Age | Commit message (Collapse) | Author | Files | Lines |
|
This allows taps that can fail to report an error and fail; a failed
tap's packet routine won't be called again, so they don't have to keep
track of whether they've failed themselves.
We make the return value from the packet routine an enum.
Don't have a separate type for the per-packet routine for "follow" taps;
they're expected to act like tap packet routines, so just use the type
for tap packet routines.
One tap packet routine returned -1; that's not a valid return value, and
wasn't one before this change (the return value was a boolean), so
presume the intent was "don't redraw".
Another tap routine's early return, without doing any work, returned
TRUE; this is presumably an error (no work done, no need to redraw), so
presumably it should be "don't redraw".
Clean up some white space while we're at it.
Change-Id: Ia7d2b717b2cace4b13c2b886e699aa4d79cc82c8
Reviewed-on: https://code.wireshark.org/review/31283
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Make the time stamp precision a 4-bit bitfield, so, when combined with
the other bitfields, we have 32 bits. That means we put the flags at
the same structure level as the time stamp precision, so they can be
combined; that gets rid of an extra "flags." for references to the flags.
Put the two pointers next to each other, and after a multiple of 8 bytes
worth of other fields, so that there's no padding before or between them.
It's still not down to 64 bytes, which is the next lower power of 2, so
there's more work to do.
Change-Id: I6f3e9d9f6f48137bbee8f100c152d2c42adb8fbe
Reviewed-on: https://code.wireshark.org/review/31213
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I58c1b20304aabcff144667cfbbcc774010fc2a16
Reviewed-on: https://code.wireshark.org/review/31148
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
OoO reassembly assumed that the stream starts with the first data
segment, but this can already be OoO. Use the hint from SYN instead.
The test capture is based on a local capture, post-processed with scapy
to introduce an OoO condition and fixup the frame time.
Bug: 15078
Change-Id: Id0e312bb3d0e7c7f8f1b243a2be9f15c9851c501
Fixes: v2.9.0rc0-1097-gca42331437 ("tcp: add support for reassembling out-of-order segments")
Reviewed-on: https://code.wireshark.org/review/29305
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
- removed mptcp.duplicated_dsn in favor of mptcp.reinjection_of/mptcp.reinjected_in
reinjected_in lists the packets where the DSN was later reinjected in.
reinjection_of lists the packets in which this DSN was already transmitted.
- There was a bug where the max_edge property of the interval tree was not
correctly updated. Right now wireshark gives a dsn for every TCP frame (even
empty packets).
- Now displays mappings only for packets with data (seglen > 0).
- Renamed dsn_map to dsn2packet_map and mappings to ssn2dsn_mappings.
- precises the complexity of enabling certain MPTCP options so that the user
better understand their impact on processing speed.
Change-Id: I24adc3161021b7f6a084763a74dc580f1c1f2c2e
Reviewed-on: https://code.wireshark.org/review/28326
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
In the Qt Follow TCP Stream dialog with the ASCII mode, sometimes
selecting the first few bytes would wrongly select a packet with a
higher frame number.
This happens because Qt iterates through the list of payloads, then
stores appends the payload data and maps the new cursor position to the
packet number. If the payload data was empty, then it would overwrite
previous cursor positions.
To fix this, do not add records for empty TCP payloads.
Bug: 14898
Change-Id: I598d73899b56eac3d2a022f108bf097bdd363b5c
Reviewed-on: https://code.wireshark.org/review/28613
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
When two segments overlap each other, previously the second segment
would wrongly be appended to the first one while it should only append a
subset from the end of the second segment. (It is assumed that the very
first segment is received in time such that an extension on both the
left and right side of the previous stream is not possible.)
Make sure that "frag_follow_record->data" uses a subset (starting at the
end of the previous stream) instead of the full tvb contents. While at
it, add some documentation and restructure the logic to avoid code
duplication and unnecessary memory allocations.
(From bug 9882:) Tested with hao123-com_packet-injection-filtered.pcap,
it now ignores the new overlapping data. Likewise for overlap-2.pcap.
Tested with retransmission_with_additional_payload.pcapng (bug 13700).
Unfortunately, there is no extra expert info to warn about the
non-matching overlapping segment data, but that is a separate issue.
