Age | Commit message (Collapse) | Author | Files | Lines |
|
This saves many dissectors the need to find the data dissector and store a handle to it.
There were also some that were finding it, but not using it.
For others this was the only reason for their handoff function, so it could be eliminated.
Change-Id: I5d3f951ee1daa3d30c060d21bd12bbc881a8027b
Reviewed-on: https://code.wireshark.org/review/14530
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Started by grepping call_dissector_with_data, call_dissector_only and call_dissector and traced the handles passed into them to a find_dissector within the dissector. Then replaced find_dissector with find_dissector_add_dependency and added the protocol id from the dissector.
"data" dissector was not considered to be a dependency.
Change-Id: I15d0d77301306587ef8e7af5876e74231816890d
Reviewed-on: https://code.wireshark.org/review/14509
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This will make it easier to determine protocol dependencies.
Some LLC OUI dissector tables didn't have an associated protocol, so they were left without one (-1 used)
Change-Id: I6339f16476510ef3f393d6fb5d8946419bfb4b7d
Reviewed-on: https://code.wireshark.org/review/14446
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I69c949821395e3272cbb5bc7c7a142b5482f9d52
Reviewed-on: https://code.wireshark.org/review/14219
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
|
|
Bug: 11933
Change-Id: I7ac03166c4c69a2366da26c44a89aee60116ac7f
Reviewed-on: https://code.wireshark.org/review/13674
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
That removes most of the uses of the frame number field in the
frame_data structure.
Change-Id: Ie22e4533e87f8360d7c0a61ca6ffb796cc233f22
Reviewed-on: https://code.wireshark.org/review/13509
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Add fields for the absolute time stamp (and another field for a presence
flag for the absolute time stamp) and the packet encapsulation for the
packet.
This lets us remove the field for the packet encapsulation in the
frame_data structure; do so.
Change-Id: Ifb910a9a192414e2a53086f3f7b97f39ed36aa39
Reviewed-on: https://code.wireshark.org/review/13499
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I889283902875193f4d3f3fd59788f59f8d9bcc20
Reviewed-on: https://code.wireshark.org/review/11945
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Sometimes it isn't actually an error response but a normal packet with a non-zero status code to indicate a warning or information. This should be handled as a normal case and not break the dissection
Change-Id: I7104608d67cbc7528994bd86812ea5241f1e4460
Signed-off-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-on: https://code.wireshark.org/review/12282
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
DCERPC)
Change-Id: Ie6f28fd749219ddadc53820f94866e91cca297cb
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/11596
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
In response PDUs we may only get a smb2_fid_info_t
via si->saved->file instead of si->file.
Change-Id: I1e1ecdabec6267f4e4ee9246d020fe6e51a13c1d
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/11598
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
we can #include <wsutils/wsgcrypt.h> without doing the check ourselves
Change-Id: I248431bdb6cfa1bd85b794ec04ce1e4fcd3a7d2d
Reviewed-on: https://code.wireshark.org/review/11483
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I0bbbe3f92cf88c3d3d051ad613e237411b828e43
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/11360
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
At least MSVC2010 doesn't like individual initialization of structure members by name.
It did pass Patri-Dish.
Change-Id: I8770a465faf455e2733c7c8015b449871f2acfb0
Reviewed-on: https://code.wireshark.org/review/11406
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I6bae88395f46de0bc4c790ca41914c75e6c98793
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/11359
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This can we used as salt for dcerpc connections over smb2.
The key is that we identify an open by the combination
of session_id, tree_id, persistent file_id and volative file_id.
As some broken implementations make the file_ids only unique
per tree connect.
Change-Id: I85cab68503560840a98d2d8d6c21b447b4242e3c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/11358
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Found when looking at support for HyperV under Samba.
Change-Id: I78d7d0c68c7821c952316beb6fc34cd047d146aa
Reviewed-on: https://code.wireshark.org/review/9803
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
MS-SMB2 section '3.2.5.1.5 Handling Asynchronous Responses' states
"If SMB2_FLAGS_ASYNC_COMMAND is set in the Flags field of the SMB2
header and Status is not STATUS_PENDING, this is a final response
to a request which was processed by the server asynchronously"
This patch delays moving ssi information for a processed request
to the matched hashmap until the request is actually completed.
Without this patch the ssi information for the *final* matching
message id response will not be available (on first pass) so a
subdissector (e.g. MS-WSP) will not have the ssi information available
to it. After this patch the ssi infomation will remain in the 'unmatched'
hashmap until the 'final' response for the request is seen. While
processing the 'final' matching response the ssi will be moved to
the matched hashmap.
Change-Id: Id501179ecb4f967a34c82b07d34dcdcd92537dc3
Bug: 11402
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-on: https://code.wireshark.org/review/9805
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
This changeset is a forward port of Gregors ms-wsp branch from his
repo http://repo.or.cz/w/wireshark-wip.git. Most of the messages of
the MS-WSP protocol are implemented here and as such consists of the
majority of the changes for the dissector.
