Age | Commit message (Collapse) | Author | Files | Lines |
|
From api ref :
warning: argument 'uint_val' of command @param is not found in the argument list of dissector_get_guid_handle(dissector_table_t const sub_dissectors, guid_key *guid_val)
The following parameters of dissector_get_guid_handle(dissector_table_t const sub_dissectors, guid_key *guid_val) are not documented:
parameter 'guid_val'
From -Wdocumentation
parameter 'uint_val' not found in the function declaration [-Wdocumentation]
Change-Id: I9c7b82e4ecb5a126cb96c7d6c057440eb5d24bdd
Reviewed-on: https://code.wireshark.org/review/11499
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
It seems like DCE/RPC could benefit from a GUID dissector table, where a dissector can register it's GUID with a dissector handle. So here is a basic start.
Change-Id: Id407117687a1a648d87f6f99c2ecbf858d8c0911
Reviewed-on: https://code.wireshark.org/review/4718
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
With the adjustment to heur_dissector_add passing an enable/disable flag and "global" control of heuristic dissectors just like regular ones, this is no longer needed.
Change-Id: I2d433c7bff8353421eca31f8813992e38b716911
Reviewed-on: https://code.wireshark.org/review/10848
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Add the "Internals" menu under the View menu instead of at the top level
for now at least. Add the Dissector Tables dialog there.
Change-Id: Ieb23b0015591bac196e4ef94e3443832288333f9
Reviewed-on: https://code.wireshark.org/review/10654
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
This is initial support for reloading Lua plugins without
restarting the application.
Still todo:
- Deregister FileHandlers
- Support deregister ProtoField with existing abbrev (same_name_hfinfo)
- Add a progress dialog when reloading many plugins
- Search for memory leakages in wslua functions
Change-Id: I48870d8741251705ca15ffe1068613fcb0cb18c1
Reviewed-on: https://code.wireshark.org/review/5028
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
The preferences are still supported for backwards compatibility, but the heuristic_protos file has final say on the "preference" to enable/disable a heuristic dissector.
Also add parameter to heur_dissector_add() for the "default" enable/disable of a heuristic dissector. With this parameter, a few more (presumably weak) heuristic dissectors have been "registered" but of course default to being disabled.
Change-Id: I51bebb2146ef3fbb8418d4f5c7f2cb2b58003a22
Reviewed-on: https://code.wireshark.org/review/9610
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Let's use the newly introduced find_heur_dissector_by_unique_short_name() function
Change-Id: I5781b9b2f1ab679da07e97755b71840b4b3a9361
Reviewed-on: https://code.wireshark.org/review/9645
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
This allows for a global place to enable/disable all heuristic dissectors. This removes the need for individual dissector preferences, but those will be removed at a later date. The more important part is the epan code to save/restore the enabled state of the heuristic dissector. The GTK dialog was more for quickly testing the feature (there was already some GTK code in place that started the heuristic dialog tab)
Change-Id: Ie10687505c27a4456c49d5c4c69a5fc5f6394275
Ping-Bug:11152
Reviewed-on: https://code.wireshark.org/review/9508
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This allows better presentation of heuristic dissectors to the end user.
Change-Id: I2ff3985ab914e83c2989880cc0c7b9904045b3f6
Reviewed-on: https://code.wireshark.org/review/9602
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Currently reassembly tables are not freed on shutdown. This makes
memleak debugging more difficult due to noise. Support cleanup
routines that can do smarter things.
After this change, "init" routines are not called anymore when
closing files. Further changes should split init routines to
cleanup routines as needed.
Change-Id: Ib0b2cef6dd9c16905259063ac2c2fdfb7e066be6
Reviewed-on: https://code.wireshark.org/review/9135
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
UINT or string) key to register dissector handles.
This was designed for RPC dissectors, but probably has use elsewhere.
Change-Id: I1bca6b50ba312129a0c4fad5cc3c18cd9297c217
Reviewed-on: https://code.wireshark.org/review/9455
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I1bf1aa9794f9b4f106edffd4986fc0b1014522fa
Reviewed-on: https://code.wireshark.org/review/9099
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Change-Id: I973c672e9d573ad67e9b9fd82a5610aaf8a74efa
Reviewed-on: https://code.wireshark.org/review/6605
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Ifd3d201a09944e3fc36188f891ea8a584886101d
Reviewed-on: https://code.wireshark.org/review/5884
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
[-Wdocumentation]
Change-Id: Id6d02f5c1383dd8f231707f519ec1b28fb007079
Reviewed-on: https://code.wireshark.org/review/5978
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
This allows dissector lists to be looked up by name, so they can be
shared by multiple dissectors.
(This means that there's no "udplite" heuristic dissector list, but
there shouldn't be one - protocols can run atop UDP or UDPLite equally
well, and they share a port namespace and uint dissector table, so they
should share a heuristic dissector table as well.)
Change-Id: Ifb2d2c294938c06d348a159adea7a57db8d770a7
Reviewed-on: https://code.wireshark.org/review/5936
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Permit passing TRUE as the parameter during table registration to achieve that
effect.