Bug: 13700
Change-Id: I74a941199d75b23b5d297e4dd534680ae610627d
Reviewed-on: https://code.wireshark.org/review/28597
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Restore the direction for the first check_follow_fragments call to match
the situation before commit 57acc227f0 (which broke other things, so its
logic was reimplemented in commit v2.3.0rc0-1449-g66fa31415f ("tcp: Fix
Follow TCP tap data and when its tapped.")).
Ensure that the ACK value is checked before processing the sequence
number and payload for the current flow.
Bug: 14944
Change-Id: If8947d7732683a4943f405eb72b1a8526a35a6dc
Fixes: v2.1.0rc0-1339-g57acc227f0 ("KISS the Follow TCP functionality.")
Reviewed-on: https://code.wireshark.org/review/28612
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
To improve readability, do not repeat "follow_record" a dozen times.
No functional change.
Change-Id: I854434974a94d69d4591ad1bc3acf911073b0923
Reviewed-on: https://code.wireshark.org/review/28596
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Reverse the payload chunks list to achieve a running time of O(n) rather
than O(n²) for insertion of all chunks. Executing a RelWithDebInfo+ASAN
build with `tshark -r chargen-session.pcapng.gz -qz follow,tcp,hex,0`
previously took 11m5s to complete, but now finishes in 16 seconds.
Tested using a capture file with 152k TCP packets (from bug 11777).
Backport note: must update ui/gtk/follow_stream.c too.
Change-Id: Icf70d45f33d4399e53209fb6199d3809608c8d99
Reviewed-on: https://code.wireshark.org/review/28595
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Currently out-of-order segments will result in cutting a stream into
two pieces while the out-of-order segment itself is ignored. For
example, a stream of segments "ABDCE" is interpreted as "AB", "DE" with
"C" ignored. This behavior breaks TLS decryption or prevent application
layer PDUs (such as HTTP requests/responses) from being reconstructed.
To fix this, buffer segments when a gap is detected.
The proposed approach extends the "multi-segment PDU" (MSP) mechanism
which is normally used for linking multiple, sequential TCP segments
into a single PDU. When a gap is detected between segments, it is
assumed that the segments within this gap are out-of-order and will be
received (or retransmitted) later.
The current implementation has a limitation though, if multiple gaps
exist, then the subdissector will only be called when all gaps are
filled (the subdissector will receive segments later than necessary).
For example with "ACEBD", "ABC" can already be processed after "B" is
received (with "E" still buffered), but due to how MSP are extended, it
must receive "D" too before it reassembles "ABCDE". In practice this
could mean that the request/response times between HTTP requests and
responses are slightly off, but at least the stream is correct now.
(These limitations are documented in the User's Guide.)
As the feature fails at least the 802.11 decryption test where packets
are missing (instead of OoO), hide this feature behind a preference.
Tested with captures containing out-of-order TCP segments from the
linked bug reports, comparing the effect of toggling the preference on
the summary output of tshark, the verbose output (-V) and the two-pass
output (-2 or -2V). Captures marked with "ok" just needed "simple"
out-of-order handling. Captures marked with "ok2" additionally required
the reassembly API change to set the correct reassembled length.
This change does "regress" on bug 10289 though when the preference is
enabled as retransmitted single-segment PDUs are now passed to
subdissectors. I added a TODO comment for this unrelated cosmetic issue.
Bug: 3389 # capture 2907 (HTTP) ok
Bug: 4727 # capture 4590 (HTTP) ok
Bug: 9461 # capture 12130 (TLS/HTTP/RPC-over-HTTP +key 12131) ok
Bug: 12006 # capture 14236 (HTTP) ok2; capture 15261 (HTTP) ok
Bug: 13517 # capture 15370 (HTTP) ok; capture 16059 (MQ) ok
Bug: 13754 # capture 15593 (MySQL) ok2
Bug: 14649 # capture 16305 (WebSocket) ok
Change-Id: If3938c5c1c96db8f7f50e39ea779f623ce657d56
Reviewed-on: https://code.wireshark.org/review/27943
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
If this not the first data segment and the data is somehow empty
(overlap?) or if the packet is out-of-order, the whole data fragment and
follow_record_t structure was leaked. Found by Clang Static Analyzer.
