This adds the ability for Lua scripts to register heuristic dissectors
for any protocol that has registered a heuristic dissector list, such
as UDP, TCP, and ~50 others. The Lua function can also establish a
conversation tied to its Proto dissector, to avoid having to check the
heuristics for the same flow. The example dissector in the testsuite
has also been enhanced to include a heuristic dissector, to verify
the functionality and provide an example implementation.
Change-Id: Ie232602779f43d3418fe8db09c61d5fc0b59597a
Reviewed-on: https://code.wireshark.org/review/576
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Move COL_* enum to <epan/column-utils.h>
XXX Later we can rename epan/column-info.h to column-int.h (or smth like this)
svn path=/trunk/; revision=54352
Part of the fix includes having the IPv6 dissector populate as much of a ws_ip structure as possible to pass to subdissectors of the "ip.proto" table, so the ttl value can be picked up.
svn path=/trunk/; revision=53522
I'm not sold on the name or module the proto_data functions live in, but I believe the function arguments are solid and gives us the most flexibility for the future. And search/replace of a function name is easy enough to do.
The big driving force for getting this in sooner rather than later is the saved memory on ethernet packets (and IP packets soon), that used to have file_scope() proto data when all it needed was packet_scope() data (technically packet_info->pool scoped), strictly for Decode As.
All dissectors that use p_add_proto_data() only for Decode As functionality have been converted to using packet_scope(). All other dissectors were converted to using file_scope() which was the original scope for "proto" data.
svn path=/trunk/; revision=53520
All dissectors that call tcp_dissect_pdus() have the same relative tree position, so it doesn't need to be specifically saved in the packet_info.
svn path=/trunk/; revision=53253
protocol IDs. This is substantially more efficient, which means we can build it
all the time rather than only if tree (in my benchmarks the extra time taken is
not large enough to be statistically significant even over tens of thousands of
packets).
This fixes what was probably a bug in btobex that relied on layer_names for
non-tree dissection. It also enables a much simpler fix for
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9303
svn path=/trunk/; revision=53089
I assume the column enumerations haven't already been removed because of legacy "indexing issues", but if I'm wrong, we should definitely remove the columns altogether. Could also see renaming columns to DEPRECATED_[X].
svn path=/trunk/; revision=52910
Original (read from file) comments can be accessed by pkthdr->opt_comment
Keep user comments in seperated BST, add new method for epan session to get it.
svn path=/trunk/; revision=51090
Remove ->prev_cap, for testing purpose also replace ->prev_dis with number of previously displayed frame number.
This patch reduce size of frame_data by 8B (amd64)
This is what (I think) was suggested by Guy in comment 13 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5821#c13)
svn path=/trunk/; revision=50765
public header, but since packet_info.h is included in most of the tree it saves
a great deal of recompilation when something in one of the wmem data structures
changes.
svn path=/trunk/; revision=46624
(I used PPID 0xffffffff as an end-of-list marker so that PPID can no longer
be used in this dialog; if someone starts using that PPID then we'll have
to put a count of PPIDs in pinfo.)
svn path=/trunk/; revision=42991
make Save-As/Displayed/All-Packets save not only the displayed packets but
also any other packets needed (e.g., for reassembly) to fully dissect the
displayed packets.
This works only for the "All packets" case; choosing only the Selected packet,
the Marked packets, or a range of packets would require actually storing which
packets depend on which (too much memory) or going through the packet list many
times (too slow). Also, this behavior is always the case: you can't save the
displayed packets without their dependencies (I don't see why this would be
desirable).
So far this is done for SCTP and things using the reassembly routines (TCP has
been tested).
The Win32 dialog was modified but hasn't been tested yet.
One confusing aspect of the UI is that the Displayed count in the Save-As
dialog does not match the number of displayed packets. (I tried renaming the
button "Displayed + Dependencies" but it looked too big.) The tooltip tries
to explain this and the fact that this works only in the All-Packets case;
suggestions for improvement are welcome.
Implementation details:
Dissectors (or the reassembly code) can list frames which were needed to
build the current frame's tree. If the current frame passes the display
filter then each listed frame is marked as "depended upon" (this takes up the
last free frame_data flag).
When performing a Save-As/Displayed/All-Packets then choose packets which
passed the dfilter _or_ are depended upon.
svn path=/trunk/; revision=41216
This works between C and Lua.
In C the pinfo.private_table pointer must be initialized using
g_hash_table_new (g_str_hash, g_str_equal);
In Lua the values are available using pinfo.private.<key>, and the
table is created automatically on first usage. It's possible to use
this datatypes: nil, boolean, number and string, but every value
is converted to string so numbers must be converted using tonumber()
on usage. Boolean is either nil or an empty string.
svn path=/trunk/; revision=39461
keys to have _uint in their names, to match the routines that handle
dissector tables with string keys. (Using _port can confuse people into
thinking they're intended solely for use with TCP/UDP/etc. ports when,
in fact, they work better for things such as Ethernet types, where the
binding of particular values to particular protocols are a lot
stronger.)
svn path=/trunk/; revision=35224
* Disable the TRY_TO_FAKE_THIS_ITEM optimization
* Use GString to store the protocols
We should only do this if the 'hf_frame_protocols' is referenced (unlikely)
svn path=/trunk/; revision=29733
The attached patch file adds dissectors for the ZigBee protocol stack,
which runs atop the IEEE 802.15.4 dissector. Also included is the
dissector for the ZigBee Encapsulation Protocol (packet-zep.c), used by
the Exegin Q51 protocol analyzer.
From me:
Fix a bunch of gcc (the compiler, not me) warnings.
svn path=/trunk/; revision=28429
wiretap. Modify various other locations to accommodate the fact that
PacketLogger files do not specify the direction of packets.
svn path=/trunk/; revision=27463
Attached is a patch for:
- PW Associated Channel Header dissection as per RFC 4385
- PW MPLS Control Word dissection as per RFC 4385
- mpls subdissector table indexed by label value
- enhanced "what's past last mpls label?" heuristic
- Ethernet PW (w/o CW) support as per RFC 4448
svn path=/trunk/; revision=25730
Hadriel Kaplan