| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Have dissectors register their desire to be part of "color" conversation filters and have the GUI use that registered list. GUI actually using API will come in a separate commit.
Change-Id: I5ffe922d97894fe7bf3182056b76ab5839a9461a
Reviewed-on: https://code.wireshark.org/review/5658
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: If56209f1274245f54100d0acfaf14098c8df4582
Reviewed-on: https://code.wireshark.org/review/5520
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This was changed in g8881f3f in an attempt to avoid throwing an exception when decoding the options field
Bug: 10514
Change-Id: Ia4b49f484d6255090c5a6e425a9716b48ccc4cb5
Reviewed-on: https://code.wireshark.org/review/5495
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
restore it.
Change-Id: I13197cc48068bb35ee12a7023cfe5f76bbc4e264
Reviewed-on: https://code.wireshark.org/review/5486
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
enabled
tcp_analysis::base_seq could be set several times when the
TCP ISN was set to 0, thus inducing some undesired wraps such as 0-1
Bug: 10713
Change-Id: I69a0dfe677e93bf51015bf7a39ebf888631b12a4
Reviewed-on: https://code.wireshark.org/review/5387
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
Change-Id: Ib160211198ca02f7eacf29d04568628c11f208a5
Reviewed-on: https://code.wireshark.org/review/5407
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Bug: 10692
Change-Id: I8d9874a2c0a6b98497d43804bcf27a8c7e152a9b
Reviewed-on: https://code.wireshark.org/review/5275
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Dissectors that need this set break badly when it isn't. Dissectors which don't
need this set will still generally be understandable without it, since e.g.
retransmissions will link to the original packet at the TCP layer, and
presumably the subdissector payload is exactly the same in that case.
Change-Id: I2871c2a90c601637bdfb8cffaa34a7407995c603
Ping-Bug: 10525
Ping-Bug: 10289
Reviewed-on: https://code.wireshark.org/review/4487
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
Change-Id: I4497f1b8b6eab0e576d9dd31b732965f9a6679c6
Reviewed-on: https://code.wireshark.org/review/4124
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
|
Change-Id: I648b365b662bd902e26e0c61f6d3499e8543e504
Reviewed-on: https://code.wireshark.org/review/3935
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
The warning coming after change in g018b84de8
Change-Id: Ia96cdb2993a6283d8de2647c6723ec6b2b0977eb
Reviewed-on: https://code.wireshark.org/review/3752
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
This is very similar in architecture to the changes made to the Conversation table functionality. Since all conversations have endpoints/hostlists, the "registered" list is shared for both.
Change-Id: Ie8c6910a68a1b3f27c5b18c4494f49b9404a7b31
Reviewed-on: https://code.wireshark.org/review/3214
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Add macros to set entries of a vec_t, one for use when you have a
pointer to private data, and one for use when you have data in a tvbuff.
The latter wraps the use of tvb_get_ptr(), so that you're not directly
calling it in a dissector.
Move ip_checksum() to epan/in_cksum.c, and add an ip_checksum_tvb() that
wraps the use of tvb_get_ptr().
In the CARP dissector, give the length variable an unsigned type -
there's no benefit to it being signed, and that requires some casts to
be thrown around.
In the DCCP dissector, check only against the coverage length to see if
we have enough data, combine the "should we check the checksum?" check
with the "*can* we check the checksum?" check in a single if, and throw
a dissector assertion if the source network address type isn't IPv4 or
IPv6.
Get rid of inclues of <epan/in_cksum.h> in dissectors that don't use any
of the Internet checksum routines.
In the HIP dissector, make sure we have the data to calculate the
checksum before doing so.
Change-Id: I2f9674775dbb54c533d33082632809f7d32ec8ae
Reviewed-on: https://code.wireshark.org/review/3517
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Bug: 10336
Change-Id: Ia0dbe3abfade59a1c9714eacd8a854eafa6cf879
Reviewed-on: https://code.wireshark.org/review/3379
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
According to RFC 1323, the window scale shift value must not exceed 14.
Detect this and cap at 14 to prevent undefined behavior (shifting by a
too large value).
Caught by `clang -fsanitize=undefined`.
Change-Id: I1acad252b86c7f23e497575b48d9496346327e00
Reviewed-on: https://code.wireshark.org/review/3312
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
I intentionally left the fields displayed alone (so they don't exactly match Wireshark GUI), because as Guy points out in bug 6310, not sure its A Bug or A Feature. But at least all types of conversations allowed are in sync with Wireshark GUI.