Change-Id: I81dc7749c738938b14d2cf4ad41e624b15099da6
Fixes: v2.3.0rc0-1449-g66fa31415f ("tcp: Fix Follow TCP tap data and when its tapped.")
Reviewed-on: https://code.wireshark.org/review/27348
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
|
|
Create protocol sub-tree, allow filtering for unknown/unsupported TCP options.
Change-Id: I9f51e3ac83e2fa97756a9f3a43f8cd2e15949e67
Reviewed-on: https://code.wireshark.org/review/27020
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
If the option length is >= 2, so that it's long enough to include the
code and length, always put it into the protocol tree, even if the
length is invalid. If the length is invalid, attach an expert info item
to the length field, rather than putting it into a top-level item of its
own.
Use a length of -1 for the top-level item for an option, rather than
what the length is supposed to be; that way, we don't throw an exception
if the option is too short - we just attach the aforementioned expert
info item to the length.
Change-Id: If2d987fa10739a7da28ca2c39515bfdf50da6ef9
Reviewed-on: https://code.wireshark.org/review/27018
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I1e5a39437e274aa8923e996241d2264dbd63e806
Reviewed-on: https://code.wireshark.org/review/27014
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I7aa236660f59fb267eeeaa67e3a811abc77f0c10
Reviewed-on: https://code.wireshark.org/review/27013
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
If the previous TCP segments already form one or more PDUs, then the
data source of these segments must not be removed. Otherwise
get_field_data (epan/print.c) will fail to find the data source which
correspond to the fields within these PDUs.
Also tested with the capture referenced in v1.11.3-rc1-1525-g21e0a63b29
(bug 9169), the "tshark -Vr mem-leak.pcap" output remains unchanged.
Bug: 14472
Change-Id: Ia448a6b84dd2eb84b00e56d3fcde04f7bec05b9d
Reviewed-on: https://code.wireshark.org/review/26397
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Change-Id: Ib956667dec3ffdacbde3252da3242ea16819c266
Reviewed-on: https://code.wireshark.org/review/26356
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I92c94448e6641716d03158a5f332c8b53709423a
Reviewed-on: https://code.wireshark.org/review/25756
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
When a single UDP port is supporting multiple protocols, for example RTP and
RTCP can share a port, and one of these protocols is detected through a
heuristic before a superior protocol (e.g. SIP/SDP) has established that the
port has multiple protocols, then only the heuristic is used. This is due to
only looking for an exact match with find_conversation() and not going any
further. The superior protocol only adds the dissector by source address/port.
So, to fix, if we do not find the exact match, we continue serching for a
dissector on the partial matches.
Bug: 14370
Change-Id: Icdded9ca1637cd594b920f979f6f0a003bef9aae
Reviewed-on: https://code.wireshark.org/review/25432
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
It doesn't appear to be too expensive of a calculation, so
have preference enable it by default.
Bug: 14182
Change-Id: I330dc99d871424d17c60ab8cff59ba0828dd069a
Reviewed-on: https://code.wireshark.org/review/24529
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Remove duplicate length field to adjust to the other options.
tcp.options.rvbd.probe.len has already reported by tcp.option_len
Add missing space between "Transparency" and IP address.
Change-Id: I8b4260b34d760b73ee529a687418c4b6adcfaa0e
Reviewed-on: https://code.wireshark.org/review/24239
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
With commit f30b1e3b3bc4cec85296c280cdae88d3d17fae04 TCP options are handled
in an own dissector table. Therefore we can't read ahead or behind to get
the SYN flag or the CFE flag.
Bug: 14150
Change-Id: Ibbf1836104d32216ddfa2d4e07dccbcf948bb26c
Reviewed-on: https://code.wireshark.org/review/24181
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Uli Heilmeier <openid@heilmeier.eu>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Follow up to having conversions use endpoint_type instead of
port_type.
Change-Id: Ifd59a33bd8b9a013c242bce5fcceb09533f02c17
Reviewed-on: https://code.wireshark.org/review/24172
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
For the moment this mirrors the port_type enumeration (PT_XXX), but the
intent is to move away from using "port types", eliminating most (if not
all)
Added conversation_pt_to_endpoint_type() so that conversations deal with the
correct enumeration. This is for dissector that use pinfo->ptype as input
to conversation APIs. Explicit use of port types are converted to using
ENDPOINT_XXX type.
