Similar to the "tcp.port" changes in I99604f95d426ad345f4b494598d94178b886eb67,
convert dissectors that use "udp.port".
More cleanup done on dissectors that use both TCP and UDP dissector
tables, so that less preference callbacks exist.
Change-Id: If07be9b9e850c244336a7069599cd554ce312dd3
Reviewed-on: https://code.wireshark.org/review/18120
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fixes a memleak that occurs on (re)loading a pcap. While at it, remove
some unnecessary variables.
Change-Id: Ibb662e5c608881bc7dfde9d12cdb77f699ff6542
Reviewed-on: https://code.wireshark.org/review/17639
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Have all dissector tables have a "supports Decode As" flag, which
defaults to FALSE, and which is set to TRUE if a register_decode_as()
refers to it.
When adding a dissector to a dissector table with a given key, only add
it for Decode As if the dissector table supports it.
For non-FT_STRING dissector tables, always check for multiple entries
for the same protocol with different dissectors, and report an error if
we found them.
This means there's no need for the creator of a dissector table to
specify whether duplicates of that sort should be allowed - we always do
the check when registering something for "Decode As" (in a non-FT_STRING
dissector table), and just don't bother registering anything for "Decode
As" if the dissector table doesn't support "Decode As", so there's no
check done for those dissector tables.
Change-Id: I4a1fdea3bddc2af27a65cfbca23edc99b26c0eed
Reviewed-on: https://code.wireshark.org/review/17402
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
* Add AN local and global flags to the SoA frame
* Add NMT command for dynamic node assignment (DNA)
Change-Id: I7cc8c9ee26b0676727d28f32b056fbe1a153c8af
Reviewed-on: https://code.wireshark.org/review/15263
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Christoph Schlosser <christoph@schlosser.xyz>
Reviewed-by: Roland Knall <rknall@gmail.com>
In case of a segmented SDO transfer, the transfer complete response can
contain additional data that should not be evaluated by the dissector.
Change-Id: I7016eb88b93aac8c318e703fe60a90c3adbf9eeb
Reviewed-on: https://code.wireshark.org/review/14692
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
This saves many dissectors the need to find the data dissector and store a handle to it.
There were also some that were finding it, but not using it.
For others this was the only reason for their handoff function, so it could be eliminated.
Change-Id: I5d3f951ee1daa3d30c060d21bd12bbc881a8027b
Reviewed-on: https://code.wireshark.org/review/14530
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This will make it easier to determine protocol dependencies.
Some LLC OUI dissector tables didn't have an associated protocol, so they were left without one (-1 used)
Change-Id: I6339f16476510ef3f393d6fb5d8946419bfb4b7d
Reviewed-on: https://code.wireshark.org/review/14446
Reviewed-by: Michael Mann <mmann78@netscape.net>
It's not tied to the frame_data structure any more, so it belongs by
itself.
Clean up some #includes while we're at it; in particular, frame_data.h
doesn't use anything related to tvbuffs, so don't have it gratuitiously
include tvbuff.h.
Change-Id: Ic32922d4a3840bac47007c5d4c546b8842245e0c
Reviewed-on: https://code.wireshark.org/review/13518
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That removes most of the uses of the frame number field in the
frame_data structure.
Change-Id: Ie22e4533e87f8360d7c0a61ca6ffb796cc233f22
Reviewed-on: https://code.wireshark.org/review/13509
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I8512cfa1d424f82a873a0e0e1d22c7b075fdd7f3
Reviewed-on: https://code.wireshark.org/review/13069
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ie39ef054a4a942687bd079f3a4d8c2cc55d5f22c
Reviewed-on: https://code.wireshark.org/review/12485
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Some of the ASN.1 dissectors still generate a new_create_dissector_handle from the tool itself, so leave those for now.
Change-Id: Ic6e5803b1444d7ac24070949f5fd557909a5641f
Reviewed-on: https://code.wireshark.org/review/12484
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The target here is the Decode As dialog where protocols have multiple registrations into a dissector table and that shows up as multiple entries in the Decode As dialog list with the same name so users are unsure which "dissector" they are choosing.
The "default" behavior (done in this commit) is to not allow duplicates for a dissector table, whether its part of Decode As or not. It's just ENFORCED for Decode As.
Bug: 3949
Change-Id: Ibe14fa61aaeca0881f9cc39b78799e314b5e8127
Reviewed-on: https://code.wireshark.org/review/11405
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Instead of displaying a long list of OD index, subindex and padding, group
the information by parameters.
