| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
The OP asked 9169 to be reopened because the capture was spewing ~40GB of output
when dissected with tshark. Investigation showed this was because the HTTP
dissector was requesting ONE_MORE_PACKET reassembly a lot, and TCP was adding
each step as a data-source which was being printed by tshark's hex dump. This
was leading to O(n^2) of output.
To fix, introduce function remove_last_data_source which removes the most recent
data source from the list. If the subdissector in TCP reassembly asks for
ONE_MORE_PACKET, assume it hasn't added any tree items (since it shouldn't have)
and remove the data source since it is unnecessary.
This may break dissectors which add tree items and *then* return
ONE_MORE_PACKET, since they will have their data source removed out from under
them. I believe those cases should be fixed to not add tree items until they're
sure they have enough data.
Change-Id: Iff07f959b8b8bd1acda9bff03f7c8684901ba8aa
Reviewed-on: https://code.wireshark.org/review/38
Reviewed-by: Evan Huus <eapache@gmail.com>
Tested-by: Evan Huus <eapache@gmail.com>
|
|
(https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9607)
This is a VERY PRELIMINARY version of tfshark. It's an attempt to jumpstart FileShark and its architecture. Right now it's mostly just a very stripped down version of tshark with all of the necessary build modifications (including now building filetap library since tfshark depends on it)
This code has helped me identify what I believe to be all of the necessary layers for a complete fileshark architecture. And those layers will slowly be added in time (patches always welcome!).
svn path=/trunk/; revision=54646
|
|
svn path=/trunk/; revision=54315
|
|
svn path=/trunk/; revision=54114
|
|
from the GTK flavor in two major ways:
- The "Decode As" and "User Specified Decodes" dialog have been unified.
- You can modify the decode as behavior at any time, not just when you
have a packet selected.
Revert part of 53498 so that we can move items marked
/*** THE FOLLOWING SHOULD NOT BE USED BY ANY DISSECTORS!!! ***/
from epan/decode_as.h to ui/decode_as_utils.h.
Move "save" code from decode_as_dlg.c to decode_as_utils.c as well.
In packet-dcerpc.c don't register a table named "ethertype". We might
want to add checks for duplicate table names.
To do:
- Add support for ranges?
- Either add support for DCERPC or make DCERPC use a regular dissector
table.
- Fix string selectors (i.e. BER).
svn path=/trunk/; revision=53910
|
|
knowledge of particular types of plugins. Instead, let particular types
of plugins register with the common plugin code, giving a name and a
routine to recognize that type of plugin.
In particular applications, only process the relevant plugin types.
Add a Makefile.common to the codecs directory.
svn path=/trunk/; revision=53710
|
|
proto data.
svn path=/trunk/; revision=53559
|
|
to be "used" by dissectors, just stored (for help in debugging?).
svn path=/trunk/; revision=53552
|
|
We presumably want "decode as" behavior to be consistent across UIs so
call load_decode_as_entries() from read_prefs().
svn path=/trunk/; revision=53498
|
|
The information was converted to "proto" data within their respective dissectors strictly for use in "Decode As".
svn path=/trunk/; revision=53489
|
|
svn path=/trunk/; revision=53230
|
|
protocol IDs. This is substantially more efficient, which means we can build it
all the time rather than only if tree (in my benchmarks the extra time taken is
not large enough to be statistically significant even over tens of thousands of
packets).
This fixes what was probably a bug in btobex that relied on layer_names for
non-tree dissection. It also enables a much simpler fix for
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9303
svn path=/trunk/; revision=53089
|
|
There weren't that many calls, so might as well modify the function than create a need for dissector_try_string_new.
svn path=/trunk/; revision=53049
|
|
svn path=/trunk/; revision=52980
|
|
string (and pass g_free to g_hash_table_new_full to free it).
This means callers don't have to worry about the scope of the memory they pass
in, and fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9296
svn path=/trunk/; revision=52977
|
|
epan_dissect_init()
It'd be actually good idea to seperate packet_info data (packet.c) from epan_dissect_t (epan.c),
but this rule is already violated.
Strict seperation could allow for example allow multiple dissection on the same epan_dissect_t
(I think it was idea behind it), but it's not working.
svn path=/trunk/; revision=52705
|
|
order shouldn't matter.
svn path=/trunk/; revision=52626
|
|
a typedef of a *pointer* to the struct, not the struct itself, which are
different sizes.
This doesn't show up under valgrind because the length isn't checked in that
case, everything gets subsumed in valgrind's malloc/free hooks.
Fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9264
svn path=/trunk/; revision=52560
|
|
Cleans up another 600KB of "still accessible" memory.
svn path=/trunk/; revision=52531
|
|
few KB of "still reachable" data down.
svn path=/trunk/; revision=52528
|
|
distinguish them from dissector filters.
This was committed now to get it into the 1.11 release so users can start getting used to the changed filter names.
svn path=/trunk/; revision=52462
|
|
svn path=/trunk/; revision=51864
|
|
svn path=/trunk/; revision=51861
|
|
svn path=/trunk/; revision=51859
|
|
svn path=/trunk/; revision=51571
|
|
If no one has any objection I'll edit the deocumentation later.
svn path=/trunk/; revision=51517
|
|
sake.
svn path=/trunk/; revision=51355
|
|
should be freed when it is destroyed. This requires splitting packet_init in
two: the hash table which must be created before protocol registration, and the
caching of common protocol handles, which must happen after registration.
svn path=/trunk/; revision=51329
|
|
svn path=/trunk/; revision=51292
|
|
the various name resolvers; put those two routines next to each other.
