Age | Commit message (Collapse) | Author | Files | Lines |
|
Change-Id: Ie39c7b0c1fef8f862cec016a3a1a5bd1451a3df2
Reviewed-on: https://code.wireshark.org/review/2905
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
The WRETH dissector showed up some garbage in the column display. Upon
further inspection, it turns out that the format string had a trailing
percent sign which caused (unsigned)-1 to be returned by
g_printf_string_upper_bound (in emem_strdup_vprintf). Then ep_alloc is
called with (unsigned)-1 + 1 = 0 memory, no wonder that garbage shows
up. ASAN could not even catch this error because EP is in charge of
this.
So, start adding G_GNUC_PRINTF annotations in each header that uses
the "fmt" or "format" paramters (grepped + awk). This revealed some
other errors. The NCP2222 dissector was missing a format string (not
a security vuln though).
Many dissectors used val_to_str with a constant (but empty) string,
these have been replaced by val_to_str_const. ASN.1 dissectors
were regenerated for this.
Minor: the mate plugin used "%X" instead of "%p" for a pointer type.
The ncp2222 dissector and wimax plugin gained modelines.
Change-Id: I7f3f6a3136116f9b251719830a39a7b21646f622
Reviewed-on: https://code.wireshark.org/review/2881
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
Fixes dissector bug:
failed assertion "save_desegment_offset == pinfo->desegment_offset &&
save_desegment_len == pinfo->desegment_len"
Change-Id: Ia475bea3726252530189a05ba4dbf69f3c2b7e6c
Reviewed-on: https://code.wireshark.org/review/2886
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
With autotools, CMake, and nmake, if we have a function, #define
HAVE_{function_name_in_all_caps}, otherwise don't #define it.
If we provide our own version of a function in libwsutil, make sure we
have a header that declares it, and *ONLY* include that header if
HAVE_{function_name_in_all_caps} is *NOT* defined, so that we don't have
the system declaration and our declaration colliding.
Check for inet_aton, strncasecmp, and strptime with CMake, just as we do
with autotools.
Simplify the addition of {function_name_in_all_caps}_LO to libwsutil in
autotools.
Change-Id: Id5be5c73f79f81919a3a865324e400eca7b88889
Reviewed-on: https://code.wireshark.org/review/2903
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I564a0fefc263d909c9e478b64c5a816756d97377
Reviewed-on: https://code.wireshark.org/review/2902
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Add support for Prefix, STAP, MTAP, NI-MTAP, and PACSI packet types.
Add support for Microsoft SEI messages [MS-H264PF]
Add support for dissecting scalable profiles
SDP: Add profile-level-id decode for payload type H264-SVC
MS-H264PF: http://msdn.microsoft.com/en-us/library/hh659565.aspx
Update #1 - Fix Tabs -> Spaces, Reinsert accidentally removed entry 19
from h264_type_values
Update #2 - Changed to using expert info for exceptions and Microsoft
errata.
Update #3:
- Correct handling of truncated packets
- Use guid functions and compare techniques
- Correct ranges for expert info messages
- Change to using reported_length from captured_length
Change-Id: I520a3c9a6d85c78a976b520cf5a6a405064a48f1
Reviewed-on: https://code.wireshark.org/review/2580
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Change-Id: I5cdeb4a96bc9c4e11161836457a8689c904e13d4
Reviewed-on: https://code.wireshark.org/review/2899
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: Id1997c3c8f6d0460da7f0faa58798a72737dd667
Reviewed-on: https://code.wireshark.org/review/2898
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I5744a1c1efc65f9a7b3addf17c071b470fd2cced
Reviewed-on: https://code.wireshark.org/review/2896
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I82efd1c5f4280de2eec3dbe7bd1995fcd9a3174f
Reviewed-on: https://code.wireshark.org/review/2895
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I3efa2a81ab2685cde6eae0a00b24520478a545ce
Reviewed-on: https://code.wireshark.org/review/2900
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
As suggested by Alexis reviewing change Ie76c5a810af927b, this issue was
scattered throughout the v4/v5 openflow dissectors. Hopefully I got all of them.
Original issue found in bug 10259.
Change-Id: Idf87deea34132aec5cd4e8f83264906a29b15568
Reviewed-on: https://code.wireshark.org/review/2878
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
The return value of new dissectors is the number of bytes that were
successfully dissected, not a boolean. Fix that and get rid of an
unnecessary iSCSIPdusDissected variable.
Change-Id: Ie31df393a1eb44f185d320a4c2d35f5e8b7d7bd9
Reviewed-on: https://code.wireshark.org/review/2889
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
new dissectors return an int, not a boolean...
