Age | Commit message (Collapse) | Author | Files | Lines |
|
Clean up handling of null-terminated strings.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@11087 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Use "guint8" for 8-bit binary data, and use "%u" to print unsigned values.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@10049 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
authentication response, not a V5 command.
Clean up white space.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@10047 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
if it's < 8, don't dissect anything past the length field (the
length must be >= 8);
otherwise, if it's less than the data or reported length from
the tvbuff, use the length from the header;
otherwise, don't checksum the packet (if it's greater than the
reported length, and the packet isn't fragmented, we should
somehow report that as an error).
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@9782 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@9625 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@9491 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@9490 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
by pass-through proxying dissectors such as the SOCKS dissector; it does
the work of processing a TCP segment, including desegmentation. Export
the "next sequence number" value to subdissectors, so they can use it
when calling "dissect_tcp_payload()".
Use that in the SOCKS dissector.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@9489 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
cleared even if we throw an exception when dissecting the payload.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@9473 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@9166 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
packets/sessions, e.g. MSProxy and SOCKS. It should not cause any of
the TCP-specific stuff such as sequence number analysis or PDU tracking
to be done. (Actually, MSProxy and SOCKS should offer desegmentation
services *themselves* and do their *own* PDU tracking, rather than just
passing stuff on to "decode_tcp_ports()", but that's another matter.)
Make "tcp_tree" once again be a local variable to "dissect_tcp()", and
pass it as an argument to those functions that use it.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8912 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Get rid of some extra blanks at the end of the text for some protocol
tree items.
Use %u, not %d, to format unsigned quantities.
Make the "Client Authentication Methods" item's length cover all the
authentication methods, not just the count of methods.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8709 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
done in common code.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8708 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
When a socks connection was used to create a second socks connection
the socks dissector would be called recursively until a heap overflow
occurred.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8487 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
ONCRPC dissector updated to provide hint to TCP where the next RPCoverTCP
PDU starts as example.
Trivial updates to the other TCP based protocols required to amke them handle
this as well. See the updates to packet-rpc.c as an example.
This is enabled by activating tcp analysis and provides hints to TCP to know where PDUs starts when not aligned to the start of the segment.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7543 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7201 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
winapi_cleanup tool written by Patrik Stridvall for the wine
project.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6117 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
equivalents for the toplevel directory. The removal of winsock2.h will
hopefully not cause any problems under MSVC++, as those files using
struct timeval still include wtap.h, which still includes winsock2.h.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5932 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
dftest.c:
Remove #if-0-ed includes
packet-ieee80211.c, packet-wtls.c, packet-afp.c, packet-wsp.c,
packet-wtp.c, ethereal_gen.py:
Remove redundant include varargs (already in snprintf.h,
and required only for snprintf.h)
Remove unused include of snprintf.h from files not using
"snprintf()".
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5889 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
"offset".
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5650 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
argument to copy a counted string, and use "tvb_strsize()" rather tan
"strlen()" with a "tvb_get_ptr()" argument to get the length of a
null-terminated string, so that we throw an exception if we go past the
end of the tvbuff, rather than processing bytes past the end.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5649 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Declares some variables static.
Creates a new include file packet-rsvp.h, and make use of it
(change some extern decls to #inlcude).
Move the file packet-pgm.h into packet-pgm.c as it is not used
by anything outside packet-pgm.c.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5162 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
routines not used outside the file in which they're defined static.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5144 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
calls that passed TRUE or FALSE, rather than an integer value, as the
last argument.
A SOCKS command is one byte, so make the "socks.command" field an
FT_UINT8.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4904 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
arguments to "proto_tree_add_text()", and to "proto_tree_add_XXX()" calls
that add FT_NONE or FT_PROTO items to the protocol tree, with -1.
Replace some calls to "tvb_length()" or "tvb_length_remaining()" with
calls to "tvb_reported_length()" and "tvb_reported_length_remaining()",
as those give the actual length of the data in the packet, not just the
data that happened to be captured.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4605 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
"epan/..." pathnames, so as to avoid collisions with header files in any
of the directories in which we look (e.g., "proto.h", as some other
package has its own "proto.h" file which it installs in the top-level
include directory).
