| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
This patch allows to show time relative to capture start in the packet
details.
Currently only the BLF format uses this.
|
|
Save all dependent frames when there are multiple levels
of reassembly.
This is a retry of !6329, combined with the fix in !6509 which
were reverted in !6545.
epan: fix a segfault, introduced in !6329
|
|
It's not a general key for looking up arbitrary conversations - that's
what an array of conversation elements is for - it's just a pair of
address/port endpoints. (It's not even hijacked for conversations
identified by a circuit ID any more.)
|
|
A conversation in Wireshark might have two endpoints or might have no
endpoints; few if any have one endpoint. Distinguish between
conversations and endpoints.
|
|
The proto_layers map maps to values of curr_proto_layer_num,
not curr_layer_num.
|
|
Convert the address+port conversation code to element lists. Make our
conversation keys element lists. Document more of the conversation API.
Update the Conversation Hash Table dialog to use the new API.
Describe an alternative key type and data structure at the top of
conversation.c.
|
|
Add conversation_new_full and find_conversation_full, which take
arbitrary element lists instead of fixed addresses and ports.
Update the comments in conversation.h to be more Doxygen-conformant.
Update README.dissector.
Use the new functionality to add initial conversation support to the
Falco Bridge dissector.
|
|
Packet info already contains the notion of layer depth for the
current protocol, among all the protocols in the frame. This
adds an extra layer number for the protocols that are the same
as the current one. Obviously this will only go above one if
the protocol is repeated in the stack, such as with IP tunneling.
Adds extra logic to track numbers for each protocol in the frame
and update them when calling a dissector.
The total layer number and protocol layer number are store in
the field info structure so they can be used after dissection,
namely by display filters.
|
|
This reverts commit 2d8607e7e039db2b189403e9941ab8cbd0a9d466.
This reverts commit be915d7374be9d64b6fd85819fcd98b300f511af.
Introduces a segmentation fault, needs more work.
|
|
Save all dependent frames when there are multiple levels
of reassembly.
|
|
Rcv.Wind.Shift and Snd.Wind.Shift were not displayed correctly by
the BBLog dissector and the TCP dissector was not using the
information about the shift values available in the BBLog file.
|
|
Pass Type I vs. II/III via dissector data instead of pinfo
Append type to protocol name
Put vlan number into pinfo when appropriate
Put version 1 and version 2 dissection into separate blocks
Rename priority into cos (as per draft-rfc)
Add new subheader from draft-3
Change-Id: I6eb7fe7073a6cc92e2028b0491de5e0f3f036b4e
Reviewed-on: https://code.wireshark.org/review/26512
Petri-Dish: Jörg Mayer <jmayer@loplof.de>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
|
|
Separate the stuff that any record could have from the stuff that only
particular record types have; put the latter into a union, and put all
that into a wtap_rec structure.
Add some record-type checks as necessary.
Change-Id: Id6b3486858f826fce4b096c59231f463e44bfaa2
Reviewed-on: https://code.wireshark.org/review/25696
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Skipping dissectors dir for now.
Change-Id: I717b66bfbc7cc81b83f8c2cbc011fcad643796aa
Reviewed-on: https://code.wireshark.org/review/25694
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
pinfo->pkt_encap is jsut a copy of pinfo->phdr->pkt_encap; no need for
the copy.
Expand a comment while we're at it.
Change-Id: I5fcfe694ecba42507f1d629d01440da0a0989501
Reviewed-on: https://code.wireshark.org/review/25643
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I52c4c1fa5601bc66396f397ad23a9e53285a5926
Reviewed-on: https://code.wireshark.org/review/25463
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
|
|
Replace with conversation API that limits the "endpoint" to a single
uint32 value.
The intention is to eventually have "layered" endpoints, because circuit_id
was used in cases where src/dest port have already been populated (and
are used for layers above). Those src/dest ports should just be treated
as just another endpoint, but we currently only have support for one.
