Change all wireshark.org URLs to use https.
Fix some broken links while we're at it.
Change-Id: I161bf8eeca43b8027605acea666032da86f5ea1c
Reviewed-on: https://code.wireshark.org/review/34089
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Supported since GLib 2.20, we require at least 2.32.
Change-Id: I0bdeaaaf11dad5352aa2f6e4dc9e23be9dc93e3a
Reviewed-on: https://code.wireshark.org/review/33977
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Make the time stamp precision a 4-bit bitfield, so, when combined with
the other bitfields, we have 32 bits. That means we put the flags at
the same structure level as the time stamp precision, so they can be
combined; that gets rid of an extra "flags." for references to the flags.
Put the two pointers next to each other, and after a multiple of 8 bytes
worth of other fields, so that there's no padding before or between them.
It's still not down to 64 bytes, which is the next lower power of 2, so
there's more work to do.
Change-Id: I6f3e9d9f6f48137bbee8f100c152d2c42adb8fbe
Reviewed-on: https://code.wireshark.org/review/31213
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add ENC_TIME_SECS_NSECS and ENC_TIME_SECS_USECS; they make it more
explicit (especially to those not familiar with UN*X data types) what
the representation is, allow for ENC_TIME_SECS_MSECS etc. if they're
needed, and match names such as ENC_TIME_SECS and ENC_TIME_MSECS.
Change-Id: I6ab36fb4da70563587141cd65ffff8523477b0c4
Reviewed-on: https://code.wireshark.org/review/28564
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add 8-bit, 16-bit, 24-bit, and 32-bit "fetch signed value" routines, and
use them rather than casting the result of the 8/16/24/32-bit "fetch
unsigned value" routines to a signed type (which, BTW, isn't sufficient
for 24-bit values, so this appears to fix a bug
in epan/dissectors/packet-zbee-zcl.c).
Use numbers rather than sizeof()s in various tvb_get_ routines.
Change-Id: I0e48a57fac9f70fe42de815c3fa915f1592548bd
Reviewed-on: https://code.wireshark.org/review/26844
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
oss-fuzz triggered: set_address: assertion failed: (addr_data == NULL).
Valgrind confirms that ceph was passing uninitialized value to set_address()
==16301== Conditional jump or move depends on uninitialised value(s)
==16301== at 0x6C37762: set_address (address.h:78)
==16301== by 0x6C37762: copy_address_shallow (address.h:253)
==16301== by 0x6C37762: c_node_copy (packet-ceph.c:1433)
==16301== by 0x6C37F72: c_conv_data_copy (packet-ceph.c:1455)
==16301== by 0x6C37F72: c_conv_data_clone (packet-ceph.c:1464)
==16301== by 0x6C37F72: c_pkt_data_save.isra.4.part.5 (packet-ceph.c:1593)
==16301== by 0x6C40EAE: c_pkt_data_save (packet-ceph.c:1561)
==16301== by 0x6C40EAE: dissect_ceph.isra.60 (packet-ceph.c:7046)
==16301== by 0x6C4186A: dissect_ceph_heur (packet-ceph.c:7111)
Found by oss-fuzz/6148.
Change-Id: I8ec762d541fd8cfd919710cf460c44968707dcc5
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6148
Reviewed-on: https://code.wireshark.org/review/25736
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Field 'Type' (ceph.type) has a conflicting entry in its value_string: 64 is at indices 39 (C_CEPH_MSG_PRIO_LOW) and 40 (C_MSG_MON_SCRUB))
Change-Id: I69e6bd56d928c20b6262999e057c92f0d325e96d
Reviewed-on: https://code.wireshark.org/review/21509
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The current ceph dissector assumes that the server will always send its
initial connection negotiation first, but that's not necessarily the
case, especially with the kernel client which sends its banner as soon
as the socket is created.
So, we need a better mechanism to determine which end is client and
which is the server. The server sends its own address and then the
address of the client, but the client only sends its own address. We
can determine whether the initial negotiation message is from the client
or server by looking at the data after the first entity addr and seeing
whether it also looks like an entity addr.
