While IPv4 subnet masks are obviously related and similar to IPv4
addresses, they are distinct enough that they need to be treated
seperately in some aspects. For instance, there is no value in
attempting to resolve a subnet mask.
This change creates a new display type: BASE_NETMASK, which allows distinction from FT_IPv4
(and possible name resolution) where appropriate.
Change-Id: I99e19c9a58eb613f8e58d481af84c30e2e5e14d7
Reviewed-on: https://code.wireshark.org/review/10438
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
are registered.
Change-Id: I06f10d96916640cb9a782cae87898a5dd6c9c6e3
Reviewed-on: https://code.wireshark.org/review/10601
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Its time has finally come.
Technically I just renamed it to proto_tree_add_text_internal and removed the WS_DLL_PUBLIC (so it shouldn't link outside of epan). It's still (legitimately) used by expert.c otherwise I would have made it static within proto.c (and the rename wouldn't have been necessary).
Change-Id: I9bdf888d5e92bc7b70a3f5461b9297a66d994b80
Reviewed-on: https://code.wireshark.org/review/10594
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
This is what should be used if, for some reason, decryption can't be
performed. (And if there's a known reason why decryption can't be
performed, it should be used, so the user knows why their
802.11/SSL/whatever traffic isn't decrypted, and either doesn't have to
ask why or, at least, can give more details when they do ask why.)
(Yes, I plan to use this for the 802.11 decryption code. Work in
progress.)
Change-Id: I812e61c2a4613d2e85f9ced1f5ed6ae91ac5f7ae
Reviewed-on: https://code.wireshark.org/review/10421
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This is initial support for reloading Lua plugins without
restarting the application.
Still todo:
- Deregister FileHandlers
- Support deregister ProtoField with existing abbrev (same_name_hfinfo)
- Add a progress dialog when reloading many plugins
- Search for memory leakages in wslua functions
Change-Id: I48870d8741251705ca15ffe1068613fcb0cb18c1
Reviewed-on: https://code.wireshark.org/review/5028
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
This dialog combines the "protocols" and heuristic dissectors (from GTK) into a single tree view where heuristic dissectors are children of their protocol.
Change-Id: I107656afd079c1d1c8a98161b736e4b4ad84f813
Reviewed-on: https://code.wireshark.org/review/9739
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Combine the GTK+ RTP Stream Analysis and RTP Graph Analysis dialogs into
one. Yell at the user less. Disable the Analyze RTP Stream menu item if
we don't have an RTP stream selected.
There are a *lot* of moving parts in this dialog. I've tested with the
few RTP captures I have but it's by no means complete.
"To do" items are listed at the top of rtp_analysis.cpp.
Change-Id: Id503977f069bebc46cc68bc749f0c9cbf4d37bf6
Reviewed-on: https://code.wireshark.org/review/9650
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Add spaces around literals to avoid warnings when compiling ui/qt
with clang++ 3.6 -Wreserved-user-defined-literal (on Mac OS X).
Change-Id: Ia2703dd8c914e8ffb299c4a6c44bba3aa674acb8
Reviewed-on: https://code.wireshark.org/review/8607
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
- DCOM:
* Mark some DCOM functions as public do allow calls from plugins
* Add Support for Additional Variant Types Money, I8, UI8
* Fix an uint32 overflow when dissecting nwstringz0 where the length is 0
* Use WS_DLL_PUBLIC instead of WS_DLL_PUBLIC_DEF
Change-Id: I02861a09203c6b42326f5a7b7e652e0f7c26d369
Reviewed-on: https://code.wireshark.org/review/8222
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
argument 'expression' of command @param is not found in the argument list of __DISSECTOR_ASSERT_STRINGIFY(s)
The following parameters of __DISSECTOR_ASSERT_STRINGIFY(s) are not documented: parameter 's'
The following parameters of __DISSECTOR_ASSERT_CMPINT(a, op, b, type, fmt) are not documented: parameter 'type', fmt
The following parameters of proto_tree_add_bitmask_list(proto_tree *tree, tvbuff_t *tvb, const guint offset, const int len, const int **fields, const guint encoding) are not documented: parameter 'len'
Change-Id: I6adc34e66f45cdba63c34e87db762b39a281d127
Reviewed-on: https://code.wireshark.org/review/8230
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This allows checkAPIs to continue checking the 'convert' field for correctness
when dissectors use value_string_ext_new() to build their value_string_ext's
(without resorting to tricks like getting the address of the dereferenced
pointer).
This will be used to resolve the checkAPIs failure in patch set 3 of
Ia5c96b1f6f1fe3a9521b3d70142889e3881fae5e .
Change-Id: I700d86b9076f077706d34000f5a6aa5c96351f69
Reviewed-on: https://code.wireshark.org/review/8162
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add proto_tree_add_bitmask_value, proto_tree_add_bitmask_value_with_flags and proto_tree_add_bitmask_list to aid in the removal of proto_tree_add_boolean "groupings" as well as "groups" of fields that use proto_tree_add_item with the same offset/len.
This may be able to be optimized later, but the first step will be converting dissectors to use it. A sample conversion of each API is also included.
