| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Change all wireshark.org URLs to use https.
Fix some broken links while we're at it.
Change-Id: I161bf8eeca43b8027605acea666032da86f5ea1c
Reviewed-on: https://code.wireshark.org/review/34089
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
That's what the remaining calls to tvb_get_nstringz() and
tvb_get_nstringz0() are being used to do, even though those routines
were not intended for that purpose - the calls are extracting from a
text protcool, meaning that the strings are *not* null-terminate in the
packet.
Strings - even null-terminated ones - should, in almost all cases, be
extracted by tvb_get_string_enc() or routines that call it, so that an
encoding is specified. In the few cases where we're fetching strings
only to be compared to ASCII constants, or to parse as numbers, we can
get away with this.
Change-Id: I29f0532902c4ade2207de7f06db69c32eafd4132
Reviewed-on: https://code.wireshark.org/review/34072
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
The latest iteration of Microsoft updates to SMB3 added compression to
the protocol. This commit implements decompressing and dissecting
compressed payloads.
The compression algorithms that can be used are "Plain LZ77",
"LZ77+Huffman" and "LZNT1" which you can read more about in the
[MS-XCA] documentation. This set of algorithm is sometimes referred to
as XPRESS.
This commit reuses the existing uncompression API scheme already in
place with zlib and brotli and adds 3 tvb_uncompress_*() function
implemented in:
* epan/tvbuff_lz77.c
* epan/tvbuff_lz77huff.c
* epan/tvbuff_lznt1.c
A new function wmem_array_try_index() was added to the wmem_array API
to make bound checked reads that fail gracefully. New tests for it
have been added as well.
Since both reads (tvb) and writes (wmem_array) are bound checked the
risk for buffer overruns is drastically reduced. LZ77+Huffman has
decoding tables and special care was taken to bound check these.
Simplified versions of the implementations were succesfully tested
against AFL (American Fuzzy Lop) for ~150 millions executions each.
The SMB2/3 dissector was changed to deal with the new transform header
for compressed packets (new protocol_id value) and READ request
flags (COMPRESSED). Badly compressed or encrypted packets are now
reported as such, and the decryption test suite was changed to reflect
that.
This commit also adds a test capture with 1 packet compressed with
each algorithm as returned by Windows Server 2019, along with 3
matching tests in test/suite_dissection.py
Change-Id: I2b84f56541f2f4ee7d886152794b993987dd10e7
Reviewed-on: https://code.wireshark.org/review/33855
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Change-Id: I9c09f55673187f6fee723fcd72798fb6b9958b03
Reviewed-on: https://code.wireshark.org/review/32745
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
This is intended to be a replacement for get_token_len (from strutil.h) when its used on a tvb. It should be a little safer and remove the need for a dissector to use tvb_get_ptr.
Change-Id: Ib2d4a79718b6fba4eb9acc0129b13be6c8199a43
Reviewed-on: https://code.wireshark.org/review/30892
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
This allows dissectors to check if a portion of the tvb is an ascii string while hiding the use of tvb_get_ptr.
Change-Id: Iaec7559dcfdefb8a5ae23e099ced45e90e611f8f
Reviewed-on: https://code.wireshark.org/review/30291
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
We no longer have TVBUFF_ values corresponding to different types of
tvbuff; we have, instead, a set of method pointers for the different
types. Refer to the types by name, rather than by TVBUFF_ value.
Expand the description of some fields in the tvbuff structure.
Change-Id: I38b5281df247ddd66b4e39abfc129053a012d241
Reviewed-on: https://code.wireshark.org/review/27036
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
In tvb_new_subset_length_caplen(), the captured length argument is
backing_length and the reported length argument is reported_length. The
length argument to tvb_new_subset_length() is a reported length, not a
captured length, so call it reported_length, not backing_length.
Change-Id: Ibfb30e15bdd885d3c0fd66e2b4b07c4a45327f14
Reviewed-on: https://code.wireshark.org/review/26863
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Add 8-bit, 16-bit, 24-bit, and 32-bit "fetch signed value" routines, and
use them rather than casting the result of the 8/16/24/32-bit "fetch
unsigned value" routines to a signed type (which, BTW, isn't sufficient
for 24-bit values, so this appears to fix a bug
in epan/dissectors/packet-zbee-zcl.c).
