Optimize code and open possibility for enriching IPv6 tap data.
Change-Id: I5a204d7464cde32123d5bfe664cc9b6bcf08dbe1
Reviewed-on: https://code.wireshark.org/review/23340
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
It's a little more efficient to use proto_tree_add_item, than
proto_tree_add_xxx, passing it the returned tvb_get_xxx value.
Change-Id: I22ddd7ab36e1ee5aae78fc693d7dbac4b4f802f2
Reviewed-on: https://code.wireshark.org/review/21691
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Register all reassembly tables with a central unit, allowing the
central unit to have the callback that initializes and destroys
the reassembly tables, rather than have dissectors do it individually.
Change-Id: Ic92619c06fb5ba6f1c3012f613cae14982e101d4
Reviewed-on: https://code.wireshark.org/review/19834
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
6LoWPAN is not only used over IEEE 802.15.4, so adjust the full name.
Change-Id: I56305baa74c0cc9337dfd5e813965035fd7dcec6
Reviewed-on: https://code.wireshark.org/review/18677
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
This is an attempt to standardize display/handling of checksum fields for all dissectors.
The main target is for dissectors that do validation, but dissectors that just report the
checksum were also included just to make them easier to find in the future.
Bug: 10620
Bug: 12058
Ping-Bug: 8859
Change-Id: Ia8abd86e42eaf8ed50de6b173409e914b17993bf
Reviewed-on: https://code.wireshark.org/review/16380
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The field macros are a particularly obnoxious form of namespace pollution.
Change-Id: I9010a767625fd1c4b4a48c9d75481c577915fce6
Reviewed-on: https://code.wireshark.org/review/16520
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Change-Id: I6a8ea98cf0f4a2172e73fc4dcad67f2dbf8d5be3
Reviewed-on: https://code.wireshark.org/review/15471
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Length calculations updating "remaining datagram size" for fragmented
6LoWPAN packets with NHC headers were incorrect if there was any elided
option padding.
The current header's unpadded length was subtracted from dgram_size,
when it should have been the padded length - the datagram size is
uncompressed IPv6.
This meant the final nhdr_list entry created to represent the remaining
payload would have its "reported" field too large. Most visible result
of this was that the IPv6 payload length written into the packet by
lowpan_reassemble_ipv6() was too large.
Error probably went unnoticed because the most typical 6LoWPAN options
don't need padding - the RPL option is 6 bytes, and the MPL option is 6
bytes if using 16-bit seeds, making the HbH extension header an aligned
8 bytes.
Bug: 12310
Change-Id: If94e9ca57f88c4ac41f002a689ce1da7097b5bd0
Reviewed-on: https://code.wireshark.org/review/14701
Reviewed-by: Michael Mann <mmann78@netscape.net>
This saves many dissectors the need to find the data dissector and store a handle to it.
There were also some that were finding it, but not using it.
For others this was the only reason for their handoff function, so it could be eliminated.
Change-Id: I5d3f951ee1daa3d30c060d21bd12bbc881a8027b
Reviewed-on: https://code.wireshark.org/review/14530
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Started by grepping call_dissector_with_data, call_dissector_only and call_dissector and traced the handles passed into them to a find_dissector within the dissector. Then replaced find_dissector with find_dissector_add_dependency and added the protocol id from the dissector.
"data" dissector was not considered to be a dependency.
Change-Id: I15d0d77301306587ef8e7af5876e74231816890d
Reviewed-on: https://code.wireshark.org/review/14509
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
It's not tied to the frame_data structure any more, so it belongs by
itself.
Clean up some #includes while we're at it; in particular, frame_data.h
doesn't use anything related to tvbuffs, so don't have it gratuitiously
include tvbuff.h.
