Hopefully that name makes it clear what the routiner's purpose is, and
will encourage people to use it rather than using dissector_add_uint()
with a bogus integer value.
Change-Id: Ic5be456d0ad40b176aab01712ab7b13aed5de2a8
Reviewed-on: https://code.wireshark.org/review/2483
Reviewed-by: Guy Harris <guy@alum.mit.edu>
this can happen and cause invalid memory accesses with incorrectly-large padding
values
Bug:10187
Change-Id: Ib9b2a2fa10766efb4d95d588f57354a56373c626
Reviewed-on: https://code.wireshark.org/review/2325
Reviewed-by: Evan Huus <eapache@gmail.com>
This makes it possible to dissect part of a package as ASN.1.
Change-Id: I53dd6bc916fa0d2c932d77fef437c2094fdd29ed
Reviewed-on: https://code.wireshark.org/review/2238
Reviewed-by: Evan Huus <eapache@gmail.com>
tvb_new_subset -> tvb_new_subset_remaining it appears that's what the intention is.
Change-Id: I2334bbf3f10475b3c22391392fc8b6864454de2d
Reviewed-on: https://code.wireshark.org/review/1999
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
There appear to be a couple of bugs in the flow control of this function (which
is very confusing), at least one of which is leading to a buffer overrun. See
the bug comments for more details and guesses of what the correct thing to do
is.
Bug:9579
Change-Id: Ibd3077792c7689a715ea53e8bf8c7a561c67389f
Reviewed-on: https://code.wireshark.org/review/1530
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
This should complete the transition to the "New" type.
Change-Id: I882b088206c6e6d0592159451c943caeaf5b90ec
Reviewed-on: https://code.wireshark.org/review/1202
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This squelches some run-time dissector asserts.
Change-Id: I0ce33c4eb6e9c3bd371e47363a981e9a7a0dc789
Reviewed-on: https://code.wireshark.org/review/997
Reviewed-by: Guy Harris <guy@alum.mit.edu>
For various string types defined in X.680, use the appropriate encoding,
or ENC_ASCII|ENC_NA in some cases where we don't have an appropriate
encoding yet.
This most significantly fixes the handling of BMPString and
UniversalString, which are supersets of ASCII (Unicode Basic
Multilingual Plane and Unicode, respectively), but don't encode ASCII
characters as single octets. It also fixes UTF8String to, well,
properly recognize UTF-8.
This also lets us get rid of the special handling of SyntaxBMPString in
X.509sat (and, in fact, *requires* us to get rid of it, as, otherwise,
the string value appears twice).
Change-Id: I325c4e71a6110278eb23b86e0d986e6439cfc328
Reviewed-on: https://code.wireshark.org/review/994
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The majority of the fixes are for calls to uat_new(). Instead of
having each caller cast its private data to (void**), we use void*
in the uat_new() API itself. Inside uat_new(), we cast the void*
to void**.
Some dissectors use val64_string arrays, so a VALS64() macro was
added for those, to avoid using VALS(), which is useful only for
value_string arrays.
packet-mq.c was changed because dissect_nt_sid() requires
a char**, not a guint**. All other callers of dissect_nt_sid() use
char*'s (and take the address of it) for their local storage. So,
this was changed to follow the other practices.
A confusion between gint and absolute_time_display_e in packet-time.c
was cleared up.
The ugliest fix is the addition of ip6_guint8_to_str(), for exactly
one caller. The caller uses one type of ip6 address byte array,
while ip6_to_str() expects another. This new function is in place
until the various address implementations can be consolidated.
Add VALS64() to the developer documentation.
Change-Id: If93ff5c6c8c7cc3c9510d7fb78fa9108e4552805
Reviewed-on: https://code.wireshark.org/review/48
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
obvious that the returned string is ephemeral, and opens up the original names
in the API for versions that take a wmem pool (and thus can work in any scope).
svn path=/trunk/; revision=54249
from the GTK flavor in two major ways:
- The "Decode As" and "User Specified Decodes" dialog have been unified.
- You can modify the decode as behavior at any time, not just when you
have a packet selected.
Revert part of 53498 so that we can move items marked
/*** THE FOLLOWING SHOULD NOT BE USED BY ANY DISSECTORS!!! ***/
from epan/decode_as.h to ui/decode_as_utils.h.
