Age | Commit message (Collapse) | Author | Files | Lines |
|
This patch introduces new APIs to allow dissectors to have a preference for
a (TCP) port, but the underlying data is actually part of Decode As functionality.
For now the APIs are intentionally separate from the regular APIs that register a
dissector within a dissector table. It may be possible to eventually combine the
two so that all dissectors that register with a dissector table have an opportunity
to "automatically" have a preference to adjust the "table value" through the
preferences dialog.
The tcp.port dissector table was used as the guinea pig. This will eventually be
expanded to other dissector tables as well (most notably UDP ports). Some
dissectors that "shared" a TCP/UDP port preference were also converted. It also
removed the need for some preference callback functions (mostly when the callback
function was the proto_reg_handoff function) so there is cleanup around that.
Dissectors that has a port preference whose default was 0 were switched to using
the dissector_add_for_decode_as_with_preference API rather than dissector_add_uint_with_preference
Also added comments for TCP ports used that aren't IANA registered.
Change-Id: I99604f95d426ad345f4b494598d94178b886eb67
Reviewed-on: https://code.wireshark.org/review/17724
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Iafcb721eb6081902dd6b5c3a2258ae5c2ccd95e9
Reviewed-on: https://code.wireshark.org/review/17822
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I92d5dcf0fb50324d5adfcf0759be694b4037b8e3
Reviewed-on: https://code.wireshark.org/review/17028
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I2f7b01e5a71f043e49305d0e2a3e78eaa5eae0a8
Reviewed-on: https://code.wireshark.org/review/16262
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: If084278acfeb82ae7c91aefff9035f156e8f4f15
Reviewed-on: https://code.wireshark.org/review/16079
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Kenny Root <kenny@the-b.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Adds a dissector for the ssh-rsa type of public key where the modulus
and public exponent are extracted out.
Change-Id: I10b1f2d6f41878d9f7ffe5d399b9b7d4f69ad96e
Reviewed-on: https://code.wireshark.org/review/15975
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Adds a framework for hostkey to be printed out separately from the rest
of the key exchange. This will allow for individual key information to
be presented separately in subsequent changes.
Change-Id: I27433772ef1a9e1c45f388809017ed07cf6e41fa
Reviewed-on: https://code.wireshark.org/review/15974
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Each SSH packet was being set to be the remaining length of the frame.
This change sets the packet lengths correctly for each SSH packet.
Change-Id: Id9c2331d875465cd5e6bb788d420e0025f5d496e
Reviewed-on: https://code.wireshark.org/review/15966
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
According to RFC 4253 section 7.3, once the SSH_MSG_NEWKEYS is received
all packets after that will be encrypted using the negotiated keys. This
can happen in the middle of a frame, so account for the offset in the
frame where this happens.
Change-Id: Ibc3b06a4bdfe38ae15b0e65afac6f5d3646cb58d
Reviewed-on: https://code.wireshark.org/review/15965
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
That removes most of the uses of the frame number field in the
frame_data structure.
Change-Id: Ie22e4533e87f8360d7c0a61ca6ffb796cc233f22
Reviewed-on: https://code.wireshark.org/review/13509
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: Ie39ef054a4a942687bd079f3a4d8c2cc55d5f22c
Reviewed-on: https://code.wireshark.org/review/12485
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Ifc8208e1b96e2a3bf297912500a5f252bfa8eed9
Reviewed-on: https://code.wireshark.org/review/12073
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Ibdbdcf59d7d7d28a812e31c7d7b2123b035f80fa
Reviewed-on: https://code.wireshark.org/review/11461
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
|
|
Change-Id: Id335830e70a944dd5c26e66d7515d168725acf3f
Reviewed-on: https://code.wireshark.org/review/11460
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
|
|
The remaining calls seem to fall into 3 categories:
1. passing it to tvb_find_line_end when -1 (for length) will do.
2. duplicating the checking of tvb_reported_length_remaining, which is already in use near the tvb_ensure_length_remaining call.
3. Those that (probably) need tvb_ensure_capture_length_remaining
Change-Id: I1e77695251e055644bcbbb89f3c181c65d1671ca
Reviewed-on: https://code.wireshark.org/review/10268
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Fifth batch (packet-rtp.c -> end).
Will look at cleaning up and committing script afterwards.
Change-Id: I8ed61dc941d98d3f7259a9d1f74e214eb7b4bfa2
Reviewed-on: https://code.wireshark.org/review/6052
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
|
|
Specifically:
- Set packet.h to be the first wireshark #include after
config.h and "system" #includes.
packet.h added as an #include in some cases when missing.
- Remove some #includes included (directly/indirectly) in
packet.h. E.g., glib.h.
(Done only for those files including packet.h).
- As needed, move "system" #includes to be after config.h and
before wireshark #includes.
- Rework various #include file specifications for consistency.
- Misc.
Change-Id: Ifaa1a14b50b69fbad38ea4838a49dfe595c54c95
Reviewed-on: https://code.wireshark.org/review/5923
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
|
(for some dissectors which fetch all other integral fields using
ENC_BIG_ENDIAN).
Change-Id: Ic18e3172aad76af12b12d6732c88497be22aed56
Reviewed-on: https://code.wireshark.org/review/5748
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
|
minor reformatting.
Change-Id: Ie078c826ed38a0d682f61fb3e95450b47a9d2c31
Reviewed-on: https://code.wireshark.org/review/4499
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
|
Change-Id: Ia3bd392b2223cf666828d65a61e069c465d3894a
Reviewed-on: https://code.wireshark.org/review/3536
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
The "Payload" field only makes sense for packets that have unknown
type or are unexpectedly long. For normal traces, it will always be
empty, so hide it.