This patch takes that approach. It just grabs the address family from
the second address and sees whether it's IPv4 or IPv6. If it's not one
of those, then it assumes that it's not an entity_addr_t at all and is
therefore a request from the client.
We could go farther and try to verify the port and address as well, but
that's probably overkill. The address family is at the same offset as
the host_type field in the client's Connect request, but it's big endian
and the host_type is little endian. As long as we don't end up with
host_types that are 0x200 or 0xA00, this scheme should be OK.
Change-Id: I161d02da86d978272eff95497c6df66766b02ebc
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Reviewed-on: https://code.wireshark.org/review/16043
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: I8d4ca2e46a556e32e594610fd26c72840783601e
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Reviewed-on: https://code.wireshark.org/review/16042
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I30f1b92ee438361c3bd58743f7d1ae8d5ffc96f0
Reviewed-on: https://code.wireshark.org/review/15718
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
'ieee17221.clock_source_id' exists multiple times with NOT compatible types: FT_UINT16 and FT_UINT64
'ieee17221.stream_format' exists multiple times with NOT compatible types: FT_NONE and FT_UINT64
'afp.unknown' exists multiple times with NOT compatible types: FT_UINT16 and FT_BYTES
'afp.toc_offset' exists multiple times with NOT compatible types: FT_NONE and FT_UINT64
'bootp.client_id.iaid' exists multiple times with NOT compatible types: FT_UINT32 and FT_STRING
'bthfp.chld.mode' exists multiple times with NOT compatible types: FT_STRING and FT_UINT8
'canopen.pdo.data' exists multiple times with NOT compatible types: FT_STRINGZ and FT_BYTES
'canopen.sdo.data' exists multiple times with NOT compatible types: FT_UINT32 and FT_BYTES
'ceph.msg.' exists multiple times with NOT compatible types: FT_UINT32 and FT_UINT64
'ceph.version' exists multiple times with NOT compatible types: FT_UINT16 and FT_UINT64
'cip.linkaddress' exists multiple times with NOT compatible types: FT_STRING and FT_UINT8
'dnp3.al.ana' exists multiple times with NOT compatible types: FT_FLOAT and FT_INT32
'dnp3.al.anaout' exists multiple times with NOT compatible types: FT_FLOAT and FT_INT32
'dtls.handshake.cert_url.url_hash_len' exists multiple times with NOT compatible types: FT_STRING and FT_UINT16
'ssl.handshake.cert_url.url_hash_len' exists multiple times with NOT compatible types: FT_STRING and FT_UINT16
'dvb-s2_gse.label' exists multiple times with NOT compatible types: FT_UINT24 and FT_ETHER
'fcdns.rply.fc4type' exists multiple times with NOT compatible types: FT_NONE and FT_UINT8
'fcdns.req.fc4type' exists multiple times with NOT compatible types: FT_NONE and FT_UINT8
'icmp.int_info.name' exists multiple times with NOT compatible types: FT_STRING and FT_BOOLEAN
'icmpv6.ilnp.nb_locs' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT8
'icmpv6.ilnp.nb_locs' exists multiple times with NOT compatible types: FT_UINT32 and FT_UINT64
'mausb.clear_transfers.status' exists multiple times with NOT compatible types: FT_BOOLEAN and FT_NONE
'mikey.v' exists multiple times with NOT compatible types: FT_BOOLEAN and FT_NONE
'mswsp.rangeboundry.ultype' exists multiple times with NOT compatible types: FT_STRING and FT_UINT32
'mswsp.arrayvector.address64' exists multiple times with NOT compatible types: FT_UINT32 and FT_UINT64
'nlm.lock.l_offset' exists multiple times with NOT compatible types: FT_UINT32 and FT_UINT64
'nlm.lock.l_len' exists multiple times with NOT compatible types: FT_UINT32 and FT_UINT64
'pflog.saddr' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
'pflog.daddr' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
'pflog.saddr' exists multiple times with NOT compatible types: FT_BYTES and FT_IPv6
'pflog.daddr' exists multiple times with NOT compatible types: FT_BYTES and FT_IPv6
'pgm.spm.path' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
'pgm.nak.src' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
'pgm.nak.grp' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
'pgm.poll.path' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
'pgm.opts.ccdata.acker' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
'pgm.opts.ccdata.acker' exists multiple times with NOT compatible types: FT_IPv4 and FT_IPv6
'pgm.opts.ccdata.acker' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
'pgm.opts.redirect.dlr' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
Change-Id: Iaf694699d108a12db172da8dd9fbab211adb329d
Reviewed-on: https://code.wireshark.org/review/14070
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change enum constants to a macro definition instead (even though not
all of them generate overflow warnings).