Add generic addr_resolv_init() and addr_resolv_cleanup() routines which call
all of those internal routines.
Call the generic init/cleanup routine from epan_init() and epan_cleanup().
Create the hash tables for each name resolver in those initialization routines
in order to avoid having to repeatedly check if the table is already created
or not (and to avoid glib warnings if we neglected to perform that check):
http://www.wireshark.org/lists/wireshark-dev/201308/msg00012.html
Don't clean up hostnames in init_dissection(): it's done already in cleanup_dissection().
Don't initialize hostnames in cleanup_dissection(): it's done already in init_dissection().
svn path=/trunk/; revision=51191
|
|
find_dissector() so to avoid some extra calls just return it.
svn path=/trunk/; revision=51154
|
|
svn path=/trunk/; revision=51097
|
|
Original (read from file) comments can be accessed by pkthdr->opt_comment
Keep user comments in seperated BST, add new method for epan session to get it.
svn path=/trunk/; revision=51090
|
|
svn path=/trunk/; revision=51082
|
|
svn path=/trunk/; revision=50772
|
|
timestamp of given frame.
Remove ->prev_cap, for testing purpose also replace ->prev_dis with number of previously displayed frame number.
This patch reduce size of frame_data by 8B (amd64)
This is what (I think) was suggested by Guy in comment 13 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5821#c13)
svn path=/trunk/; revision=50765
|
|
implement frame_tvbuff, right now almost a copy of 'real' tvb.
svn path=/trunk/; revision=50497
|
|
svn path=/trunk/; revision=50001
|
|
(https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2412).
Expert info "fields" can now be registered/addressed by name. Right now, the basic framework allows expert info fields to become "display filters". However more could be done, like user preferences overriding default severity level, speeding up expert info dialog load time by not needing to redissect a file, etc.
Long term goal is to have all expert_info filterable and have the functionality of expert_add_info_format() include the "registered index". expert_add_info_format_text() is the workaround until all current calls to expert_add_info_format() have been updated with either expert_add_info() or expert_add_info_format_text(). Then the remaining expert_add_info_format_text() will be renamed to expert_add_info_format().
svn path=/trunk/; revision=49559
|
|
svn path=/trunk/; revision=49353
|
|
the same protocol in a frame.
svn path=/trunk/; revision=48997
|
|
first fragment of a non-reassembled packet, and we know the length the
packet would have if it were reassembled, this field holds the length of
the fragment, and the "reported length" field shows the length the
packet would have if it were reassembled, so going past the end of the
fragment but staying within the length of the reassembled packet can be
reported as "dissection would have worked if the packet had been
reassembled" rather than "the packet is too short, so it was probably
malformed".
Add a FragmentBoundsError exception, thrown in the "dissection would
have worked if the packet had been reassembled" case.
Add a new tvb_new_subset_length_fragment() routine to create a new
subset tvb with specified fragment and reported lengths. Use it in the
CLNP dissector.
Add some more sanity checks in the CLNP dissector.
svn path=/trunk/; revision=48917
|
|
svn path=/trunk/; revision=48521
|
|
changed implicit casts to explicit casts and changed name of field from new to new_d (new dissector)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8416
svn path=/trunk/; revision=48290
|
|
looking at a "Bitstring tvb" that is only 1 byte long).
svn path=/trunk/; revision=48127
|
|
epan/show_exception.c, as it's used outside
epan/dissectors/packet-frame.c. Update their callers to include
<epan/show_exception.h> to get their declaration.
Add a CATCH_NONFATAL_ERRORS macro that catches all exceptions that, if
there's more stuff in the packet to dissect after the dissector call
that threw the exception, doesn't mean you shouldn't go ahead and
dissect that stuff. Use it in all those cases, including ones where
BoundsError was inappropriately being caught (you want those passed up
to the top level, so that the packet is reported as having been cut
short in the capture process).
Add a CATCH_BOUNDS_ERRORS macro that catches all exceptions that
correspond to running past the end of the data for a tvbuff; use it
rather than explicitly catching those exceptions individually, and
rather than just catching all exceptions (the only place that
DissectorError should be caught, for example, is at the top level, so
dissector bugs show up in the protocol tree).
Don't catch and then immediately rethrow exceptions without doing
anything else; just let the exceptions go up to the final catcher.
Use show_exception() to report non-fatal errors, rather than doing it
yourself.
If a dissector is called from Lua, catch all non-fatal errors and use
show_exception() to report them rather than catching only
ReportedBoundsError and adding a proto_malformed item.
Don't catch exceptions when constructing a trailer tvbuff in
packet-ieee8023.c - just construct it after the payload has been
dissected, and let whatever exceptions that throws be handled at the top
level.
Avoid some TRY/CATCH/ENDTRY cases by using checks such as
tvb_bytes_exist() before even looking in the tvbuff.
svn path=/trunk/; revision=47924
|
|
A (better?) fix for https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8030
See also thread starting at:
http://www.wireshark.org/lists/wireshark-dev/201212/msg00001.html
svn path=/trunk/; revision=46331
|
|
svn path=/trunk/; revision=45977
|
|
Use glib allocator for data_source.
Thread on wireshark-dev: http://www.wireshark.org/lists/wireshark-dev/201210/msg00116.html
svn path=/trunk/; revision=45673
|
|
svn path=/trunk/; revision=45672
|