Bug:6310
Change-Id: I722837df510a39dadc1f9a07a99275509516698c
Reviewed-on: https://code.wireshark.org/review/3212
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Refactor (non-GUI) conversation table functionality from gtk/Qt to epan. Also refactor "common GUI" conversation table functionality.
The idea is to not have to modify the GUI when a dissector adds a new "conversation type"
Change-Id: I11f08d0d7edd631218663ba4b902c4a4c849acda
Reviewed-on: https://code.wireshark.org/review/3113
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Change-Id: Ie10ac4f5f04a23344d183e095bbafb23c6409144
Reviewed-on: https://code.wireshark.org/review/2904
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I96b23677f3050e9c62edd49f26d50d8b4addcf58
Reviewed-on: https://code.wireshark.org/review/2784
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
When dissecting with columns TCP dissector spends
around 1/4 time in col_append_fstr(), add col_append_lstr()
and do formatting by ourselves.
Change-Id: If90bc26242761884b4991e8db0db62c8f9e32690
Reviewed-on: https://code.wireshark.org/review/2527
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
subtree
Bug: 10211
Change-Id: Ide37f2a2b33f0d6d7cdff897eed02a8c1ea24f7d
Reviewed-on: https://code.wireshark.org/review/2488
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Hidden fields are deprecated, and we were hiding them inconsistently anyways.
Bug:10211
Change-Id: Iaf1576ae7bc04c0c0bd896c096b117f1b8af2e9e
Reviewed-on: https://code.wireshark.org/review/2474
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
Change-Id: I64af535dc07eb4310b212077bb4c52032e97ecdb
Reviewed-on: https://code.wireshark.org/review/2413
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
|
|
Change-Id: I182f2cccae5a385572950f08fa0a6005dcf59ff1
Reviewed-on: https://code.wireshark.org/review/2409
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
|
|
and will be verified by Jasper next week
Change-Id: I3cda397285e8174abb9c05b7aaf7c1bfabdfc71a
Reviewed-on: https://code.wireshark.org/review/2408
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
|
|
Change-Id: If25bdd594b20b656c345dcfe62765379f5dd9c5e
Reviewed-on: https://code.wireshark.org/review/2392
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
|
|
This (if it works well) will let us do much more accurate out-of-order
detection, which is currently otherwise hardcoded to 3ms. Ask Jörg for details.
Change-Id: Ie0662723946edeaea1e43958bf7f5158f09dde71
Reviewed-on: https://code.wireshark.org/review/2367
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
Change-Id: I02fe9827d8c1618f7dc6696e7d8667681a48d4a9
Reviewed-on: https://code.wireshark.org/review/2355
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Change-Id: Iec83f7e713a3077f1f4569aa86a55a69684b3097
Reviewed-on: https://code.wireshark.org/review/2351
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
|
|
Change-Id: I27656eacb698f8db7bfbe4f5502658c78b03fc13
Reviewed-on: https://code.wireshark.org/review/1890
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I9e37c911865a0e3b13331ec03df05d79749904c5
Reviewed-on: https://code.wireshark.org/review/1811
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I411b16cdb3bc128cb49218080179c43e13f96e99
Reviewed-on: https://code.wireshark.org/review/1723
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
which can be used to call the found heuristic dissector on the next pass.
Introduce call_heur_dissector_direct() to be used to call a heuristic
dissector which accepted the frame on the first pass.
Change-Id: I524edd717b7d92b510bd60acfeea686d5f2b4582
Reviewed-on: https://code.wireshark.org/review/1697
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
destination ports.
Change-Id: I490a716b7991d0d7dfcaecd722a267c77af2e776
Reviewed-on: https://code.wireshark.org/review/1682
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
We have callgrind benchmarks which shows that col_add_fstr() takes
5% of Ir count cause of formatting done in g_vsnprintf().
New col_add_lstr() can be used in few dissectors without much ugliness,
and it should be a little faster.
Change-Id: Ifddd951063dfd3a27c2a7da4dafce9b242c0472c
Reviewed-on: https://code.wireshark.org/review/1629
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
While debugging a network issue, I found incorrect TCP checksums. These
are shown in the packet details, but are not available as column. This
patch adds the "tcp.checksum_calculated" field which is only available
if a checksum can be calculated (i.e., checksumming is enabled and the
full segment is available).
The fields are added separately for each checksum case to make it appear
before "Checksum Bad/Good" and to avoid calculating the expected field
value for the "good" cases.
