The fault is that reassembly_table_init() must be called when reloading
the file - move it to an init routine and register the init routine.
While there move the proto_register_opcua() routine to the end of the file
to be more consistent with other dissectors.
Change soft deprecated APIs
Change-Id: I2b93692be24dbf60f4ef09aa7283e55ebf3c1874
Reviewed-on: https://code.wireshark.org/review/3431
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It doesn't build on Linux but cmake looks for it (won't build without it) and
Windows users might want it.
Change-Id: I978f0de0a2895a82f4f3b8c1e9e0ecec6a93e6f4
Reviewed-on: https://code.wireshark.org/review/3325
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
In 2008, before the OpcUa specification was released, the EncodingMask was changed to include the Locale after the LocalizedText. This commit applies the changes necessary to display DiagnosticInfo correctly.
Change-Id: Iad35ff0557eac62a259a63505ebce3e637095136
Reviewed-on: https://code.wireshark.org/review/3259
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Added a few filterable fields in the process of trying to figure out the macros. Much more can be done to add many more filterable fields (and remove proto_tree_add_text calls hidden in the macros), but that'll be done some other time.
bug:10281
Change-Id: I9788f176c0e721ff4f243d4ecb79d7d0114fffc0
Reviewed-on: https://code.wireshark.org/review/3262
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
lseek returns an off_t type which is system-dependent. Use ws_lseek64 in
favor of lseek as that supports 64-bit quanities.
Use ws_fstat64 instead of stat to support 64-bit file sizes on Windows.
For the majority of the changes, this makes no difference as they do not
apply to Windows ("ifndef _WIN32"; availability of st_blksize).
There are no other users of "struct stat" besides the portability code
in wsutil. Forbid the use of fstat and lseek in checkAPIs.
Change-Id: I17b930ab9543f21a9d3100f3795d250c9b9ae459
Reviewed-on: https://code.wireshark.org/review/3198
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I13924c5a2f056688a42cdee25654d82c056b5f97
Reviewed-on: https://code.wireshark.org/review/2974
Reviewed-by: Michael Mann <mmann78@netscape.net>
This reverts commit 28719a4e4e.
Most of the change to remove "lib" seems to work, but the list of libraries to sign appears not to be in the source repository, so I can't make that step work.
Change-Id: I32e400593e8a39f582cc702df34eea7f6e9e722a
Reviewed-on: https://code.wireshark.org/review/2972
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The WRETH dissector showed up some garbage in the column display. Upon
further inspection, it turns out that the format string had a trailing
percent sign which caused (unsigned)-1 to be returned by
g_printf_string_upper_bound (in emem_strdup_vprintf). Then ep_alloc is
called with (unsigned)-1 + 1 = 0 memory, no wonder that garbage shows
up. ASAN could not even catch this error because EP is in charge of
this.
So, start adding G_GNUC_PRINTF annotations in each header that uses
the "fmt" or "format" paramters (grepped + awk). This revealed some
other errors. The NCP2222 dissector was missing a format string (not
a security vuln though).
Many dissectors used val_to_str with a constant (but empty) string,
these have been replaced by val_to_str_const. ASN.1 dissectors
were regenerated for this.
Minor: the mate plugin used "%X" instead of "%p" for a pointer type.
The ncp2222 dissector and wimax plugin gained modelines.
Change-Id: I7f3f6a3136116f9b251719830a39a7b21646f622
Reviewed-on: https://code.wireshark.org/review/2881
Reviewed-by: Evan Huus <eapache@gmail.com>
Instead of calling the grep/sed pipelines for each file, build the
list of files in the beginning and call each pipeline only once,
passing the list to the first grep.
This results in a massive speedup in Cygwin; in my test, the time
it takes to run make-dissector-reg . dissectors packet-*.c in dissectors/epan
is reduced from ~116 to ~3 seconds. I also tried it on NetBSD, where
the time do to the same goes from ~6 to ~0.5 seconds.
Amend makefile comments to elide mentions of invoking multiple processes
per file.
Change-Id: Iad441e7d2b6cc3669dada57646e2f8f6b987fd34
Reviewed-on: https://code.wireshark.org/review/2826
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The catapult dissector tripped on this random file I had. A quick look
at other dissectors which use a construct like "-1] *= '*\\[rn]" showed
packet-irda too, so fix that as well.