Change-Id: Ia0bf553a3943b702c921f185407e03ce93ebf0ef
Reviewed-on: https://code.wireshark.org/review/24166
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
We have WS_INET_ADDRSTRLEN and WS_INET6_ADDRSTRLEN; use them.
Change-Id: Idade0da9fae70d891901acd787b06d21e2ddbc5f
Reviewed-on: https://code.wireshark.org/review/24156
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
The intention is to make it more transparent when making a switch
to an "endpoint" over address/port combination.
Change-Id: Ic424c32095ecb103bcb4f7f4079c549de2c8d9c4
Reviewed-on: https://code.wireshark.org/review/24148
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This makes it easier to identify the simpler/common conversations
Change-Id: I7094f23e49156ee27f5f72c8e130308470f3e462
Reviewed-on: https://code.wireshark.org/review/24145
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Note that changes to tcp_analyze_sequence_number should be synced with
docbook/wsug_src/WSUG_chapter_advanced.asciidoc#ChAdvTCPAnalysis.
Change-Id: Iac72d2cf808d84c17fa5f12012675e0af1895cd1
Reviewed-on: https://code.wireshark.org/review/23989
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Sequence analysis has its own "filtering" system that required its
tap functions to look for some "filter flags". register_tap_listener()
already comes with a filter argument, so use that to simplify logic
of tap functions in dissectors.
Also have Qt GUI for Flow Graph look like other dialogs that have a
"Limit to display filter" checkbox.
Change-Id: I91d9d9599309786892f5b50c98692e52651e7174
Reviewed-on: https://code.wireshark.org/review/23659
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
1. Remove protocol member from seq_analysis_item_t.
It's not used by any GUI, so don't burden dissectors with populating it.
2. Allow any dissector to change colors display by flow graph
3. Provide helper functions that may be common if other dissectors
want to create sequence analysis.
Change-Id: I04fa3c9f3cf6879ab9a8d7d6f4896b4979d010d7
Reviewed-on: https://code.wireshark.org/review/23613
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Create registration system to allow creation of analysis items
to be localized to the dissector. For now only frame (all) and
TCP are supported.
VOIP functionality will be covered in a separate patch.
Change-Id: I5b05ef6d5afff8d0b162b03a0f451ab810602e81
Reviewed-on: https://code.wireshark.org/review/23571
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Using GCC version 7.1.1.
Change-Id: I7447a48fc97efb1eb15a016a29165f69d37f40a6
Reviewed-on: https://code.wireshark.org/review/23399
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
|
|
Change-Id: I006d872a83649e72a6c83abac68cbae064457162
Reviewed-on: https://code.wireshark.org/review/23346
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Make the tcp segment data available on all tcp packets, regardless of
reassembly of higher layer protocols.
Change-Id: I1a5024e427e07b85bfc3a4aad5d0a401beb1049d
Reviewed-on: https://code.wireshark.org/review/22374
Reviewed-by: Sake Blok <sake@euronet.nl>
Petri-Dish: Sake Blok <sake@euronet.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
|
|
While you can add both the sequence number and next sequence number as
columns, the latter would remain empty if it was the same. This disrupts
the user reading flow who would have to look left and right, so just
display the field unconditionally.
Change-Id: I80efb972eaa9a16813a87ac0fdf6a045a3eb9d2f
Suggested-by: Laura Chappell
Reviewed-on: https://code.wireshark.org/review/22307
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Format tcp.hdr_len in the tree similar to ip.hdr_len. Add comments
noting that they should be consistent.
Change-Id: Ic64282d8386c8ed339811bc9c22b5962c707d292
Reviewed-on: https://code.wireshark.org/review/22314
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
More than one packet could be meant by that
Change-Id: Ie751a282c927608414673c2cd48b11dc5e6d5ea6
Reviewed-on: https://code.wireshark.org/review/22283
Reviewed-by: Roland Knall <rknall@gmail.com>
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
The spurious retransmission check operates on the last-seen
acknowledgment in the reverse direction. Adjust the analysis logic so
that it is checked independently of the forward sequence number.
Update the documentation accordingly.
