Specifically:
- Set packet.h to be the first wireshark #include after
config.h and "system" #includes.
packet.h added as an #include in some cases when missing.
- Remove some #includes included (directly/indirectly) in
packet.h. E.g., glib.h.
(Done only for those files including packet.h).
- As needed, move "system" #includes to be after config.h and
before wireshark #includes.
- Rework various #include file specifications for consistency.
- Misc.
Change-Id: Ifaa1a14b50b69fbad38ea4838a49dfe595c54c95
Reviewed-on: https://code.wireshark.org/review/5923
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Bill Meier <wmeier@newsguy.com>
This allows dissector lists to be looked up by name, so they can be
shared by multiple dissectors.
(This means that there's no "udplite" heuristic dissector list, but
there shouldn't be one - protocols can run atop UDP or UDPLite equally
well, and they share a port namespace and uint dissector table, so they
should share a heuristic dissector table as well.)
Change-Id: Ifb2d2c294938c06d348a159adea7a57db8d770a7
Reviewed-on: https://code.wireshark.org/review/5936
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Profinet I/O and DCOM CBA had completely separate uses for the profinet_type member, so it's okay to separate them with different proto ids tracking the proto_data.
Change-Id: I7b9c01b8d4f74d51fe9f9ef2f957479dff0a7157
Reviewed-on: https://code.wireshark.org/review/5852
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
* Simplify the conversion of degrees from 24 bit fixed point to a float.
Avoids strict-aliasing warning by gcc 4.4.
* Add reference to RFC 6757.
* Correct spelling of 'convert' in degrees_convert_fixed_to_float().
Change-Id: Icb680d009fdd960e8668fa3020060799d6a74c2f
Reviewed-on: https://code.wireshark.org/review/5913
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This adds support for "field||field" without spaces.
Change-Id: Ia738d6642d12a188d1629bbdd9701cc8f8bb7a68
Reviewed-on: https://code.wireshark.org/review/5922
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Michal Labedzki <michal.labedzki@tieto.com>
The FCS at the end of the frame is decoded as additional STA info fields which does not seem correct.
Issue reported by Sudheer
Bug:10786
Change-Id: Idffaa41cd7c79ad4c9937e7f32aa2444c1b9033f
Reviewed-on: https://code.wireshark.org/review/5849
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: I0749f8e10d6f8d97b85da6bb52b0ab336ba06c38
Reviewed-on: https://code.wireshark.org/review/5919
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: If92c9bc281f44de8f3b1de71005240755748403a
Reviewed-on: https://code.wireshark.org/review/5918
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Check for "or" or "||" (also ignore whitespaces)
and check both arguments of this operator to be
fieldname (character check), then check whole filter is valid
for dfilter compiler.
Change-Id: I412b5dc1fca16fcd2b640aa74af81167300fd11e
Reviewed-on: https://code.wireshark.org/review/5848
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Tested-by: Michal Labedzki <michal.labedzki@tieto.com>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
That appears to be a name supplied both by MIT and Heimdal Kerberos.
Using it makes it a bit clearer what the code is doing, and might avoid
type clash warnings if it's the right type (e.g., if it's a member of an
enum, as it is in Heimdal, and the corresponding argument to
krb5_crypto_init() is of the same type, the types will match).
Change-Id: I81b79223f789b8d1ec47180b7636ac1d83e03681
Reviewed-on: https://code.wireshark.org/review/5898
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It's only in GLib 2.28 or later, but we don't require 2.28.
Instead, have col_custom_field_ids_free() do what g_slist_free_full() does -
and more.
Change-Id: I15768cfd2d26c847470b02ea6c51830dabcaa7ee
Reviewed-on: https://code.wireshark.org/review/5894
Reviewed-by: Guy Harris <guy@alum.mit.edu>
warnings (at least on NetBSD), presumably due to our use of
-Wc++-compat:
../../asn1/kerberos/packet-kerberos-template.c: In function
'read_keytab_file':
../../asn1/kerberos/packet-kerberos-template.c:497:10: warning: request
for implicit conversion from 'gpointer' to 'struct enc_key_t *' not
permitted in C++
../../asn1/kerberos/packet-kerberos-template.c:518:21: warning: request
for implicit conversion from 'gpointer' to 'char *' not permitted in C++
../../asn1/kerberos/packet-kerberos-template.c: In function
'decrypt_krb5_data':
../../asn1/kerberos/packet-kerberos-template.c:570:3: warning: enum
conversion when passing argument 3 of 'krb5_crypto_init' is invalid in
C++/usr/include/krb5/krb5-protos.h:1208:1: note: expected 'krb5_enctype'
but argument is of type 'int'
../../asn1/kerberos/packet-kerberos-template.c:581:13: warning: request
for implicit conversion from 'gpointer' to 'guint8 *' not permitted in
C++
../../asn1/kerberos/packet-kerberos-template.c:596:13: warning: request
for implicit conversion from 'gpointer' to 'char *' not permitted in C++
Change-Id: I17c10fc1df2685ec2e2c1b00cd3b81f62e09c829
Reviewed-on: https://code.wireshark.org/review/5886
Reviewed-by: Stephen Fisher <sfisher@sdf.org>
Also use proto_get_frame_protocols in main_menubar.c instead of doing it "manually".
Change-Id: Ie7a365c538700f2cebdd1e3d253f2fd9b189f5cf
Reviewed-on: https://code.wireshark.org/review/5851
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I5868a40b71a989a3a1522cb091064bb0aaec6daf
Reviewed-on: https://code.wireshark.org/review/5828
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
You can now add column with Custom type with more than one field
by using OR "||" splitter.
Bug: 9695
Change-Id: Ia82a91e7a35b867647d36cb9626e3870f46c0d85
Reviewed-on: https://code.wireshark.org/review/5804
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Bluetooth dissector is used to add ability to filter all bluetooth
payload from capture files (there are many transport like:
hci_h4, hci_h1, hci_usb, hci_mon, btle). Also it is used to placeholder for
all data tree used to store additional informations like bd_addrs, names, etc.
