| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Fifth batch (packet-rtp.c -> end).
Will look at cleaning up and committing script afterwards.
Change-Id: I8ed61dc941d98d3f7259a9d1f74e214eb7b4bfa2
Reviewed-on: https://code.wireshark.org/review/6052
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
|
|
Specifically:
- Set packet.h to be the first wireshark #include after
config.h and "system" #includes.
packet.h added as an #include in some cases when missing.
- Remove some #includes included (directly/indirectly) in
packet.h. E.g., glib.h.
(Done only for those files including packet.h).
- As needed, move "system" #includes to be after config.h and
before wireshark #includes.
- Rework various #include file specifications for consistency.
- Misc.
Change-Id: Ifaa1a14b50b69fbad38ea4838a49dfe595c54c95
Reviewed-on: https://code.wireshark.org/review/5923
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
|
(for some dissectors which fetch all other integral fields using
ENC_BIG_ENDIAN).
Change-Id: Ic18e3172aad76af12b12d6732c88497be22aed56
Reviewed-on: https://code.wireshark.org/review/5748
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
|
Part 3 of many, but this concludes the strict conversion to proto_tree_add_bitmask. Patches to follow with use proto_tree_add_bitmask_xxx (some functions still need to be written)
Change-Id: Ic2435667c6a7f1d40602124e5044954d2a296180
Reviewed-on: https://code.wireshark.org/review/5553
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: Ib160211198ca02f7eacf29d04568628c11f208a5
Reviewed-on: https://code.wireshark.org/review/5407
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
- Create/use extended value-strings;
- Move proto-register...() to (near) the end of the file;
- Add editor modelines and adjust whitespace as needed.
Change-Id: I7ebe6dfd62b3fb190aa1cefc9b35d40f156f11ea
Reviewed-on: https://code.wireshark.org/review/4390
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
|
Create filters (expert and hf_) that have the "most bang for the buck" (ie have many instances for a single filter)
Change-Id: I61995e41c5b298df77e084e65cdf30ebe95da1e6
Reviewed-on: https://code.wireshark.org/review/4086
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
And a few other misc. cleanups while in the neighbourhood.
Change-Id: Ic0d6836dec9c36d31ea244a6adc74d4713565090
Reviewed-on: https://code.wireshark.org/review/4047
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Bug: 10454
Change-Id: Ib381646cad0a039514117735c48b461c9950f705
Reviewed-on: https://code.wireshark.org/review/4033
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
Change-Id: I8d66b1bc7dbdfee3d4bf6fd3b3c21c6323b66f44
Reviewed-on: https://code.wireshark.org/review/2946
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
https://www.wireshark.org/lists/wireshark-dev/201406/msg00131.html
This reverts commit 246fe2ca4c67d8c98caa84e2f57694f6322e2f96.
Change-Id: Ib24bae0198c13a84bd7f731bf4af921212109a8f
Reviewed-on: https://code.wireshark.org/review/2430
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I9209c1271967405c34c1b6fa43e1726a4d3a5a3f
Reviewed-on: https://code.wireshark.org/review/2377
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
tvb_new_subset -> tvb_new_subset_remaining it appears that's what the intention is.
Change-Id: I2334bbf3f10475b3c22391392fc8b6864454de2d
Reviewed-on: https://code.wireshark.org/review/1999
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
(Using sed : sed -i '/^\* \$Id\$/,+1 d') (no space before star)
Change-Id: I318968db2b8512ba1303b5fc5c624c66441658f0
Reviewed-on: https://code.wireshark.org/review/879
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
- Forward declaration of register functions.
svn path=/trunk/; revision=53941
|
|
(https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9470)
I'm not sold on the name or module the proto_data functions live in, but I believe the function arguments are solid and gives us the most flexibility for the future. And search/replace of a function name is easy enough to do.
The big driving force for getting this in sooner rather than later is the saved memory on ethernet packets (and IP packets soon), that used to have file_scope() proto data when all it needed was packet_scope() data (technically packet_info->pool scoped), strictly for Decode As.
All dissectors that use p_add_proto_data() only for Decode As functionality have been converted to using packet_scope(). All other dissectors were converted to using file_scope() which was the original scope for "proto" data.
svn path=/trunk/; revision=53520
|
|
svn path=/trunk/; revision=53194
|
|
variables), I converted the ASN.1 dissectors that use pinfo->private_data to exchange a SESSION_DATA_STRUCTURE to instead only exchange it in the context of ASN.1. This meant converting dissectors to the "new" style to pass the SESSION_DATA_STRUCTURE as well as providing a pointer to it in asn1_ctx_t.private_data. Yes, it's still "private data", but it's not used by all dissectors like pinfo->private data is.
svn path=/trunk/; revision=53090
|
|
svn path=/trunk/; revision=52038
|
|
the same structure.
This is begin of work to split fragment head and fragments items.
svn path=/trunk/; revision=50708
|
|
svn path=/trunk/; revision=49259
|
|
was done using textual search+replace, not anything syntax-aware, so presumably
it got most comments as well (except where there were typos).