Use numbers rather than sizeof()s in various tvb_get_ routines.
Change-Id: I0e48a57fac9f70fe42de815c3fa915f1592548bd
Reviewed-on: https://code.wireshark.org/review/26844
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Skipping dissectors dir for now.
Change-Id: I717b66bfbc7cc81b83f8c2cbc011fcad643796aa
Reviewed-on: https://code.wireshark.org/review/25694
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
At one point, I remember a discussion resulting in the official name of
the next-generation replacement for pcap format being changed to
"pcapng", with no hyphen.
Make Wireshark reflect that.
Change-Id: Ie66fb13a0fe3a8682143106dab601952e9154e2a
Reviewed-on: https://code.wireshark.org/review/25214
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Used to support variable length in QUIC protocol
Bug: 13881
Change-Id: Ia274b1530152376c5fb4e364fc4cf5ab246be1b3
Reviewed-on: https://code.wireshark.org/review/24990
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Craig Jackson <cejackson51@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
That allows a parallel typedef of ws_in4_addr for guint32.
Change-Id: I03b230247065e0e3840eb87635315a8e523ef562
Reviewed-on: https://code.wireshark.org/review/24073
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Encoding of integer datatypes of Protocol buffers
https://developers.google.cn/protocol-buffers/docs/encoding
Change-Id: I9f6d65ddca099c15c0634984e9394131f98d35a9
Reviewed-on: https://code.wireshark.org/review/23813
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
It's only use is in dissectors or other tree creation APIs (where
packet scope is valid), so have it use format_text_wmem with
wmem_packet_scope().
Change-Id: I1f34e284a870c9844c6b27f4ae08a1e7efe54098
Reviewed-on: https://code.wireshark.org/review/19883
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
It's only use is in dissectors, so have it use
format_text_wmem with wmem_packet_scope().
Change-Id: I22121324fd47aee32174b65104458ad2ef329bd7
Reviewed-on: https://code.wireshark.org/review/19856
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
format_text_wsp is fed into by tvb_format_text_wsp and tvb_format_stringzpad_wsp
so those functions need to add a wmem allocated parameter as well.
Most of the changes came from tvb_format_text_wsp and tvb_format_stringzpad_wsp
being changed more so than format_text_wsp.
Change-Id: I52214ca107016f0e96371a9a8430aa89336f91d7
Reviewed-on: https://code.wireshark.org/review/19851
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Hex digits 0xa through 0xe are '*', '#', 'a', 'b', and 'c',
respectively.
Constify the dgt_set_t argument to tvb_bcd_dig_to_wmem_packet_str(),
while we're at it.
Bug: 13316
Change-Id: I7586f35d23fd262453779d99946e7ccad4b6ffab
Reviewed-on: https://code.wireshark.org/review/19620
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
This emphasizes that there is no such thing as *the* routine to
construct a subset tvbuff; you need to choose one of
tvb_new_subset_remaining() (if you want a new tvbuff that contains
everything past a certain point in an existing tvbuff),
tvb_new_subset_length() (if you want a subset that contains everything
past a certain point, for some number of bytes, in an existing tvbuff),
and tvb_new_subset_length_caplen() (for all other cases).
Many of the calls to tvb_new_subset_length_caplen() should really be
calling one of the other routines; that's the next step. (This also
makes it easier to find the calls that need fixing.)
Change-Id: Ieb3d676d8cda535451c119487d7cd3b559221f2b
Reviewed-on: https://code.wireshark.org/review/19597
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I75c0165948325c2e50918706d8a821411761727b
Signed-off-by: Francesco Fondelli <francesco.fondelli@gmail.com>
Reviewed-on: https://code.wireshark.org/review/17734
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
By analogy to ipv4.h.
Change-Id: I147565b332024b1bb88e9cd15889255773d04524
Reviewed-on: https://code.wireshark.org/review/13034
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Don't just define struct nstime_t yourself.
Change-Id: I275f53c6c9f34813898e7ffe4493583017fbf7f0
Reviewed-on: https://code.wireshark.org/review/13021
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Don't just define it yourself.