Note: this length check used to be implicitly performed by
ssh_proto_tree_add_item before 2aa66aa2b2daf0693e405371a5f9037a43896441,
so this just restores the former behaviour.
Change-Id: I948935bce660018377a004c661b829a19eb0a53b
Reviewed-on: https://code.wireshark.org/review/3535
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Change-Id: I8d66b1bc7dbdfee3d4bf6fd3b3c21c6323b66f44
Reviewed-on: https://code.wireshark.org/review/2946
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
tvb_ensure_captured_length_remaining"
See https://www.wireshark.org/lists/wireshark-dev/201406/msg00131.html
This reverts commit 021e7afc9fcba09094d0e2143cc434a34e3b09dc.
Change-Id: I0640eabce5ce8c4ff3a88ebf848b499f8bb8ed2f
Reviewed-on: https://code.wireshark.org/review/2429
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I0228f3b6b7067bc0ce51f9d359f99fd18feb2b66
Reviewed-on: https://code.wireshark.org/review/2378
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I63a3704effe3fcab01a193dc39b6a22e9f1cf3fe
Reviewed-on: https://code.wireshark.org/review/2376
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I6d227ad7a4ddfab9d2cf18a3148700a6bd6dd321
Reviewed-on: https://code.wireshark.org/review/1512
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Also, show the packet length part of the encrypted packet. The length may
be encrypted (typical) or not (-etm modes and GCM mode). When not
encrypted, show as a number.
Bug:10066
Change-Id: I8c3a943b1b527b326b662e71f07ac6157684d5d9
Reviewed-on: https://code.wireshark.org/review/1462
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
Change-Id: I82f841e0ee9e00c69894d8c4c67f581278c87546
Reviewed-on: https://code.wireshark.org/review/1469
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: Ia9ad45ce9196486129897cd616707d622778e9dd
Reviewed-on: https://code.wireshark.org/review/137
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
svn path=/trunk/; revision=53918
|
|
svn path=/trunk/; revision=53230
|
|
- ep_tvb_get_bits() -> wmem_packet_tvb_get_bits()
- tvb_g_memdup()/ep_tvb_memdup() -> tvb_memdup()
- tvb_fake_unicode()/tvb_get_ephemeral_faked_unicode() -> tvb_get_faked_unicode()
- tvb_get_g_string()/tvb_get_ephemeral_string()/tvb_get_seasonal_string() -> tvb_get_string()
- tvb_get_g_unicode_string()/tvb_get_ephemeral_unicode_string() -> tvb_get_unicode_string()
- tvb_get_ephemeral_string_enc() -> tvb_get_string_enc()
- update docs accordingly
svn path=/trunk/; revision=52172
|
|
svn path=/trunk/; revision=52038
|
|
svn path=/trunk/; revision=51852
|
|
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9018 :
This patch enables Wireshark to correctly decode messages specific to the
selected key exchange method by determining and remembering that method.
It's a little incomplete in that it doesn't support the case where
first_kex_packet_follows is true, but then the current implementation
doesn't either.
It also adds/fixes dissection for the plain Diffie-Hellman key exchange and
DH group exchange messages that were broken/missing, completing support for
both of these key exchange methods.
svn path=/trunk/; revision=51197
|
|
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9010 :
This patch fixes a bug where if the client identifies itself first, both of
the protocol version messages are misidentified as encrypted data.
svn path=/trunk/; revision=51151
|
|
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9006 :
Currently, Wireshark only dissects one side's Key Exchange Init message,
which, in particular, means that the encryption, MAC and compression
algorithms it infers are bogus.
This patch fixes that.
From me:
Don't use a macro which confused checkhf (it only saved a small amount of
visible code). Fix up some more white space.
Use macros for a couple array indexes.
svn path=/trunk/; revision=51126
|
|
?\208?\148?\208?\190?\208?\189?\209?\135?\208?\181?\208?\189?\208?\186?\208?\190 via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9004 :
This patch makes the SSH dissector able to display multiple messages in the
Info column. As a side effect, it changes the formatting of some messages to
be more uniform.
I've also removed a dubious chunk of code that hardcodes a 16-byte MAC after
a SSH_MSG_KEX_DH_GEX_REPLY message. There can't be a MAC before key exchange
is over, and in my sample capture, this actually eats the second message that
follows.
From me: some white space cleanup.
svn path=/trunk/; revision=51117
|
|
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8977 :
In SSH, the protocol version message is terminated by CR LF. Wireshark, in the
info column, strips out the LF, but not the CR.
Attaching a patch to rectify that.
Also, as requested, update the contributor's email address in AUTHORS.
svn path=/trunk/; revision=50902
|
|
svn path=/trunk/; revision=49600
|
|
Remove C++ incompatibilities from ssl and ssh files
svn path=/trunk/; revision=48174
|
|
throwing the "packet count" off.
Bug 5064 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5064)
svn path=/trunk/; revision=47723
|
|
I was hoping this would fix bug 5064 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5064), but all it did was fix the malformed part of the dissector.
svn path=/trunk/; revision=47601
|
|
svn path=/trunk/; revision=45017
|
|
svn path=/trunk/; revision=44515
|
|
(COPYING will be updated in next commit)
svn path=/trunk/; revision=43536
|
|
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7319
svn path=/trunk/; revision=42996
|
|
Fix some "assignment discards qualifiers from pointer target type", etc
svn path=/trunk/; revision=41996
|
|
svn path=/trunk/; revision=41556
|