Change-Id: Ic6aa7ef0241275aa4dfde9459194369b48c72960
Reviewed-on: https://code.wireshark.org/review/24369
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Add endpoint information to the packet_info structure for dissectors
to potentially use as their data to create conversations.
This patch includes a simple "example" of using conversation_create_endpoint
with TDMoP. The assignment of the PT_TDMOP "port type" has been replaced by
setting ENDPOINT_TDMOP within the endpoint structure. Then when subdissectors
of TDMoP call find_or_create_conversation(), it implicitly picks up the
conversation information set by TDMoP
Change-Id: I11dc29989cccd3b0f0349ee901babb455ca02d19
Reviewed-on: https://code.wireshark.org/review/24190
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Andrew Chernyh <andrew.chernyh@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
That removes most of the uses of the frame number field in the
frame_data structure.
Change-Id: Ie22e4533e87f8360d7c0a61ca6ffb796cc233f22
Reviewed-on: https://code.wireshark.org/review/13509
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Add fields for the absolute time stamp (and another field for a presence
flag for the absolute time stamp) and the packet encapsulation for the
packet.
This lets us remove the field for the packet encapsulation in the
frame_data structure; do so.
Change-Id: Ifb910a9a192414e2a53086f3f7b97f39ed36aa39
Reviewed-on: https://code.wireshark.org/review/13499
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
I have traces where IP reassembly gets confused by multiple frames from
different VLANS and ends up adding fragments from differet messages
togeter after IP Identification is reused.
I think VLAN ID could be useful in other places too to aviliate duplicate
packet detection. Making this a separate patch while testing the usage.
Change-Id: Id7c23dc52f6de2e1f2e980ec8fe61d0598500d0d
Reviewed-on: https://code.wireshark.org/review/13452
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
The last piece was the NTLMSSP dissector and that is now handled by passing a pointer to a tvbuff* as dissector data for the NTLMSSP dissector to (possibly) "return" a tvbuff* with decrypted data.
Change-Id: I2606172e4d0ebb5fc6353921d5b5f41a4792f9e5
Reviewed-on: https://code.wireshark.org/review/12232
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
between dissectors instead of using packet_info.h
The only remaining explicit user of the packet_info members is the NTLMSSP dissector. However, there may be "hidden" use of it in the spnego dissector passing between ASN.1 functions.
Someone more familiar with the protocols could possibly trim some of the "extra copies" between packet_info and gssapi_encrypt_info_t structure, but I went the "better safe than sorry" route.
Change-Id: I160d2cfccadc5f49b128609223cdff0162c3ca85
Reviewed-on: https://code.wireshark.org/review/11575
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Ifd3d201a09944e3fc36188f891ea8a584886101d
Reviewed-on: https://code.wireshark.org/review/5884
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Profinet I/O and DCOM CBA had completely separate uses for the profinet_type member, so it's okay to separate them with different proto ids tracking the proto_data.
Change-Id: I7b9c01b8d4f74d51fe9f9ef2f957479dff0a7157
Reviewed-on: https://code.wireshark.org/review/5852
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I660caa8283aecff5060c6ed476f316bc5793373e
Reviewed-on: https://code.wireshark.org/review/5643
Reviewed-by: Michael Tüxen <tuexen@wireshark.org>
|
|
Dissectors should pass data directly to their subdissectors through the data parameter (of new-style dissectors). This avoids unintentional "trampling" from other dissectors trying to "share" private_data member.
Change-Id: I2efef5c8dfeef64588ba3ac6e695b469238c6468
Reviewed-on: https://code.wireshark.org/review/5487
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
sccp_msg_info_t* is now passed from SCCP dissector to its subdissectors through dissector data parameter.
Change-Id: Iab4aae58f8995e844f72e02e9f2de36e83589fc0
Reviewed-on: https://code.wireshark.org/review/5442
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Just pass the necessary data to the frame dissector.
Change-Id: I1a4bab32f7b5e28f4e7707794d71b04dab388908
Reviewed-on: https://code.wireshark.org/review/5328
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
All situations can be handled with "shimmed" dissector functions.