Use a consistent coding style, and make proper use of the WS_DLL_* defines.
Group the functions appropriately in the header.
I ended up getting rid of most of the explanatory comments since many of them
duplicated what was in the value_string.c file (and were out of sync with the
recent updates I made to those in r48633). Presumably most of the comments
should be in the .h file not the .c file, but there's enough churn ahead that
it's not worth fixing yet.
Part of https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8467
svn path=/trunk/; revision=48634
|
|
be done on flows from one address to another; reassembly for protocols
running atop TCP should be done on flows from one TCP endpoint to
another.
We do this by:
adding "reassembly table" as a data structure;
associating hash tables for both in-progress reassemblies and
completed reassemblies with that data structure (currently, not
all reassemblies use the latter; they might keep completed
reassemblies in the first table);
having functions to create and destroy keys in that table;
offering standard routines for doing address-based and
address-and-port-based flow processing, so that dissectors not
needing their own specialized flow processing can just use them.
This fixes some mis-reassemblies of NIS YPSERV YPALL responses (where
the second YPALL response is processed as if it were a continuation of
a previous response between different endpoints, even though said
response is already reassembled), and also allows the DCE RPC-specific
stuff to be moved out of epan/reassembly.c into the DCE RPC dissector.
svn path=/trunk/; revision=48491
|
|
remove C++ incompatibilities
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8416
svn path=/trunk/; revision=48430
|
|
epan/show_exception.c, as it's used outside
epan/dissectors/packet-frame.c. Update their callers to include
<epan/show_exception.h> to get their declaration.
Add a CATCH_NONFATAL_ERRORS macro that catches all exceptions that, if
there's more stuff in the packet to dissect after the dissector call
that threw the exception, doesn't mean you shouldn't go ahead and
dissect that stuff. Use it in all those cases, including ones where
BoundsError was inappropriately being caught (you want those passed up
to the top level, so that the packet is reported as having been cut
short in the capture process).
Add a CATCH_BOUNDS_ERRORS macro that catches all exceptions that
correspond to running past the end of the data for a tvbuff; use it
rather than explicitly catching those exceptions individually, and
rather than just catching all exceptions (the only place that
DissectorError should be caught, for example, is at the top level, so
dissector bugs show up in the protocol tree).
Don't catch and then immediately rethrow exceptions without doing
anything else; just let the exceptions go up to the final catcher.
Use show_exception() to report non-fatal errors, rather than doing it
yourself.
If a dissector is called from Lua, catch all non-fatal errors and use
show_exception() to report them rather than catching only
ReportedBoundsError and adding a proto_malformed item.
Don't catch exceptions when constructing a trailer tvbuff in
packet-ieee8023.c - just construct it after the payload has been
dissected, and let whatever exceptions that throws be handled at the top
level.
Avoid some TRY/CATCH/ENDTRY cases by using checks such as
tvb_bytes_exist() before even looking in the tvbuff.
svn path=/trunk/; revision=47924
|
|
unused hf[] entries (which I should have done in the first place).
svn path=/trunk/; revision=47390
|
|
svn path=/trunk/; revision=47302
|
|
svn path=/trunk/; revision=45017
|
|
Add new parameter 'data' to heur_dissector_t and new_dissector_t, for now it's always NULL
svn path=/trunk/; revision=44860
|
|
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7683 :
The reassembled fragments tree in the Packet Details view is awesome, but it
lacks one thing: a field that exposes the reassembled data.
tcp.data already exists for exposing a single TCP segment's payload as a byte
array. It would be handy to have something similar for a single application
layer PDU when TCP segment reassembly is involved. I propose
tcp.reassembled.data, named and placed after the already existing field
tcp.reassembled.length.
My primary use case for this feature is outputting tcp.reassembled.data with
tshark for further processing with a script.
The attached patch implements this very feature. Because the reassembled
fragment tree code is general purpose, i.e. not specific to just TCP, any
dissector that relies upon it can add a similar field very cheaply. In that
vein I've also implemented ip.reassembled.data and ipv6.reassembled.data, which
expose reassembled fragment data as a single byte stream for IPv4 and IPv6,
respectively. All other protocols that use the reassembly code have been left
alone, other than inserting NULL into their initializer lists for the newly
introduced struct field reassemble.h:fragment_items.hf_reassembled_data.
svn path=/trunk/; revision=44802
|
|
In r39066 was added 'final check to see if the next SPDU, if present, is also valid',
but it didn't properly check for tvb length which causes exception if there's no next SPDU.
svn path=/trunk/; revision=43763
|
|
(COPYING will be updated in next commit)
svn path=/trunk/; revision=43536
|
|
Integer - decode as bytes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2873
svn path=/trunk/; revision=41395
|
|
Also: remove trailing whitespace for a number of files.
svn path=/trunk/; revision=39503
|
|
(previously missed).