Change-Id: I53febc7450ad632482f82615a7fa62174f8472c9
Reviewed-on: https://code.wireshark.org/review/8038
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ibca63a9119b9c45e6a24fe3dc14dc7ed86c3576a
Reviewed-on: https://code.wireshark.org/review/7774
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
works as proto_tree_add_item(), but also returns the value of (u)ints
of 8,16,24 and 32 bits length in a 32 bit variable. It's based on Hadriels
previous work.
Change-Id: If3b4b8588b63251f1ee9b954a202acde7c02ce86
Reviewed-on: https://code.wireshark.org/review/7230
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Most of our sites are now HTTPS-only. Update URLs accordingly. Update
other URLs while we're at it. Remove or comment out dead links.
Change-Id: I7c4f323e6585d22760bb90bf28fc0faa6b893a33
Reviewed-on: https://code.wireshark.org/review/7621
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
proto.c:8733:1: warning: no previous prototype for 'proto_tree_add_uint64_bits_format_value' [-Wmissing-prototypes]
proto.c:8812:1: warning: no previous prototype for 'proto_tree_add_int64_bits_format_value' [-Wmissing-prototypes]
proto.c:8861:1: warning: no previous prototype for 'proto_tree_add_boolean_bits_format_value64' [-Wmissing-prototypes]
Change-Id: Ic40ca6f32739b415a423fc978e8677d669a95867
Reviewed-on: https://code.wireshark.org/review/7509
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add the ability to set frame number types: none, request, or response.
Use the types to draw different related packet indicators in the packet
list.
Track the conversation in PacketListRecord. Use it to draw dashed lines
for unrelated frames.
Set frame number types for DNS and ICMP.
Instead of drawing a transparent QImage, alpha blend our foreground
color and draw directly in our painter. Blend more toward the foreground
color.
Add FRAMENUM_TYPE to checkAPIs.
Change-Id: I2495945bb436413e05d6ec697184a0b4fd5ad214
Reviewed-on: https://code.wireshark.org/review/7436
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Change-Id: I57354c309ecf3a0c8f0c7cff485638027f30bb19
Reviewed-on: https://code.wireshark.org/review/5813
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a CF_FUNC macro to match VALS, TFS, etc. This should help us to avoid
the following warning:
warning: ISO C forbids initialization between function pointer and 'void *' [-Wpedantic]
We could start adding DIAG_OFF+DIAG_ON everywhere but this seems to be
more consistent with the other macros in proto.h. Update each instance
of BASE_CUSTOM to use CF_FUNC.
Adjust a dummy variable name generated by asn2wrs.py that was triggering
an invalid error in checkhf.pl.
Fix an encoding arguement in packet-elasticsearch.c found by
fix-encoding-args.pl.
Change-Id: Id0e75076c2d71736639d486f47b87bab84e07d22
Reviewed-on: https://code.wireshark.org/review/7150
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Change-Id: Ib79831e02a9a6457ca49c21536ce46df7d4cafa0
Reviewed-on: https://code.wireshark.org/review/7133
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
1988 called, they want their lack of a C standard back. We don't need
to check whether we have stdarg.h, stddef.h, stdlib.h, or string.h, as
they're specified by C89 and I don't think there are any platforms we
care about that don't have a C89 environment in which we could be built.
Change-Id: I447551181284fab7722354b62774625ed8ee94bc
Reviewed-on: https://code.wireshark.org/review/7110
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change name from proto_tree_add_new_bytes to
proto_tree_add_bytes_with_length and other tweaks
pointed by Peter Wu.
Change-Id: I6058c28a74a154e2882e4eb04558bedcede6f508
Reviewed-on: https://code.wireshark.org/review/7039
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Version to add as generated field, without tvb offset, length.
Change-Id: If4c7aebcbf1b47faa483bcbd40995eff3ccb99f0
Reviewed-on: https://code.wireshark.org/review/6906
Tested-by: Michal Labedzki <michal.labedzki@tieto.com>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
the DISSECTOR_ASSERT macro and friends are all guaranteed to be called within
the scope of a dissection, so they are safe to replace with wmem_packet_scope.
Change-Id: I2684fb902da78d50aca5f4644df66c060caff625
Reviewed-on: https://code.wireshark.org/review/6629
Reviewed-by: Evan Huus <eapache@gmail.com>
Change-Id: I7a40c0996517aa71b4ddb764ce3a6e92a55260ad
Reviewed-on: https://code.wireshark.org/review/6589
Reviewed-by: Michael Mann <mmann78@netscape.net>
There's no requirement for "display" field values to have names
beginning with BASE_; use SEP_, to indicate that they're separators.
(And, yes, we should introduce SEP_NONE, with a value of 0, and use it.)
While we're at it, fix BASE_SEMICOLON - the separator is a colon, not a
semicolon - and document SEP_SPACE in doc/README.dissector.
Change-Id: I856aafda2c60b8320dffe287f0deb06a9604a2bf
Reviewed-on: https://code.wireshark.org/review/6486
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It's just like BASE_DOT, BASE_DASH and BASE_SEMICOLON, only its a space between bytes. Since this seems pretty specific to FT_BYTES, perhaps there is a better was to represent the functionality (like FT_BOOLEAN uses numeric values for number of bits)?
