Commit Graph

197 Commits

Author SHA1 Message Date
Jeff Morriss 89cfdc3559 Fix https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3315 -
make Save-As/Displayed/All-Packets save not only the displayed packets but
also any other packets needed (e.g., for reassembly) to fully dissect the
displayed packets.

This works only for the "All packets" case; choosing only the Selected packet,
the Marked packets, or a range of packets would require actually storing which
packets depend on which (too much memory) or going through the packet list many
times (too slow).  Also, this behavior is always the case: you can't save the
displayed packets without their dependencies (I don't see why this would be
desirable).

So far this is done for SCTP and things using the reassembly routines (TCP has
been tested).

The Win32 dialog was modified but hasn't been tested yet.

One confusing aspect of the UI is that the Displayed count in the Save-As
dialog does not match the number of displayed packets.  (I tried renaming the
button "Displayed + Dependencies" but it looked too big.)  The tooltip tries
to explain this and the fact that this works only in the All-Packets case;
suggestions for improvement are welcome.


Implementation details:

Dissectors (or the reassembly code) can list frames which were needed to
build the current frame's tree.  If the current frame passes the display
filter then each listed frame is marked as "depended upon" (this takes up the
last free frame_data flag).

When performing a Save-As/Displayed/All-Packets then choose packets which
passed the dfilter _or_ are depended upon.

svn path=/trunk/; revision=41216
2012-02-28 03:19:49 +00:00
Bill Meier b83e1b218f Add 'heur_dissector_set_enabled()' to allow a dissector to enable/disable heuristic dissection;
Rename some vars;
Do some minor re-indentation and whitespace changes.

svn path=/trunk/; revision=40601
2012-01-20 02:43:37 +00:00
Bill Meier ebe33ba92a Add tshark option '-G heuristic-decodes' to dump heuristic dissector tables.
svn path=/trunk/; revision=40309
2011-12-28 15:05:59 +00:00
Anders Broman 8259fbb105 Preparation to make it possible to dissable heuristic protocols
trough the proto dialouge.

svn path=/trunk/; revision=40215
2011-12-15 20:39:01 +00:00
Guy Harris c1f993eef5 Clamp the reported length of a packet at G_MAXINT for now, to avoid
crashes due to having no tvbuffs for an epan_dissect_t.

Fixes bug 6663 and its soon-to-be-duplicates.

svn path=/trunk/; revision=40164
2011-12-13 00:44:22 +00:00
Chris Maynard 647c5c0b27 packet_info's in_error_pkt is now a bitfield like in_gre_pkt.
svn path=/trunk/; revision=39764
2011-11-08 18:39:11 +00:00
Jeff Morriss ab7ec88be5 Delay freeing of seasonal memory until after the conversation cleanup routine
has been called.

In the conversation cleanup routine, free the GSlist for any proto_data which
may have been hanging off the (se_allocated) conversation.

svn path=/trunk/; revision=39484
2011-10-20 02:29:13 +00:00
Stig Bjørlykke ad6be9beb8 Whitespace cleanup.
svn path=/trunk/; revision=38893
2011-09-06 09:09:36 +00:00
Anders Broman 377bfd19a0 List heuristic tables in Internals->Disscetor tables menu.
svn path=/trunk/; revision=38881
2011-09-05 13:04:23 +00:00
Gerald Combs 713a85de8a Make sure our root tvb is initialized in case its creation fails.
Untested fix for bug 6135.

svn path=/trunk/; revision=38410
2011-08-08 17:25:35 +00:00
Gerald Combs 49b92440de More GLIB_CHECK_VERSION cleanups. Update the minimum GLib/GTK+ versions
in README.devloper. Remove g_gnuc.h since it's no longer needed. Remove
tvbuff_init(), tvbuff_cleanup(), reassemble_init(), and
reassemble_cleanup() since they were only used for older GLib versions
which didn't support GSlices. Assume we always support the "matches"
operator.

svn path=/trunk/; revision=37978
2011-07-11 20:32:19 +00:00
Guy Harris 32726b84d2 If a dissector table doesn't exist, print a more useful message, and
only abort if WIRESHARK_ABORT_ON_DISSECTOR_BUG is set.

svn path=/trunk/; revision=37510
2011-06-01 18:02:16 +00:00
Guy Harris 1372515b02 More eradication of old-style function definitions.
svn path=/trunk/; revision=37216
2011-05-17 22:18:32 +00:00
Bill Meier ffeff72f02 Fix a typo in a text string; use consistent indentation.
svn path=/trunk/; revision=36735
2011-04-20 16:35:42 +00:00
Stig Bjørlykke a6476ba91b Added dissector_handle_get_long_name().
svn path=/trunk/; revision=36412
2011-03-31 12:14:59 +00:00
Guy Harris a8bc4a0d13 Rename the routines that handle dissector tables with unsigned integer
keys to have _uint in their names, to match the routines that handle
dissector tables with string keys.  (Using _port can confuse people into
thinking they're intended solely for use with TCP/UDP/etc. ports when,
in fact, they work better for things such as Ethernet types, where the
binding of particular values to particular protocols are a lot
stronger.)

svn path=/trunk/; revision=35224
2010-12-20 05:35:29 +00:00
Jeff Morriss e17b9ccec1 Rev 29427 added packet_add_new_data_source() with a comment indicating that
the data source does not need to be allocated if (!tree).