57 FT_BOOLEAN: FALSE-->ENC_BIG_ENDIAN
31 FT_BOOLEAN: TRUE-->ENC_LITTLE_ENDIAN
10 FT_BYTES: ENC_BIG_ENDIAN-->ENC_NA
1 FT_BYTES: ENC_LITTLE_ENDIAN-->ENC_NA
21 FT_BYTES: FALSE-->ENC_NA
2 FT_BYTES: TRUE-->ENC_NA
2 FT_IPXNET: ENC_BIG_ENDIAN-->ENC_NA
6 FT_IPv6: ENC_BIG_ENDIAN-->ENC_NA
1 FT_IPv6: FALSE-->ENC_NA
6 FT_NONE: ENC_BIG_ENDIAN-->ENC_NA
19 FT_NONE: FALSE-->ENC_NA
3 FT_NONE: TRUE-->ENC_NA
1 FT_STRING: ENC_BIG_ENDIAN-->ENC_ASCII|ENC_NA
1 FT_STRING: ENC_LITTLE_ENDIAN-->ENC_ASCII|ENC_NA
5 FT_STRING: FALSE-->ENC_ASCII|ENC_NA
1 FT_STRING: TRUE-->ENC_ASCII|ENC_NA
4 FT_STRINGZ: ENC_NA-->ENC_ASCII|ENC_NA
8 FT_STRINGZ: FALSE-->ENC_ASCII|ENC_NA
1 FT_INT32: FALSE-->ENC_BIG_ENDIAN
1 FT_INT32: TRUE-->ENC_LITTLE_ENDIAN
11 FT_UINT8: 0-->ENC_BIG_ENDIAN
111 FT_UINT8: FALSE-->ENC_BIG_ENDIAN
17 FT_UINT8: TRUE-->ENC_LITTLE_ENDIAN
1 FT_UINT16: 0-->ENC_BIG_ENDIAN
68 FT_UINT16: FALSE-->ENC_BIG_ENDIAN
18 FT_UINT16: TRUE-->ENC_LITTLE_ENDIAN
4 FT_UINT24: FALSE-->ENC_BIG_ENDIAN
70 FT_UINT32: FALSE-->ENC_BIG_ENDIAN
1 FT_UINT32: TRUE-->ENC_LITTLE_ENDIAN
4 FT_UINT64: FALSE-->ENC_BIG_ENDIAN
1 FT_UINT64: TRUE-->ENC_LITTLE_ENDIAN
1 FT_UINT_STRING: FALSE-->ENC_ASCII|ENC_BIG_ENDIAN
svn path=/trunk/; revision=39442
|
|
FT_STRINGZ, FT_UINT_STRING as follows:
1. If there's no character encoding (ENC_ASCII, ...) specified
then use ENC_ASCII.
2. For all but FT_UINT_STRING, always use ENC_NA
(replacing any existing True/1/FALSE/0
/ENC_BIG_ENDIAN/ENC_LITTLE_ENDIAN).
svn path=/trunk/; revision=39426
|
|
non-autogenerated epan/dissectors:
Specifically: Replace FALSE|0 and TRUE|1 by ENC_BIG_ENDIAN|ENC_LITTLE_ENDIAN as
the encoding parameter for proto_tree_add_item() calls which directly reference
an item in hf[] which has a type of:
FT_UINT8
FT_UINT16
FT_UINT24
FT_UINT32
FT_UINT64
FT_INT8
FT_INT16
FT_INT24
FT_INT32
FT_INT64
FT_FLOAT
FT_DOUBLE
svn path=/trunk/; revision=39288
|
|
reference an hf item (in hf[] with types:
FT_NONE
FT_BYTES
FT_IPV6
FT_IPXNET
FT_OID
Note: Encoding field set to ENC_NA only if the field was previously TRUE|FALSE|ENC_LITTLE_ENDIAN|ENC_BIG_ENDIAN
svn path=/trunk/; revision=39260
|
|
A work in progress.
Can be used with the SSL dissector to decrypt Enhanced RDP Security SSL.
With Standard RDP Security (e.g those on Wiki), the PDUs are all encrypted
after the SecurityExchange PDU.
Wiki to be updated with an example SSL protected capture and associated
key material.
svn path=/trunk/; revision=39066
|
|
NULL-return check.
Use val_to_str_const instead of val_to_str() in a couple places where the string
is constant.
Use val_to_str() instead of blindly passing the return value from match_strval()
into a format routine (to ensure a non-NULL string pointer). A couple of these
were cases where it could not actually return NULL, but I changed it for
consistency.
Store the return value of match_strval() rather than calling it repeatedly.
svn path=/trunk/; revision=37204
|
|
svn path=/trunk/; revision=36019
|
|
X.225 7.37.1 states that an end SSDU may or may not contain User Data.
This is a fix for bug 5678.
svn path=/trunk/; revision=36018
|
|
svn path=/trunk/; revision=34426
|
|
svn path=/trunk/; revision=34424
|
|
svn path=/trunk/; revision=32410
|
|
svn path=/trunk/; revision=32367
|
|
svn path=/trunk/; revision=31580
|
|
svn path=/trunk/; revision=31443
|
|
GSSE message dissector.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4370
svn path=/trunk/; revision=31442
|
|
svn path=/trunk/; revision=29446
|
