Assign result of `register_dissector(..., func, proto)` to FOO_handle
and remove `FOO_handle = create_dissector_handle(func, proto)`.
Found by looking for files named packet-FOO.c having the above
create_dissector_handle pattern. Some files (with different dissect
routines for the two functions) remain unchanged.
Change-Id: Ifbed8202c6dbc63a1dae9acc03313980ffbbbb90
Reviewed-on: https://code.wireshark.org/review/13247
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
I guess the ability to define a structure inside another structure is a
C-ism discarded by C++, so it causes warnings if you disallow stuff that
can't be handled by a C++ compiler, as we do.
Change-Id: I8cf52af0424708eb663ab6dbfecbf317fe3bccdb
Reviewed-on: https://code.wireshark.org/review/13257
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The data before the Ethernet packet isn't a 16-bit little-endian
integer, it's two bytes, one byte of offset and one byte of padding.
Change-Id: I327b88f058dda184b79d3c2c6cf0dea52c0d28b1
Reviewed-on: https://code.wireshark.org/review/13254
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Introduce a frame_data flag "need_colorize" to indicate that coloring
rules need to be evaluated and set it for the GUI (not tshark). This
restores the original performance characteristics.
It additionally fixes a regression where the color filter name and
filter is not shown anymore in the tree (I guess it is related to the
edt->tree being NULL when re-selected, resulting in empty color_filter).
Remaining problems:
- Display filter cannot contain frame.coloring_rule.* fields. Code is
present to enable this, but then a method is needed to avoid an
expensive second calculation (which is why it is disabled).
- The columns are still not updated after coloring rule change.
- The two frame.coloring_rule fields in the tree are not updated when
the coloring rule is changed (e.g. Ctrl-1).
The last two issues were supposed to be fixed by the previous patch, but
there is probably some missing code... Tested with GTK and Qt.
Bug: 11980
Change-Id: I3ef7713b28db242e178d20f6a5f333374718b52e
Reviewed-on: https://code.wireshark.org/review/13170
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When using UPPER_PDU to wrap logcat text data it was not possible
to dump underlying data to logcat textfiles.
Add ability to write it down properly.
Change-Id: Ia20142cc340f34d80de93e213084cf1df83099d6
Reviewed-on: https://code.wireshark.org/review/13230
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Valgrind report memleaks like these when using the wireless
toolbar to create a monitor interface and/or changing channel:
4,168 (72 direct, 4,096 indirect) bytes in 1 blocks are definitely lost in loss record 31 of 32
at 0x4C2CC70: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x5BD0742: ??? (in /lib/x86_64-linux-gnu/libnl-3.so.200.16.1)
by 0x116308: ws80211_create_on_demand_interface (ws80211_utils.c:699)
by 0x116308: ws80211_set_freq (ws80211_utils.c:729)
by 0x10D70E: set_80211_channel (dumpcap.c:4262)
by 0x10D70E: main (dumpcap.c:4935)
4,168 (72 direct, 4,096 indirect) bytes in 1 blocks are definitely lost in loss record 32 of 32
at 0x4C2CC70: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x5BD0742: ??? (in /lib/x86_64-linux-gnu/libnl-3.so.200.16.1)
by 0x116400: ws80211_set_freq (ws80211_utils.c:733)
by 0x10D70E: set_80211_channel (dumpcap.c:4262)
by 0x10D70E: main (dumpcap.c:4935)
Change-Id: Ia1de630859d96653310fbb3efebdc439ebf107b8
Reviewed-on: https://code.wireshark.org/review/13237
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
As the QKeySequence documentation says,
"On Mac OS X, references to "Ctrl", Qt::CTRL, Qt::Control and
Qt::ControlModifier correspond to the Command keys on the Macintosh
keyboard, and references to "Meta", Qt::META, Qt::Meta and
Qt::MetaModifier correspond to the Control keys. Developers on Mac OS
X can use the same shortcut descriptions across all platforms, and
their applications will automatically work as expected on Mac OS X."
This also applies to Qt Creator on OS X. If you assign a shortcut to an
action that contains the Control key, it will draw the ^ symbol in the
UI but will save "Meta" in the .ui file instead of "Ctrl", in the manner
of a well-meaning-but-not-helpful comedy sidekick.
This happened for the actions listed below. Replace "Meta" in their
shortcuts with "Ctrl".