Finally it is used to be one point for Bluetooth
Endpoints/Conversation filtering what is enabled now.
Also add Master/Slave Role and Connection Mode tracking.
Change-Id: I67048080fb8ee16fa0f4ec429c1257de81ddd737
Reviewed-on: https://code.wireshark.org/review/5771
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Generally where it is not connection then on LinkLayer protocol level
addresses for Source and Destination device are known.
Change-Id: Id67703edc08df73d4c7a2f66ee8f4d6810a867c9
Reviewed-on: https://code.wireshark.org/review/5776
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
This adds possibility to have two fields with the same abbrev name
but different type, for example FT_ETHER and FT_STRING.
That allows to compare each one to find a valid field.
Change-Id: I8b2a1708ac9648b7a4289777c72a0f3b18f3d8f8
Reviewed-on: https://code.wireshark.org/review/5702
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
For cases where record (meta)data is something that can't be written out
in a particular file format, return WTAP_ERR_UNWRITABLE_REC_DATA along
with an err_info string.
Report (and free) that err_info string in cases where
WTAP_ERR_UNWRITABLE_REC_DATA is returned.
Clean up some other error reporting cases, and flag with an XXX some
cases where we aren't reporting errors at all, while we're at it.
Change-Id: I91d02093af0d42c24ec4634c2c773b30f3d39ab3
Reviewed-on: https://code.wireshark.org/review/5823
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reworked zbee_mfr_code_names to be in monotonic order.
Fixed implicit shortening of time value with a cast.
Change-Id: I629948fbe32543fd2672bbc40af790333b970b10
Reviewed-on: https://code.wireshark.org/review/5808
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
- Improved handling of status bits
- Using bitfields where applicable
- Unified capitalization of hex values
- Using TFS instead of bits for status flags
- Added universe ID calculation from Address/Net/Port
- Added RDM PID decoding (values in packet-rdm.c)
- Added Poll/PollReply/Toc/Rdm support for Artnet3 (15bit universe)
- Updated manufacturer list from ESTA website
- Updated OEM codes from Art-Net SDK
Change-Id: I33edbfa754cb37391614f7cf4d6d4a9b11bcd52d
Reviewed-on: https://code.wireshark.org/review/5755
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
they were out of order for the extended value-string, I suspect honeywell1 and
honeywell2 had just been put in backwards
Change-Id: I4aacf27ba8aa20c137731f1ad652380cd5af5562
Reviewed-on: https://code.wireshark.org/review/5809
Reviewed-by: Evan Huus <eapache@gmail.com>
Removed attrID and cmdID ZCL cluster functions.
Bug in ZCL HVAC attribute registration.
Fixed bug in ZCL command ID field registration.
Update Manufacturer Codes and Profile Ids to ZigBee-053874r26 Oct 2014
Fixed broken fragmented ZigBee packet collection and reassembly
Use protocol fields for Thermostat schedule transitions.
Added support for Key Establishment Cluster (CBKE) at SE 1.2a
Updated Message cluster to SE 1.2a spec
Added attribute reporting status which is common to all SE 1.2a clusters
Added SE 1.2a tunnel cluster support
ZigBee Smart Energy (SE) decryption appears to have been broken for some time. For SE you do not know the Link Key until after successful completion of Key Establishment and then manually enter it into preferences. Entry in preferences was broken such that when the new Link Key was entered all existing link keys would be lost. This lead to the loss of the Network Key as well when the Transport Key message was re-processed without the Pre-Configured Link Key. The Link Key 'key ring' has been moved to the UAT post-update callback so that it will always be updated correctly after changes to the link keys in preferences
The attribute reporting status attribute which is common to all SE clusters was accidentally shared, now each cluster has it's own instance
ZigBee security added key display for decrypted packets
ZigBee Security Preferences fixed UAT type for Label so key label is editable again
Added definition for Retail Service profile
Added dissection for profile-wide (General Command Frame) commands when the profile is unknown
Added zbee-zcl-misc.c to precommit check whitelist as it contains ias and hvac clusters avoiding proliferation of too many small files
Change-Id: I53d85ba9d782db6a0e7e78c51b0bc7cdcdbca3ad
Reviewed-on: https://code.wireshark.org/review/5565
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
That makes it clearer what the problem is, and that it should only be
returned by the dump code path, not by the read code path.
Change-Id: I22d407efe3ae9fba7aa25f08f050317549866442
Reviewed-on: https://code.wireshark.org/review/5798
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That makes it clearer what the problem is, and that it should only be
returned by the dump code path, not by the read code path.
Change-Id: Icc5c9cff43be6c073f0467607555fa7138c5d074
Reviewed-on: https://code.wireshark.org/review/5797
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It is too weak (just checking that the 2 first bytes of TCP segment are "HS") to be always activated
Change-Id: Iffda96046cc687004f403dd4d8e735375790b07b
Reviewed-on: https://code.wireshark.org/review/5789
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
If you encounter a frame with an all-zeroes ethertype it's very likely
due to buggy hardware or software. Don't try to dissect it as MDS
Header traffic.
Change-Id: Ie08d6aba2dcb82e4e49d6dbe96a2a3639e3cafc4
Bug: 8256
Reviewed-on: https://code.wireshark.org/review/5788
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
It was previously assumed that the remainder of a packet contains a
chunked-body response. This does not have be the case, and if the
assumption is violated, then the dissector would add multiple parts to a
single "De-chunked entity body".
This patch properly calculates the end of a chunked-body response,
taking the optional trailer-part into account and adjusting the size of
the chunked-body data as needed.
The CRLF in last-chunk that was previously dissected as "Chunk Boundary"
is the last CRLF that closes chunked-body, it is not part of last-chunk
(as it has no chunk-data to terminate).
A new header field is added for this trailer-part (RFC 7230 sec. 4.1).
