Register all reassembly tables with a central unit, allowing the
central unit to have the callback that initializes and destroys
the reassembly tables, rather than have dissectors do it individually.
Change-Id: Ic92619c06fb5ba6f1c3012f613cae14982e101d4
Reviewed-on: https://code.wireshark.org/review/19834
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
That's the amount of data left in the packet; perhaps not all of it was
*captured*, and using tvb_reported_length_remaining() will throw an
exception, but that's what *should* happen ("packet cut short"
notification and all).
Use tvb_new_subset_remaining() to get a tvbuff with everything after a
certain point in the packet.
Change-Id: I2512e58e23600f7e7bbce0126732b05997692a65
Reviewed-on: https://code.wireshark.org/review/19596
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Several calls to proto_tree_add_uint_format_value could be better served
using BASE_UNIT_STRING with a "unit string" in hf_ field. There also
a few cases where proto_tree_add_uint_format_value could just be
proto_tree_add_uint.
Added a few more "common" unit string values to unit_strings.[ch]
Change-Id: Iaedff82c515269c9c31ab9100dff19f5563c932d
Reviewed-on: https://code.wireshark.org/review/19242
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This saves many dissectors the need to find the data dissector and store a handle to it.
There were also some that were finding it, but not using it.
For others this was the only reason for their handoff function, so it could be eliminated.
Change-Id: I5d3f951ee1daa3d30c060d21bd12bbc881a8027b
Reviewed-on: https://code.wireshark.org/review/14530
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Started by grepping call_dissector_with_data, call_dissector_only and call_dissector and traced the handles passed into them to a find_dissector within the dissector. Then replaced find_dissector with find_dissector_add_dependency and added the protocol id from the dissector.
"data" dissector was not considered to be a dependency.
Change-Id: I15d0d77301306587ef8e7af5876e74231816890d
Reviewed-on: https://code.wireshark.org/review/14509
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
At least in the sample captures attached to bug 2631, the encapsulated
Ethernet frames don't include the FCS.
Bug: 9933
Change-Id: Ie14b87020c44d739173e5da9fc58a91924f38dfe
Reviewed-on: https://code.wireshark.org/review/13377
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: Ie39ef054a4a942687bd079f3a4d8c2cc55d5f22c
Reviewed-on: https://code.wireshark.org/review/12485
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Some of the ASN.1 dissectors still generate a new_create_dissector_handle from the tool itself, so leave those for now.
Change-Id: Ic6e5803b1444d7ac24070949f5fd557909a5641f
Reviewed-on: https://code.wireshark.org/review/12484
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I8bc9af431e70243b05f4f0ce8c2b8ee451383788
Reviewed-on: https://code.wireshark.org/review/11463
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Replace CMP_ADDRESS, COPY_ADDRESS, et al with their lower-case
equivalents in the asn1 and epan directories.
Change-Id: I4043b0931d4353d60cffbd829e30269eb8d08cf4
Reviewed-on: https://code.wireshark.org/review/11200
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This patch adds reassembly_table_destroy calls as cleanup function for
dissectors which have a simple init routine that just calls
reassembly_table_init (comments are ignored).
The changes were automatically generated using
https://git.lekensteyn.nl/peter/wireshark-notes/diff/one-off/cleanup-rewrite.py?id=4cc0aec05dc67a51926a045e1955b7a956757b5e
(with the if and assignment parsers disabled).
The only difference from the autogenerated output is that the XXX
comments from the init routines in smb-pipe and tds dissectors are kept.
Change-Id: I64aedf7189877247282b30b0e0f83757be6199e7
Reviewed-on: https://code.wireshark.org/review/9222
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I0c9cc5d574fdd73ecf1f8b32dbbf0ddb2b885116
Reviewed-on: https://code.wireshark.org/review/7437
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
These calls were all getting ether addresses which can be gotten by other means.
Change-Id: I9a3d564483c9ee9b8e5183bb9086da8a315c41fc
Reviewed-on: https://code.wireshark.org/review/7421
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Convert dissectors to using the API where appropriate.
Change-Id: I059582f73a75635d4a0338d02d4c4b212162480b
Reviewed-on: https://code.wireshark.org/review/7296
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I7c8cfbcf201b3b73afe731302572646ce7833d64
Reviewed-on: https://code.wireshark.org/review/7284
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I3c33511389aa2f4b3eed73f1c712561b20e18bf7
Reviewed-on: https://code.wireshark.org/review/6395
Reviewed-by: Michael Mann <mmann78@netscape.net>
Not all changes were able to remove their corresponding tvb_get_ptr, because there are other API dependent on the (tvb_get)pointer, but future iterations optimizing those other APIs will then be able to remove it.
Change-Id: Id7cefd440b81834de1d1aace7cd0789b1c871a22
Reviewed-on: https://code.wireshark.org/review/6358
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I8cce9fddbfe950e27e96ea8a5a6d2e0921ff4260
Reviewed-on: https://code.wireshark.org/review/5933
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Specifically:
- Set packet.h to be the first wireshark #include after
config.h and "system" #includes.
packet.h added as an #include in some cases when missing.
- Remove some #includes included (directly/indirectly) in
packet.h. E.g., glib.h.
(Done only for those files including packet.h).
- As needed, move "system" #includes to be after config.h and
before wireshark #includes.
- Rework various #include file specifications for consistency.
- Misc.
Change-Id: Ifaa1a14b50b69fbad38ea4838a49dfe595c54c95
Reviewed-on: https://code.wireshark.org/review/5923
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Bill Meier <wmeier@newsguy.com>
(for some dissectors which fetch all other integral fields using
ENC_BIG_ENDIAN).