Rev 30158 took the if (!tree) check out indicating that the check was invalid.

So: (since packet_add_new_data_source() now only calls add_new_data_source()),
remove packet_add_new_data_source().

svn path=/trunk/; revision=34717
2010-10-30 16:00:30 +00:00
Sake Blok 0618e53168 Enable "Decode As..." for ethertype 0x0000 (fix for bug 4721)
svn path=/trunk/; revision=32723
2010-05-08 07:55:12 +00:00
Bill Meier 6812b68eb1 From Yaniv Kaul: constify parameters
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4422

 From me: Fix a number of instances where the function prototype or
  the function definition wasn't changed so there was a mismatch 
  thus causing Windows (but not gcc) compilation errors.

svn path=/trunk/; revision=32365
2010-04-03 18:18:50 +00:00
Bill Meier d32b4c0758 Revert SVN #32360 until Windows compilation errors corrected.
svn path=/trunk/; revision=32361
2010-04-02 15:18:03 +00:00
Bill Meier 049f9eac85 From Yaniv Kaul: constify parameters
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4422

svn path=/trunk/; revision=32360
2010-04-02 14:37:49 +00:00
Guy Harris b395a98305 Squelch a bunch of compiler warnings.
svn path=/trunk/; revision=31961
2010-02-23 04:35:23 +00:00
Anders Broman cd0147c004 Make sure we have a handle for the dissector.
svn path=/trunk/; revision=30824
2009-11-04 17:13:01 +00:00
Bill Meier adc374c903 Fix some indentation.
svn path=/trunk/; revision=30527
2009-10-12 01:31:01 +00:00
Kovarththanan Rajaratnam 1b668036d1 Move dissector add sanity check to separate function
svn path=/trunk/; revision=30346
2009-10-05 18:52:46 +00:00
Guy Harris 3a92e1e456 The data sources can be used even if the protocol tree isn't being built
or isn't visible.

Clean up some indentation.

svn path=/trunk/; revision=30158
2009-09-25 21:29:36 +00:00
Kovarththanan Rajaratnam 0e5cef61be Split a bunch of init routines into init() and cleanup(). This allows us to free memory properly on shutdown.
This is an initial step. There's still some work to do.

svn path=/trunk/; revision=29754
2009-09-06 18:25:23 +00:00
Kovarththanan Rajaratnam b3b9be09c7 We track all protocols that appear in each packet in the frame dissector. This is an expensive operation because we:
* Disable the TRY_TO_FAKE_THIS_ITEM optimization
* Use GString to store the protocols

We should only do this if the 'hf_frame_protocols' is referenced (unlikely)

svn path=/trunk/; revision=29733
2009-09-06 07:55:17 +00:00
Kovarththanan Rajaratnam 7d44262406 This patch introduces packet_add_new_data_source() which effectively deprecates add_new_data_source(). This is based on the following observation:
1) The tvb + name (aka. data_source) is only used when the protocol tree is visible

The current implementation of add_new_data_source() doesn't take this into account and simply allocates a data_source regardless. This is what packet_add_new_data_source() tries to rectify.

A couple of dissectors have already been switched over to the new packet_add_new_data_source(). Many are still missing. Help appreciated!

svn path=/trunk/; revision=29427
2009-08-15 06:38:10 +00:00
Bill Meier aed6451fff Remove 1 commented-out #include inadvertantly committed.
svn path=/trunk/; revision=29276
2009-08-03 18:06:36 +00:00
Bill Meier d8297e8312 Add some debug code (commented out) to check for duplicate dissector port registrations,
svn path=/trunk/; revision=29275
2009-08-03 17:25:17 +00:00
Gerald Combs 753e9f65e5 Zero out the packet_info struct for each packet instead of trying to
initialize everything by hand. Fixes a Valgrind warning.

svn path=/trunk/; revision=29122
2009-07-16 20:52:36 +00:00
Stig Bjørlykke 27572c22f4 From Kovarththanan Rajaratnam via bug 3702:
This patch optimizes the data source name processing in add_new_data_source()
by delaying it. We now simply store the constant string and lazily compute the
name when needed. This gives a performance boost because we only need the name
if we have multiple data sources.