Change-Id: I3714f44398501a581f967c61e119fe95f90209b1
Reviewed-on: https://code.wireshark.org/review/21769
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Dissectors that rely on pinfo structure information may have the
data overwritten if the data is tunneled. Address it by using
proto data that is based on pinfo->curr_layer_num.
Bug: 13746
Change-Id: I1c29f26a3c49f368876f0e96908705bc9c099ce1
Reviewed-on: https://code.wireshark.org/review/21559
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Try to document as accurately as possible the circumstances under which
each TCP analysis flag is added.
Update some TCP debugging code.
Change-Id: I793756f73b8ade328e150acf32bc203792e29449
Reviewed-on: https://code.wireshark.org/review/21749
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Add support to configure a port number for encapsulating TCP
packets in UDP.
Change-Id: I9aea1eda4537b05e76e76ed0417acb34705bad9e
Reviewed-on: https://code.wireshark.org/review/21473
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Tüxen <tuexen@wireshark.org>
|
|
Doing the checks ourselves doesn't save a lot of time.
Change-Id: Icd96d6487ba88bc8a0f9d475e8f569803b40cf1a
Reviewed-on: https://code.wireshark.org/review/20859
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change from col_append_sep_fstr() to col_append_sep_str() when
appending strings without formatting.
Change-Id: I315aca9b815c204a5bc78f7326402c40d1325f0e
Reviewed-on: https://code.wireshark.org/review/20846
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Prefix the Info column entry "[TCP segment of a reassembled PDU]"
with a space if the column is not empty.
Change-Id: If4fc46b2d8a2d261044767c534da34e2d27435f8
Reviewed-on: https://code.wireshark.org/review/20845
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
As discussed on the mailinglist, rewriting dissectors to use Libgcrypt
functions as Libgcrypt will be mandatory after change 20030.
Removal of following functions:
- crypt_md4
- crypt_rc4*
- aes_cmac_encrypt_*
- md5_*
- sha1_*
- sha256_*
Further candidates:
- aes_*
- rijndael_*
- ...
Added functions:
- ws_hmac_buffer
Added const macros:
- HASH_MD5_LENGTH
- HASH_SHA1_LENGTH
Changes on epan/crypt/* verified with captures from
https://wiki.wireshark.org/HowToDecrypt802.11
Changes on packet-snmp.c and packet-radius.c verified with captures from
https://wiki.wireshark.org/SampleCapture
Changes on packet-tacacs.c verified with capture from
http://ccie-in-3-months.blogspot.nl/2009/04/decoding-login-credentials-regardless.html
Change-Id: Iea6ba2bf207cf0f1bf2117068fb1abcfeaafaa46
Link: https://www.wireshark.org/lists/wireshark-dev/201702/msg00011.html
Reviewed-on: https://code.wireshark.org/review/20095
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
It was returning (ip.src == ... && <protocol>.port == ...).
Now, I think correctly returns (ip.addr == ... && <protocol>.port == ...)
Change-Id: I242e13c0c79c2222e2b27fc2f9ee348b89d21ec1
Reviewed-on: https://code.wireshark.org/review/20281
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Register all reassembly tables with a central unit, allowing the
central unit to have the callback that initializes and destroys
the reassembly tables, rather than have dissectors do it individually.
Change-Id: Ic92619c06fb5ba6f1c3012f613cae14982e101d4
Reviewed-on: https://code.wireshark.org/review/19834
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This emphasizes that there is no such thing as *the* routine to
construct a subset tvbuff; you need to choose one of
tvb_new_subset_remaining() (if you want a new tvbuff that contains
everything past a certain point in an existing tvbuff),
tvb_new_subset_length() (if you want a subset that contains everything
past a certain point, for some number of bytes, in an existing tvbuff),
and tvb_new_subset_length_caplen() (for all other cases).
Many of the calls to tvb_new_subset_length_caplen() should really be
calling one of the other routines; that's the next step. (This also
makes it easier to find the calls that need fixing.)
Change-Id: Ieb3d676d8cda535451c119487d7cd3b559221f2b
Reviewed-on: https://code.wireshark.org/review/19597
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Bug: 3264
Change-Id: I9fa8cfaf1e21a8a984941ee40e2e404ae21e55c9
Reviewed-on: https://code.wireshark.org/review/19528
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|