Age | Commit message (Collapse) | Author | Files | Lines |
|
svn path=/trunk/; revision=52591
|
|
- ep_tvb_get_bits() -> wmem_packet_tvb_get_bits()
- tvb_g_memdup()/ep_tvb_memdup() -> tvb_memdup()
- tvb_fake_unicode()/tvb_get_ephemeral_faked_unicode() -> tvb_get_faked_unicode()
- tvb_get_g_string()/tvb_get_ephemeral_string()/tvb_get_seasonal_string() -> tvb_get_string()
- tvb_get_g_unicode_string()/tvb_get_ephemeral_unicode_string() -> tvb_get_unicode_string()
- tvb_get_ephemeral_string_enc() -> tvb_get_string_enc()
- update docs accordingly
svn path=/trunk/; revision=52172
|
|
the same structure.
This is begin of work to split fragment head and fragments items.
svn path=/trunk/; revision=50708
|
|
svn path=/trunk/; revision=50640
|
|
(https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8904) by setting conversation structure (smtp_session_state) to all zeros.
svn path=/trunk/; revision=50472
|
|
svn path=/trunk/; revision=49259
|
|
svn path=/trunk/; revision=49157
|
|
to ensure that the return value of strlen is actually used as the length of the
string.
svn path=/trunk/; revision=49142
|
|
(https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8600)
From Uli Heilmeier
svn path=/trunk/; revision=49140
|
|
from Uli Heilmeier, bug 8600 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8600)
svn path=/trunk/; revision=48961
|
|
(https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8591)
From Uli Heilmeier
The current version of the SMTP dissector expects a 'AUTH LOGIN' mechanism without checking the mechanism.
When some other mechanism (like NTLM or PLAIN) is in use the decoding is wrong. Furthermore it is expected that the username is in a seperate packet. When the username is in the AUTH line the password is shown as smtp.auth.username and the username is not decoded.
svn path=/trunk/; revision=48910
|
|
be done on flows from one address to another; reassembly for protocols
running atop TCP should be done on flows from one TCP endpoint to
another.
We do this by:
adding "reassembly table" as a data structure;
associating hash tables for both in-progress reassemblies and
completed reassemblies with that data structure (currently, not
all reassemblies use the latter; they might keep completed
reassemblies in the first table);
having functions to create and destroy keys in that table;
offering standard routines for doing address-based and
address-and-port-based flow processing, so that dissectors not
needing their own specialized flow processing can just use them.
This fixes some mis-reassemblies of NIS YPSERV YPALL responses (where
the second YPALL response is processed as if it were a continuation of
a previous response between different endpoints, even though said
response is already reassembled), and also allows the DCE RPC-specific
stuff to be moved out of epan/reassembly.c into the DCE RPC dissector.
svn path=/trunk/; revision=48491
|
|
remove C++ incompatibilities
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8416
svn path=/trunk/; revision=48430
|
|
The misspellings were mostly in comments but some were
in text strings visible to the user.
svn path=/trunk/; revision=47899
|
|
Add editor modelines;
Do minor whitespace, long lines, and etc cleanup.
svn path=/trunk/; revision=47211
|
|
Cast away some implicit 64-bit-to-32-bit conversion errors due to use of
sizeof.
Cast away some implicit 64-bit-to-32-bit conversion errors due to use of
strtol() and strtoul().
Change some data types to avoid those implicit conversion warnings.
When assigning a constant to a float, make sure the constant isn't a
double, by appending "f" to the constant.
Constify a bunch of variables, parameters, and return values to
eliminate warnings due to strings being given const qualifiers. Cast
away those warnings in some cases where an API we don't control forces
us to do so.
Enable a bunch of additional warnings by default. Note why at least
some of the other warnings aren't enabled.
randpkt.c and text2pcap.c are used to build programs, so they don't need
to be in EXTRA_DIST.
If the user specifies --enable-warnings-as-errors, add -Werror *even if
the user specified --enable-extra-gcc-flags; assume they know what
they're doing and are willing to have the compile fail due to the extra
GCC warnings being treated as errors.
svn path=/trunk/; revision=46748
|
|
Canaries in the coal mine, since I have a capture handy that I know excercises
both code paths.
svn path=/trunk/; revision=46470
|
|
svn path=/trunk/; revision=46469
|
|
svn path=/trunk/; revision=45017
|
|
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7683 :
The reassembled fragments tree in the Packet Details view is awesome, but it
lacks one thing: a field that exposes the reassembled data.
tcp.data already exists for exposing a single TCP segment's payload as a byte
array. It would be handy to have something similar for a single application
layer PDU when TCP segment reassembly is involved. I propose
tcp.reassembled.data, named and placed after the already existing field
tcp.reassembled.length.
My primary use case for this feature is outputting tcp.reassembled.data with
tshark for further processing with a script.