Move "save" code from decode_as_dlg.c to decode_as_utils.c as well.
In packet-dcerpc.c don't register a table named "ethertype". We might
want to add checks for duplicate table names.
To do:
- Add support for ranges?
- Either add support for DCERPC or make DCERPC use a regular dissector
table.
- Fix string selectors (i.e. BER).
svn path=/trunk/; revision=53910
The basic idea behind this design is to have dissectors register with a "decode as list" with their name and dissector table. When "Decode As" dialog is launched, any "registered" dissector found in the packet will cause a tab to be created in the dialog.
This patch includes just the dissector portion of the functionality (minus packet-dcerpc.[ch] because it has hooks to the current GUI)
svn path=/trunk/; revision=53445
The intention is to aid in the removal of pinfo->private_data use as well as static global variables in a dissector. For now, all calls to call_ber_oid_callback have the data parameter set to NULL.
svn path=/trunk/; revision=52994
There seem to be several cases of proto_tree_add_string_format where a "string" value/filter doesn't really make sense because it's always empty, and is just being used as a "filterable subtree header (placeholder)". They appear to be more for "presense" than "value" and should probably be FT_NONE, although I'd almost argue for removing the filter in favor of proto_tree_add_text.
svn path=/trunk/; revision=52296
the same captured and reported lengths so that we don't end up throwing
BoundsErrors ("Packet size limited during capture") when the packet is simply
malformed.
This fixes one of the issues reported in https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8816
svn path=/trunk/; revision=50055
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7359
The BER integer dissection routines take an hf_id, but that can be -1.
Only fetch the type (to check signedness) if hf_id >= 0, as otherwise this
causes a dissector bug. Default to signed if given no hf_id - I don't know
whether this should be unsigned or not, but the old behaviour was that
everything was signed so it's not a regression at least.
svn path=/trunk/; revision=49101
be done on flows from one address to another; reassembly for protocols
running atop TCP should be done on flows from one TCP endpoint to
another.
We do this by:
adding "reassembly table" as a data structure;
associating hash tables for both in-progress reassemblies and
completed reassemblies with that data structure (currently, not
all reassemblies use the latter; they might keep completed
reassemblies in the first table);
having functions to create and destroy keys in that table;
offering standard routines for doing address-based and
address-and-port-based flow processing, so that dissectors not
needing their own specialized flow processing can just use them.
This fixes some mis-reassemblies of NIS YPSERV YPALL responses (where
the second YPALL response is processed as if it were a continuation of
a previous response between different endpoints, even though said
response is already reassembled), and also allows the DCE RPC-specific
stuff to be moved out of epan/reassembly.c into the DCE RPC dissector.
svn path=/trunk/; revision=48491
indentation, whitespace, long-lines, etc.
Also;
- replace two usages of fprintf(stderr,...) by g_warning();
- revert incorrect replacement of FALSE by ENC_BIG_ENDIAN
done a while back (2 cases);
[The incorrect use of ENC_BIG_ENDIAN was benign since
ENC_BIG_ENDIAN is currently defined ad 0x0000000]
svn path=/trunk/; revision=45625
The reassembled fragments tree in the Packet Details view is awesome, but it
lacks one thing: a field that exposes the reassembled data.
tcp.data already exists for exposing a single TCP segment's payload as a byte
array. It would be handy to have something similar for a single application
layer PDU when TCP segment reassembly is involved. I propose
tcp.reassembled.data, named and placed after the already existing field
tcp.reassembled.length.
My primary use case for this feature is outputting tcp.reassembled.data with
tshark for further processing with a script.
The attached patch implements this very feature. Because the reassembled
fragment tree code is general purpose, i.e. not specific to just TCP, any
dissector that relies upon it can add a similar field very cheaply. In that
vein I've also implemented ip.reassembled.data and ipv6.reassembled.data, which
expose reassembled fragment data as a single byte stream for IPv4 and IPv6,
respectively. All other protocols that use the reassembly code have been left
alone, other than inserting NULL into their initializer lists for the newly
introduced struct field reassemble.h:fragment_items.hf_reassembled_data.
svn path=/trunk/; revision=44802