AirPcap routines that require epan from caputils to
ui/gtk. They were required for driver key management, which we'll
leave to the AirPcap Control Panel in the Qt UI.
Move frequency-utils to wsutil.
Change-Id: I44446758046621d183f5c2ba9f6526bf01e084f1
Reviewed-on: https://code.wireshark.org/review/8910
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Specifically:
- Set packet.h to be the first wireshark #include after
config.h and "system" #includes.
packet.h added as an #include in some cases when missing.
- Remove some #includes included (directly/indirectly) in
packet.h. E.g., glib.h.
(Done only for those files including packet.h).
- As needed, move "system" #includes to be after config.h and
before wireshark #includes.
- Rework various #include file specifications for consistency.
- Misc.
Change-Id: Ifaa1a14b50b69fbad38ea4838a49dfe595c54c95
Reviewed-on: https://code.wireshark.org/review/5923
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
|
Change-Id: I8df48b25de784a48a25f0e48aac1e1545ed92c35
Reviewed-on: https://code.wireshark.org/review/2865
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
https://www.wireshark.org/lists/wireshark-dev/201406/msg00131.html
This reverts commit 246fe2ca4c67d8c98caa84e2f57694f6322e2f96.
Change-Id: Ib24bae0198c13a84bd7f731bf4af921212109a8f
Reviewed-on: https://code.wireshark.org/review/2430
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I9209c1271967405c34c1b6fa43e1726a4d3a5a3f
Reviewed-on: https://code.wireshark.org/review/2377
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Fixed valid bit check for MAUSB EPHandleResp packet. the valid bit
is active low (ie: valid = 0, invalid = 1).
I noticed Some other dissectors also defined an tfs_invalid_valid,
so got rid of their local definitions & added it to epan/tfs.c.
Change-Id: Ifd78325f9c7c046224073fc9b29e0cc60dc5c286
Reviewed-on: https://code.wireshark.org/review/1766
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Look for a dissector for "ppi_fnet" and use it if found, otherwise
just display the fnet tag on the data.
Change-Id: I07009215faa8faad0e6a82468bad33f266778426
Reviewed-on: https://code.wireshark.org/review/778
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
svn path=/trunk/; revision=53971
|
|
pntohs -> pntoh16
pntohl -> pntoh32
pletohs -> pletoh16
pletohl -> pletoh32
phtons -> phton16
phtonl -> phton32
svn path=/trunk/; revision=53652
|
|
svn path=/trunk/; revision=53230
|
|
svn path=/trunk/; revision=53196
|