Bug: 10707
Change-Id: Ifef1cc7dd0443edca4198eb1c27f58719f85fa9f
Reviewed-on: https://code.wireshark.org/review/5526
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Evan Huus <eapache@gmail.com>
Petri-Dish: Evan Huus <eapache@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
-> I don't see why they were uint8; ANSI E1.33 and ANSI E1.20 use uint16
Change-Id: Ia2c024b503d6a4b8c18020699bdc676a8459dcbd
Reviewed-on: https://code.wireshark.org/review/5783
Reviewed-by: Michael Mann <mmann78@netscape.net>
Also update HTTP Header Compression (to draft-10)
No framing change on HTTP2 draft-16
Change-Id: I7f8ffd7ab37bc22fd6fbe156b0bf52543025e3a8
Reviewed-on: https://code.wireshark.org/review/5782
Reviewed-by: Michael Mann <mmann78@netscape.net>
This commit implements a part of draft-ietf-isis-segment-routing-extensions:
- 3.2. SR-Algorithm Sub-TLV
Change-Id: Ibb419de234bf5a199f8067989b1321064fa93983
Ping-Bug: 10520
Reviewed-on: https://code.wireshark.org/review/5742
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Bug: 10761
Change-Id: I072cd3a68d852cb8dc57b9b9f807f792caba7259
Reviewed-on: https://code.wireshark.org/review/5750
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I0befc8846b9af43e1563adb369ba4d332775ef76
Reviewed-on: https://code.wireshark.org/review/5778
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I95f0ab387570c0c56e19990cb9b9063051bb792f
Reviewed-on: https://code.wireshark.org/review/5779
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Permit passing TRUE as the parameter during table registration to achieve that
effect.
Use it in RTP media type table.
Bug: 10708
Change-Id: I892fb1a421d349f0c05197dec90f14fc34ad6b97
Reviewed-on: https://code.wireshark.org/review/5695
Reviewed-by: Evan Huus <eapache@gmail.com>
Petri-Dish: Evan Huus <eapache@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Generally where it is not connection then on LinkLayer protocol level
addresses for Source and Destination device are known.
Change-Id: I28da88381a26826ad4897b56da993909130683d3
Reviewed-on: https://code.wireshark.org/review/5768
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
SN = Sequence Number, so it is not bool.
Change-Id: I0691b17150bbbdd34a0e7cbe3cb90058c9183ff7
Reviewed-on: https://code.wireshark.org/review/5769
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
lot of change but it is majority reindent change (Using clang-format)
Change-Id: Idcd0fa79ca977e25d69eb80a89d3c61d228885e9
Reviewed-on: https://code.wireshark.org/review/5764
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Use by MACSec
Change-Id: I27eee40ddc476435aecd57711c1b3597c2049901
Reviewed-on: https://code.wireshark.org/review/5751
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Also do not display a 8bits data SMS as an expert error
Those 2 points led me to a wrong analysis yesterday
Change-Id: Ib319e2ef8f0e7297cd2e119b6d0d98638e6a3d61
Reviewed-on: https://code.wireshark.org/review/5763
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
(for some dissectors which fetch all other integral fields using
ENC_LITTLE_ENDIAN).
Change-Id: Ica72a68ac560f2920d61e0769de83130557c46fd
Reviewed-on: https://code.wireshark.org/review/5752
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Specifically: the fields are fetched as 3 bytes, but had a
type, display of FT_UINT8, BASE_HEX so only that the LO byte was
displayed.
Change-Id: I06ea7b9527ae788be7f19278e8ba4dc2d34b2777
Reviewed-on: https://code.wireshark.org/review/5747
Reviewed-by: maisheri <maisheri.hitesh@gmail.com>
Reviewed-by: Bill Meier <wmeier@newsguy.com>
(for some dissectors which fetch all other integral fields using
ENC_BIG_ENDIAN).
Change-Id: Ic18e3172aad76af12b12d6732c88497be22aed56
Reviewed-on: https://code.wireshark.org/review/5748
Reviewed-by: Bill Meier <wmeier@newsguy.com>
packet-gsm_sms.c: In function 'dis_field_dcs':
packet-gsm_sms.c:694:12: error: 'msg_class' may be used uninitialized in
this function [-Werror=maybe-uninitialized]
cc1: all warnings being treated as errors
make[5]: *** [libdissectors_la-packet-gsm_sms.lo] Error 1
I suppose that 0xff is an invalid message class and therefore a
reasonable default value.
Change-Id: Iab3d3f50144b24bee4972063c2170d7a9f9b7c25
Reviewed-on: https://code.wireshark.org/review/5745
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Specifically: Use ENC_LITTLE_ENDIAN (not ENC_NA) to match all
other integral fetches in the cip dissector.
Change-Id: I5d330084168493f53135dbb97674a2dba9ed7477
Reviewed-on: https://code.wireshark.org/review/5732
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
the UDP port value check seems useless when the port is configured in the preferences, and prevents "Decode as" to work as expected
Change-Id: I5a059d05a9e980c2c60d8f84deae1b5bd9d466d3
Reviewed-on: https://code.wireshark.org/review/5727
Reviewed-by: Sergey Avseyev <sergey.avseyev@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
it consists of two bytes xsize + xsize bytes of data
use an unsigned type for xsize
fail gracefully if the field is present but truncated
tvb_length_remaining > tvb_captured_length_remaining
Change-Id: I7f5138743c2d88abdd4f5f18d3c0292612ddb559
Reviewed-on: https://code.wireshark.org/review/5654
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This is, for heuristic dissector tables, the equivalent of
dissector_table_foreach() for keyed dissector tables.
Change-Id: I4b2f870e1c1179fda1adddd93930b83aaaaf8763
Reviewed-on: https://code.wireshark.org/review/5715
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This makes it a bit more like dissector_all_tables_foreach_table.
Improve comments and clean up whitespace while we're at it.
Change-Id: I5147427f864add285e3bb6cb35ad9fa83bea516c
Reviewed-on: https://code.wireshark.org/review/5714
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It's always pased a heur_dissector_list_t *, so give it that type,
rather than having it be a generic pointer.