Use it in RTP media type table.
Bug: 10708
Change-Id: I892fb1a421d349f0c05197dec90f14fc34ad6b97
Reviewed-on: https://code.wireshark.org/review/5695
Reviewed-by: Evan Huus <eapache@gmail.com>
Petri-Dish: Evan Huus <eapache@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
bytes consumed
Change-Id: I528ad736caee1f29e2f0abfc0afcca6587d74eca
Reviewed-on: https://code.wireshark.org/review/5743
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
This is, for heuristic dissector tables, the equivalent of
dissector_table_foreach() for keyed dissector tables.
Change-Id: I4b2f870e1c1179fda1adddd93930b83aaaaf8763
Reviewed-on: https://code.wireshark.org/review/5715
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
This makes it a bit more like dissector_all_tables_foreach_table.
Improve comments and clean up whitespace while we're at it.
Change-Id: I5147427f864add285e3bb6cb35ad9fa83bea516c
Reviewed-on: https://code.wireshark.org/review/5714
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
It's always pased a heur_dissector_list_t *, so give it that type,
rather than having it be a generic pointer.
Change-Id: Ia6a045bb1b96c2f6ef3e23f27928e0b52f7cfb9f
Reviewed-on: https://code.wireshark.org/review/5713
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I46885d028fe9ff5254baefc15283626b9bdb6bce
Reviewed-on: https://code.wireshark.org/review/5711
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
We already have find_dissector_table(); expose
find_heur_dissector_list() as well, so that heuristic dissector lists
can be shared.
Change-Id: I3f50413b8b10fd3129fcdc2344cb1447f0946ce9
Reviewed-on: https://code.wireshark.org/review/5701
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
That list doesn't show the entries in the dissector tables, just
information about the tables themselves.
Clean up some tshark man page issues while we're at it.
Change-Id: I70beee34110f5c0d58105944dd71105a8400f5ca
Reviewed-on: https://code.wireshark.org/review/5360
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
This will register BER PDU-dissectors as "new".
Return number of bytes dissected from dissector_try_* functions.
Return number of bytes dissected in DissectorTable:try()
This will make it possible to get dissected length when using
dissector_try_*() and dissected ASN.1 length in Lua when using
DissectorTable:try() (as we already have for Dissector:call).
Change-Id: Iee17a68dc214fa0fb50b25fc927026ad7c1cbce4
Reviewed-on: https://code.wireshark.org/review/4531
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
This temporarily reverts commit
acc09c2aa248d892ee6b894b43c79cb060131b11.
Change-Id: I7a55c8c2da3f65e914b90648ee92c84efd57f1a0
Reviewed-on: https://code.wireshark.org/review/4525
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
This will register BER PDU-dissectors as "new".
Return number of bytes dissected from dissector_try_* functions.
Return number of bytes dissected in DissectorTable:try()
This will make it possible to get dissected length when using
dissector_try_*() and dissected ASN.1 length in Lua when using
DissectorTable:try() (as we already have for Dissector:call).
Change-Id: I8802a812bd484c1e8794c618b87e676003aea94a
Reviewed-on: https://code.wireshark.org/review/4493
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
Hopefully that name makes it clear what the routiner's purpose is, and
will encourage people to use it rather than using dissector_add_uint()
with a bogus integer value.
Change-Id: Ic5be456d0ad40b176aab01712ab7b13aed5de2a8
Reviewed-on: https://code.wireshark.org/review/2483
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Add a dissector table indexed by the file type, and, for the
file-type-specific records, have the frame dissector skip the usual
pseudo-header processing, as the pseudo-header has a file-type-specific
record subtype in it, and call the dissector for that file type's
records.
Change-Id: Ibe97cf6340ffb0dabc08f355891bc346391b91f9
Reviewed-on: https://code.wireshark.org/review/1782
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Add a "record type" field to "struct wtap_pkthdr"; currently, it can be
REC_TYPE_PACKET, for a record containing a packet, or
REC_TYPE_FILE_TYPE_SPECIFIC, for records containing file-type-specific
data.
Modify code that reads packets to be able to handle non-packet records,
even if that just means ignoring them.
Rename some routines to indicate that they handle more than just
packets.
We don't yet have any libwiretap code that supplies records other than
REC_TYPE_PACKET or that supporting writing records other than
REC_TYPE_PACKET, or any code to support plugins for handling
REC_TYPE_FILE_TYPE_SPECIFIC records; this is just the first step for bug
8590.
Change-Id: Idb40b78f17c2c3aea72031bcd252abf9bc11c813
Reviewed-on: https://code.wireshark.org/review/1773
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
epan/packet.h:369:11: error: parameter 'returns' not found in the function declaration [-Werror,-Wdocumentation]
Change-Id: Ieedd203c4e952ae0ac17273311163d25ab2da066
Reviewed-on: https://code.wireshark.org/review/1746
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
which can be used to call the found heuristic dissector on the next pass.
Introduce call_heur_dissector_direct() to be used to call a heuristic
dissector which accepted the frame on the first pass.