Change-Id: I88e19f7c0dc14da3649d1522ffe936538a867753
Reviewed-on: https://code.wireshark.org/review/2888
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
Return value "-1" means that more data is requested. The dissector
actually doesn't have any idea what to do with the data, so just return
the data dissected so far.
tcp stream 3182 from c05-http-reply-r1.pcap (SampleCaptures) was
incorrectly detected as MIKEY, it was actually HTTP...
Change-Id: Idca3d3e2f85e821df70436a675699b5834236f89
Reviewed-on: https://code.wireshark.org/review/2887
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
uint16 & 0xFF00 will always equal 0. Use tvb_get_guint8 instead. Convert
from tvb_length to tvb_captured_length.
Fix the return value of dissectors, 0 means reject but that cannot be
combined with reassembly requests.
Change-Id: I5fca66e2e809699392237aff5813eecdfb15857f
Reviewed-on: https://code.wireshark.org/review/2885
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
Fixes a good 80-90KB of leaks in certain cases.
Bug: 10261
Change-Id: I81d57ac67219e730b03649b9fdfc2306807bdb97
Reviewed-on: https://code.wireshark.org/review/2879
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: Ia2567695ffed30c990eda3740b08bfab101cea96
Reviewed-on: https://code.wireshark.org/review/2883
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
The pStr argument to dissect_mq_charv() isn't modified (and always
points to a character string), so make it a "const char *", and
eliminate the casts to "guint8 *" in calls to it.
Change-Id: I21dad38c41324528be297a8ddc1854beff2276db
Reviewed-on: https://code.wireshark.org/review/2877
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Instead of calling the grep/sed pipelines for each file, build the
list of files in the beginning and call each pipeline only once,
passing the list to the first grep.
This results in a massive speedup in Cygwin; in my test, the time
it takes to run make-dissector-reg . dissectors packet-*.c in dissectors/epan
is reduced from ~116 to ~3 seconds. I also tried it on NetBSD, where
the time do to the same goes from ~6 to ~0.5 seconds.
Amend makefile comments to elide mentions of invoking multiple processes
per file.
Change-Id: Iad441e7d2b6cc3669dada57646e2f8f6b987fd34
Reviewed-on: https://code.wireshark.org/review/2826
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I7b4476cb0a06362941ef81707a9686f5546a4a54
Reviewed-on: https://code.wireshark.org/review/2868
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I66f0bffb987568c3d4c14a06bdc90465c877b27f
Reviewed-on: https://code.wireshark.org/review/2867
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Fix version detection (detect against full string instead of prefix),
properly dissect Tcreate extension field (9p2000.u only), dissect
Tunlinkat flags (9p2000.L).
Refactor pattern to dissect string[s] types for DRY.
Convert to use tcp_dissect_pdus. I have not seen a fragmented case, but
maybe that may happen in the future.
The main motivation for touching 9p was that it returns bogus values
for some types. This has been fixed by properly increasing offset, and
always return the captured length.
Change-Id: If2184204ae9c853b94aca8ade3763d7fe523fa86
Reviewed-on: https://code.wireshark.org/review/2836
Reviewed-by: Christopher Maynard <Christopher.Maynard@gtech.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
Change-Id: I8df48b25de784a48a25f0e48aac1e1545ed92c35
Reviewed-on: https://code.wireshark.org/review/2865
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Fixes an overflow leading to infinite loop.
Bug: 10259
Change-Id: Ie76c5a810af927ba092f4067268bd789b3a7d7bf
Reviewed-on: https://code.wireshark.org/review/2856
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
Change-Id: Id1988551ca94a862195eb1de1de399e428132b21
Reviewed-on: https://code.wireshark.org/review/2855
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Change-Id: I621f2e2cad9403449cb78f45302388f0c874d3bc
Reviewed-on: https://code.wireshark.org/review/2852
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Idd1b20ab32c0960ea52c6f3bc5346462c37c5684
Reviewed-on: https://code.wireshark.org/review/2853
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
stream.RFC 2626 In the interest of robustness, servers SHOULD ignore any empty line(s) received where a Request-Line is expected. In other words, if the server is reading the protocol stream at the beginning of a message and receives a CRLF first, it should ignore the CRLF.
Change-Id: I97ba94f451463c8facd2c20bf6b7364f095119e7
Reviewed-on: https://code.wireshark.org/review/2808
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Bug: 10257
Change-Id: Ia36c03b2be727a37f91eca38af4faf48d1d65436
Reviewed-on: https://code.wireshark.org/review/2840
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Bug: 10248
Change-Id: I630bc1ab2520c2861b817ba5813f5f7680e96056
Reviewed-on: https://code.wireshark.org/review/2820
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
USB Addresses are now in the format of: bus_id.device_address.endpoint
This makes it much easier to read traces that captured traffic on
more than one bus.