Change-Id: Ia6a045bb1b96c2f6ef3e23f27928e0b52f7cfb9f
Reviewed-on: https://code.wireshark.org/review/5713
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have dissectors register their desire to be part of "color" conversation filters and have the GUI use that registered list. GUI actually using API will come in a separate commit.
Change-Id: I5ffe922d97894fe7bf3182056b76ab5839a9461a
Reviewed-on: https://code.wireshark.org/review/5658
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We already have find_dissector_table(); expose
find_heur_dissector_list() as well, so that heuristic dissector lists
can be shared.
Change-Id: I3f50413b8b10fd3129fcdc2344cb1447f0946ce9
Reviewed-on: https://code.wireshark.org/review/5701
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I0e06c89cdda3c1f8e98412fd20737ff6afd26666
Reviewed-on: https://code.wireshark.org/review/5694
Reviewed-by: Sergey Avseyev <sergey.avseyev@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I2f4bcd8c4a6cf534bb5b6b5c5aa7e21075968ee3
Reviewed-on: https://code.wireshark.org/review/5696
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
add support for dCache NFS/pNFS
project page: http://www.dcache.org
Bug: 10765
Change-Id: I24a88419ec070305e609d1b49b44994a464eb098
Signed-off-by: Tigran Mkrtchyan <tigran.mkrtchyan@desy.de>
Reviewed-on: https://code.wireshark.org/review/5236
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Bill Meier <wmeier@newsguy.com>
The exchange_id spo_must_enforce/spo_must_allow bitmaps are exceeding
this arbitrary MAX_BITMAPS constant, causing EXCHANGE_ID parsing to
fail.
Even in the case of attributes we may need more than 4 words soon, even
if we don't I'm not sure if it's actually illegal to zero-pad them out
to something longer, and even if that is illegal I don't think it's
really helpful of wireshark to stop parsing.
Keep the constant just as a sanity check but make it really large.
Ping-Bug: 10649
Change-Id: I3dff3ebde2d7f74f8cbe60a92c853463da66ae6a
Reviewed-on: https://code.wireshark.org/review/5144
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Remove the preferences for the filter toolbar and mark them GTK+-only.
Change-Id: Ie48b19aee29a1cfcea4c41ca6c08ddbba3102377
Reviewed-on: https://code.wireshark.org/review/5693
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Add Telephony menu items for VoIP Calls and SIP Flows. Put VoIP Calls at
the top, since that seems to be the primary item.
Add configure-time checks for QtMultimediaWidgets in anticipation of
adding a VoIP playback dialog.
Add an icon for the playback button. (Yes, I've been avoiding
GNOME-level gratuitous icons so far but this is one of the rare
occiasions where it makes sense.)
Add a help link define for the VoIP calls dialog.
Change-Id: I5d0799685c598ad9af76fe9667f8ea7d14b66050
Reviewed-on: https://code.wireshark.org/review/5674
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Some of the conversions to proto_tree_add_xxx calls involved using explicit sizes instead of the "option length", so there is skipping of the "byte highlighting" of the type + length bytes.
Change-Id: Ibfe09a089fb33ba43121de079aca81742d48db4c
Reviewed-on: https://code.wireshark.org/review/5636
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Christopher Maynard <Christopher.Maynard@gtech.com>
Change-Id: I44cc6b70ec4dfc565934da499f46fca60a4ded93
Reviewed-on: https://code.wireshark.org/review/5524
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
No, I don't know why it's making it FT_NONE; it's a bit of a weird data
type, with a string inside a structure.
Change-Id: I27a6d7577ef4a9f4da8ddad2cad97ad097135e90
Reviewed-on: https://code.wireshark.org/review/5685
Reviewed-by: Guy Harris <guy@alum.mit.edu>
proto_tree_add_bitmask() requires that the field under which it's
putting the bitmasks be an FT_INTn or FT_UINTn, so that it can determine
the length of the field.
Arguably, proto_tree_add_bitmask() should, instead, take a length
argument, just as other proto_tree_add_ routines do, and, arguably, we
should perhaps not even have FT_UINTn and FT_INTn, just FT_UINT and
FT_INT, with the display width for hex and octal (leading zeroes)
determined by the actual length of the field or something such as that,
or as part of the field that also contains the base.
But, even with that, we might want to require an FT_UINTn or FT_INTn
anyway, at least in cases where the value of the field as a whole is
interesting.
Change-Id: I4dff8fb1686a30b7d145c089dd1be7f96ecf23e0
Reviewed-on: https://code.wireshark.org/review/5680
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have separate MTP2 dissectors for:
MTP2 frames with no pseudo-header and no CRC;
MTP2 frames with a pseudo-header and no CRC;
MTP2 frames with no pseudo-header and a CRC;
and call the appropriate dissector in the appropriate places.
While we're at it, get rid of a global variable - pass the "use extended
sequence numbers" flag down through the dissection code path, rather
than having it as a global.
Change-Id: Id8da1fbe3529e3ffadd5c30646cbc922f506a01f
Reviewed-on: https://code.wireshark.org/review/5679
Reviewed-by: Guy Harris <guy@alum.mit.edu>
and continues trough the next segment(s).
Change-Id: I8efe69361fda0c60ec6544cc6bbe28c91f07207c
Reviewed-on: https://code.wireshark.org/review/5583
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It's proto_tree_add_bitmask with the ability to control the data appended to header.