- Unmark all (Ctrl+Alt+M)
- Next marked packet (Ctrl+Shift+N)
- Previous marked packet (Ctrl+Shift+B)
- Show packet times... (Ctrl+Alt+1 - Ctrl+Alt+8)
This matches the GTK+ UI on Windows and Linux, and uses the Command key
on OS X. If we really want to use the Control key everywhere we can
override the action sequences in main_window.cpp. We might want to do
this for the "mark" actions since Command+M is the standard key for
"Minimize this window".
Change-Id: I1537cee5bc27a32b505bace01c1de3703a18dd6a
Reviewed-on: https://code.wireshark.org/review/13238
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
That's how they're extracted in the libwiretap module, and that's how
they're shown in the ERF spec.
This gets rid of some compiler warnings about type-punning.
Merge some reserved bit fields to match what's in the ERF spec.
Renumber others.
Process the AAL2 and MC headers differently; yes, they're both
big-endian 32-bit values, but that makes the code a bit clearer, and,
heck, the optimizer may well combine the two sequences of code.
Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7
Reviewed-on: https://code.wireshark.org/review/13251
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Fix indentation.
Just directly assign values to elements in the packet buffer; no need to
convert them to numbers and note the value as a comment.
Give more detail in the comment for null-terminating buffers. Terminate
packet_buf[] once we're finished reading into it, to make it a bit
clearer what's being done.
Make the magic number buffer 513 bytes, so we have 512 bytes plus a
terminating null.
Change-Id: Ie182d93393cc55835b24075e908393c386c85c24
Reviewed-on: https://code.wireshark.org/review/13250
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Bug: 11982
Change-Id: Ib704d9128ab6427751edbf3a33f4b8fd14902562
Reviewed-on: https://code.wireshark.org/review/13233
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Enable decryption of Protected Management Frames by:
- Authorizing decryption for robust management frame (i.e. management
frame that may be encrypted): deauth, disassoc and action
(Note: Assume all action frames are robust even if it is not the case)
- Updating initialization of Additional Authentication Data (AAD)
(don't filter-out subtype) and construct nonce (set mgmt flag) for
management frames
Bug: 11995
Change-Id: I7c34a021e4c49111b85d217c9272d24d0e29ecb2
Reviewed-on: https://code.wireshark.org/review/13232
Reviewed-by: Michael Mann <mmann78@netscape.net>
Stuff in an ERF file is big-endian, except for timestamps, so we want to
convert from big-endian to host format. (The two functions do the same
thing; this just makes it clearer what we're doing.)
Change-Id: I28e27857dcf299085e8a55747ffd45ad8313789b
Reviewed-on: https://code.wireshark.org/review/13248
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add a comment indicating what choices are offered here; note that going
back to FT_BYTES without changing the way it's put into the protocol
tree is *not* a choice that's available.
Bug: 11999
Change-Id: I9831c7e9e522d3c7cea2e92c2a989050772019e4
Reviewed-on: https://code.wireshark.org/review/13244
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It first appeared in GLib 2.28, and we support - and use, in the 32-bit
OS X buildbot - earlier versions.
Change-Id: I941a0206507e532c31cb13a918e3eb4d081e6ea3
Reviewed-on: https://code.wireshark.org/review/13240
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Displayed as 6 hex digits, not 3.
Change-Id: I61f9b41d4bd846ff74fac24b0651c7243c9c9e51
Reviewed-on: https://code.wireshark.org/review/13235
Reviewed-by: João Valverde <j@v6e.pt>
Flow label has never been one word.
Change-Id: I61863cb1d7aca0ee7b48e64c4abad700555e57f2
Reviewed-on: https://code.wireshark.org/review/13236
Reviewed-by: João Valverde <j@v6e.pt>
Create a "registration" system for Follow functionality so most of the work can be abstracted into a dissector and GUI can just be responsible for "display".
This also removes the global variables in follow.c to open up multithreading possibilities.
TCP, UDP and HTTP all have the same "tap interface" for Follow functionality (passing a tvb with byte data to "follow"). SSL still has it's own behavior, so Follow structures have to take that into account.
TShark through the Follow registration now has support for HTTP.
The only thing possibly missing is dynamic menu generation to further reduce explicit knowledge of Follow "type" (and rely on registration)
Bug: 11988
Change-Id: I559d9ee1312406ad0986d4dce9fa67ea2103b339
Reviewed-on: https://code.wireshark.org/review/13161
Reviewed-by: Michael Mann <mmann78@netscape.net>
Traffic class values from IPHC headers were shown correctly in the IPHC
dissection, but not correctly inserted into the expanded IPv6 packet.