The attached patch implements this very feature. Because the reassembled
fragment tree code is general purpose, i.e. not specific to just TCP, any
dissector that relies upon it can add a similar field very cheaply. In that
vein I've also implemented ip.reassembled.data and ipv6.reassembled.data, which
expose reassembled fragment data as a single byte stream for IPv4 and IPv6,
respectively. All other protocols that use the reassembly code have been left
alone, other than inserting NULL into their initializer lists for the newly
introduced struct field reassemble.h:fragment_items.hf_reassembled_data.
svn path=/trunk/; revision=44802
|
|
(COPYING will be updated in next commit)
svn path=/trunk/; revision=43536
|
|
Implemented RFC 4954 within the SMTP dissector. On principle, the decryption
is disabled by default (making this feature not obviously present). However I
don't think there will ever be enough data that the performance would be an
issue if the default was changed.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7349
svn path=/trunk/; revision=43197
|
|
Add some filters to the SMTP dissector (proto_tree_add_text() ->
proto_tree_add_item()).
svn path=/trunk/; revision=39550
|
|
Also: remove trailing whitespace for a number of files.
svn path=/trunk/; revision=39503
|
|
FT_STRINGZ, FT_UINT_STRING as follows:
1. If there's no character encoding (ENC_ASCII, ...) specified
then use ENC_ASCII.
2. For all but FT_UINT_STRING, always use ENC_NA
(replacing any existing True/1/FALSE/0
/ENC_BIG_ENDIAN/ENC_LITTLE_ENDIAN).
svn path=/trunk/; revision=39426
|
|
svn path=/trunk/; revision=37470
|
|
(In many cases I previously incorrectly removed the #include <stdlib.h>).
svn path=/trunk/; revision=37334
|
|
Command Pipelining (RFC2920) Rev24989)
Fix Dead Store (Dead assignement/Dead increment) Warning found by Clang
svn path=/trunk/; revision=36763
|
|
svn path=/trunk/; revision=36759
|
|
svn path=/trunk/; revision=35705
|
|
keys to have _uint in their names, to match the routines that handle
dissector tables with string keys. (Using _port can confuse people into
thinking they're intended solely for use with TCP/UDP/etc. ports when,
in fact, they work better for things such as Ethernet types, where the
binding of particular values to particular protocols are a lot
stronger.)
svn path=/trunk/; revision=35224
|
|
list when using "starttls" SSL decryption preference
- make sure the SSL dissector knows how to reach the original dissector for the decrypted data
- make sure the SMTP dissector does not call the SSL dissector again with the decrypted data
svn path=/trunk/; revision=32921
|
|
http://www.wireshark.org/lists/wireshark-dev/200809/msg00075.html
(as referenced in https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2907 ) and
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3411 :
Write a new convenience routine for finding a conversation and, if it is not
found, create it. The frame number and addresses are taken from pinfo (as is
the common case).
Use this function in a bunch of dissectors.
svn path=/trunk/; revision=32790
|
|
specific;
svn path=/trunk/; revision=32270
|
|
reassembly.
svn path=/trunk/; revision=31767
|
|
svn path=/trunk/; revision=31623
|
|
Redirect secure SMTP traffic on non-standard port 465 to the ssl dissector.
svn path=/trunk/; revision=31482
|
|
codes.
svn path=/trunk/; revision=31305
|
|
svn path=/trunk/; revision=29340
|
|
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
|
|
svn path=/trunk/; revision=27953
|
|
1) do more work when tree is NULL, otherwise data desegmentation doesn't work.
2) set desegment_len to DESEGMENT_ONE_MORE_SEGMENT rather than 1 when searching
for end of line.
3) set frame_data->pdu_type for STARTTLS cmd and use se_alloc0 rather than
se_alloc
4) restore pinfo can_desegment to saved_can_desegment or ssl can't desegment
packets.
5) move TLS call before searching for cmd. It doesn't deal with rejected TLS
negotation. Not hard to do but I haven't a capture, it anyone can share one.
svn path=/trunk/; revision=26826
|
|
Add the fragment to the defragmentation sequence if the SMTP dissector
encouters a packet that contains both a DATA fragment and the terminating
\r\n.\r\n sequence.
svn path=/trunk/; revision=26419
|
|
svn path=/trunk/; revision=26308
|
|
svn path=/trunk/; revision=26172
|
|
This fixes bug 2856.
svn path=/trunk/; revision=26159
|
|
Don't initialize a variable that's set (in the handoff registration
routine) before being used.
Now that we're GLib 2.0-only, use g_ascii_isalpha() rather than rolling
our own.
svn path=/trunk/; revision=26157
|
|
svn path=/trunk/; revision=26156
|
|
command, and use that in the parsing loop (that means we don't have to
treat 4-character commands and non-4-character commands separately).
svn path=/trunk/; revision=26155
|
|
svn path=/trunk/; revision=26153
|