Change-Id: I4b5fadcacd0b09d0fb29bdefc3dd1f28aef9b593
Reviewed-on: https://code.wireshark.org/review/2802
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Hopefully that name makes it clear what the routiner's purpose is, and
will encourage people to use it rather than using dissector_add_uint()
with a bogus integer value.
Change-Id: Ic5be456d0ad40b176aab01712ab7b13aed5de2a8
Reviewed-on: https://code.wireshark.org/review/2483
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Currently for all arrays, the generic ett_opcua_array is used, instead we want to be more selective for storing the expanded state of subtrees. This commit adds subtree identifiers for all array types.
Change-Id: Idcec51a200d1109cdb557d3366021d3b066b453d
Reviewed-on: https://code.wireshark.org/review/2176
Reviewed-by: Anders Broman <a.broman58@gmail.com>
- Display 'Array of <fieldname>' instead of 'Array of Simple Type'
- Display array indexes for simple types
- Display data type in simple type arrays
Change-Id: Id2cc746898f97ce329c6afb9cc49f1907a9f18e4
Reviewed-on: https://code.wireshark.org/review/2161
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Also make repetition_coding_indications[] standard terminated.
Change-Id: Ice20e1f27f5ab4d111f893608a230b83899efc9f
Reviewed-on: https://code.wireshark.org/review/2288
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
- make ett_opcua_transport static, is only used locally
- format code grouping extern ett variables
- add subtree variables for encodingmasks of simple types
Change-Id: Ia044ca6ca0ff19e940a03d21610db67fe3679b01
Reviewed-on: https://code.wireshark.org/review/2157
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Checks if a StatusCode has any of the additional info bits set and displays them accordingly.
Change-Id: Ic584233083174d3fd30c6ec6684f308e0e5ae22e
Reviewed-on: https://code.wireshark.org/review/2127
Reviewed-by: Evan Huus <eapache@gmail.com>
Adds a table containing all known StatusCodes and displays them if found.
The list of StatusCodes is in a separate file for easy generating of the list if necessary.
Change-Id: Iab74b22b7fc4fb53d8f072c4e3a4cea4ae18196c
Reviewed-on: https://code.wireshark.org/review/2126
Reviewed-by: Evan Huus <eapache@gmail.com>
The NoOf... fields are not used at all in the dissector.
Change-Id: I1f20a9992eab5d47c7e0ad34dabeaed07efa4a80
Reviewed-on: https://code.wireshark.org/review/2130
Reviewed-by: Anders Broman <a.broman58@gmail.com>
- Return the ServiceId of the service calls for displaying if it's a request or response
- Add the missing parsing code for CloseSecureChannel, some fields were missing
Change-Id: Id9b1e1986e222a77ad979fb615adc6ac62a4ced8
Reviewed-on: https://code.wireshark.org/review/2125
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
ServiceFaults are always sent as a service response and never as value, this moves the parsing code to the correct location.
Change-Id: Ida9cb561aa40fcbfc3c0429aed732d108b295138
Reviewed-on: https://code.wireshark.org/review/2124
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Adds hf_register_info for all possible NodeId identifier types for unified displaying.
Change-Id: Ic7a8077a32f435d5acfb1a956117d21a0b51b43b
Reviewed-on: https://code.wireshark.org/review/2123
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
There are no 'URI' NodeIds, removed this option and changed GUID/Opaque to their correct values as stated in the UA specification.
Change-Id: Ibf9afdbd72f8ad336f5eb83ece5adbcce51e8365
Reviewed-on: https://code.wireshark.org/review/2122
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
- Rename Uri to NamespaceUri for clarity
- Correct NsId to NsIndex
- ByteString NodeIds are called 'Opaque'
Change-Id: I622d408ef9e19a2a899906b4127bae497735d402
Reviewed-on: https://code.wireshark.org/review/2121
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Only the bits 0-3 are significant for the type of the NodeId contained in the ExpandedNodeId.
The other bits are a mask telling if a NamespaceUri and/or a ServerIndex is set.
Change-Id: I17948524f8a1bf6cb9dffc5f66ec5cddee580bcd
Reviewed-on: https://code.wireshark.org/review/2120
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
tvb_new_subset -> tvb_new_subset_remaining it appears that's what the intention is.