Change-Id: I03ea83f187b4bd4956361d33be674ec62e35bea1
Reviewed-on: https://code.wireshark.org/review/11398
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Christoph Schlosser <christoph.schlosser@yahoo.de>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I794a26bd21494532629035a7d23751235ecec3db
Reviewed-on: https://code.wireshark.org/review/11289
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
pinfo->fd->subnum is not used in a way as it was documented
in frame_data.h. This uses a more generic approach and also
frees subnum in this case
Change-Id: I3aee0ffcdf1948c97a2d2f95c868e636362664a1
Reviewed-on: https://code.wireshark.org/review/11225
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Iebf0fc5d3e86fba9a2ea4da5784256d820598e39
Reviewed-on: https://code.wireshark.org/review/10744
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
While IPv4 subnet masks are obviously related and similar to IPv4
addresses, they are distinct enough that they need to be treated
seperately in some aspects. For instance, there is no value in
attempting to resolve a subnet mask.
This change creates a new display type: BASE_NETMASK, which allows distinction from FT_IPv4
(and possible name resolution) where appropriate.
Change-Id: I99e19c9a58eb613f8e58d481af84c30e2e5e14d7
Reviewed-on: https://code.wireshark.org/review/10438
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Current implementation gives all remaining data to sub-dissector.
This is not correct, as with "Write Multiple by Index" the data
given includes the following indeces and their datasets
Change-Id: I5343bf61431a7b5507b51f53f0de8c6e3dc72cf1
Reviewed-on: https://code.wireshark.org/review/9870
Reviewed-by: Roland Knall <rknall@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Instead of interpreting the OD Index and OD Subindex as abort code now the
correct offset is applied and the abort code is correctly evaluated.
Change-Id: Ic70e755d835c5f62f6cff8a8848a33ee8758faf4
Reviewed-on: https://code.wireshark.org/review/9736
Reviewed-by: Christoph Schlosser <christoph.schlosser@yahoo.de>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This patch is partially automatically generated, but are modified
manually. In particular, assignments and function calls have been
audited.
Some debugging comments and ifdef'd prints have been removed. The
lookup tables of the dcm and sip dissectors are now cleared. It is only
called on reopening files anyway.
The isakmp dissector is modified to use g_hash_table_new_full for
destruction of its keys and values.
Fix a memleak in ipsec dissector when libgcrypt is not enabled.
Generated using
https://git.lekensteyn.nl/peter/wireshark-notes/diff/one-off/cleanup-rewrite.py?id=3c6128ee266024d164650955f93c7740484abd68
(with AUDIT = True).
Change-Id: I3fd910bdee663842ac0196334fe0189b67e251b0
Reviewed-on: https://code.wireshark.org/review/9225
Reviewed-by: Michael Mann <mmann78@netscape.net>
The payload dissection now only includes the remaining bytes,
even if the actual number of payload bytes should be bigger.
An expert Info is added, to inform the user, that the trace was
truncated, but the payload is still given to a sub-dissector,
as it may contain valid information
Change-Id: Iefef78e7c7aed7f87e40875f345ff5debf364f3a
Reviewed-on: https://code.wireshark.org/review/9124
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Allow the command layer to be shown for duplicated frames
if needed for deep-packet analysis
Change-Id: I2e0026b6e448ebfd96f879f2f002a6f30a0a5031
Reviewed-on: https://code.wireshark.org/review/8874
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The "EPSG Draft Standard 302-A: High Availability" introduces
the new frame "AMNI". This change adds support to correctly
dissect POWERLINK AMNI frames.
Change-Id: I9e402423296c4e82a25e897de964629bb695d566
Reviewed-on: https://code.wireshark.org/review/8215
Reviewed-by: Roland Knall <rknall@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Add a CF_FUNC macro to match VALS, TFS, etc. This should help us to avoid
the following warning:
warning: ISO C forbids initialization between function pointer and 'void *' [-Wpedantic]
We could start adding DIAG_OFF+DIAG_ON everywhere but this seems to be
more consistent with the other macros in proto.h. Update each instance
of BASE_CUSTOM to use CF_FUNC.
Adjust a dummy variable name generated by asn2wrs.py that was triggering
an invalid error in checkhf.pl.
Fix an encoding arguement in packet-elasticsearch.c found by
fix-encoding-args.pl.
Change-Id: Id0e75076c2d71736639d486f47b87bab84e07d22
Reviewed-on: https://code.wireshark.org/review/7150
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Allow manufacturer specific plugins, which will only
be called for certain service IDs which are manufacturer
specific as defined by the POWERLINK specification.
As with e.g. udp.port, a plugin or subdissector may
register with epl.asnd and a given service ID to implement
a plugin for specific ASND Service IDs, which are part
of the manufacturer specific object range (0xA0-0xFE).
Also, all values for the ID fields have been changed to
range_string
Change-Id: Ibfb9c035c16bce5322b13c42f30daf14e096712a
Reviewed-on: https://code.wireshark.org/review/6793
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
With this patch we want to enable a better support of POWERLINK
as a protocol for people who have to perform network diagnostics using
analyzing tools. Up until now, the main tool used was Omnipeek.
Now wireshark will be used more and more, due to the new extcap
infrastructure, which supports debug tools to be added as capture
devices.