Change-Id: Icce97437ba7cfc9158ec204a837da8db8138424a
Reviewed-on: https://code.wireshark.org/review/5533
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: If886809d9eeb900bb94c045413ff1295519b8311
Reviewed-on: https://code.wireshark.org/review/5641
Reviewed-by: Michael Mann <mmann78@netscape.net>
It will be reused by CAPWAP dissector (* Rates Message Element)
Change-Id: I60ce12f382a35cdc2747baf23e2e3c30a305a8bd
Reviewed-on: https://code.wireshark.org/review/5640
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I396e9af7971ee8be6fc9548162ff37fe704f0289
Reviewed-on: https://code.wireshark.org/review/5651
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I68fa9650c234c0f1fb8464b464a781b54f2c728c
Reviewed-on: https://code.wireshark.org/review/5657
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I6abc157368a78e1abfde672728b88a36ba6e76cc
Reviewed-on: https://code.wireshark.org/review/5656
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ia0a39f7e4670d74325ddc40b34cd56ca018c0bde
Reviewed-on: https://code.wireshark.org/review/5655
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ie64573f5a0b6e921a5011e487eea8e55f72b9a0b
Reviewed-on: https://code.wireshark.org/review/5653
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
different value to them
Change-Id: I719db9180b2ba5f21653086f2697ca9bac68d6b1
Reviewed-on: https://code.wireshark.org/review/5652
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Bug: 10757
Change-Id: I30054c4a75ec86ea603cf78b702be5255c35f549
Reviewed-on: https://code.wireshark.org/review/5642
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I0e8610f381e650f2c5b3f78ea927b727ec9ac62a
Reviewed-on: https://code.wireshark.org/review/5637
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
rec_type is the type of record (which isn't necessarily a packet; future
work on libwiretap will let it return non-packet data); if it's a packet
(REC_TYPE_PACKET), then pkt_encap contains the "link-layer"
encapsulation for the packet (in quotes because it may contain metadata
not transmitted over the network).
Change-Id: I6f32b02f4466df6d7b07dbdc9d77e881830ac749
Reviewed-on: https://code.wireshark.org/review/5645
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I01f01ce51fb1c9deb857ef01696b406b97dca3a9
Reviewed-on: https://code.wireshark.org/review/5616
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Id001a6c1e116fdabfd51c354832ca68f50e65e7d
Reviewed-on: https://code.wireshark.org/review/5618
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I6b8fc8db006bc3b8f8f4bac019cb7e240931d3b5
Reviewed-on: https://code.wireshark.org/review/5619
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
We do multiple va_start() calls using the first string in the list of
strings; do *not* use the first-string argument to iterate over all the
argument strings, as that means that only the first va_start() call will
do the right thing, use a separate variable.
Bug: 10755
Change-Id: Ic4a6c24f911e335d147883a25d30289628836875
Reviewed-on: https://code.wireshark.org/review/5630
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The fact that the vtag matches the initiate tag doesn't mean much if both are 0
(uninitialized).
Also leave in some (commented-out) debug to make debugging this stuff easier
in the future.
Change-Id: Id007de8bf9d2d4e0bb18309ed3e2572fedda45f1
Reviewed-on: https://code.wireshark.org/review/5571
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Change-Id: Ic0abcf8173a690a1dc0cd250f5e8770eb92a5aa9
Reviewed-on: https://code.wireshark.org/review/5626
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I67dd6ae5dc48b297e5c04aba2fe53e3e159d2611
Reviewed-on: https://code.wireshark.org/review/5625
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
use tvb_captured_length() instead of tvb_length()
Change-Id: I7e7efd69515fc3e30c986ac5d9a56b4db1931c10
Reviewed-on: https://code.wireshark.org/review/5624
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
The exception schedule special-event disection already used matched
open-close tags and only needed to check for an unmatched close tag
to exit when used with ReadPropertyMultiple service.
Bug: 10691
Change-Id: I54f2f6f3f470138a6a88f84c62fd15b07ea74c37
Reviewed-on: https://code.wireshark.org/review/5593
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
- Rename BadColor to BadColormap as the former does not exist in the X11
specs
- Parse the bad resource id field in case of the following errors:
BadColormap, BadWindow, BadPixmap, BadCursor, BadFont, BadDrawable,
BadGC and BadIDChoice
Change-Id: I5b23d32189e1a8bb291c656cf6383a85b3e89642
Reviewed-on: https://code.wireshark.org/review/5592
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Note: Use of most of these filter names could have caused a Wireshark crash.
Change-Id: I393402a25dd26d174baff77f4706f6d5f43a94ae
Reviewed-on: https://code.wireshark.org/review/5610
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Change-Id: Ia8fce9307bae33c44d630af403980d162afd88c2
Reviewed-on: https://code.wireshark.org/review/5597
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I4eadf2b613b7803c81593e517408631f8375ab2c
Reviewed-on: https://code.wireshark.org/review/5596
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I66c1973daa89690f6aaa10891408e93e886875ea
Reviewed-on: https://code.wireshark.org/review/5595
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
(I guess newer versions of GCC/Clang know that dissect_eh_frame() is
never called with a segment_size of 0, so the loop is traversed at least
once. NOTE: if it ever *is* called with a segment_size of 0, then
that's a genuine bug and needs to be fixed.)
Also, segment_size is used; no need to mark it as unused.
Change-Id: I63b7a580a853b55f22494de73b4c4e6f9a387647
Reviewed-on: https://code.wireshark.org/review/5591
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Fixes, matching LSB 4.1[1] and the AMD64 ABI[2]:
- Multiple CIE entries can exist after the first one. Introduce a CFI
subtree and add CIE and FDE records below it. Merge comon parsing
functionality of CIE/FDE. A CIE terminator is treated specially, and
added instead of a CFI subtree.
- Validate the header length before using it to avoid a dissector
assert. This condition is triggered by a binary produced by a buggy
gold linker[3].
- Add two expert items: one to detect an invalid CIE length (too small
or too large) and one to detect a segment which is larger than the
CFI records (to catch the gold linker bug[3] where the segment begins
with zeroes).
- Do not overload the elf.eh_frame.length field with the value of the
Extended Length, instead use elf.eh_frame.extended_length (likewise
for FDE).
- Stop tracking the subsection size with another variable
(remaining_length), just store the end of the entry.
- Fix typos in descriptions, improved / shortened field descriptions.
Tested with the 'bad' and 'good' binary from bug 10726 as well as the
'a' binary from bug 8818 (which introduced this code). Decodes properly.