Change-Id: I2334bbf3f10475b3c22391392fc8b6864454de2d
Reviewed-on: https://code.wireshark.org/review/1999
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Issue found while playing with MSVC /GL option
Change-Id: I1f734eb4054349c706b529d8080036b00e66397a
Reviewed-on: https://code.wireshark.org/review/1998
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
which can be used to call the found heuristic dissector on the next pass.
Introduce call_heur_dissector_direct() to be used to call a heuristic
dissector which accepted the frame on the first pass.
Change-Id: I524edd717b7d92b510bd60acfeea686d5f2b4582
Reviewed-on: https://code.wireshark.org/review/1697
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Always call $(top_srcdir)/tools/checkAPIs.pl with -sourcedir=$(srcdir)
from Makefile.am to allow out-of-source 'make checkapi'.
Change-Id: I60d7e0079984a8ededdacf4517a0738486fa7973
Reviewed-on: https://code.wireshark.org/review/1294
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(Using sed : sed -i '/^\*\* \$Id\$/,+1 d') (2 star and space)
Change-Id: I48505ffb8bfa103cd7db0117e18cdb1925a7034d
Reviewed-on: https://code.wireshark.org/review/884
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Last one $Id$ (remove by hand) to make checkAPI haapy !
Change-Id: I5adfdcac0629a36e08c5fe3ea7960bdbc251364f
Reviewed-on: https://code.wireshark.org/review/887
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(Using sed : sed -i '/^\# \$Id\$/,+1 d') (start with dash)
Change-Id: Ia4b5a6c2302f6a531f6a86c1ec3a2f8205c8c2dd
Reviewed-on: https://code.wireshark.org/review/881
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(Using sed : sed -i '/^\* \$Id\$/,+1 d') (no space before star)
Change-Id: I318968db2b8512ba1303b5fc5c624c66441658f0
Reviewed-on: https://code.wireshark.org/review/879
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(Using sed : sed -i '/^\$Id\$/,+1 d') (No space or star before $Id$)
Change-Id: I0801bd7cf234d32487008a8b6dcee64875b07688
Reviewed-on: https://code.wireshark.org/review/876
Reviewed-by: Evan Huus <eapache@gmail.com>
There have been discussions on -dev about removing this and I believe I was the last holdout. Finally convinced that I should just have a local copy (ignored by git)
Change-Id: Ic72a22baf58e3412023cf851f0fce16eb07113b0
Reviewed-on: https://code.wireshark.org/review/681
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
That just breaks too many things.
This catches the examples of that found in bug 9878. There might be
others that my grepping didn't find.
We should also have the checkAPIs.pl script check for this, so this
isn't a full fix for bug 9878.
Change-Id: I3bf6f1fc0fe8654d0f54a995e72f1966ae012f5e
Reviewed-on: https://code.wireshark.org/review/623
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Added DCP decoding of reset to factory
removed unused value_strings
corrected decoding of PDSubFrameBlock
most of the length display added a dec_hex display
Signed-off-by: Widok <kellingwido@aol.com>
Change-Id: I17b59b45eff37b65047a7a3e5e275f01a37ee616
Reviewed-on: https://code.wireshark.org/review/517
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
(Copyright or info about file...)
Change-Id: I90ba8b1c3ec8406b0c3365a69a8555837fc4bbb1
Reviewed-on: https://code.wireshark.org/review/515
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If the string doesn't end with a null-terminator in the given length it causes a
read-overflow. Should fix bug #9717.
Change-Id: I44647ef8ecb856e07d1175777ed603736ec63553
Reviewed-on: https://code.wireshark.org/review/90
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The majority of the fixes are for calls to uat_new(). Instead of
having each caller cast its private data to (void**), we use void*
in the uat_new() API itself. Inside uat_new(), we cast the void*
to void**.
Some dissectors use val64_string arrays, so a VALS64() macro was
added for those, to avoid using VALS(), which is useful only for
value_string arrays.
packet-mq.c was changed because dissect_nt_sid() requires
a char**, not a guint**. All other callers of dissect_nt_sid() use
char*'s (and take the address of it) for their local storage. So,
this was changed to follow the other practices.
