Since the UDP connection switches back and forth between DHT and uTP,
use conversation_set_dissector_from_frame_number so that the dissector
called by try_conversation_dissector in packet-udp.c doesn't change for
a given frame based on the last packet clicked in the GUI.
Split out a heuristic dissector from uTP so that conversation_set_dissector
is only called from the heuristic dissector.
This doesn't make a difference when the heuristics are accurate but
might in some edge cases.
Properly support BEP 42: the 'ip' string includes the port, so the
expected length is 6 octets, not 4. That key also appears on the top
level, and sorts before the 'r' key, so add it to heuristics.
Take the opportunity to strengthen the heuristics; certain other keys
never sort before others, and we know the types of several of the keys.
That allows us to go from seven possibilities for the first four bytes
to four possibilities for the first five bytes, which is surely precise
enough to enable the heuristic by default.
Sort the value_strings.
BitTorrent clients use the same UDP conversation for both DHT and
uTP, switching back and forth between the two at connection start.
So even if the dissector has been set for the conversation or
ports to BT-DHT, test the packet and reject it if not DHT in order
to give the uTP dissector a chance. Fix#17626
As requested [here][1], help with replacing calls to
`wmem_packet_scope()` with references to `pinfo->pool`.
My principles were:
* Plugins chosen semi-randomly.
* When a calling function already has a `pinfo` argument, just use that.
* Remove `_U_` from its signature if it was there.
* Don't go more than 2 or 3 levels deep of changing signatures.
* If a function is clearly allocing memory to return, change the
function signature to take a `wmem_allocator_t *`. Otherwise, either
that or take a `packet_info *` as seems to make sense.
* No mention of `wmem_packet_scope()` should remain in the files I've
touched.
* I didn't always succeed at this, but I made a dent.
[1]: https://www.wireshark.org/lists/wireshark-dev/202107/msg00052.html
Each peer in a get_peers response has its own entry in the list, unlike
the way nodes are represented, so if we see a string_len we don't
recognize (like 18 for IPv6 peers) treating it as several IPv4 peers
doesn't make sense.
Change-Id: I367495fb11aa09f1c8cb7f1df8812e179d41d9b9
Reviewed-on: https://code.wireshark.org/review/18305
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Tested-by: Michael Mann <mmann78@netscape.net>
Similar to the "tcp.port" changes in I99604f95d426ad345f4b494598d94178b886eb67,
convert dissectors that use "udp.port".
More cleanup done on dissectors that use both TCP and UDP dissector
tables, so that less preference callbacks exist.
Change-Id: If07be9b9e850c244336a7069599cd554ce312dd3
Reviewed-on: https://code.wireshark.org/review/18120
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Some of the ASN.1 dissectors still generate a new_create_dissector_handle from the tool itself, so leave those for now.
Change-Id: Ic6e5803b1444d7ac24070949f5fd557909a5641f
Reviewed-on: https://code.wireshark.org/review/12484
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The preferences are still supported for backwards compatibility, but the heuristic_protos file has final say on the "preference" to enable/disable a heuristic dissector.
Also add parameter to heur_dissector_add() for the "default" enable/disable of a heuristic dissector. With this parameter, a few more (presumably weak) heuristic dissectors have been "registered" but of course default to being disabled.
Change-Id: I51bebb2146ef3fbb8418d4f5c7f2cb2b58003a22
Reviewed-on: https://code.wireshark.org/review/9610
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This allows better presentation of heuristic dissectors to the end user.
Change-Id: I2ff3985ab914e83c2989880cc0c7b9904045b3f6
Reviewed-on: https://code.wireshark.org/review/9602
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I79c613cbdd8dc939dd4c29ebc477fb6eefd5bfc4
Reviewed-on: https://code.wireshark.org/review/6371
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Specifically:
- Set packet.h to be the first wireshark #include after
config.h and "system" #includes.
packet.h added as an #include in some cases when missing.
- Remove some #includes included (directly/indirectly) in
packet.h. E.g., glib.h.
(Done only for those files including packet.h).
- As needed, move "system" #includes to be after config.h and
before wireshark #includes.
- Rework various #include file specifications for consistency.
- Misc.
Change-Id: Ifaa1a14b50b69fbad38ea4838a49dfe595c54c95
Reviewed-on: https://code.wireshark.org/review/5923
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Hopefully that name makes it clear what the routiner's purpose is, and
will encourage people to use it rather than using dissector_add_uint()
with a bogus integer value.
Change-Id: Ic5be456d0ad40b176aab01712ab7b13aed5de2a8
Reviewed-on: https://code.wireshark.org/review/2483
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
obvious that the returned string is ephemeral, and opens up the original names
in the API for versions that take a wmem pool (and thus can work in any scope).
svn path=/trunk/; revision=54249
When the remote client sended a node set, it contains nodes info
The node info it shows like (1 3cad1f360cc51870d3e68d61ed604078bc608ee2 60.173.31.54:43365), but this node's true ip and port is 99.192.73.131:26025. When we expand these items, the ips and ports in detailed information are right.
From me :
It is a problem of encoding (LITTLE ENDIAN => BIG ENDIAN) and wrong offset
Some issue with Peers info
svn path=/trunk/; revision=48850
Cast away some implicit 64-bit-to-32-bit conversion errors due to use of
sizeof.
Cast away some implicit 64-bit-to-32-bit conversion errors due to use of
strtol() and strtoul().
Change some data types to avoid those implicit conversion warnings.
When assigning a constant to a float, make sure the constant isn't a
double, by appending "f" to the constant.
Constify a bunch of variables, parameters, and return values to
eliminate warnings due to strings being given const qualifiers. Cast
away those warnings in some cases where an API we don't control forces
us to do so.
Enable a bunch of additional warnings by default. Note why at least
some of the other warnings aren't enabled.
randpkt.c and text2pcap.c are used to build programs, so they don't need
to be in EXTRA_DIST.
If the user specifies --enable-warnings-as-errors, add -Werror *even if
the user specified --enable-extra-gcc-flags; assume they know what
they're doing and are willing to have the compile fail due to the extra
GCC warnings being treated as errors.
svn path=/trunk/; revision=46748
Improvements to BitTorrent DHT dissector
Fixed filtering on protocol "bt-dht".
Improved heuristics. Can probably be enabled by default now (but I'll let someone else make that decision).
Unexpected IP address (first packet in capture file) and binary "tokens" (packet 17) were incorrectly printed as UTF-8 strings.
Moved duplicate code into bencoded_string_length().
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8044
svn path=/trunk/; revision=46396
are like the non-TVB versions except that they take a TVB and an offset
instead of (frequently) a pointer into the TVB.
Calling tvb_get_ptr() before modifying the rest of the fields should help fix
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7960 (though I can't
reproduce that problem).
Replace a bunch of calls like:
SET_ADDRESS(..., AT_XXX, length, tvb_get_ptr(tvb, offset, length));
with:
TVB_SET_ADDRESS(..., AT_XXX, tvb, offset, length);
svn path=/trunk/; revision=46324
Anders Broman