[1]: https://refspecs.linuxfoundation.org/LSB_4.1.0/LSB-Core-generic/LSB-Core-generic/ehframechpt.html
[2]: http://www.x86-64.org/documentation/abi.pdf
[3]: https://sourceware.org/bugzilla/show_bug.cgi?id=17639
Bug: 10726
Change-Id: I523600b8141bd8953ae468051a57357ab199a258
Reviewed-on: https://code.wireshark.org/review/5488
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Both exponent and 'integer N' values are limited:
* max exponent is 3 octets/24-bits
* max integer N is 8 octets/64-bit
Tested with zero value/length, integers, doubles, positive and negative numbers all using the Basic Encoding Rules (BER)
Change-Id: If92e1b3e209c42909b8cb76e6f50b8e6cd1da0da
Reviewed-on: https://code.wireshark.org/review/5527
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I3b5afb8a59f6443624708b9fecfdcbe93dad59ef
Note: Some of the filters, when/if used, could have caused Wireshark crashes.
Reviewed-on: https://code.wireshark.org/review/5575
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Change-Id: I7db4e67ffe99a9f3b41d0b507d9837e0237d4547
Reviewed-on: https://code.wireshark.org/review/5558
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I668b9c3dfcac83c698e83d4111af8bd19ec8076c
Reviewed-on: https://code.wireshark.org/review/5559
Reviewed-by: Michael Mann <mmann78@netscape.net>
* Include DCP port to the list default ports
* Parse payloads for DCP commands:
* OPEN_CONNECTION
* ADD_STREAM
* STREAM_REQUEST
* Reorganize if conditions to cases
* Update list of known commands
Change-Id: Id37b5c61f0d1084628c6286fd6e4ad722e1d6d99
Reviewed-on: https://code.wireshark.org/review/5388
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Sergey Avseyev <sergey.avseyev@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fix AS Path Heuristic
Issue reported by Jon
Bug: 10742
Change-Id: Ie5e4108bd93464a2d1076dcc4f322171ea8e68cb
Reviewed-on: https://code.wireshark.org/review/5564
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Details:
- Rename various "alljoyn.header..." display filter
names releated to the alljoyn "message header"
to "alljoyn.mess_header..." to distinguish
the fields from actual alljoyn "header" fields.
This also fixes the duplicate use of the display
filter name "alljoyn.header".
- Don't use FT_PROTOCOL for a field type.
Change-Id: Id4e78f36716cf6064638aecd5faf561bcbc88b46
Reviewed-on: https://code.wireshark.org/review/5561
Petri-Dish: Bill Meier <wmeier@newsguy.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Joe Huffman <jhuffman@codeaurora.org>
Reviewed-by: Bill Meier <wmeier@newsguy.com>
The offset used for BGP community tag dissection is a wrong one.
Bug: 10746
Change-Id: I1d1d443568bb97a0b3b95a312762ac0a3102326a
Reviewed-on: https://code.wireshark.org/review/5562
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Dissectors should pass data directly to their subdissectors through the data parameter (of new-style dissectors). This avoids unintentional "trampling" from other dissectors trying to "share" private_data member.
Change-Id: I2efef5c8dfeef64588ba3ac6e695b469238c6468
Reviewed-on: https://code.wireshark.org/review/5487
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Part 3 of many, but this concludes the strict conversion to proto_tree_add_bitmask. Patches to follow with use proto_tree_add_bitmask_xxx (some functions still need to be written)
Change-Id: Ic2435667c6a7f1d40602124e5044954d2a296180
Reviewed-on: https://code.wireshark.org/review/5553
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Two comments are added to the code to notify Coverity scan that breaks are not put in switch statement intentionally.
Change-Id: Ie391790ee7365da56ddf0bf7b19042c9a11efddd
Reviewed-on: https://code.wireshark.org/review/5554
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Part 2 of many
Change-Id: I50815e7738b011382392f3078a7107d3d9eec4ec
Reviewed-on: https://code.wireshark.org/review/5542
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I7694a6f8d8ccec3109fb86ccefee5798de57757d
Reviewed-on: https://code.wireshark.org/review/5548
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Evan Huus <eapache@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Give all routines in epan/print.c that write a particular format a name
beginning with write_{formatname}.
If routines write columns, rather than the raw protocol tree, don't give
it a name containing proto_tree.
Get rid of empty preamble/finale routines.
For CSV, the preamble routine writes out column titles, so call it
write_csv_column_titles().
For C arrays, the body routine writes out raw hex data, so call it
write_carrays_hex_data().
capture_file isn't a structure defined by libwireshark, so don't make it
an argument passed into libwireshark.
Change-Id: I5a7e04de9382cf51a59d9d9802f815b8b3558332
Reviewed-on: https://code.wireshark.org/review/5536
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Part 1 of many
Change-Id: I77a5789ac23388e6a5f8098dc398592f39638124
Reviewed-on: https://code.wireshark.org/review/5532
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
no ethertype 0x8203-0x8205 support in trunk.
0x8204 is QNX OS VER 6's qnet ethernet protocol number.
Bug:3934
Change-Id: I5f3e910876bb7fb86de2111f856d026fdf220917
Reviewed-on: https://code.wireshark.org/review/2954
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
* Also cleanup description of remaining preferences
See Bug 10719
Change-Id: I81faba77d8b88b24c65156f5139067233869154b
Reviewed-on: https://code.wireshark.org/review/5416
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: If56209f1274245f54100d0acfaf14098c8df4582
Reviewed-on: https://code.wireshark.org/review/5520
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ie46d6c201df0b0164a8bf96c02d6430734fd2948
Reviewed-on: https://code.wireshark.org/review/5518
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Displays the FDE Count as a number, not a series of bytes.
Change-Id: I60dd426cb5305a5001a8200578008b7c4a99c64e
Reviewed-on: https://code.wireshark.org/review/5489
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
This was changed in g8881f3f in an attempt to avoid throwing an exception when decoding the options field
Bug: 10514
Change-Id: Ia4b49f484d6255090c5a6e425a9716b48ccc4cb5
Reviewed-on: https://code.wireshark.org/review/5495
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Also convert many of the proto_tree_add_boolean calls into proto_tree_add_bitmask.
