When the dissector was added, BASE_HEX_DEC was used by default for many
fields. This is often not the most appropriate display format. The
biggest change is that all fields referring to sizes in bytes now
consistently use BASE_DEC_HEX.
This part of the DRBD protocol requires some state to correctly decode.
So we use a conversation to associate the packets. This conversation
stores a map of the two-phase commit data required for decoding later
packets.
Packets such as P_DATA do not have a dedicated field containing the size
of the data. It is simply the amount of extra data in the packet. It is
useful to be able to show or filter by this value, so add it as a
separate field.
Also combine the "blksize" and "size" fields, since they have the same
meaning.
Finally, remove some duplicates of the function decode_payload_data.
These values are opaque handles as far as the protocol is concerned.
They are sent from some node A to B, and then back from B to A. For node
B they have no meaning other than as a handle. However, on node A they
do have meaning, so it is useful to be able to interpret them. In
practice, they are usually little-endian encoded, so decode them
accordingly.
Dissector names allow extension items to be given standard text names.
This also uses a protocol-in-name-only to avoid the frame.protocols field from containing ":tcpcl:tcpcl:tcpcl:..." for each extension dissection.
Mainly:
* added 3 new procexit event params
* avoid sigsegv when sysdig event has
a number of params that is
greater of the wireshark one.
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
epan/dissectors/packet-netlink-netfilter.c: FT_UINT32: proto_tree_add_item(tree, hf_nfq_hwaddr_addr, tvb, offset, addrlen, [[ENC_BIG_ENDIAN]-->[ENC_NA]]);
(These messages are wrong, this field is FT_ETHER, not FT_UINT32).
epan/dissectors/packet-netlink-psample.c (15 (of 15) fields)
netlink.psample.cmd doesn't match PROTOABBREV of netlink-psample
netlink.psample.attr_type doesn't match PROTOABBREV of netlink-psample
netlink.psample.iifindex doesn't match PROTOABBREV of netlink-psample
netlink.psample.oifindex doesn't match PROTOABBREV of netlink-psample
netlink.psample.origsize doesn't match PROTOABBREV of netlink-psample
netlink.psample.sample_group doesn't match PROTOABBREV of netlink-psample
netlink.psample.group_seq_num doesn't match PROTOABBREV of netlink-psample
netlink.psample.sample_rate doesn't match PROTOABBREV of netlink-psample
netlink.psample.tunnel doesn't match PROTOABBREV of netlink-psample
netlink.psample.group_refcount doesn't match PROTOABBREV of netlink-psample
netlink.psample.out_tc doesn't match PROTOABBREV of netlink-psample
netlink.psample.out_tc_occ doesn't match PROTOABBREV of netlink-psample
netlink.psample.latency doesn't match PROTOABBREV of netlink-psample
netlink.psample.timestamp doesn't match PROTOABBREV of netlink-psample
netlink.psample.proto doesn't match PROTOABBREV of netlink-psample
Exif does not define the order of elements in the Exif data, so if there's
empty space in front of IFD #0, it might be used for other IFDs or standalone
values.
As such, don't create a dummy tree item covering that space.
Instead of passing a pointer to a header_field_info structure,
pass an integer index to the registry.
This allows each dissector to be converted to a more conventional
structure.
IEC 101 can have a link address of zero, one, or two octets.
The IOA address can also be one, two, or three octets.
Remove unnecessary apply_prefs function. Fix#17775