Change-Id: Ic85483b32d99d3270b193c9f6b29574d8fad46a8
Reviewed-on: https://code.wireshark.org/review/5327
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Add a dissector table indexed by the file type, and, for the
file-type-specific records, have the frame dissector skip the usual
pseudo-header processing, as the pseudo-header has a file-type-specific
record subtype in it, and call the dissector for that file type's
records.
Change-Id: Ibe97cf6340ffb0dabc08f355891bc346391b91f9
Reviewed-on: https://code.wireshark.org/review/1782
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Add editor modelines.
Change-Id: I360a557a1e9753c4ae7ab95213aa8d44000f7dfd
Reviewed-on: https://code.wireshark.org/review/1335
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
|
This adds the ability for Lua scripts to register heuristic dissectors
for any protocol that has registered a heuristic dissector list, such
as UDP, TCP, and ~50 others. The Lua function can also establish a
conversation tied to its Proto dissector, to avoid having to check the
heuristics for the same flow. The example dissector in the testsuite
has also been enhanced to include a heuristic dissector, to verify
the functionality and provide an example implementation.
Change-Id: Ie232602779f43d3418fe8db09c61d5fc0b59597a
Reviewed-on: https://code.wireshark.org/review/576
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Move COL_* enum to <epan/column-utils.h>
XXX Later we can rename epan/column-info.h to column-int.h (or smth like this)
svn path=/trunk/; revision=54352
|
|
fc_hdr or fc_data_t structure passed between all necessary dissectors.
svn path=/trunk/; revision=53569
|
|
proto data.
svn path=/trunk/; revision=53559
|
|
to be "used" by dissectors, just stored (for help in debugging?).
svn path=/trunk/; revision=53552
|
|
Part of the fix includes having the IPv6 dissector populate as much of a ws_ip structure as possible to pass to subdissectors of the "ip.proto" table, so the ttl value can be picked up.
svn path=/trunk/; revision=53522
|
|
(https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9470)
I'm not sold on the name or module the proto_data functions live in, but I believe the function arguments are solid and gives us the most flexibility for the future. And search/replace of a function name is easy enough to do.
The big driving force for getting this in sooner rather than later is the saved memory on ethernet packets (and IP packets soon), that used to have file_scope() proto data when all it needed was packet_scope() data (technically packet_info->pool scoped), strictly for Decode As.
All dissectors that use p_add_proto_data() only for Decode As functionality have been converted to using packet_scope(). All other dissectors were converted to using file_scope() which was the original scope for "proto" data.
svn path=/trunk/; revision=53520
|
|
The information was converted to "proto" data within their respective dissectors strictly for use in "Decode As".
svn path=/trunk/; revision=53489
|
|
subdissectors. There are no subdissectors currently in Wireshark source that use the ppid member so any third party dissectors need to update accordingly.
svn path=/trunk/; revision=53424
|
|
subdissectors. Bug 9413 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9413)
svn path=/trunk/; revision=53274
|
|
All dissectors that call tcp_dissect_pdus() have the same relative tree position, so it doesn't need to be specifically saved in the packet_info.
svn path=/trunk/; revision=53253
|
|
protocol IDs. This is substantially more efficient, which means we can build it
all the time rather than only if tree (in my benchmarks the extra time taken is
not large enough to be statistically significant even over tens of thousands of
packets).
This fixes what was probably a bug in btobex that relied on layer_names for
non-tree dissection. It also enables a much simpler fix for
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9303
svn path=/trunk/; revision=53089
|
|
used strictly for columns that are considered "deprecated" and I think the third could be put in that category as well.
I assume the column enumerations haven't already been removed because of legacy "indexing issues", but if I'm wrong, we should definitely remove the columns altogether. Could also see renaming columns to DEPRECATED_[X].
svn path=/trunk/; revision=52910
|
|
Dissectors should just use (reported) tvb length and taps have other ways to get the data.
svn path=/trunk/; revision=52899
|
|
using struct _packet_info.
svn path=/trunk/; revision=52827
|