Change-Id: I1fb2f943abed28434a2aadc48eb7e9ffb766f463
Reviewed-on: https://code.wireshark.org/review/5523
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This should avoid questions like
https://ask.wireshark.org/questions/38198/what-is-enttec-in-a-pcap-file
It also splits DMX-over-UDP and DMX-over-TCP into separate dissectors,
as
1) DMX-over-TCP has only config packets, DMX-over-UDP has the
others;
2) that would let us do reassembly, if necessary, for
DMX-over-TCP.
Change-Id: I2606c814693028c7ba2bbc458e45c853372baaf3
Reviewed-on: https://code.wireshark.org/review/5522
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Dissection of Layer setting services (LSS) sub-protocol
according to CiA 305.
Change-Id: I24ca1827b25c30a672fb31cad390b3c1486102f4
Reviewed-on: https://code.wireshark.org/review/5516
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Since ge3a04bb data parameter is used for the media-type string
Bug: 10729
Change-Id: I3df640079a8bf57f4bd86a1baa08cbf9a3a7e1b3
Reviewed-on: https://code.wireshark.org/review/5511
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
* Move sdo dissection to separate function
Added dissect_sdo() function to handle the more complex SDO dissection.
* SDO command specifier decoding
Decoding of both client and server command specifier for SDO transfers
according to CiA 301 Chaper 7.2.4.3.
Note: Fully decoding block transfer frames is more complex and not supported
yet.
* basic SDO abort code decoding
SDO abort codes as specified in CiA 301 Chapter 7.2.4.3.17 (Table 22).
* Basic value ranges for object dict index parameter
Object dict ranges as specified in CiA 301 7.4.1 (Table 41)
* cs-based multiplexer and data decoding
A data width of 4 byte is valid only for expedited transfer and a
multiplex value is present only in initialisation messages.
This patch now handles also normal sdo segment data.
Reference: CiA 301, Chapter 7.2.4.3.3 and 7.2.4.3.6
Change-Id: I37005894082d62eed1ddd85e09e3676aa3af8222
Reviewed-on: https://code.wireshark.org/review/5504
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I13197cc48068bb35ee12a7023cfe5f76bbc4e264
Reviewed-on: https://code.wireshark.org/review/5486
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
out that tvb_new_subset(tvb, tvb_sectionbegin, sectionlen, -1) causes a
problem as reported_length is set to -1, set it to sectionlen.
Change-Id: I650d3fa1390be5add66ed44d0f70929b9eb0aad6
Reviewed-on: https://code.wireshark.org/review/5505
Reviewed-by: Anders Broman <a.broman58@gmail.com>
sccp_msg_info_t* is now passed from SCCP dissector to its subdissectors through dissector data parameter.
Change-Id: Iab4aae58f8995e844f72e02e9f2de36e83589fc0
Reviewed-on: https://code.wireshark.org/review/5442
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. Also show Reserved/Toggle bit of NMT error control
In case of the node guarding protocol this bit is used as a toggle bit.
In case of the hearbeat protocol this bit is reserved.
Reference: CiA 301 (rev 4.2.0), Chap. 7.2.8.3.2
2. Show optional 'counter' parameter of SYNC messages if available
Reference: CiA 301 (rev 4.2.0), Chap. 7.2.5.3.1
Change-Id: I5dc0ab65e95fec4846a9c8bd8972ef2eba664ee2
Reviewed-on: https://code.wireshark.org/review/5484
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
They may be accessed during the print phase, at which point packet-scope memory
has already been freed.
Bug: 10724
Change-Id: Ifcf5fc0c0857614edf85349b12dfe605abf6fef7
Reviewed-on: https://code.wireshark.org/review/5497
Reviewed-by: Evan Huus <eapache@gmail.com>
They may be accessed during the print phase, at which point packet-scope memory
has already been freed.
Bug: 10720
Change-Id: Ia2b160fd9de4ccaa3a4b8d9cb70fb9b32d4e08a0
Reviewed-on: https://code.wireshark.org/review/5496
Reviewed-by: Evan Huus <eapache@gmail.com>
It appears that Wireshark allows (and currently has) fields with the
same name with differing "strings" content.
Change-Id: Iddac5a2c9f456a97ea676f2007f43d786482eebd
Reviewed-on: https://code.wireshark.org/review/5491
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Change-Id: I24ab56ce7d99f8ed670f4a50453223d4e6a46983
Reviewed-on: https://code.wireshark.org/review/5463
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I82cbfed770b41404bc42cb6a4413db07d04dffdc
Reviewed-on: https://code.wireshark.org/review/5462
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Previously the COB-ID and Type subtree also used the main ett_canopen
variable. This made control of subtree expansion impossible as both
parent and subtree nodes shared the same state.
Change-Id: I3dabf7f399e83bfcfbf78bc0e633e3696776c043
Reviewed-on: https://code.wireshark.org/review/5480
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: I0a0cb0b4838bc4e55a759fb6031355892c220c8e
Reviewed-on: https://code.wireshark.org/review/5461
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ibb47fd1a0d498cc9791ca31ee625395905a7e999
Reviewed-on: https://code.wireshark.org/review/5464
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
RFC draft http://www.ietf.org/id/draft-fox-tcpm-shared-memory-rdma-05.txt
used as reference for packet dissection.
A small change was made to packet-infiniband, to add the Queue Number to the
info column. This allows for easy indentification of session traffic for a
particular QP.