Change-Id: I276306055d5676b66020976d25665dc1dd7530ec
Reviewed-on: https://code.wireshark.org/review/13815
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It's not tied to the frame_data structure any more, so it belongs by
itself.
Clean up some #includes while we're at it; in particular, frame_data.h
doesn't use anything related to tvbuffs, so don't have it gratuitiously
include tvbuff.h.
Change-Id: Ic32922d4a3840bac47007c5d4c546b8842245e0c
Reviewed-on: https://code.wireshark.org/review/13518
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Some of the ASN.1 dissectors still generate a new_create_dissector_handle from the tool itself, so leave those for now.
Change-Id: Ic6e5803b1444d7ac24070949f5fd557909a5641f
Reviewed-on: https://code.wireshark.org/review/12484
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Picking off "easy" dissectors that only have one or two exit points at most.
Change-Id: Ie514f126352e7598acc4f7c38db9c61d105d5e48
Reviewed-on: https://code.wireshark.org/review/11850
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I8bc9af431e70243b05f4f0ce8c2b8ee451383788
Reviewed-on: https://code.wireshark.org/review/11463
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Replace CMP_ADDRESS, COPY_ADDRESS, et al with their lower-case
equivalents in the asn1 and epan directories.
Change-Id: I4043b0931d4353d60cffbd829e30269eb8d08cf4
Reviewed-on: https://code.wireshark.org/review/11200
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The preferences are still supported for backwards compatibility, but the heuristic_protos file has final say on the "preference" to enable/disable a heuristic dissector.
Also add parameter to heur_dissector_add() for the "default" enable/disable of a heuristic dissector. With this parameter, a few more (presumably weak) heuristic dissectors have been "registered" but of course default to being disabled.
Change-Id: I51bebb2146ef3fbb8418d4f5c7f2cb2b58003a22
Reviewed-on: https://code.wireshark.org/review/9610
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This allows better presentation of heuristic dissectors to the end user.
Change-Id: I2ff3985ab914e83c2989880cc0c7b9904045b3f6
Reviewed-on: https://code.wireshark.org/review/9602
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
coverity picked up on this being effectively dead code, and it's trivial to
prove it will never trigger
Change-Id: I5a2893671a764914f483d4ff6bcc835c9b0d3b28
Reviewed-on: https://code.wireshark.org/review/8615
Reviewed-by: Michael Mann <mmann78@netscape.net>
Shift 1U instead, to make sure it's unsigned; the result of, for
example, the result of shifting a signed value left is undefined if the
value times 2^{shift count} doesn't fit in the *signed* type of the
shifted value. That means, in particular, that the result of shifting 1
left by {number of bits in an int - 1} is undefined. (In *practice*,
it'll probably be -2^32, with the bit you want set, but that's not
guaranteed, and GCC 5.1 seems not to like it.)
Change-Id: I0d27565c382a04ceda9eec65f45a430ceb74cf53
Reviewed-on: https://code.wireshark.org/review/8255
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Broken since 4ac2441d7c ("Coalesce "-G
fields2" and "-G fields3" into "-G fields").
This patch fixes Python3 compatibility, fixes handling of the changed
output and option and prints the faulting line on assertion error. It
also updates two dissectors which had tabs in their description,
breaking the output.
Tested with Python 2.5.6, 2.6.6, 2.7.9, 3.2.6, 3.4.3.
