Age | Commit message (Collapse) | Author | Files | Lines |
|
svn path=/trunk/; revision=49259
|
|
was done using textual search+replace, not anything syntax-aware, so presumably
it got most comments as well (except where there were typos).
Use a consistent coding style, and make proper use of the WS_DLL_* defines.
Group the functions appropriately in the header.
I ended up getting rid of most of the explanatory comments since many of them
duplicated what was in the value_string.c file (and were out of sync with the
recent updates I made to those in r48633). Presumably most of the comments
should be in the .h file not the .c file, but there's enough churn ahead that
it's not worth fixing yet.
Part of https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8467
svn path=/trunk/; revision=48634
|
|
be done on flows from one address to another; reassembly for protocols
running atop TCP should be done on flows from one TCP endpoint to
another.
We do this by:
adding "reassembly table" as a data structure;
associating hash tables for both in-progress reassemblies and
completed reassemblies with that data structure (currently, not
all reassemblies use the latter; they might keep completed
reassemblies in the first table);
having functions to create and destroy keys in that table;
offering standard routines for doing address-based and
address-and-port-based flow processing, so that dissectors not
needing their own specialized flow processing can just use them.
This fixes some mis-reassemblies of NIS YPSERV YPALL responses (where
the second YPALL response is processed as if it were a continuation of
a previous response between different endpoints, even though said
response is already reassembled), and also allows the DCE RPC-specific
stuff to be moved out of epan/reassembly.c into the DCE RPC dissector.
svn path=/trunk/; revision=48491
|
|
remove C++ incompatibilities
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8416
svn path=/trunk/; revision=48430
|
|
epan/show_exception.c, as it's used outside
epan/dissectors/packet-frame.c. Update their callers to include
<epan/show_exception.h> to get their declaration.
Add a CATCH_NONFATAL_ERRORS macro that catches all exceptions that, if
there's more stuff in the packet to dissect after the dissector call
that threw the exception, doesn't mean you shouldn't go ahead and
dissect that stuff. Use it in all those cases, including ones where
BoundsError was inappropriately being caught (you want those passed up
to the top level, so that the packet is reported as having been cut
short in the capture process).
Add a CATCH_BOUNDS_ERRORS macro that catches all exceptions that
correspond to running past the end of the data for a tvbuff; use it
rather than explicitly catching those exceptions individually, and
rather than just catching all exceptions (the only place that
DissectorError should be caught, for example, is at the top level, so
dissector bugs show up in the protocol tree).
Don't catch and then immediately rethrow exceptions without doing
anything else; just let the exceptions go up to the final catcher.
Use show_exception() to report non-fatal errors, rather than doing it
yourself.
If a dissector is called from Lua, catch all non-fatal errors and use
show_exception() to report them rather than catching only
ReportedBoundsError and adding a proto_malformed item.
Don't catch exceptions when constructing a trailer tvbuff in
packet-ieee8023.c - just construct it after the payload has been
dissected, and let whatever exceptions that throws be handled at the top
level.
Avoid some TRY/CATCH/ENDTRY cases by using checks such as
tvb_bytes_exist() before even looking in the tvbuff.
svn path=/trunk/; revision=47924
|
|
unused hf[] entries (which I should have done in the first place).
svn path=/trunk/; revision=47390
|
|
svn path=/trunk/; revision=47302
|
|
svn path=/trunk/; revision=45017
|
|
Add new parameter 'data' to heur_dissector_t and new_dissector_t, for now it's always NULL
svn path=/trunk/; revision=44860
|
|
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7683 :
The reassembled fragments tree in the Packet Details view is awesome, but it
lacks one thing: a field that exposes the reassembled data.
tcp.data already exists for exposing a single TCP segment's payload as a byte
array. It would be handy to have something similar for a single application
layer PDU when TCP segment reassembly is involved. I propose
tcp.reassembled.data, named and placed after the already existing field
tcp.reassembled.length.
My primary use case for this feature is outputting tcp.reassembled.data with
tshark for further processing with a script.
The attached patch implements this very feature. Because the reassembled
fragment tree code is general purpose, i.e. not specific to just TCP, any
dissector that relies upon it can add a similar field very cheaply. In that
vein I've also implemented ip.reassembled.data and ipv6.reassembled.data, which
expose reassembled fragment data as a single byte stream for IPv4 and IPv6,
respectively. All other protocols that use the reassembly code have been left
alone, other than inserting NULL into their initializer lists for the newly
introduced struct field reassemble.h:fragment_items.hf_reassembled_data.
svn path=/trunk/; revision=44802
|
|
In r39066 was added 'final check to see if the next SPDU, if present, is also valid',
but it didn't properly check for tvb length which causes exception if there's no next SPDU.
svn path=/trunk/; revision=43763
|
|
(COPYING will be updated in next commit)
svn path=/trunk/; revision=43536
|
|
Integer - decode as bytes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2873
svn path=/trunk/; revision=41395
|
|
Also: remove trailing whitespace for a number of files.
svn path=/trunk/; revision=39503
|
|
(previously missed).