Change-Id: I36af7894d526382ef636c5fa51e74871212b2909
Reviewed-on: https://code.wireshark.org/review/1627
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
return values):
- tvb_length_remaining() ==> tvb_captured_length_remaining();
- tvb_ensure_length_remaining() ==> tvb_ensure_captured_length_remaining();
- tvb_(captured|reported)_length_remaining() now return 0 instead of -1 if error
and thus MAX(0, ...) is no longer required;
- Rename variable: length_remaining ==> captured_length_remaining;
- tabs ==> spaces (to match editor modelines).
Change-Id: I93b947a0a4cc52ccd2ad21c914abf4c4218b59e6
Reviewed-on: https://code.wireshark.org/review/1610
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
|
Change-Id: I3c54712108978d1bafe2b5da96e6a7d3d41948b5
Reviewed-on: https://code.wireshark.org/review/1535
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
The formatting routine is quite simple so it can be replaced with
g_stpcpy() and still keeping it clean.
Change-Id: Ifbab1dc1140ee271d39bbbfb7586cfda6ded5c54
Reviewed-on: https://code.wireshark.org/review/1517
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
This is more reliable than doing "tree math" and corrects the intention of 5470356154bec50b607e071606f49696429a0c7c which made the incorrect assumption that tcp_dissect_pdus will be called with the tree that is passed into a protocol's main dissection function (directly from TCP).
Change-Id: I6ffc2188420ab74784c7bc2c69aa79ff071c90b6
Reviewed-on: https://code.wireshark.org/review/1214
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Add ep_ to routines that may return ephemeral strings.
Change "get_XXX" to "XXX_to_display" if the routine returns a formatted
string if it can't get a name.
Change-Id: Ia0e82784349752cf4285bf82788316c9588fdd88
Reviewed-on: https://code.wireshark.org/review/1217
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
That way, the right protocol gets shown for exceptions in PDUs after the
one for which dissection failed.
Change-Id: I9f212fe55f19a7a818cd58cd0611683cbb723c0c
Reviewed-on: https://code.wireshark.org/review/1189
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
I coincidentally found a few files with errors, so I thought it might be time to run it on the whole directory again.
Change-Id: Ia32e54b3b1b94e5a418ed758ea79807c8bc7e798
Reviewed-on: https://code.wireshark.org/review/978
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Create a placeholder protocol tree item under which to put the options,
do the analysis of fields from the fixed-length portion of the TCP
header (such as sequence numbers), and then do a straightforward
dissection of the options, throwing an exception if we run past the end
of the options field.
This is a bit simpler, and doesn't add confusing notes about
truncation of the options.
XXX - we're currently not including selective acknowledgments in any of
the SEQ/ACK analysis; should we? That means, of course, that we have to
dissect the options before doing that analysis, and if the options were
cut short by slicing, you lose....
Change-Id: I425a6c83f26512b802267f76739cbf40121b3040
Reviewed-on: https://code.wireshark.org/review/511
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
The OP asked 9169 to be reopened because the capture was spewing ~40GB of output
when dissected with tshark. Investigation showed this was because the HTTP
dissector was requesting ONE_MORE_PACKET reassembly a lot, and TCP was adding
each step as a data-source which was being printed by tshark's hex dump. This
was leading to O(n^2) of output.
To fix, introduce function remove_last_data_source which removes the most recent
data source from the list. If the subdissector in TCP reassembly asks for
ONE_MORE_PACKET, assume it hasn't added any tree items (since it shouldn't have)
and remove the data source since it is unnecessary.
This may break dissectors which add tree items and *then* return
ONE_MORE_PACKET, since they will have their data source removed out from under
them. I believe those cases should be fixed to not add tree items until they're
sure they have enough data.
Change-Id: Iff07f959b8b8bd1acda9bff03f7c8684901ba8aa
Reviewed-on: https://code.wireshark.org/review/38
Reviewed-by: Evan Huus <eapache@gmail.com>
Tested-by: Evan Huus <eapache@gmail.com>
|
|
svn path=/trunk/; revision=54769
|
|
that RST is still an indicator for network errors/problems.
svn path=/trunk/; revision=54709
|
|
Rename the 2nd SCTP Transport tab to "SCTP(PPID)" to make it obvious what it
is.
Fix up casing and code formatting in both SCTP and TCP Decode-As code.
svn path=/trunk/; revision=54391
|
|
svn path=/trunk/; revision=54092
|