(And especially don't define it yourself if you're already including
epan/ipv6-utils.h.)
Change-Id: I9970d0edecef0c820b2a7fdce34509b54e7b3106
Reviewed-on: https://code.wireshark.org/review/13020
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Almost all replacements were done awhile ago, just put the final nail in the coffin.
Change-Id: I0a708d886da5a500c2a1e2c9ee2736794bdb9411
Reviewed-on: https://code.wireshark.org/review/12206
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
The remaining calls seem to fall into 3 categories:
1. passing it to tvb_find_line_end when -1 (for length) will do.
2. duplicating the checking of tvb_reported_length_remaining, which is already in use near the tvb_ensure_length_remaining call.
3. Those that (probably) need tvb_ensure_capture_length_remaining
Change-Id: I1e77695251e055644bcbbb89f3c181c65d1671ca
Reviewed-on: https://code.wireshark.org/review/10268
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
And remove the shims themselves!
Change-Id: I511c06eb21eaf68d1dc36bbb9558408807472f9c
Reviewed-on: https://code.wireshark.org/review/9088
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
Routines that don't take a tvbuff as an argument shouldn't have tvb_ in
the name.
Change-Id: I3550256551e30b3f329cbbfca71ef27c727d29c0
Reviewed-on: https://code.wireshark.org/review/7302
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
This combines the SSE4.2 instructions usage, with pre-compiled
pattern searching usage, for a faster pbrk search method.
Testing against large files of HTTP and SIP, there is about
a 5% performance improvement by using pre-"compiled" patterns
for guint8_pbrk() instead of passing it the search string and
having it build the match array every time.
Similar to regular expressions, "compiling" the pattern match array
in advance only once and using the "compiled" patterns for
the searches is faster than compiling it every time.
Change-Id: Ifcbc14a6c93f32d15663a10d974bacdca5119a8e
Ping-Bug: 10798
Reviewed-on: https://code.wireshark.org/review/6990
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I79c613cbdd8dc939dd4c29ebc477fb6eefd5bfc4
Reviewed-on: https://code.wireshark.org/review/6371
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Also change bytestring_to_str to match bytes_to_ep_str_punct functionality (limiting byte string size)
Change-Id: Idb958c7f0c203d103629469302b81fa922714f7e
Reviewed-on: https://code.wireshark.org/review/6369
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Changed all remaining code in wslua that was using emem, to use wmem or
simpler methods.
Bug: 9927
Change-Id: I3d19a770e0fd77d996bdb6b61a76a722cc2bcd55
Reviewed-on: https://code.wireshark.org/review/6109
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
e.g. tvb_get_guint16(tvb, offset, ENC_LITTLE_ENDIAN)
Change-Id: Iea02fd59b13678aca741d028fb1f66f334447498
Reviewed-on: https://code.wireshark.org/review/6191
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
Change-Id: I6c2564a86e13d9321001856ba1f51681a9f20976
Reviewed-on: https://code.wireshark.org/review/5979
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
This reverts commit 72b91a56f86e3bbab700900366f81dc8c353b91d.
value_string_ext tables ***MUST*** be sorted numerically, otherwise the code prints warnings such as the ones in
http://buildbot.wireshark.org/trunk/builders/Ubuntu%2014.04%20x64/builds/1419/steps/test.sh/logs/stdio
Fix this and resubmit.
Change-Id: I448025bb7b19a607e992831202ed31d243ce70d8
Reviewed-on: https://code.wireshark.org/review/5530
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
no ethertype 0x8203-0x8205 support in trunk.
0x8204 is QNX OS VER 6's qnet ethernet protocol number.
Bug:3934
Change-Id: I5f3e910876bb7fb86de2111f856d026fdf220917
Reviewed-on: https://code.wireshark.org/review/2954
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
string, not an EP-allocated one.
Change-Id: I3918ed66429c588d4503d98e10dc460b099e550e
Reviewed-on: https://code.wireshark.org/review/3795
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
|
|
This lets us blow up with oversized 64-bit length values, before casting
them to the 31-bit lengths we can actually handle in Wireshark, rather
than blindly casting them with weird results.