Also: infiniband: tvb_length() --> tvb_captured_length()
Bug: 10715
Change-Id: I774ceffaa5c271cb6a28ab4ed21e53cd42f2547b
Reviewed-on: https://code.wireshark.org/review/5386
Petri-Dish: Bill Meier <wmeier@newsguy.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Change-Id: Iadd80aab291e5de714891a9f3c79edeca19e9b93
Reviewed-on: https://code.wireshark.org/review/5458
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
enabled
tcp_analysis::base_seq could be set several times when the
TCP ISN was set to 0, thus inducing some undesired wraps such as 0-1
Bug: 10713
Change-Id: I69a0dfe677e93bf51015bf7a39ebf888631b12a4
Reviewed-on: https://code.wireshark.org/review/5387
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
Second try... ;-)
Remove also double space
Change-Id: I77aa269c1abae18b4fb9daec6cc0ac862cf4ab9f
Reviewed-on: https://code.wireshark.org/review/5421
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
* Fix wrong length for Operator Identifier
* Display Latitude and longitude in Degrees
Bug:10712
Change-Id: Idf6ba63db3ff16710fd0de7a7fd2233148cbaf4a
Reviewed-on: https://code.wireshark.org/review/5473
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Use also value_string ext
Request from Hugo van der Kooij
Bug:10723
Change-Id: I0603687215b7e82a987a4a6cde00eb996b04a77c
Reviewed-on: https://code.wireshark.org/review/5466
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This is already done automatically for the hf entries thanks to hfinfo_format_text() function
Bug: 10536
Change-Id: I9ee56b795234a94f0e59c82a96e3e6cedf71c4e6
Reviewed-on: https://code.wireshark.org/review/5459
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Store all handshake mesages in a buffer so that we can hash them
correctly when generating the master secret.
This change does not work correctly for DTLS retransmitted packets; that
are in the handshake as they will be hashed twice; which is bad. Looking
for ideas to implement this.
Bug: 10686
Change-Id: Ied01d4cc37b4270f325070a8d1630d3123577a0d
Reviewed-on: https://code.wireshark.org/review/5168
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Don't cast a pointer-to-int into a pointer-to-pointer and pass the
resulting pointer to g_hash_table_lookup_extended() - pointers and ints
are *not* guaranteed to be the same size. Instead, just have a variable
of type gpointer, pass a pointer to *that*, and then run that result
through GPOINTER_TO_UINT().
This fixes a reproducible crash.
Change-Id: I42954f222ab59866cb909b80d9dbb1d2668d2aff
Reviewed-on: https://code.wireshark.org/review/5457
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This makes it easier to focus on a single section entry, collapsing all
other entries.
Change-Id: I3de72065eb279e9449496a7224508e5be85c3757
Reviewed-on: https://code.wireshark.org/review/5456
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I9abdc8c3deed35131af1537733d624d5cfced182
Reviewed-on: https://code.wireshark.org/review/5443
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Convert a handful of global variables into function parameters that get passed through the dissector, so we shouldn't be dependent on pinfo->sccp_info anymore. Removal of pinfo->sccp_info will be done in a separate patch (when the dissectors that use it can be updated).
packet-sua.c may need similar treatment.
Change-Id: If0001638d666afc07e04b02aa32ef31d6223a5de
Reviewed-on: https://code.wireshark.org/review/5343
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
We should warn when decoding Geneve packets with an unknown
version number.
Change-Id: Id40b756c3bb0320b69fbd8ee98830a2b05834a48
Reviewed-on: https://code.wireshark.org/review/5420
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Pass the "output only these protocols" hash table as an argument,
instead.
Change-Id: Id8540943037e7b9bbfe377120c3f60dbe54fe0f1
Reviewed-on: https://code.wireshark.org/review/5440
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have write_psml_preamble() and write_csv_preamble() take a capture_file *
as an argument, so they can print the column titles themselves, rather
than having to defer it to the routine that prints packet data.
Change-Id: Ifd1b7a13062be8ad46846315976922a752778153
Reviewed-on: https://code.wireshark.org/review/5438
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Put the low-level print stream code from epan/print.c into
epan/print_stream.c, leaving the higher-level stuff in print.c
Change-Id: Iae961f168ec655a29f434257b1af0937fca9f025
Reviewed-on: https://code.wireshark.org/review/5436
Reviewed-by: Guy Harris <guy@alum.mit.edu>
1. Fixed endianess in CANopen dissector.
According to CiA 301, 7.1.1. (p. 26):
"For numerical data types the encoding is little endian style."
2. Fixed NMT type string in CANopen dissector
NMT function code should not display 'EMERGENCY'
3. Fixed time stamp decoding
* Offset increment was too low for data type size
* Decoding of time_stamp_days must equal time_stamp_msec and thus be letohs instead of ntohs. CANopen data is little-endian encoded.
4. Fix: Use correct description string for NMT error control state bits
canopen.nmt_guard.state was faulty named "Node-ID". This was changed to "State".
5. Fix nmt_guard_state value_string array
CiA 301 desribes only 4 valid values. All other were deleted.
0x00 was renamed from 'Initalisation' to 'Boot-up' following CiA301.
6. Shortened EMERGENCY to EMCY
The term EMCY is the standard abbreviation used in CiA standard for Emergency service.
7. Fix: Allow SYNC and NMT error frames without any payload
NMT node guard remote requests do note have a payload,
SYNC frames only have an optional payload (counter)
If item length is set to -1, decode will cause a 'Malformed Packet' error.
8. Rename MT_NMT_GUARD to MT_NMT_ERR_CTRL which better reflects its scope
Change-Id: I676f9b5f2e4efd8e7c9528fe289e7510c4d43235
Reviewed-on: https://code.wireshark.org/review/5425
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Evan Huus <eapache@gmail.com>
To avoid further duplication of work and bugfixing,
move regex strings to wiretap/logcat_text.h and include
this file in epan/dissectors/packet-logcat-text.c
Change-Id: I82773cda0e3240844139b104c68738ec82788014
Reviewed-on: https://code.wireshark.org/review/5410
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Wrap the declaration for C++ while we're at it.
Change-Id: Ifcc1b47bab139f5fb8da8c3dd4f20b1ebb99739e
Reviewed-on: https://code.wireshark.org/review/5418
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Bill Meier