Change-Id: I264db2ceea712d94632d5d08d05d3af22a4a03fe
Reviewed-on: https://code.wireshark.org/review/2833
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
Change-Id: I759f64920284a35ea55bc68624570def51dfd72a
Reviewed-on: https://code.wireshark.org/review/2832
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
by checkAPIs).
Change-Id: Ie5252d20db5826f3e48aba11da1bf85d00630db2
Reviewed-on: https://code.wireshark.org/review/2838
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
|
in gdf6bdcc
These changes were originally done in g971ffd6
Change-Id: I9de28ba7089f99e8058207f3b6d34de931decf76
Reviewed-on: https://code.wireshark.org/review/2835
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
|
- Properly dissect multiple VNC PDUs in one (or more) TCP segment(s).
- Dissect additional message types ('Fence' and 'Enable Continuous Updates').
- Handle "num_rects" field = 0xFFFF (TightVNC).
- Add some more info as to sources of information about the VNC protocol.
- Add an XXX note as to the (incorrect) reassembly method being used.
- Add some notes as to possible ToDo's.
Change-Id: Id4942c50b3d1373bd2e72c0131614835dc39ba90
Reviewed-on: https://code.wireshark.org/review/2834
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
|
Change-Id: I80b24cd8b75999454c1767bd3044ecc569f57d98
Signed-off-by: Yan Burman <yanb@mellanox.com>
Reviewed-on: https://code.wireshark.org/review/2805
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: Ieb4a3f07a7831c141ba8ce9c075e72091ef909be
Reviewed-on: https://code.wireshark.org/review/2798
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I96b23677f3050e9c62edd49f26d50d8b4addcf58
Reviewed-on: https://code.wireshark.org/review/2784
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Bug: 10251
Change-Id: I174b5a2b3e2ec8ff2ead9f290b452ee468f6fe66
Reviewed-on: https://code.wireshark.org/review/2783
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
NDPS dissector is also the poster child for not being considered "that naughty" by checkAPIs because most of its proto_tree_add_text calls don't have printf-style arguments (which is what checkAPIs really keys off of)
Fixed both cases and removed about 370 proto_tree_add_text calls from the dissector.
Change-Id: I721678c39d4a0544e5e7212e622c0c2eebfd04f7
Reviewed-on: https://code.wireshark.org/review/2775
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
Change-Id: I641a3dbece6f822144f6740dde6801b1be202db5
Reviewed-on: https://code.wireshark.org/review/2777
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
Bug: 10219
Change-Id: I2da62ee184327b2bc42a264e1782db927460f5cf
Reviewed-on: https://code.wireshark.org/review/2773
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Fetch header value, only when we need to parse it.
Change-Id: I3c170ef8ab03985c8111a1b84ac1afc87bc8b5ca
Reviewed-on: https://code.wireshark.org/review/2767
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Include padding length in calculation of correct attribute length
Change-Id: I569c6a9e1be39e3bb997e797a094b80cdcba6b07
Reviewed-on: https://code.wireshark.org/review/2747
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Change-Id: I36b303b9c2bf4d6bb717261cdbf39ea16532fe06
Reviewed-on: https://code.wireshark.org/review/2757
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Change-Id: Id7f02087e536964bfa6d01a3646c20035a3ab6cb
Reviewed-on: https://code.wireshark.org/review/2746
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Graham Bloice <graham.bloice@trihedral.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
As Anders correctly pointed out in I7d8f84b2e, constantly resetting state will
turn init_dissection into a bit of a hot path. Especially as we will already
bear the overhead of switching files, we don't want to fall any further behind
than we have to.
This change includes three unrelated optimizations that reduce the cost of
init_dissection by about 40% as measured by callgrind:
- only initialize ares/ADNS if that preference is enabled (this of course only
applies if you specify -n to tshark or otherwise disable the preference)
- use memcpy instead of a loop in sigcomp UDVM init
- use memcpy instead of a loop in bootp dissector
The only remaining obvious hot spot in this path is reassembly_table_init since
it is called by so many dissectors. Suggestions (perhaps to get rid of the
GPtrArray) welcome.
Oh, and one other change to use g_strerror instead of strerror as insisted
upon by the API pre-commit hook.
Change-Id: I18a74f2b64b25498116079bd4e7fc2b335c7703a
Reviewed-on: https://code.wireshark.org/review/2738
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Use tvb_pbrk_guint8, tvb_find_guint8 when possible.
Change-Id: If8090d9b9b92146e9c216f139c056130d6b04e78
Reviewed-on: https://code.wireshark.org/review/2569
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I2091f7eb86c64fd086f44a7cf15e7c5483f9b44c
Reviewed-on: https://code.wireshark.org/review/2716
Reviewed-by: Evan Huus <eapache@gmail.com>
|