Use that in the MySQL dissector, and, if we get past the test, cast the
lengths to int to squelch warnings.
Change-Id: I3a5e9bd0027fa4ddcb9622f77952dba8f6b23c27
Reviewed-on: https://code.wireshark.org/review/3362
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
This reverts commit fe195c0c978b4b92dc5a77daa6449a7f1314243d.
Conflicts:
epan/tvbuff.c
Change-Id: I1af618d0bd1e6211281b6d67c0ad197cfa513a0c
Reviewed-on: https://code.wireshark.org/review/1639
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
g867a1827e7dc88896ee27a107eb35c4b3973d270 introduced a change to cleanup/fix
handling of bounds checks for -1 length fields, but it ended up guaranteeing a
throw for 0-length tvbs, which isn't good; we ought to be able to add 0-length
FT_PROTOCOL items at the very least.
Better names for the function than _cheat are welcome, but I want to shut up the
buildbot.
Change-Id: I24610f947d03dac32766e2a0ffa0ff7bcc74c3e8
Reviewed-on: https://code.wireshark.org/review/1303
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
This commit adds tvb_get_string_bytes and proto_tree_add_bytes_item routines for
getting GByteArrays fields from the tvb when they are encoded in ASCII hex string form.
The proto_tree_add_bytes_item routine is also usable for normal
binary encoded byte arrays, and has the advantage of retrieving
the array values even if there's no proto tree.
It also exposes the routines to Lua, both so that a Lua script can take
advantage of this, but also so I can write a testsuite to test the functions.
Change-Id: I112a038653df6482a5d0ebe7c95708f207319e20
Reviewed-on: https://code.wireshark.org/review/1158
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
This commit adds tvb_get_string_time and proto_tree_add_time_item routines for
getting nstime fields from the tvb when they are encoded in ASCII string form.
The proto_tree_add_time_item routine is also usable for normal
big/little-endian encoded time_t, and has the advantage of retrieving
the value even if there's no proto tree.
It also exposes the routines to Lua, both so that a Lua script can take
advantage of this, but also so I can write a testsuite to test the functions.
Change-Id: I955da10f68f2680e3da3a5be5ad8fdce7ed6808c
Reviewed-on: https://code.wireshark.org/review/1084
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I01ec87ff4181afb5b2de487fd5f5200f8d62f17d
Reviewed-on: https://code.wireshark.org/review/1088
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Add an FT_STRINGZPAD type, for null-padded strings (typically
fixed-length fields, where the string can be up to the length of the
field, and is null-padded if it's shorter than that), and use it. Use
IS_FT_STRING() in more cases, so that less code needs to know what types
are string types.
Add a tvb_get_stringzpad() routine, which gets null-padded strings.
Currently, it does the same thing that tvb_get_string_enc() does, but
that might change if we don't store string values as null-terminated
strings.
Change-Id: I46f56e130de8f419a19b56ded914e24cc7518a66
Reviewed-on: https://code.wireshark.org/review/1082
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: If043683f366fedd849688ca3c512707954221a3b
Reviewed-on: https://code.wireshark.org/review/984
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
indentation in packet-sip.c
Change-Id: I623fc5e4c1247dbe5e15f0f33270f4f0994268ab
Reviewed-on: https://code.wireshark.org/review/943
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Tested-by: Bill Meier <wmeier@newsguy.com>
|
|
When capturing, they'll be in host byte order. The top of the libpcap
trunk and 1.5 branch, when reading a file, will, if necessary, byte-swap
the type and length values so that they're in the byte order of the host
reading the file (rather than the host that wrote the file).
Do the same when we read a file, and have the NFLOG dissector assume
host byte order for those fields.
Change-Id: I493aed1e07b626af1157d75f3bc293b0a694ad07
Reviewed-on: https://code.wireshark.org/review/148
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: Iec94342b7d033fb6e8597bbffea563128182316b
Reviewed-on: https://code.wireshark.org/review/417
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I1009c75d5a4f074767dbc3600e7a6edfd0031460
Reviewed-on: https://code.wireshark.org/review/416
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: Ied8830e2e7a689197870a4d839fd08b36546c75f
Reviewed-on: https://code.wireshark.org/review/414
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