Change-Id: I1a8f1ab263ece2736a8012b66fdd6a9105db7282
Reviewed-on: https://code.wireshark.org/review/6451
Reviewed-by: Michael Mann <mmann78@netscape.net>
There isn't a legitimate use for the API, all cases can be covered with proto_tree_add_item. As a bonus, a few more tvb_get_ptr calls can be removed.
Change-Id: I3bb86ba8f05ef3363407bcfe9b059ee27ebc135d
Reviewed-on: https://code.wireshark.org/review/6429
Reviewed-by: Michael Mann <mmann78@netscape.net>
These "bases" will put a ".", "-", or ":" respectively between hexidecimal bytes in the field in packet view and display filter. FT_BYTES with BASE_NONE will have no separator in the packet view, but continue to have the ':' as a separator in the display filter.
Converted the "string" hf_ entries that used tvb_fc_to_str as a string to use proto_tree_add_item with FT_BYTES/BASE_DOT type.
Converted applicable tvb_bytes_to_ep_str_punct() calls to use the new BASE values.
Change-Id: I2442185bb314d04a3ff2ba57883652ecd738b5f9
Reviewed-on: https://code.wireshark.org/review/6098
Reviewed-by: Michael Mann <mmann78@netscape.net>
(Along the lines of provious changes.)
Change-Id: I22d76f22400d4a93242392ff4688acc753eb0039
Reviewed-on: https://code.wireshark.org/review/5961
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Give the field name in the message.
Change-Id: I046c74b451b473c9c87c2980122b025390f82cc8
Reviewed-on: https://code.wireshark.org/review/5959
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The code works if they're defined afterwards, but defining them earlier
makes it a bit clearer that they're helper macros used as components of
the macros we're exporting.
Change-Id: I326894eea67d2db43fedf4567699cd9eaaa0e004
Reviewed-on: https://code.wireshark.org/review/5956
Reviewed-by: Guy Harris <guy@alum.mit.edu>
You can now add column with Custom type with more than one field
by using OR "||" splitter.
Bug: 9695
Change-Id: Ia82a91e7a35b867647d36cb9626e3870f46c0d85
Reviewed-on: https://code.wireshark.org/review/5804
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Have dissectors register their desire to be part of "color" conversation filters and have the GUI use that registered list. GUI actually using API will come in a separate commit.
Change-Id: I5ffe922d97894fe7bf3182056b76ab5839a9461a
Reviewed-on: https://code.wireshark.org/review/5658
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It's proto_tree_add_bitmask with the ability to control the data appended to header.
Change-Id: Icce97437ba7cfc9158ec204a837da8db8138424a
Reviewed-on: https://code.wireshark.org/review/5533
Reviewed-by: Michael Mann <mmann78@netscape.net>
This improvement avoids use of deallocated memory (crash) if using a
deregistered field in display filter, color filter, custom column and
other cases when the field is used as "interesting field".
This functionality is currently used in http, imf and ldap preferences.
Also removed unused proto_registrar_n() as this does not work correctly
after deregistering fields.
Change-Id: I043e3bf7a98bd773c9801e712a012d1eab8a7f94
Reviewed-on: https://code.wireshark.org/review/5161
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Stig Bjørlykke <stig@bjorlykke.org>
it returns the parent tree of a given tree object
Change-Id: I191e0221651ffb5b26df761e9a25075aa0eb2ad3
Reviewed-on: https://code.wireshark.org/review/4954
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
There are protocols out there that have 64-bit wide bit mask fields, so
make the internal representation and bitfield decoders 64-bit aware.
For this, the ws_ctz() fallback and bits_count_ones() have to be tweaked
slightly.
Change-Id: I19237b954a69c9e6c55864f281993c1e8731a233
Reviewed-on: https://code.wireshark.org/review/4158
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Also: re-enable use of DISSECTOR_ASSERT_CMP... macros in packet-ceph.c
Change-Id: Icee80381f5c8feb14cfc7e4033bdeb893018ce95
Reviewed-on: https://code.wireshark.org/review/3749
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Change-Id: I2e8d18df71688c654f7acaff51fae7823c08aa6a
Reviewed-on: https://code.wireshark.org/review/3677
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Other minor cleanup while in the neighborhood.
Change-Id: Ib76f4a9f89b5933425760af0a980c6a549031b8f
Reviewed-on: https://code.wireshark.org/review/3537
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Refactor (non-GUI) conversation table functionality from gtk/Qt to epan. Also refactor "common GUI" conversation table functionality.
The idea is to not have to modify the GUI when a dissector adds a new "conversation type"
Change-Id: I11f08d0d7edd631218663ba4b902c4a4c849acda
Reviewed-on: https://code.wireshark.org/review/3113
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Change-Id: I2d2bbc211e98ad24a27c855031f670b7bdbd530e
Reviewed-on: https://code.wireshark.org/review/3162
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Jeffrey Smith