Change-Id: Ic32922d4a3840bac47007c5d4c546b8842245e0c
Reviewed-on: https://code.wireshark.org/review/13518
Reviewed-by: Guy Harris <guy@alum.mit.edu>
6LoWPAN IPHC dissection displayed ECN and DSCP as if they were an
IPv6-layout bitfield. Remove this extra abstraction layer, and output
them more simply as individual bit items, with a generated field
to indicate the IPv6 equivalent.
Change-Id: Iff1473ce181fb40ae07a773689a5fee7bd9e98c7
Reviewed-on: https://code.wireshark.org/review/13185
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Traffic class values from IPHC headers were shown correctly in the IPHC
dissection, but not correctly inserted into the expanded IPv6 packet.
Problem was only visible on little-endian systems - the previous
code did work if big-endian.
Error was not present in HC1 decompression, but both IPHC and HC1
IPv6 construction code clarified by avoiding writing overlapping union
members.
Bug: 11971
Change-Id: I3515f18c892f1fc28ef7f8a0830a79d134e81f48
Reviewed-on: https://code.wireshark.org/review/13109
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Change-Id: I8512cfa1d424f82a873a0e0e1d22c7b075fdd7f3
Reviewed-on: https://code.wireshark.org/review/13069
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ie39ef054a4a942687bd079f3a4d8c2cc55d5f22c
Reviewed-on: https://code.wireshark.org/review/12485
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I3e72fddc6ed380780d7e2e1c8df87e580138188d
Reviewed-on: https://code.wireshark.org/review/11271
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Replace CMP_ADDRESS, COPY_ADDRESS, et al with their lower-case
equivalents in the asn1 and epan directories.
Change-Id: I4043b0931d4353d60cffbd829e30269eb8d08cf4
Reviewed-on: https://code.wireshark.org/review/11200
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
tvb_get_ipv6() takes a struct e_in6_addr *, use that here too.
Change-Id: Id8b368daa05c151a61d4bc01dc88c00da13e9c88
Reviewed-on: https://code.wireshark.org/review/10953
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Balint Reczey <balint@balintreczey.hu>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
For the conversion of a 16-bit short address in 6lowpan to an IID, there
are several RFCs that produce different results. RFC 4944 section 6
specifies that the conversion uses the given PAN ID and the 16-bit short
address. RFC 6282, on the other hand, specifies thta the conversion only
uses the 16-bit short address and no longer uses the PAN ID.
The current version of the 6lowpan dissector supports only the newer RFC
6282, but there are protocols out there that assume that the address
conversion still abides to RFC 4944.
In order to support these protocols and following the discussion from
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8970
this patch introduces a boolean preference in the 6lowpan dissector that
indicates whether or not the older RFC 4944 should be used for address
conversion. By default, it is set to FALSE, thus leaving the behavior of
the dissector unchanged.
Besides the boolean preference, another helper function
lowpan_addr16_with_panid_to_ifcid has been written that implements the
expected behavior from RFC 4944 using the same hint mechanism already in
place in the dissector for the support of RFC 6282.
Change-Id: I8d202c69a225d7b1212080a174e0111e5203553c
Reviewed-on: https://code.wireshark.org/review/10902
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The 6lowpan standard specifies a reserved octet in the extended header
of an IP_PROTO_FRAGMENT packet in the same place used for the header
length for other extension headers.
The current version of the 6lowpan dissector displays the reserved octet
and the rest of the header (6 more bytes) together as data, as opposed to
displaying the reserved octet by itself and then the data (using the
data dissector).
This patch does not change the functionality of the dissector in any
way, only how the 7 bytes are displayed. Instead of displaying the
header information and then 7 bytes of data, it displays the reserved
octet and then the data. This is also consistent with the way the ipv6
dissector displays it (showing the reserved octet and its value).
For this purpose, there is a new hf (hf_6lowpan_nhc_ext_reserved) and
the corresponding proto_tree calls. Also, depending on the type of
extension header, the octets sent to the general data dissector are
shifted by one.