57 FT_BOOLEAN: FALSE-->ENC_BIG_ENDIAN
31 FT_BOOLEAN: TRUE-->ENC_LITTLE_ENDIAN
10 FT_BYTES: ENC_BIG_ENDIAN-->ENC_NA
1 FT_BYTES: ENC_LITTLE_ENDIAN-->ENC_NA
21 FT_BYTES: FALSE-->ENC_NA
2 FT_BYTES: TRUE-->ENC_NA
2 FT_IPXNET: ENC_BIG_ENDIAN-->ENC_NA
6 FT_IPv6: ENC_BIG_ENDIAN-->ENC_NA
1 FT_IPv6: FALSE-->ENC_NA
6 FT_NONE: ENC_BIG_ENDIAN-->ENC_NA
19 FT_NONE: FALSE-->ENC_NA
3 FT_NONE: TRUE-->ENC_NA
1 FT_STRING: ENC_BIG_ENDIAN-->ENC_ASCII|ENC_NA
1 FT_STRING: ENC_LITTLE_ENDIAN-->ENC_ASCII|ENC_NA
5 FT_STRING: FALSE-->ENC_ASCII|ENC_NA
1 FT_STRING: TRUE-->ENC_ASCII|ENC_NA
4 FT_STRINGZ: ENC_NA-->ENC_ASCII|ENC_NA
8 FT_STRINGZ: FALSE-->ENC_ASCII|ENC_NA
1 FT_INT32: FALSE-->ENC_BIG_ENDIAN
1 FT_INT32: TRUE-->ENC_LITTLE_ENDIAN
11 FT_UINT8: 0-->ENC_BIG_ENDIAN
111 FT_UINT8: FALSE-->ENC_BIG_ENDIAN
17 FT_UINT8: TRUE-->ENC_LITTLE_ENDIAN
1 FT_UINT16: 0-->ENC_BIG_ENDIAN
68 FT_UINT16: FALSE-->ENC_BIG_ENDIAN
18 FT_UINT16: TRUE-->ENC_LITTLE_ENDIAN
4 FT_UINT24: FALSE-->ENC_BIG_ENDIAN
70 FT_UINT32: FALSE-->ENC_BIG_ENDIAN
1 FT_UINT32: TRUE-->ENC_LITTLE_ENDIAN
4 FT_UINT64: FALSE-->ENC_BIG_ENDIAN
1 FT_UINT64: TRUE-->ENC_LITTLE_ENDIAN
1 FT_UINT_STRING: FALSE-->ENC_ASCII|ENC_BIG_ENDIAN
svn path=/trunk/; revision=39442
|
|
FT_STRINGZ, FT_UINT_STRING as follows:
1. If there's no character encoding (ENC_ASCII, ...) specified
then use ENC_ASCII.
2. For all but FT_UINT_STRING, always use ENC_NA
(replacing any existing True/1/FALSE/0
/ENC_BIG_ENDIAN/ENC_LITTLE_ENDIAN).
svn path=/trunk/; revision=39426
|
|
non-autogenerated epan/dissectors:
Specifically: Replace FALSE|0 and TRUE|1 by ENC_BIG_ENDIAN|ENC_LITTLE_ENDIAN as
the encoding parameter for proto_tree_add_item() calls which directly reference
an item in hf[] which has a type of:
FT_UINT8
FT_UINT16
FT_UINT24
FT_UINT32
FT_UINT64
FT_INT8
FT_INT16
FT_INT24
FT_INT32
FT_INT64
FT_FLOAT
FT_DOUBLE
svn path=/trunk/; revision=39288
|
|
reference an hf item (in hf[] with types:
FT_NONE
FT_BYTES
FT_IPV6
FT_IPXNET
FT_OID
Note: Encoding field set to ENC_NA only if the field was previously TRUE|FALSE|ENC_LITTLE_ENDIAN|ENC_BIG_ENDIAN
svn path=/trunk/; revision=39260
|
|
A work in progress.
Can be used with the SSL dissector to decrypt Enhanced RDP Security SSL.
With Standard RDP Security (e.g those on Wiki), the PDUs are all encrypted
after the SecurityExchange PDU.