Change-Id: Ic18e3172aad76af12b12d6732c88497be22aed56
Reviewed-on: https://code.wireshark.org/review/5748
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Part 1 of many
Change-Id: I77a5789ac23388e6a5f8098dc398592f39638124
Reviewed-on: https://code.wireshark.org/review/5532
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
use tabs for indent and use fix-encoding-args tools
Change-Id: I5e066c6cbc429021cf21a55d5ffd5b60718ad5f8
Reviewed-on: https://code.wireshark.org/review/5340
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Evan Huus <eapache@gmail.com>
Change-Id: I6cfabc18921397002a2303f3511fa51bf5b41956
Reviewed-on: https://code.wireshark.org/review/5341
Reviewed-by: Michael Mann <mmann78@netscape.net>
The packet format for batman-adv v15 supports:
* Complete reordered packet type ids
* reordered flags
* type-version-length-value data containers
* new types for coding packets and unicast transfer of TVLVs
* dropped packet types for vis, translation table query and roaming
* reordered packet formats
* transparent fragmentation of batadv packets
Change-Id: I9e6733f9dd6b54eeecda19cf570599161d28b46e
Signed-off-by: Sven Eckelmann <sven@open-mesh.com>
Signed-off-by: Simon Wunderlich <simon@open-mesh.com>
Reviewed-on: https://code.wireshark.org/review/5175
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The already frozen packet format of batman-adv for Linux 3.5 was rejected by
David S. Miller. The 4addr format v14 was therefore changed after the freeze
and published in his final form in Linux 3.8.
Change-Id: I519476c4c6d62b403e197fae6a853d9bbe61f9bc
Signed-off-by: Sven Eckelmann <sven@open-mesh.com>
Signed-off-by: Simon Wunderlich <simon@open-mesh.com>
Reviewed-on: https://code.wireshark.org/review/5174
Reviewed-by: Michael Mann <mmann78@netscape.net>
For:
- FT_BYTES: Always use just ENC_NA
- integral/floating (other than FT_[U]INT8): Do ENC_NA --> ENC_BIG_ENDIAN
Also:
- FT_UINT... --> FT_UINT8 in a few cases (to match proto_tree_add_item...)
- Change one case of incorrect '||' to '|'
Change-Id: I427e0e61618ff8faf55691c8a695930f67d455b0
Reviewed-on: https://code.wireshark.org/review/4184
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Change-Id: I398e9cf4f6882e76644aa758e12c39a39159e95f
Reviewed-on: https://code.wireshark.org/review/3319
Petri-Dish: Michael Mann <mmann78@netscape.net>
Petri-Dish: Evan Huus <eapache@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ib60ca75b7da8cfa21cfe2999c9b9448a02c332df
Reviewed-on: https://code.wireshark.org/review/2560
Tested-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
tvb_new_subset -> tvb_new_subset_remaining it appears that's what the intention is.
Change-Id: I2334bbf3f10475b3c22391392fc8b6864454de2d
Reviewed-on: https://code.wireshark.org/review/1999
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
All caught by cppcheck. The two (semi)-interesting bugs are:
- in asn1/atn-cpdlc/packet-atn-cpdlc-template.c where the break statement should
have been inside the brace, causing potential control-flow weirdness with
exceptions
- in epan/dissectors/packet-ieee80211.c where the bounds check for tag_len did
not match the expert info given
Change-Id: Ie173fb8d917aabb9b4571435d671d6f16e1c7569
Reviewed-on: https://code.wireshark.org/review/1793
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
be done on flows from one address to another; reassembly for protocols
running atop TCP should be done on flows from one TCP endpoint to
another.
We do this by:
adding "reassembly table" as a data structure;
associating hash tables for both in-progress reassemblies and
completed reassemblies with that data structure (currently, not
all reassemblies use the latter; they might keep completed
reassemblies in the first table);
having functions to create and destroy keys in that table;
offering standard routines for doing address-based and
address-and-port-based flow processing, so that dissectors not
needing their own specialized flow processing can just use them.
This fixes some mis-reassemblies of NIS YPSERV YPALL responses (where
the second YPALL response is processed as if it were a continuation of
a previous response between different endpoints, even though said
response is already reassembled), and also allows the DCE RPC-specific
stuff to be moved out of epan/reassembly.c into the DCE RPC dissector.
svn path=/trunk/; revision=48491
The reassembled fragments tree in the Packet Details view is awesome, but it
lacks one thing: a field that exposes the reassembled data.
tcp.data already exists for exposing a single TCP segment's payload as a byte
array. It would be handy to have something similar for a single application
layer PDU when TCP segment reassembly is involved. I propose
tcp.reassembled.data, named and placed after the already existing field
tcp.reassembled.length.
My primary use case for this feature is outputting tcp.reassembled.data with
tshark for further processing with a script.
The attached patch implements this very feature. Because the reassembled
fragment tree code is general purpose, i.e. not specific to just TCP, any
dissector that relies upon it can add a similar field very cheaply. In that
vein I've also implemented ip.reassembled.data and ipv6.reassembled.data, which
expose reassembled fragment data as a single byte stream for IPv4 and IPv6,
respectively. All other protocols that use the reassembly code have been left
alone, other than inserting NULL into their initializer lists for the newly
introduced struct field reassemble.h:fragment_items.hf_reassembled_data.
svn path=/trunk/; revision=44802
Add support for 4addr unicast packets
Add support for 4addr unicast packets packets that will be supported in
linux 3.5.
svn path=/trunk/; revision=41826