Don't add "-I" flags to search "epan", as that's no longer necessary
(and we want includes of "epan" headers to fail if the "epan/" is left
out, so that we don't re-introduce includes lacking "epan/").
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4586 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Fixed some of the filter fields.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4383 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
structure to the "packet_info" structure; only stuff that's permanently
stored with each frame should be in the "frame_data" structure, and the
"column_info" structure is not guaranteed to hold the column values for
that frame at all times - it was only in the "frame_data" structure so
that it could be passed to dissectors, and, as all dissectors are now
passed a pointer to a "packet_info" structure, it could just as well be
put in the "packet_info" structure.
That saves memory, by shrinking the "frame_data" structure (there's one
of those per frame), and also lets us clean up the code a bit.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4370 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
take a dissector handle as an argument, rather than a pointer to a
dissector function and a protocol ID. Associate dissector handles with
dissector table entries.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4308 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
compilers.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4284 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
than a pointer to a dissector function, as an argument.
This means that the conversation dissector is called through
"call_dissector()", so the dissector itself doesn't have to worry about
checking whether the protocol is enabled or setting
"pinfo->current_proto", so get rid of the code that does that in
conversation dissectors. Also, make the conversation dissectors static.
Get rid of some direct calls to dissectors; replace them with calls
through handles, and, again, get rid of code to check whether a protocol
is enabled and set "pinfo->current_proto" where that code isn't needed.
Make those dissectors static if they aren't already static.
Add a routine "create_dissector_handle()" to create a dissector handle
without registering it by name, if the dissector isn't used outside the
module in which it's defined.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4281 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
access their own "pinfo". A packet_info is stored in epan_dissect_t,
which is created for the dissection of a single packet.
GUI functions which need to access the packet_info of the currently
selected packet used to use "pi"; now they use cfile.edt->pi. cfile's
"edt" member is the epan_dissect_t of the currently-selected packet.
The functionality of blank_packetinfo() was moved into
dissect_packet(), as that's the only place that called blank_packetinfo(),
after a spurious call to blank_packetinfo() was removed from
packet_list_select_cb().
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4246 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
dissectors and that's no longer needed.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4112 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
little-endian byte order.
Use "proto_tree_add_item()" wherever possible.
Get rid of line commented out with a C++ comment, as not all C compilers
accept C++ comments.
Don't put the user name into the protocol tree if it's not there (we
really should do TCP segment reassembly for this, but this is at least a
good first cut).
When checking whether data exists in the packet, use
"tvb_offset_exists()", don't compare the offset in the tvbuf with
"pinfo->len" - "pinfo->len" is the length of the entire packet, not of
the tvbuff.
Fix some references to "pi" to refer to "*pinfo" instead.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4108 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Pia Sahlberg <piabar@hotmail.com.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4100 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4088 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
of protocol-id-plus-datum pairs, so that multiple protocols can attach
information to the same conversation.
Dissectors that attach information to a conversation should not assume
that if they find a conversation it has one of its data attached to it;
the conversation might've been created by another dissector.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3901 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3900 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
"header_field_info" structure, including the ones that are later set by
the routines to register fields.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3561 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3529 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
otherwise, the filtering GUI gets very upset when you try to construct a
filter expression to test the value of that field. Make them BASE_DEC.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3334 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
conversation it found has no data associated with it; this is a
workaround for a problem that shows up if a conversation is between two
ports both of which have protocols associated with them - in that case,
frames going in one direction might be dissected by one of those
dissectors, and frames going in the other direction might be dissected
by the other dissector, causing untold confusion.
We really need to associate dissectors with conversations as soon as the
conversation is created, so that all packets will be handled by the same
dissector. (The SOCKS dissector now does that.)
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2862 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
"{old_}heur_dissector_add()", "{old_}conv_dissector_add()", and
"register_dissector()", so that an entry in those tables has associated
with it the protocol index of the protocol the dissector handles (or -1,
if there is no protocol index for it).