Change-Id: Ifcd0d0eb092b357eca357cd53f2e1348ebf8885c
Reviewed-on: https://code.wireshark.org/review/7791
Reviewed-by: Gilbert Ramirez <gram@alumni.rice.edu>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Copy addresses with wmem-scope instead of (forced) seasonal scope. All existing instances were converted to wmem_file_scope, but the flexibility is there for other scopes.
Change-Id: I8e58837b9ef574ec7dd87e278470d7063ae8c1c2
Reviewed-on: https://code.wireshark.org/review/6564
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I79c613cbdd8dc939dd4c29ebc477fb6eefd5bfc4
Reviewed-on: https://code.wireshark.org/review/6371
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Specifically:
- Set packet.h to be the first wireshark #include after
config.h and "system" #includes.
packet.h added as an #include in some cases when missing.
- Remove some #includes included (directly/indirectly) in
packet.h. E.g., glib.h.
(Done only for those files including packet.h).
- As needed, move "system" #includes to be after config.h and
before wireshark #includes.
- Rework various #include file specifications for consistency.
- Misc.
Change-Id: Ifaa1a14b50b69fbad38ea4838a49dfe595c54c95
Reviewed-on: https://code.wireshark.org/review/5923
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Bill Meier <wmeier@newsguy.com>
For:
- FT_BYTES: Always use just ENC_NA
- integral/floating (other than FT_[U]INT8): Do ENC_NA --> ENC_BIG_ENDIAN
Also:
- FT_UINT... --> FT_UINT8 in a few cases (to match proto_tree_add_item...)
- Change one case of incorrect '||' to '|'
Change-Id: I427e0e61618ff8faf55691c8a695930f67d455b0
Reviewed-on: https://code.wireshark.org/review/4184
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Also: re-enable use of DISSECTOR_ASSERT_CMP... macros in packet-ceph.c
Change-Id: Icee80381f5c8feb14cfc7e4033bdeb893018ce95
Reviewed-on: https://code.wireshark.org/review/3749
Reviewed-by: Bill Meier <wmeier@newsguy.com>
New messages:
- Mon Paxos.
- Mon Global ID.
- Mon Get Version
- OSD Ping
- Ping
- OSD Boot
- OSD PG Create.
- PG Stats.
Other updates:
- Documentation for modifying the dissector.
- Update assertions to show values.
- Replace proto_tree_add_text()/expert_add_info...() by proto_tree_add_expert...().
- Fix a bug: misplaced break.
- Do some minor whitespace & other cosmetic changes.
Change-Id: Ib19ce509b67fb5e6fb31e82b5a551a9e952a9c6d
Reviewed-on: https://code.wireshark.org/review/3623
Petri-Dish: Bill Meier <wmeier@newsguy.com>
Reviewed-by: Bill Meier <wmeier@newsguy.com>
The authentication string was not being factored in on the length reply.
Also there was an issue with different banners. Now the banner length
must match what we expect or the packet is rejected. If the banner
length changes the protocol is different and we won't be able to parse
it anyways.
Change-Id: I0c1a7379edaa203042486a0e6f9ce3642427da99
Reviewed-on: https://code.wireshark.org/review/3710
Reviewed-by: Michael Mann <mmann78@netscape.net>
The argument is no longer guaranteed to be a const that hangs around.
Bug: 10395
Change-Id: I3c658f6db5927e09a9a38f9ec0fbce153b3e1bc2
Reviewed-on: https://code.wireshark.org/review/3709
Reviewed-by: Michael Mann <mmann78@netscape.net>
This is the first version of a Ceph dissector. It is not complete but
is far enough along to be helpful to many people working with Ceph.
Currently the dissector can fully dissect the Ceph protocol and has
support for full dissection of most common messages. For the other
messages for which full dissection is not available their metadata is
parsed and shown along with the raw data of the different message
sections.
Change-Id: Ic7917a3d01148c6fe2f9ea2c13ecd09ecc06c2d7
Reviewed-on: https://code.wireshark.org/review/1889
Reviewed-by: Bill Meier <wmeier@newsguy.com>