convert all existing UAT update callbacks to use glib memory instead of
ephemeral memory for that string.
UAT code paths are entirely distinct from packet dissection, so using ephemeral
memory was the wrong choice, because there was no guarantees about when it would
be freed.
The move away from emem still needs to be propogated deeper into the UAT code
itself at some point.
Net effect: remove another bunch of emem calls from dissectors, where replacing
with wmem would have caused assertions.
svn path=/trunk/; revision=52854
was done using textual search+replace, not anything syntax-aware, so presumably
it got most comments as well (except where there were typos).
Use a consistent coding style, and make proper use of the WS_DLL_* defines.
Group the functions appropriately in the header.
I ended up getting rid of most of the explanatory comments since many of them
duplicated what was in the value_string.c file (and were out of sync with the
recent updates I made to those in r48633). Presumably most of the comments
should be in the .h file not the .c file, but there's enough churn ahead that
it's not worth fixing yet.
Part of https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8467
svn path=/trunk/; revision=48634
be done on flows from one address to another; reassembly for protocols
running atop TCP should be done on flows from one TCP endpoint to
another.
We do this by:
adding "reassembly table" as a data structure;
associating hash tables for both in-progress reassemblies and
completed reassemblies with that data structure (currently, not
all reassemblies use the latter; they might keep completed
reassemblies in the first table);
having functions to create and destroy keys in that table;
offering standard routines for doing address-based and
address-and-port-based flow processing, so that dissectors not
needing their own specialized flow processing can just use them.
This fixes some mis-reassemblies of NIS YPSERV YPALL responses (where
the second YPALL response is processed as if it were a continuation of
a previous response between different endpoints, even though said
response is already reassembled), and also allows the DCE RPC-specific
stuff to be moved out of epan/reassembly.c into the DCE RPC dissector.
svn path=/trunk/; revision=48491
The reassembled fragments tree in the Packet Details view is awesome, but it
lacks one thing: a field that exposes the reassembled data.
tcp.data already exists for exposing a single TCP segment's payload as a byte
array. It would be handy to have something similar for a single application
layer PDU when TCP segment reassembly is involved. I propose
tcp.reassembled.data, named and placed after the already existing field
tcp.reassembled.length.
My primary use case for this feature is outputting tcp.reassembled.data with
tshark for further processing with a script.
The attached patch implements this very feature. Because the reassembled
fragment tree code is general purpose, i.e. not specific to just TCP, any
dissector that relies upon it can add a similar field very cheaply. In that
vein I've also implemented ip.reassembled.data and ipv6.reassembled.data, which
expose reassembled fragment data as a single byte stream for IPv4 and IPv6,
respectively. All other protocols that use the reassembly code have been left
alone, other than inserting NULL into their initializer lists for the newly
introduced struct field reassemble.h:fragment_items.hf_reassembled_data.
svn path=/trunk/; revision=44802
implicitly by the #define name and string they were defined to; not all
UATs neatly fit into any of the categories, so some of them were put
into categories that weren't obviously correct for them, and one - the
display filter macro UAT - wasn't put into any category at all (which
caused crashes when editing them, as the GUI code that handled UAT
changes from a dialog assumed the category field was non-null).
The category was, in practice, used only to decide, in the
aforementioned GUI code, whether the packet summary pane needed to be
updated or not. It also offered no option of "don't update the packet
summary pane *and* don't redissect anything", which is what would be
appropriate for the display filter macro UAT.
Replace the category with a set of fields indicating what the UAT
affects; we currently offer "dissection", which applies to most UATs
(any UAT in libwireshark presumably affects dissection at a minimum) and
"the set of named fields that exist". Changing any UAT that affects
dissection requires a redissection; changing any UAT that affects the
set of named fields that exist requires a redissection *and* rebuilding
the packet summary pane.
Perhaps we also need "filtering", so that if you change a display filter
macro, we re-filter, in case the display is currently filtered with a
display filter that uses a macro that changed.
svn path=/trunk/; revision=43603
- Fix various bugs.
- Add some optional debug.
- Enable checking of the Calling address.
- Check that the Called/Calling address has at least a minimum number of
octets.
- Handle XUDTS.
- Reject messages whose mandatory variable pointers are 0 (meaning not
present).
- Reject Class-2 messages whose Class-spare bits are non-zero.
- For (Class-2) messages that have no variable parameters but an optional
pointer, only accept messages whose optional pointer is 0 (no optional
parameters) or 1 (optional parameter immediately follows the pointer).
- (For some of those Class-2 messages) if there are no optional parameters,
reject messages if we didn't reach the end of the message.
svn path=/trunk/; revision=40819
they're signed, but that's only to handle "offset from the end" - we
should probably get rid of that and make them unsigned.)
svn path=/trunk/; revision=40785
- Handle ERR and IT messages.
- When checking variable parameter lengths, check that we have enough data
remaining (by adding the current offset to the retrieved length).
- Check the lengths of several more messages.
- When checking the length, add up the values of the parameter length macros
to make it obvious how we came to use that value.
svn path=/trunk/; revision=40784
- Reject all Class-3 messages (it's never used)
- Group Class-2 and Class-1 messages closer together
- Some code cleanup (use macros where we have them)
svn path=/trunk/; revision=40780
Part of "display filters with redundancies of PROTABBREV in them."
The ones left outs should be fixed differently I think.
Rename som ndps hf variables while at it.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2794
svn path=/trunk/; revision=37406
- routing on SSN but the SSN is not present or is unspecified (zero)
- message handling has an unexpected value
- message class is incorrect for the message type
Also clean up some indentation and other white space.
svn path=/trunk/; revision=37400
if the preference is set.
Add %d to the "not found" string in val_to_str() calls.
Upgrade the "ITU address format seen in ANSI" expert info from NOTE to WARN.
svn path=/trunk/; revision=37218
digits.
Since we now have a subtree from which to hang things, make the generic (called
or calling) digits fields visible under this new subtree (one less hidden item).
Don't use add_string_format() to add the GT digits, let epan format it for us.
Use more descriptive field descriptions for these entries.
svn path=/trunk/; revision=37214
and without causing us to potentially run into bug 3834.
Add a couple hf entries for things that had been added with add_text().
svn path=/trunk/; revision=36946