Age | Commit message (Collapse) | Author | Files | Lines |
|
Cope with a space between colon and start of options value.
When there are no constraining modifiers, let match for
next content or pcre field start from beginning of payload
again.
Change-Id: Ie1267a0a38143cbe9f0444945f78708bbefaa270
Reviewed-on: https://code.wireshark.org/review/22365
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
|
|
- search for content fields taking into account length of last match
- handle absolute path to file file inclusion not using $RULE_PATH
- parse longer tokens (saw emerging-threats rule with enormous pcre)
- content offset is relative to start of frame, *not* previous content match
- show content modifiers 'rawbytes' and 'http_user_agent'
Change-Id: I0a4e0b857c8049380ed6aa47e4a3d3649e84d4ad
Reviewed-on: https://code.wireshark.org/review/22211
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Use WTAP_MAX_PACKET_SIZE_STANDARD, set to 256KB, for everything except
for D-Bus captures. Use WTAP_MAX_PACKET_SIZE_DBUS, set to 128MB, for
them, because that's the largest possible D-Bus message size. See
https://bugs.freedesktop.org/show_bug.cgi?id=100220
for an example of the problems caused by limiting the snapshot length to
256KB for D-Bus.
Have a snapshot length of 0 in a capture_file structure mean "there is
no snapshot length for the file"; we don't need the has_snap field in
that case, a value of 0 mean "no, we don't have a snapshot length".
In dumpcap, start out with a pipe buffer size of 2KB, and grow it as
necessary. When checking for a too-big packet from a pipe, check
against the appropriate maximum - 128MB for DLT_DBUS, 256KB for
everything else.
Change-Id: Ib2ce7a0cf37b971fbc0318024fd011e18add8b20
Reviewed-on: https://code.wireshark.org/review/21952
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Doesn't seem to make a difference at the moment, but ask
for it regardless.
Change-Id: I94ff4f1321b2b2f2cde23f3281a6b79fd7048009
Reviewed-on: https://code.wireshark.org/review/21436
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: Iad529ddf85b315452adc26a2d1b4c609ac2aaa00
Reviewed-on: https://code.wireshark.org/review/21389
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
Change-Id: I4772c9c46b7a79a7139229bcb43ee6c84109a26b
Reviewed-on: https://code.wireshark.org/review/21289
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This is a breaking change.
prefs_register_filename_preference hasn't been differentiating
between files to be saved and ones to be opened.
On GTK, a neutral dialog is used, so no problems there.
On Qt, a save dialog has been always used, even in dissectors that
were reading configuration files without modification.
prefs_register_filename_preference now takes an argument to indicate
whether UI could be a save dialog with a warning on overwriting
a file, or whether it's a general purpose open file dialog.
Qt now does this. Previously no warning was shown on overwriting a file,
so it may be used for opening files too without irritating the user.
This has been changed, as non-destructive reads should now use
the open dialog.
Dissectors were changed accordingly.
Change-Id: I9087fefa5ee7ca58de0775d4fe2c0fdcfa3a3018
Reviewed-on: https://code.wireshark.org/review/21086
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Change-Id: I5df8cb794b7b76b708448ae4b74b7481bdd8faff
Reviewed-on: https://code.wireshark.org/review/21097
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
|
|
Add a "report a warning message" routine to the "report_err" code in
libwsutil, and rename files and routines appropriately, as they don't
only handle errors any more.
Have a routine read_enabled_and_disabled_protos() that reads all the
files that enable or disable protocols or heuristic dissectors, enables
and disables them based on the contents of those files, and reports
errors itself (as warnings) using the new "report a warning message"
routine. Fix that error reporting to report separately on the disabled
protocols, enabled protocols, and heuristic dissectors files.
Have a routine to set up the enabled and disabled protocols and
heuristic dissectors from the command-line arguments, so it's done the
same way in all programs.
If we try to enable or disable an unknown heuristic dissector via a
command-line argument, report an error.
Update a bunch of comments.
Update the name of disabled_protos_cleanup(), as it cleans up
information for disabled *and* enabled protocols and for heuristic
dissectors.
Support the command-line flags to enable and disable protocols and
heuristic dissectors in tfshark.
Change-Id: I9b8bd29947cccdf6dc34a0540b5509ef941391df
Reviewed-on: https://code.wireshark.org/review/20966
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I3a00cf5dbcc0ee83a31f95ac74759cbc0aaa0e89
Reviewed-on: https://code.wireshark.org/review/20962
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Tested-by: Michael Mann <mmann78@netscape.net>
|
|
packet-snort.c: In function snort_dissector:
packet-snort.c:882: error: converted_content_length may be used
uninitialized in this function
packet-snort.c:882: note: converted_content_length was declared here
packet-snort.c:880: error: content_offset may be used uninitialized in
this function
packet-snort.c:880: note: content_offset was declared here
Change-Id: I8fb990492f31fc4ce942244005f547f3b3c9bba3
Reviewed-on: https://code.wireshark.org/review/20335
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: Ie08bc1f3139ebe5564365e662f89257ad8d5b129
Reviewed-on: https://code.wireshark.org/review/20177
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
|
|
Change-Id: Ia29d451857995b186c88193c9722ae156eb3f66d
Reviewed-on: https://code.wireshark.org/review/19729
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I5fd3b0cc6f19c4c873aaaae8c9e257a8b53a8419
Reviewed-on: https://code.wireshark.org/review/19489
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
|
|
Replace the individual field assignment with struct assignement to
- Reduce code (only single line, but he),
- (Hopefully) show Coverity this is as intended.
Change-Id: I9400b6e38f86acf57018ee7993e66d5b06d1c39c
Reviewed-on: https://code.wireshark.org/review/19434
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Use Analyze -> Enabled Protocol dialog interface. Added support
for backwards compatibility of preference.
Change-Id: I32b3fce9d18083d9324197e3fd7ddc7eb888d1fb
Reviewed-on: https://code.wireshark.org/review/19422
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
They don't work on Windows, and we support Windows, so....
Change-Id: Icdbdfcfd930ae13aba6d8fb018d7e2af55b76fa1
Reviewed-on: https://code.wireshark.org/review/18943
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: Idf63210ce33d92ac8619fe3295bd3e6c0bb304a9
Reviewed-on: https://code.wireshark.org/review/18941
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
|
|
This dissector allows Snort to process all of the
packets passed to Wireshark, and for the alerts to
be shown in the protocol tree. It is also possible
to set the source of alerts to be packet comments.
Change-Id: I6e0a50d3418001cbac2d185639adda2553a40de8
Reviewed-on: https://code.wireshark.org/review/18848
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
|