To better facilitate that change, we have adapted the textual
representation of the Omnipeek dissector for POWERLINK, as it
allows for a faster and simpler diagnosis routine.
Additionally the name of the protocol has been changed to it's
correct name "POWERLINK" as this is the official name used by
EPSG for describing the protocol.
Changelog:
- Add error code definitions and string values.
- Change name for protocol column to POWERLINK which is more commonly
used than EPL.
- Reformat output in info column to look like output the output of
the POWERLINK plugin for Omnipeek. This facilitates the transition
to Wireshark. The added information and changed output improves the
debugging of POWERLINK nerworks.
Change-Id: I795e2487f2ae7af6b90c29366a1843c9fabffa85
Reviewed-on: https://code.wireshark.org/review/5581
Reviewed-by: Roland Knall <rknall@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Specifically:
- Set packet.h to be the first wireshark #include after
config.h and "system" #includes.
packet.h added as an #include in some cases when missing.
- Remove some #includes included (directly/indirectly) in
packet.h. E.g., glib.h.
(Done only for those files including packet.h).
- As needed, move "system" #includes to be after config.h and
before wireshark #includes.
- Rework various #include file specifications for consistency.
- Misc.
Change-Id: Ifaa1a14b50b69fbad38ea4838a49dfe595c54c95
Reviewed-on: https://code.wireshark.org/review/5923
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Bill Meier <wmeier@newsguy.com>
This allows dissector lists to be looked up by name, so they can be
shared by multiple dissectors.
(This means that there's no "udplite" heuristic dissector list, but
there shouldn't be one - protocols can run atop UDP or UDPLite equally
well, and they share a port namespace and uint dissector table, so they
should share a heuristic dissector table as well.)
Change-Id: Ifb2d2c294938c06d348a159adea7a57db8d770a7
Reviewed-on: https://code.wireshark.org/review/5936
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(for some dissectors which fetch all other integral fields using
ENC_LITTLE_ENDIAN).
Change-Id: Ica72a68ac560f2920d61e0769de83130557c46fd
Reviewed-on: https://code.wireshark.org/review/5752
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Part 2 of many
Change-Id: I50815e7738b011382392f3078a7107d3d9eec4ec
Reviewed-on: https://code.wireshark.org/review/5542
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Remake of the duplicated frames filter with
less memory usage.
Change-Id: I7c8694b5ae69c919b866bbc661bad5e3f0a3e1d7
Reviewed-on: https://code.wireshark.org/review/4773
Reviewed-by: Roland Knall <rknall@gmail.com>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Lukas Emersberger <lukas.emersberger@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fixed an error that retransmitted frames were added to the
reassembly table.
Change-Id: I314412cb8f2ce49142e4b7f001613948f5e03bf6
Reviewed-on: https://code.wireshark.org/review/4916
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Lukas Emersberger <lukas.emersberger@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The subindex of the R/TPDO frames was interpreted false.
Now the subindex is correctly interpreted.
ASend SDO Write Multiple Parameter by Index interpreted
the mapping data false.
Change-Id: Icfb1896e96f5486c5479c1dd060eb1032695f9f6
Reviewed-on: https://code.wireshark.org/review/4397
Reviewed-by: Lukas Emersberger <lukas.emersberger@gmail.com>
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
The offset was calculated too high, as it was added
to itself and sizes were added multiple times
Change-Id: I1a581e96e2ab66e40f5566074e8bd1089f55bdb0
Reviewed-on: https://code.wireshark.org/review/4049
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I525ac2aae2bdbfd5f3a2f3b35f1bf10dde053f66
Reviewed-on: https://code.wireshark.org/review/2667
Tested-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The data that is sent when downloading or uploading from a server is
sent in segments to the client.To clearly display all the segments
belonging together the splitted payload needs to be reassembled.
The behaviour is described in the powerlink specification 301 v1.2.0
chapter 6.3.2.4.1.1 Download Protocol and chapter 6.3.2.4.2 Upload
Protocol. The payload of the download/upload is now reassembled.
Signed-off-by: Lukas Emersberger <lukas.emersberger@gmail.com>
Change-Id: I17c30f15e75da47bcaba8f1fda1e412849ec268c
Reviewed-on: https://code.wireshark.org/review/1120
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The MN interprets the CMD layer data only if the CN increments
the Send-Sequence-Counter => new data. The MN interprets the
data only once, if the same frame is sent again the MN ignores
the data.
The behaviour is described in the powerlink specification 301 v1.2.0
chapter 6.3.2.3.2.3 Error: Duplication of Frame
Frames which duplicate previous sent data are now marked as
duplicated frames.
Signed-off-by: Lukas Emersberger <lukas.emersberger@gmail.com>
Change-Id: I9ef24b52712bfd3c735856b0cd5747c47aeef72a
Reviewed-on: https://code.wireshark.org/review/992
Reviewed-by: Evan Huus <eapache@gmail.com>
Michael Mann