Problem was only visible on little-endian systems - the previous
code did work if big-endian.
Error was not present in HC1 decompression, but both IPHC and HC1
IPv6 construction code clarified by avoiding writing overlapping union
members.
Bug: 11971
Change-Id: I3515f18c892f1fc28ef7f8a0830a79d134e81f48
Reviewed-on: https://code.wireshark.org/review/13109
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
in the functions that dissect specific messages, we can just return 0
add a return value to aeron_frame_stream_analysis_setup() and
pass it on to the callers to allow for a clean exit
Change-Id: Iab4dee38112e32ca36822abc49d27dfe9e4c9ef7
Reviewed-on: https://code.wireshark.org/review/13147
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The interface list is not sorted at all, leading to
a very chaotic list. This sorts it alphabetically, as
well as correct a type in extcap_init_interfaces.
Bug: 11998
Change-Id: Ib5381a1761e8f07f9ba7996b3e6276da063b3932
Reviewed-on: https://code.wireshark.org/review/13220
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Remove the file dependency on the xml file as this causes
build failures due to parallel building.
There is still an issue with the build of *.hhp if the corresponding
*.xml file is rebuilt.
Change-Id: I738c687be50daebcf93576be8a43dbb6475f4fc8
Reviewed-on: https://code.wireshark.org/review/13217
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Due to integer overflow (unsigned -1 + 1 = 0), a call to
dissector_add_uint_range would be stuck in an infinite loop, eventually
crashing due to out of memory.
Found when setting radius.alternate_port:-1, but could happen with any
dissector using similar ports_range constructs.
Change-Id: Ia234e94516446250e959e0f51d552bef704cddff
Reviewed-on: https://code.wireshark.org/review/13153
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
OSC-1.1 requires OSC packets to be double SLIP encoded on a TCP stream
for framing, whereas OSC-1.0 frames packets via a int32 size prefix.
As only either OSC-1.0 or OSC-1.1 will ever be used on the same
connection, the tcp part of the OSC dissector should handle both.
'dissect_osc_tcp' now merely acts as a fork into one of both versions.
Changes:
* Reassembly for OSC-1.0 TCP is left untouched.
* Reassembly for OSC-1.1 TCP is implemented in second reassembly mode.
* OSC is no protocol per se, it's merely an encoding, renamed accordingly.
* Fix logical vs binary OR typo in MIDI pitch bend calculation.
Capture file:
* Mixed framing (OSC-1.0, OSC-1.1) OSC TCP pcap: Bug 11976
Change-Id: I5d26db023ef3ee659ae5a668b1665abef40b54c3
Reviewed-on: https://code.wireshark.org/review/13112
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This removes duplicates (including one incorrect duplicate), and also
means we have only one chunk_type_values[] value_string.
Change-Id: I4c3035b1cfb5c86cc7a5bf79feb9a5b0204b6dcc
Reviewed-on: https://code.wireshark.org/review/13212
Reviewed-by: Guy Harris <guy@alum.mit.edu>
lemon: Thu Oct 29 13:48:15 2015
lempar: Tue Nov 10 14:51:22 2015
a copy of all Wireshark changes are available https://github.com/alagoutte/sqlite/tree/wireshark
Change-Id: I51f8b40a7087362502f6ce2156820a9f107ddf15
Reviewed-on: https://code.wireshark.org/review/13033
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add some braces to make it clearer what some if clauses are. It also
makes it clearer what the right indentation for the last statement of
dissect_rtmac() is (if you don't have -Werror=misleading-indentation to
tell you).
Change-Id: I2c44c6de41e610de4c4b6b5025732483f4e33471
Reviewed-on: https://code.wireshark.org/review/13205
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It's not used by anything outside the TPKT dissector - and probably
*shouldn't* be used by anything outside the TPKT dissector.
Clean up some white space while we're at it.
Change-Id: I9bb9642a002fb9e8bd6c36d80d7653ef9af615d4
Reviewed-on: https://code.wireshark.org/review/13204
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Make most of them static; make the ones used in more than one file
public, and declare them in packet-ncp-int.h.
Change-Id: If3df3bda33239d1ad3145b10d375ed76d632d4a9
Reviewed-on: https://code.wireshark.org/review/13202
Reviewed-by: Guy Harris <guy@alum.mit.edu>