In addition to the forward porting Gregors work I added some extra bits
1) cater for SMB2 Read Response and Write Request msgs that can also
contain MSWSP messages
2) update property specifications with info extracted from MS-WSP protocol
doc
3) store some basic data about previously seen messages that are needed
for dissecting CPMGetRows request
4) expand/update dissect_CPMSetBindings & parse_CTableColumn routines
5) parse and store CTableColumn & CPMSetBindingsIn structures in conversation
related data for use later.
6) fully dissect/parse SeekDesciption of CPMGetRowsOut
7) dissect CPMGetRows out message specifically the Rows & Columns
8) flesh out the boolean properties of uBooleanOptions field
9) flesh out various other dissectors:
CPMRatioFinished
CPMRestartPosition
CPMCompareBmkIn/CPMCompareBmkOut
CPMGetApproximatePosition
CPMGetSendNotifyOut
FindIndicesIn/Out
FetchValue
Bug: 11321
Change-Id: I68b5c2f3e63874c1dbb271feab89b2b8aa65ac39
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-on: https://code.wireshark.org/review/9440
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
The preferences are still supported for backwards compatibility, but the heuristic_protos file has final say on the "preference" to enable/disable a heuristic dissector.
Also add parameter to heur_dissector_add() for the "default" enable/disable of a heuristic dissector. With this parameter, a few more (presumably weak) heuristic dissectors have been "registered" but of course default to being disabled.
Change-Id: I51bebb2146ef3fbb8418d4f5c7f2cb2b58003a22
Reviewed-on: https://code.wireshark.org/review/9610
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Ic7d713e8593cd0841089f2c26d2c24f2f008cb31
Reviewed-on: https://code.wireshark.org/review/9667
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Ic221bf911f6de9bc94278350e0642143d14f6e82
Reviewed-on: https://code.wireshark.org/review/9662
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
to the SMB2 protocol.
I am submitting this purely so that it is available for others to play with.
Change-Id: I379b9da90731cc61ce38a1fdf21dc7c09d0d114e
Signed-off-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-on: https://code.wireshark.org/review/9496
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This allows better presentation of heuristic dissectors to the end user.
Change-Id: I2ff3985ab914e83c2989880cc0c7b9904045b3f6
Reviewed-on: https://code.wireshark.org/review/9602
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
a capture I have. Also add to small suggested changes.
Change-Id: Iaa031f5e97e94778ea7fa00fab24b7c0dfadd4de
Signed-off-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-on: https://code.wireshark.org/review/9477
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I95dc8743b6db579eb197bd64ab2f26cf43ebc308
Reviewed-on: https://code.wireshark.org/review/9480
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
|
error."
This reverts commit b591f07273f4e055a286ca36b6fda5da99952b5d.
Change-Id: I73e7b6a8ea37b1d5869e785633b74c89d7476b54
Reviewed-on: https://code.wireshark.org/review/9457
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
In value string table "smb2_ioctl_vals[]" of packet-smb2.c
{0x0011C017, "FSCTL_PIPE_TRANSCEIVE" } was placed before
{0x00110018, "FSCTL_PIPE_WAIT"}
which causes "Extended value string 'smb2_ioctl_vals[]' forced to fall back
to linear search: entry , value 0x00110018 < previous entry, value
0x0011C017"
Change-Id: I99afe5aa12c031e90bb0bd4c8e8aadfffad0135d
Reviewed-on: https://code.wireshark.org/review/9449
Reviewed-by: Cal Turney <cturney@charter.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Change-Id: I2d5fd1c640d3ac6fa60d84f2b8080eb7866b2641
Reviewed-on: https://code.wireshark.org/review/9443
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: Iec4fe90d792f745d8c754afc9b18ca6f7a708caa
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-on: https://code.wireshark.org/review/9437
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I9362e0fdc4519ba5f3d656152966e7030f478839
Reviewed-on: https://code.wireshark.org/review/9022
Petri-Dish: Evan Huus <eapache@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
Create "common" SRT tap data collection intended for all GUIs. Refactor/merge functionality of existing dissectors that have SRT support (AFP, DCERPC, Diameter, FC, GTP, LDAP, NCP, RPC, SCIS, SMB, and SMB2) for both TShark and GTK.
SMB and DCERPC "tap packet filtering" were different between TShark and GTK, so I went with GTK filter logic.
CAMEL "tap packet filtering" was different between TShark and GTK, so GTK filtering logic was pushed to the dissector and the TShark tap was left alone.