A confusion between gint and absolute_time_display_e in packet-time.c
was cleared up.
The ugliest fix is the addition of ip6_guint8_to_str(), for exactly
one caller. The caller uses one type of ip6 address byte array,
while ip6_to_str() expects another. This new function is in place
until the various address implementations can be consolidated.
Add VALS64() to the developer documentation.
Change-Id: If93ff5c6c8c7cc3c9510d7fb78fa9108e4552805
Reviewed-on: https://code.wireshark.org/review/48
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
safe accessor functions, and it's all done via scary bit-twiddling macros to
boot.
Create the macros TVB_NIB_WORD and TVB_NIB_NIBBLE that (should) behave just
like the raw-pointer NIB_WORD and NIB_NIBBLE macros, except using the safe tvb
functions instead.
Replace two instances with the safe versions, which fixes an out-of-bounds
access caught by my valgrind fuzzer. If this doesn't break anything then we
should probably do a wholesale replacement at some point, but I'm not feeling
that adventurous at the moment.
svn path=/trunk/; revision=54951
declares the functions must be included, in order to make sure the
declarations match the function signature. Make it so - which means
creating the header file in the first place.
Also, declare proto_register_wimax_compact_dlmap_ie() early in
wimax_compact_dlmap_ie_decoder.c, similar to what we do in
wimax_copact_ulmap_ie_decoder.c.
svn path=/trunk/; revision=54739
CC packet-ecatmb.lo
packet-ecatmb.c: In function 'dissect_ecat_mailbox':
packet-ecatmb.c:877:64: error: 'info.anSdoInfoUnion.Entry.ValueInfo' may be used uninitialized in this function [-Werror=uninitialized]
packet-ecatmb.c:796:38: note: 'info.anSdoInfoUnion.Entry.ValueInfo' was declared here
packet-ecatmb.c:884:34: error: 'info.anSdoInfoUnion.Entry.Res.BitLen' may be used uninitialized in this function [-Werror=uninitialized]
packet-ecatmb.c:796:38: note: 'info.anSdoInfoUnion.Entry.Res.BitLen' was declared here
svn path=/trunk/; revision=54286
bytestring_to_ep_str (now deprecated). Use the new one in a few obvious places.
Also just print directly to the buffer when loading ethernet addresses for
resolution. The straight-to-buffer bytes_to_hexstr seems useful, maybe it
shouldn't be in a private header...
svn path=/trunk/; revision=54270
obvious that the returned string is ephemeral, and opens up the original names
in the API for versions that take a wmem pool (and thus can work in any scope).
svn path=/trunk/; revision=54249
From Deon van der Westhuysen
- Bug fix: object leak in stats_tree after a tap reset (for example apply statistics preferences with a stats_tree window open)
- Bug fix: correct sample code in README.stats_tree
- Add: slash in plug-in name now creates submenu as docs describe (was a bug?)
- Add: menu separator before the stat_tree registered plug-ins
- Add: stats_tree can now calculate averages for nodes; automatically calculated for range nodes. Add section in README.stats_tree describing averages.
- Add: stats_tree can now calculate burst rate of each node (like rate but with a shorter, sliding time window)
- Add: sorting for stats_tree plug-ins. Can sort on node name, count, average, min, max values and burst rate.
- Add: preferences for stats_tree system (default sort column, burst calc params)
- Add: stats_tree window copy to clipboard and export and plain text, csv and XML.
- Added sample of new functionality in $srcdir/plugins/stats_tree/pinfo_stats_tree.c
- Moved all stats_tree sample plug-ins to "IP Statistics" submenu.
svn path=/trunk/; revision=53657
I'm not sold on the name or module the proto_data functions live in, but I believe the function arguments are solid and gives us the most flexibility for the future. And search/replace of a function name is easy enough to do.
The big driving force for getting this in sooner rather than later is the saved memory on ethernet packets (and IP packets soon), that used to have file_scope() proto data when all it needed was packet_scope() data (technically packet_info->pool scoped), strictly for Decode As.
All dissectors that use p_add_proto_data() only for Decode As functionality have been converted to using packet_scope(). All other dissectors were converted to using file_scope() which was the original scope for "proto" data.
svn path=/trunk/; revision=53520
AndersBroman