svn path=/trunk/; revision=29066
2009-07-12 10:19:13 +00:00
Anders Broman c2509b0b3f Handle Detach and Service request, make it possible to set direction on link(UL/DL).
svn path=/trunk/; revision=28648
2009-06-06 17:03:34 +00:00
Anders Broman 3ab0c21cbc Introduce call dissector_try_port_new() to be used when no protocol entry is to be made in the protocols list. Used by asn2wrs dissectors to avoid multiple entrys as calls are made
multiple times for the same PDU.

svn path=/trunk/; revision=28106
2009-04-21 16:53:00 +00:00
Gerald Combs 844af38e54 size_t fixes.
svn path=/trunk/; revision=27990
2009-04-08 05:25:14 +00:00
Luis Ontanon 230d917776 Add a debug helper for EP memory corruption
if compiled in and the env var WIRESHARK_DEBUG_EP_CANARY is set:
will check for canary integrity at every call to EP_CHECK_CANARY()
if corruption is found it exits pronting the prior location and the location in which corruption was found.
Hopefully it stops running while the corruptor is still in the stack.

see EP_CHECK_CANARY() calls in packet.c as an example.




svn path=/trunk/; revision=25927
2008-08-05 02:23:35 +00:00
Jaap Keuter e86825b8f8 From Francesco Fondelli:
Attached is a patch for:
- PW Associated Channel Header dissection as per RFC 4385
- PW MPLS Control Word dissection as per RFC 4385
- mpls subdissector table indexed by label value
- enhanced "what's past last mpls label?" heuristic
- Ethernet PW (w/o CW) support as per RFC 4448

svn path=/trunk/; revision=25730
2008-07-13 17:19:33 +00:00
Jeff Morriss 35ff3c851b A slightly more complicated have_postdissector() (missed in my previous checkin--thanks Bill) which also checks if the postdissectors are enabled.
svn path=/trunk/; revision=25347
2008-05-21 20:20:37 +00:00
Bill Meier 59d2c9eb92 boolean -> gboolean
svn path=/trunk/; revision=25344
2008-05-21 16:56:50 +00:00
Bill Meier ad761ed3fd Add missing have_postdissector(); (Hopefully what was intended).
svn path=/trunk/; revision=25342
2008-05-21 16:40:15 +00:00
Stig Bjørlykke f60062dccc Call post dissectors with call_dissector_only() to avoid an extra Data entry
if post dissectors are disabled, as pointed out by LEGO.

svn path=/trunk/; revision=24109
2008-01-15 23:31:37 +00:00
Jaap Keuter 74cf6511fb Cleanup call_dissector / call_dissector_only
svn path=/trunk/; revision=23871
2007-12-15 13:20:17 +00:00
Anders Broman b421cc6a2c Apply yet another set of the optimization patches:
move the case where pinfo->in_error_pkt is true in its own function:
- it's not the common case.
- it needs a TRY block. ==> slow volatile and big stack footprint.
- call_dissector_work is called a lot and recursively.

svn path=/trunk/; revision=23413
2007-11-09 06:07:30 +00:00
Anders Broman f209667d93 From Andrew Feren:
return FALSE if dissector_try_string(...) is passed a NULL string pointer
arguably this should assert instead.

svn path=/trunk/; revision=23287
2007-10-27 15:02:07 +00:00
Ulf Lamping a8b2f589e9 be a bit more verbose, if the name given to register_dissector_table() is not unique (e.g. because of a buggy/duplicated plugin)
svn path=/trunk/; revision=23042
2007-10-02 05:07:13 +00:00
Mike Duigou f6b771c467 call_dissector() provides generic 'data' handler for unrecognized data types. call_dissector_only() fails gracefully for unrecognized types. The handler for generic 'data' should avoid the variant that potentially could result in recursively calling itself.
svn path=/trunk/; revision=22907
2007-09-19 16:34:06 +00:00
Ulf Lamping a11feafee6 don't use NULL to initialise an integer
svn path=/trunk/; revision=22474
2007-08-08 23:36:48 +00:00
Ulf Lamping 5c86e7fd4c add pinfo fields clnp_srcref and clnp_dstref to the clnp dissector, similar to the srcport / destport already existing. As simply using srcport / destport for this will confuse mixed protocol usage (like RFC1006 ISOonTCP), I've added explicit clnp fields.
This way, protocols on top of COTP / CLNP have at least a chance to do reassembling correct.

svn path=/trunk/; revision=22473
2007-08-08 22:53:14 +00:00
Luis Ontanon 7475efa0f6 from: Mike Duigou
Adds a heur_dissector_delete() function to allow heuristic dissectors to be
dynamically disabled based upon, for example, preference settings.

http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1697


svn path=/trunk/; revision=22463
2007-08-07 21:26:07 +00:00