This is for future use in a number of places.
(Arguably, "proto_register_protocol()" should take a dissector pointer
as an argument, but
1) it'd have to handle both regular and heuristic dissectors;
2) making it take either a "dissector_t" or a union of that and
a "heur_dissector_t" introduces some painful header-file
interdependencies
so I'm punting on that for now. As with other Ethereal internal APIs,
these APIs are subject to change in the future, at least until Ethereal
1.0 comes out....)
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2849 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
protocols, in addition to adding structures to the list of filterable
fields. Give it an extra argument that specifies a "short name" for the
protocol, for use in such places as
pinfo->current_proto;
the dialog box for constructing filters;
the preferences tab for the protocol;
and so on (although we're not yet using it in all those places).
Make the preference name that appears in the preferences file and the
command line for the DIAMETER protocol "diameter", not "Diameter"; the
convention is that the name in question be all-lower-case.
Make some routines and variables that aren't exported static.
Update a comment in the ICP dissector to make it clear that the
dissector won't see fragments other than the first fragment of a
fragmented datagram.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2810 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
can be put, and a pointer to the string for the column, which might or
might not point to that buffer.
Add a routine "col_set_str()", which sets the string for the column to
the string passed to it as an argument; it should only be handed a
static string (a string constant would be ideal). It doesn't do any
copying, so it's faster than "col_add_str()".
Make the routines that append to columns check whether the pointer to
the string for the column points to the buffer for the column and, if
not, copy the string for the column to the buffer for the column so that
you can append to it (so you can use "col_set_str()" and then use
"col_append_str()" or "col_append_fstr()").
Convert a bunch of "col_add_str()" calls that take a string constant as
an argument to "col_set_str()" calls.
Convert some "col_add_fstr()" calls that take a string constant as the
only argument - i.e., the format string doesn't have any "%" slots into
which to put strings for subsequent arguments to "col_set_str()" calls
(those calls are just like "col_add_str()" calls).
Replace an END_OF_FRAME reference in a tvbuffified dissector with a
"tvb_length(tvb)" call.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2670 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2658 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Jeff Foster.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2523 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
This keeps tvbuff.c generic; it doesn't have to pull in packet.h and all
of it's included files.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2409 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
"dissector" union in the "conversation_t" structure to "old_d" and
"new_d", to avoid using a C++ reserved word.
Add "old_conversation_set_dissector()" and
"conversation_set_dissector()" routines to set the dissector for a
conversation, to hide the details of how that's done (e.g., details such
as whether there's a union at all - eventually, when all dissectors have
been tvbuffified, there won't be a need for the union - and what the
names of the union members are, and so on). Convert all dissectors to
use those routines (they had to be changed anyway, due to the name
change).
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2324 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
the following:
It is now possible to enable/disable a particular protocol decoding
(i.e. the protocol dissector is void or not). When a protocol
is disabled, it is displayed as Data and of course, all linked
sub-protocols are disabled as well.
Disabling a protocol could be interesting:
- in case of buggy dissectors
- in case of wrong heuristics
- for performance reasons
- to decode the data as another protocol (TODO)
Currently (if I am not wrong), all dissectors but NFS can be disabled
(and dissectors that do not register protocols :-)
I do not like the way the RPC sub-dissectors are disabled (in the
sub-dissectors) since this could be done in the RPC dissector itself,
knowing the sub-protocol hfinfo entry (this is why, I've not modified
the NFS one yet).
Two functions are added in proto.c :
gboolean proto_is_protocol_enabled(int n);
void proto_set_decoding(int n, gboolean enabled);
and two MACROs which can be used in dissectors:
OLD_CHECK_DISPLAY_AS_DATA(index, pd, offset, fd, tree)
CHECK_DISPLAY_AS_DATA(index, tvb, pinfo, tree)
See also the XXX in proto_dlg.c and proto.c around the new functions.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2267 f5534014-38df-0310-8fa8-9805f1628bb7
|