Wiki to be updated with an example SSL protected capture and associated
key material.
svn path=/trunk/; revision=39066
|
|
NULL-return check.
Use val_to_str_const instead of val_to_str() in a couple places where the string
is constant.
Use val_to_str() instead of blindly passing the return value from match_strval()
into a format routine (to ensure a non-NULL string pointer). A couple of these
were cases where it could not actually return NULL, but I changed it for
consistency.
Store the return value of match_strval() rather than calling it repeatedly.
svn path=/trunk/; revision=37204
|
|
svn path=/trunk/; revision=36019
|
|
X.225 7.37.1 states that an end SSDU may or may not contain User Data.
This is a fix for bug 5678.
svn path=/trunk/; revision=36018
|
|
svn path=/trunk/; revision=34426
|
|
svn path=/trunk/; revision=34424
|
|
svn path=/trunk/; revision=32410
|
|
svn path=/trunk/; revision=32367
|
|
svn path=/trunk/; revision=31580
|
|
svn path=/trunk/; revision=31443
|
|
GSSE message dissector.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4370
svn path=/trunk/; revision=31442
|
|
svn path=/trunk/; revision=29446
|
|
svn path=/trunk/; revision=29344
|
|
svn path=/trunk/; revision=29340
|
|
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
|
|
svn path=/trunk/; revision=28634
|
|
Do we need this code for the future?
svn path=/trunk/; revision=26863
|
|
svn path=/trunk/; revision=26648
|
|
When offset parameter is 0 replace tvb_bytes_exist() with the faster tvb_length().
On the other hand
if (tvb_bytes_exist(tvb, 0, 20)
is more readable than
if (tvb_length(tvb) >= 20
so only do it in heuristic function
svn path=/trunk/; revision=23412
|
|
receiving a SES MAJOR SYNC POINT, as this indicates the end of the
COTP DT Data stream. Previous the RTSE dissector was called when
receiving a COTP DT Data fragment with the "last data unit" bit set,
but this does not work with messages fragmented in RTSE. Reassembly
can be turned off in the preferences.
svn path=/trunk/; revision=22176
|
|
svn path=/trunk/; revision=21773
|
|
svn path=/trunk/; revision=19917
|
|
a new more accurate fix for bug #1163. Thanks to Graeme Lunt for pointing out that the first patch broke a different capture with legitimate SES data in it. My patch also corrects the check for number of bytes existing from 4 to 2 as the minimum length of an SES PDU is only 2 bytes: 1 byte type, 1 byte length.
svn path=/trunk/; revision=19886
|
|
Attached is a patch to fix bug #1163: "Dissector bug. ISO8073 COTP
protocol." The SES dissector was incorrectly believing it had PDUs
within the COTP PDUs. I added an additional heuristic check to see if
the length of the SES PDU is 0, then return false since it can't be zero
length.
Thanks,
Steve
svn path=/trunk/; revision=19733
|
|
svn path=/trunk/; revision=18196
|
|
bitstrings
svn path=/trunk/; revision=17726
|
|
Added "Activity Identifier" PI in the OSI Session Protocol dissector.
svn path=/trunk/; revision=16632
|
|
some Siemens SIMATIC protocols also use COTP, and shouldn't be
misinterpreted as SES.
the starter in this case is fixed to 0x32 (SES_MINOR_SYNC_ACK for SES),
so if the following parameter type is unknown, it's probably SIMATIC and not SES
svn path=/trunk/; revision=15966
|
|
Fix a typo.
packet-ber.c
packet-acse.c
packet-cmip.c
- Add OID(s)
packet-ses.c
Fix export of a value string and change names to the ones used in the protocol spec.
Replace PRES dissector with an asn2eth generated one.
svn path=/trunk/; revision=15614
|
|
add a "match_strval_idx()" routine that does the same thing, and have
"match_strval()" call it.
Make those routines, and "val_to_str()", return a "const" pointer.
Update dissectors as necessary to squelch compiler warnings produced by
that.
Use "val_to_str()" rather than using "match_strval()" and then, if the
result is null, substituting a specific string. Clean up some other
"match_strval()"/"val_to_str()" usages.
Add a null pointer check in the NDPS dissector's "attribute_value()"
routine, as it's not clear that "global_attribute_name" won't be null at
that point.
Make some global variables in the AFS4INT dissector local.
Make some routines not used outside the module they're in static.
Make some tables "static const".
Clean up white space.
Fix Gerald's address in some files.
svn path=/trunk/; revision=14786
|
|
invalid parameters
add a message parameter to the show_exception function
svn path=/trunk/; revision=13074
|
|
svn path=/trunk/; revision=12115
|