Change-Id: I4c7fb58a3364307e79517b979808f3e34a2e0b94
Reviewed-on: https://code.wireshark.org/review/10908
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
IPv6 Extension Headers compressed using IPHC should have a single Pad1
or PadN inserted at the end if necessary - the previous code just left
any padding zero-initialised (equivalent to multiple Pad1s).
This guarantees correctly-compressed packets are accurately
decompressed, including the specific option padding pattern. (The type of
padding could matter, eg for IPSec authentication - padding options are
authenticated.)
Print a warning note if a non-option header needs padding - this is
invalid.
Bug: 10523
Change-Id: I66c98370862800a8fccbe02ed6a851961e2f7d1d
Reviewed-on: https://code.wireshark.org/review/10230
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
RFC 6282 specifies special handling of the "Length" field in compressed
IPv6 extension headers. However, the Fragment Header does not have a
Length field, so this special handling does not apply - the second octet
should be treated as opaque data, and the header length is always 8
octets.
Bug: 11368
Change-Id: I28fcd66d96f58a5959bb669caf4244afaca9e67e
Reviewed-on: https://code.wireshark.org/review/10231
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
The preferences are still supported for backwards compatibility, but the heuristic_protos file has final say on the "preference" to enable/disable a heuristic dissector.
Also add parameter to heur_dissector_add() for the "default" enable/disable of a heuristic dissector. With this parameter, a few more (presumably weak) heuristic dissectors have been "registered" but of course default to being disabled.
Change-Id: I51bebb2146ef3fbb8418d4f5c7f2cb2b58003a22
Reviewed-on: https://code.wireshark.org/review/9610
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This allows better presentation of heuristic dissectors to the end user.
Change-Id: I2ff3985ab914e83c2989880cc0c7b9904045b3f6
Reviewed-on: https://code.wireshark.org/review/9602
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This patch is partially automatically generated, but are modified
manually. In particular, assignments and function calls have been
audited.
Some debugging comments and ifdef'd prints have been removed. The
lookup tables of the dcm and sip dissectors are now cleared. It is only
called on reopening files anyway.
The isakmp dissector is modified to use g_hash_table_new_full for
destruction of its keys and values.
Fix a memleak in ipsec dissector when libgcrypt is not enabled.
Generated using
https://git.lekensteyn.nl/peter/wireshark-notes/diff/one-off/cleanup-rewrite.py?id=3c6128ee266024d164650955f93c7740484abd68
(with AUDIT = True).
Change-Id: I3fd910bdee663842ac0196334fe0189b67e251b0
Reviewed-on: https://code.wireshark.org/review/9225
Reviewed-by: Michael Mann <mmann78@netscape.net>
6LoWPAN is used by GATT level profile called IPSP.
Change-Id: Iff2e1a8d531072d9bba03e7d84b56db59110cb35
Reviewed-on: https://code.wireshark.org/review/8045
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
(Bugs were introduced in gf5e2b42);
Misc:
Localize a few variables;
Remove some dead initializers.
Change-Id: Ib7493740ecf29ed9f753475f721b47a64f54a278
Reviewed-on: https://code.wireshark.org/review/6687
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Specifically:
- Set packet.h to be the first wireshark #include after
config.h and "system" #includes.
packet.h added as an #include in some cases when missing.
- Remove some #includes included (directly/indirectly) in
packet.h. E.g., glib.h.
(Done only for those files including packet.h).
- As needed, move "system" #includes to be after config.h and
before wireshark #includes.
- Rework various #include file specifications for consistency.
- Misc.
Change-Id: Ifaa1a14b50b69fbad38ea4838a49dfe595c54c95
Reviewed-on: https://code.wireshark.org/review/5923
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Bill Meier <wmeier@newsguy.com>
(for some dissectors which fetch all other integral fields using
ENC_BIG_ENDIAN).
Change-Id: Ic18e3172aad76af12b12d6732c88497be22aed56
Reviewed-on: https://code.wireshark.org/review/5748
Reviewed-by: Bill Meier <wmeier@newsguy.com>