When the "Display enhanced Info column data" preference is set, ensure that:
1. For non-MSP packets, path information (class/symbol) is displayed in the Info column for Forward Open, Forward Close, regular Message Router Request/Response messages
2. For MSP packets, don't display the class/symbol in the Info column (it's too wordy)
This now relies on an extra boolean passed to dissect_cip_data() to handle #2 above. Previously, this relied on checking a proto_item* for NULL, which is not correct.
Change-Id: I7532660bcb23bd664c1f5532256755922c4937d1
Reviewed-on: https://code.wireshark.org/review/14458
Reviewed-by: Guy Harris <guy@alum.mit.edu>
A dissector must never assume that it will, or won't, be called with a
protocol tree; it's up to the Wireshark/TShark/etc. core to decide
whether to do it, and it can change its behavior over time or even
change it from release to release.
Have dissect_epath() take an argument that explicitly indicates whether
to add the CIP class to the Info column, rather than assuming that you
do so only if the tree pointer passed to it is null.
Bug: 12257
Change-Id: Ide8a6fc21252880f849a8d0aa4659a675bb3ae04
Reviewed-on: https://code.wireshark.org/review/14456
Reviewed-by: Guy Harris <guy@alum.mit.edu>
1. Remove "Object" from CIP class names. It was already removed from some of the objects, the string "Object" is implied for all objects, and it helps reduce wordiness in the Info column.
2. Don't display Class/Symbol name in the Info column when it's inside a MSP.
3. Enable enhanced Info column by default now that some of the additional wordiness was removed by the above points.
4. Put single quotes around the symbol name in the Info column. This makes it more obvious that something is a symbol instead of an actual class name from the spec, and would prevent ambiguity if the symbol name was something like "Identity".
5. Print the CIP service for both requests/responses in CIP Safety processing. This was already added to normal CIP.
6. Display Class/Symbol and service on the Service Packet in the MSP tree. This makes it easier to find without expanding every MSP item.
Change-Id: I7197dd4bf3dad6d7bdba247d3d7ab76cca52c785
Reviewed-on: https://code.wireshark.org/review/14325
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: D. Ulis <daulis0@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Id8156680d67d65d87c156df05e8a66e2531728d2
Reviewed-on: https://code.wireshark.org/review/13709
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
1. ENIP: When there is more than one ENIP command in a given TCP packet, display both in the Info column. Previously, only 1 would be displayed.
2. CIP: Services need a context to be able to interpret properly. Display the Class or Symbol name in the Info column in an object oriented manner for Request Paths, or Connection Paths.
3. CIP: Display the request path/service in a CIP response, instead of just "Success". These changes make it visually easier to identify traffic.
4. CIP: For the Info column, make Multiple Service Packet formatting a little more consistent regarding the divider between embedded packets. Previously, it would display 2 different separator types "," and "|".
5. CIP: Add preference to enable/disable "Display enhanced Info column data"
Change-Id: I7e95bc144588c0925137e01abbc814babb494d19
Reviewed-on: https://code.wireshark.org/review/13632
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It's not tied to the frame_data structure any more, so it belongs by
itself.
Clean up some #includes while we're at it; in particular, frame_data.h
doesn't use anything related to tvbuffs, so don't have it gratuitiously
include tvbuff.h.
Change-Id: Ic32922d4a3840bac47007c5d4c546b8842245e0c
Reviewed-on: https://code.wireshark.org/review/13518
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Get Attributes All is a predefined list of existing attribute IDs for a given class. Add a new index for each attribute for their place in GetAttributesAll response. Then a hash table of classes for existing attributes are created to handle the GetAttributesAll service.
Added more TCP/IP object attributes since more have been added to the spec.
Moved TCP/IP object attributes all to ENIP dissector.
Bug: 11996
Change-Id: I7f50c9aadf04efdb17ef31f39e6a991c0a84bef2
Reviewed-on: https://code.wireshark.org/review/13186
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Assign result of `register_dissector(..., func, proto)` to FOO_handle
and remove `FOO_handle = create_dissector_handle(func, proto)`.
Found by looking for files named packet-FOO.c having the above
create_dissector_handle pattern. Some files (with different dissect
routines for the two functions) remain unchanged.
Change-Id: Ifbed8202c6dbc63a1dae9acc03313980ffbbbb90
Reviewed-on: https://code.wireshark.org/review/13247
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I8512cfa1d424f82a873a0e0e1d22c7b075fdd7f3
Reviewed-on: https://code.wireshark.org/review/13069
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ie39ef054a4a942687bd079f3a4d8c2cc55d5f22c
Reviewed-on: https://code.wireshark.org/review/12485
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Some of the ASN.1 dissectors still generate a new_create_dissector_handle from the tool itself, so leave those for now.
Change-Id: Ic6e5803b1444d7ac24070949f5fd557909a5641f
Reviewed-on: https://code.wireshark.org/review/12484
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Picking off "easy" dissectors that only have one or two exit points at most.
Change-Id: I3d5e576b796556ef070bb36d8b55da0b175dcba8
Reviewed-on: https://code.wireshark.org/review/11805
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The preferences are still supported for backwards compatibility, but the heuristic_protos file has final say on the "preference" to enable/disable a heuristic dissector.
Also add parameter to heur_dissector_add() for the "default" enable/disable of a heuristic dissector. With this parameter, a few more (presumably weak) heuristic dissectors have been "registered" but of course default to being disabled.
Change-Id: I51bebb2146ef3fbb8418d4f5c7f2cb2b58003a22
Reviewed-on: https://code.wireshark.org/review/9610
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This allows better presentation of heuristic dissectors to the end user.
Change-Id: I2ff3985ab914e83c2989880cc0c7b9904045b3f6
Reviewed-on: https://code.wireshark.org/review/9602
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I398e9cf4f6882e76644aa758e12c39a39159e95f
Reviewed-on: https://code.wireshark.org/review/3319
Petri-Dish: Michael Mann <mmann78@netscape.net>
Petri-Dish: Evan Huus <eapache@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I5f573dffabb8685a8e5a334ff2bfb24d9838daa6
Reviewed-on: https://code.wireshark.org/review/2601
Tested-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
I'm not sold on the name or module the proto_data functions live in, but I believe the function arguments are solid and gives us the most flexibility for the future. And search/replace of a function name is easy enough to do.
The big driving force for getting this in sooner rather than later is the saved memory on ethernet packets (and IP packets soon), that used to have file_scope() proto data when all it needed was packet_scope() data (technically packet_info->pool scoped), strictly for Decode As.
All dissectors that use p_add_proto_data() only for Decode As functionality have been converted to using packet_scope(). All other dissectors were converted to using file_scope() which was the original scope for "proto" data.
svn path=/trunk/; revision=53520
Also (for a few files):
- create/use some extended value strings;
- remove unneeded #include files;
- remove unneeded variable initialization;
- re-order fcns slightly so prefs_reg_handoff...() at end, etc
svn path=/trunk/; revision=44438
The attached patches fix the following issues:
1. CIP-Motion shouldn't be a heuristic dissector. CIP-Motion packets are
determined by specific fields in a CIP ForwardOpen. I ran into situations
where CIP-Motion's "vague" heuristics incorrectly dissected packets meant for
CIP-Safety. Of course this requires the ForwardOpen to be in the trace, but it
is the most deterministic way to have CIP-Motion packets.
2. Minor bugfix to the CIP-Safety dissector. A couple of fields were
"missing", causing errant malformed packets.
svn path=/trunk/; revision=41283
Joerg Mayer