Change-Id: I524edd717b7d92b510bd60acfeea686d5f2b4582
Reviewed-on: https://code.wireshark.org/review/1697
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
This adds the ability for Lua scripts to register heuristic dissectors
for any protocol that has registered a heuristic dissector list, such
as UDP, TCP, and ~50 others. The Lua function can also establish a
conversation tied to its Proto dissector, to avoid having to check the
heuristics for the same flow. The example dissector in the testsuite
has also been enhanced to include a heuristic dissector, to verify
the functionality and provide an example implementation.
Change-Id: Ie232602779f43d3418fe8db09c61d5fc0b59597a
Reviewed-on: https://code.wireshark.org/review/576
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Functions with no parameters must be written func(void). Fixes (some) of the
buildbots.
Change-Id: I1a6e5c0553e032e99419fe67eb4b573bbdfe7fe6
Reviewed-on: https://code.wireshark.org/review/388
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
troubleshooting Lua scripts
There are some common things people need to do, such as convert to/from hex or get
the raw binary string in a ByteArray/Tvb/TvbRange. These have been added, as well
as some tests for them in the testsuites. Also, functions have been added to allow
a script to get all the available tap types and filter fields, since they are
not exactly what one can see in the Wireshark gui.
Change-Id: I92e5e4eae713bb90d79b0c024eaa4e55b99cc96b
Reviewed-on: https://code.wireshark.org/review/249
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
The OP asked 9169 to be reopened because the capture was spewing ~40GB of output
when dissected with tshark. Investigation showed this was because the HTTP
dissector was requesting ONE_MORE_PACKET reassembly a lot, and TCP was adding
each step as a data-source which was being printed by tshark's hex dump. This
was leading to O(n^2) of output.
To fix, introduce function remove_last_data_source which removes the most recent
data source from the list. If the subdissector in TCP reassembly asks for
ONE_MORE_PACKET, assume it hasn't added any tree items (since it shouldn't have)
and remove the data source since it is unnecessary.
This may break dissectors which add tree items and *then* return
ONE_MORE_PACKET, since they will have their data source removed out from under
them. I believe those cases should be fixed to not add tree items until they're
sure they have enough data.
Change-Id: Iff07f959b8b8bd1acda9bff03f7c8684901ba8aa
Reviewed-on: https://code.wireshark.org/review/38
Reviewed-by: Evan Huus <eapache@gmail.com>
Tested-by: Evan Huus <eapache@gmail.com>
|
|
(https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9607)
This is a VERY PRELIMINARY version of tfshark. It's an attempt to jumpstart FileShark and its architecture. Right now it's mostly just a very stripped down version of tshark with all of the necessary build modifications (including now building filetap library since tfshark depends on it)
This code has helped me identify what I believe to be all of the necessary layers for a complete fileshark architecture. And those layers will slowly be added in time (patches always welcome!).
svn path=/trunk/; revision=54646
|
|
Move COL_* enum to <epan/column-utils.h>
XXX Later we can rename epan/column-info.h to column-int.h (or smth like this)
svn path=/trunk/; revision=54352
|
|
svn path=/trunk/; revision=54315
|
|
from the GTK flavor in two major ways:
- The "Decode As" and "User Specified Decodes" dialog have been unified.
- You can modify the decode as behavior at any time, not just when you
have a packet selected.
Revert part of 53498 so that we can move items marked
/*** THE FOLLOWING SHOULD NOT BE USED BY ANY DISSECTORS!!! ***/
from epan/decode_as.h to ui/decode_as_utils.h.
Move "save" code from decode_as_dlg.c to decode_as_utils.c as well.
In packet-dcerpc.c don't register a table named "ethertype". We might
want to add checks for duplicate table names.
To do:
- Add support for ranges?
- Either add support for DCERPC or make DCERPC use a regular dissector
table.
- Fix string selectors (i.e. BER).
svn path=/trunk/; revision=53910
|
|
svn path=/trunk/; revision=53774
|
|
warning: argument 'data' of command @param is not found in the argument list of dissector_all_tables_foreach_changed(DATFunc func, gpointer user_data)
warning: The following parameters of dissector_all_tables_foreach_changed(DATFunc func, gpointer user_data) are not documented: parameter 'user_data'
svn path=/trunk/; revision=53749
|
|
svn path=/trunk/; revision=53655
|
|
We presumably want "decode as" behavior to be consistent across UIs so
call load_decode_as_entries() from read_prefs().
svn path=/trunk/; revision=53498
|
|
(https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9454)
The main driving force for this was my new Decode As functionality (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9450) that wants a dissector/subdissector table relationship for all dissectors wanting to use Decode As functionality. The ethertype() function provides the value to the "ethertype" subdissector table, so I think it should be matched to a dissector. Only odd side effect is the display filter of "ethertype" returns no packets because there is no "item" associated with the dissector.
svn path=/trunk/; revision=53443
|
|
svn path=/trunk/; revision=53196
|
|
svn path=/trunk/; revision=53189
|
|
There weren't that many calls, so might as well modify the function than create a need for dissector_try_string_new.
svn path=/trunk/; revision=53049
|
|
svn path=/trunk/; revision=52980
|