Change-Id: I7d6eaad0673fe628ef337f9165d7ed94f4a5e1cc
Reviewed-on: https://code.wireshark.org/review/8894
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
the '&&' operator: si && si->saved && si->saved found by PVS Studio (V501)
Change-Id: I9323ee98bd0f4b9b6d8c6921e99d32ad62a5f18f
Reviewed-on: https://code.wireshark.org/review/8791
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
for two uint16 fields and three fields were merged into one as an unknown.
There was also an unnecessary unknown field on the end that caused a
malformed packet exception to occur.
Tested with a capture of a rename.
Bug: 10858
Change-Id: Ibcf22270d2c34605bb47e3a9804b53746597572d
Signed-off-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-on: https://code.wireshark.org/review/7837
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
is based around a GUID. Also add some more FileFs Info strings and one more
FSCTL code.
Change-Id: Ib9e5d5a4ee64cd9b94eb9a54ec7a04a82e4ad00f
Signed-off-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-on: https://code.wireshark.org/review/7817
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Most of our sites are now HTTPS-only. Update URLs accordingly. Update
other URLs while we're at it. Remove or comment out dead links.
Change-Id: I7c4f323e6585d22760bb90bf28fc0faa6b893a33
Reviewed-on: https://code.wireshark.org/review/7621
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
documentation on the MS website and a capture I have.
Still have to dissect FSCTL_GET_INTEGRITY_INFORMATION.
Change-Id: I17ada4daa479810d8d8512c7e7b8798bcb650081
Signed-off-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-on: https://code.wireshark.org/review/7587
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
That eliminates a redundant and confusing data type, and avoids issues
with one piece of code using e_uuid_t but wanting to use routines
expecting an e_guid_t.
Change-Id: I95e172d46d342ab40f6254300ecbd2a0530cde60
Reviewed-on: https://code.wireshark.org/review/7506
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
There is still a little more work to do here, especially we should call the
SCSI dissector for handling SCSI CDBs etc ...
This is a potential fix for bug 10913.
Ping-Bug: 10913.
Change-Id: Ia8ff1a8207bb5b1cd18079086ff8c472ae3f8736
Signed-off-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-on: https://code.wireshark.org/review/7022
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Change-Id: I0a2c7ffa2490196989dce96b659337b4fee92c7e
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/6711
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
It's 2 byte only so we need to use tvb_get_letohs().
Change-Id: Idbab6428f4242abbbff089d7e1d1bf4cc86930b1
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/6710
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Change-Id: Id98d1c7e28d88f6cd50f5ef770eec95e57008458
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/6709
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
guid_to_str now uses wmem allocation.
Change-Id: I8e48d1a720942fbefbaa6227ae0929cb9f856359
Reviewed-on: https://code.wireshark.org/review/6391
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
It was only used by 1 dissector and that dissector can just use bitmasking in the hf_ field.
Change-Id: I99179356dd7cbfab0c7be1512357a7e4c0eecde6
Reviewed-on: https://code.wireshark.org/review/6390
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Fifth batch (packet-rtp.c -> end).
Will look at cleaning up and committing script afterwards.
Change-Id: I8ed61dc941d98d3f7259a9d1f74e214eb7b4bfa2
Reviewed-on: https://code.wireshark.org/review/6052
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
|
|
Specifically:
- Set packet.h to be the first wireshark #include after
config.h and "system" #includes.
packet.h added as an #include in some cases when missing.
- Remove some #includes included (directly/indirectly) in
packet.h. E.g., glib.h.
(Done only for those files including packet.h).
- As needed, move "system" #includes to be after config.h and
before wireshark #includes.
- Rework various #include file specifications for consistency.
- Misc.
Change-Id: Ifaa1a14b50b69fbad38ea4838a49dfe595c54c95
Reviewed-on: https://code.wireshark.org/review/5923
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
|
This allows dissector lists to be looked up by name, so they can be
shared by multiple dissectors.
(This means that there's no "udplite" heuristic dissector list, but
there shouldn't be one - protocols can run atop UDP or UDPLite equally
well, and they share a port namespace and uint dissector table, so they
should share a heuristic dissector table as well.)
Change-Id: Ifb2d2c294938c06d348a159adea7a57db8d770a7
Reviewed-on: https://code.wireshark.org/review/5936
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Part 3 of many, but this concludes the strict conversion to proto_tree_add_bitmask. Patches to follow with use proto_tree_add_bitmask_xxx (some functions still need to be written)
Change-Id: Ic2435667c6a7f1d40602124e5044954d2a296180
Reviewed-on: https://code.wireshark.org/review/5553
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: Ib160211198ca02f7eacf29d04568628c11f208a5
Reviewed-on: https://code.wireshark.org/review/5407
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
A few fields weren't being zeroed and were causing valgrind warnings.
Bug: 10569
Change-Id: I30e1e70c9445376806f385f3578b65bf6e320f8b
Reviewed-on: https://code.wireshark.org/review/4702
Reviewed-by: Evan Huus <eapache@gmail.com>
|