Change name from proto_tree_add_new_bytes to
proto_tree_add_bytes_with_length and other tweaks
pointed by Peter Wu.
Change-Id: I6058c28a74a154e2882e4eb04558bedcede6f508
Reviewed-on: https://code.wireshark.org/review/7039
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Found by MSVC2013 Code Analysis
Change-Id: I58063946dd558e98308c87b36eeac0ddbe1a6e79
Reviewed-on: https://code.wireshark.org/review/7045
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Now address types are setup just like field types and must be registered with a structure that provides its string representation (and more things in the future). Address types that are limited to a single dissector are registered by the dissector. More "common" ones are globally registered. There are still a few that really belong in a dissector, but have other dependencies currently not accounted for in the address type support.
Many of the "address to string" conversions that involved g_sprintf have be changed to use more "performance friendly" methods (some at the cost of needing to_str-int.h)
Leaving all comments regarding this "solution" in address_to_str.c in until all have been implemented
Change-Id: I494f413e016b22859c44675def11135f228796e0
Reviewed-on: https://code.wireshark.org/review/7019
Reviewed-by: Michael Mann <mmann78@netscape.net>
Version to add as generated field, without tvb offset, length.
Change-Id: If4c7aebcbf1b47faa483bcbd40995eff3ccb99f0
Reviewed-on: https://code.wireshark.org/review/6906
Tested-by: Michal Labedzki <michal.labedzki@tieto.com>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
This is mostly for GUI usage, but a few dissectors needed some "non-packet scope" conversions.
val_to_str officially now uses wmem_packet_scope()
Change-Id: Ic9413eeb3406d7a7683222b86709f3675d628d81
Reviewed-on: https://code.wireshark.org/review/6933
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
There are a few oid functions that are only called in oids_test.c. I'll presume the APIs are used in proprietary dissectors rather than just remove them.
Change-Id: I4595e00f93bf9ab8cf2493fe0432b91960f55a3f
Reviewed-on: https://code.wireshark.org/review/6592
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Michael Mann <mmann78@netscape.net>
They (should) all be strictly within the context of dissection, so can just
become packet_scope.
Change-Id: Iaaa733628132f3ee3f1597f3df956e44080734f6
Reviewed-on: https://code.wireshark.org/review/6631
Petri-Dish: Evan Huus <eapache@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
Change-Id: I0338d0acda5e4b9957aad4825ca2cfd6fa506ead
Reviewed-on: https://code.wireshark.org/review/6596
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I7a40c0996517aa71b4ddb764ce3a6e92a55260ad
Reviewed-on: https://code.wireshark.org/review/6589
Reviewed-by: Michael Mann <mmann78@netscape.net>
Most of the remaining ep_ uses are grouped with specific functionality.
Change-Id: I8fa64a17acc6bcdcf6891b2d28715ac0c58f1a4a
Reviewed-on: https://code.wireshark.org/review/6484
Reviewed-by: Michael Mann <mmann78@netscape.net>
There's no requirement for "display" field values to have names
beginning with BASE_; use SEP_, to indicate that they're separators.
(And, yes, we should introduce SEP_NONE, with a value of 0, and use it.)
While we're at it, fix BASE_SEMICOLON - the separator is a colon, not a
semicolon - and document SEP_SPACE in doc/README.dissector.
Change-Id: I856aafda2c60b8320dffe287f0deb06a9604a2bf
Reviewed-on: https://code.wireshark.org/review/6486
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It's just like BASE_DOT, BASE_DASH and BASE_SEMICOLON, only its a space between bytes. Since this seems pretty specific to FT_BYTES, perhaps there is a better was to represent the functionality (like FT_BOOLEAN uses numeric values for number of bits)?
Change-Id: I1a8f1ab263ece2736a8012b66fdd6a9105db7282
Reviewed-on: https://code.wireshark.org/review/6451
Reviewed-by: Michael Mann <mmann78@netscape.net>
I think this can make fields more readable (for a small amount of bytes).
Converted DeviceNet dissector to use proto_tree_add_item for some FT_BYTES field as tvb_bytes_to_str_punct was used to create this effect "manually".
Change-Id: I59e2acf9b00a4eb1279e6c2b2b7bd8ecef20db9b
Reviewed-on: https://code.wireshark.org/review/6304
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I57d2e435ac72ea07ec9a567e0b1ce4410966e3d2
Reviewed-on: https://code.wireshark.org/review/6419
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
There isn't a legitimate use for the API, all cases can be covered with proto_tree_add_item. As a bonus, a few more tvb_get_ptr calls can be removed.
Change-Id: I3bb86ba8f05ef3363407bcfe9b059ee27ebc135d
Reviewed-on: https://code.wireshark.org/review/6429
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I8aa7d7374db94685fd875cbf358c3bfbc83f3255
Reviewed-on: https://code.wireshark.org/review/6370
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I4f1078b20f41800f72a751612703ad0d4c2ae87b
Reviewed-on: https://code.wireshark.org/review/6323
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
These "bases" will put a ".", "-", or ":" respectively between hexidecimal bytes in the field in packet view and display filter. FT_BYTES with BASE_NONE will have no separator in the packet view, but continue to have the ':' as a separator in the display filter.
Converted the "string" hf_ entries that used tvb_fc_to_str as a string to use proto_tree_add_item with FT_BYTES/BASE_DOT type.
Converted applicable tvb_bytes_to_ep_str_punct() calls to use the new BASE values.
Change-Id: I2442185bb314d04a3ff2ba57883652ecd738b5f9
Reviewed-on: https://code.wireshark.org/review/6098
Reviewed-by: Michael Mann <mmann78@netscape.net>
Also, convert the "string" hf_ entries that used tvb_fcwwn_to_str as a string to use proto_tree_add_item with FT_FCWWN type.
Change-Id: I4ca77870499fd8239584a70874998b5d194a7167
Reviewed-on: https://code.wireshark.org/review/6036
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I1d258923a7a63539ec8456d3e306bca5016a1e4b
Reviewed-on: https://code.wireshark.org/review/6060
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I40d0c8253743183aecef252040b7dd6742ae5c71
Reviewed-on: https://code.wireshark.org/review/5934
Reviewed-by: Michael Mann <mmann78@netscape.net>
(Along the lines of provious changes.)
Change-Id: I22d76f22400d4a93242392ff4688acc753eb0039
Reviewed-on: https://code.wireshark.org/review/5961
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Give the field name in the message.
Change-Id: I046c74b451b473c9c87c2980122b025390f82cc8
Reviewed-on: https://code.wireshark.org/review/5959
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Otherwise it will trigger an assert
Fixes a regression introduced in gf002332
Change-Id: I0cffa2c952b7eff085a1834ebabfec03342095bd
Reviewed-on: https://code.wireshark.org/review/5950
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Change-Id: I8cce9fddbfe950e27e96ea8a5a6d2e0921ff4260
Reviewed-on: https://code.wireshark.org/review/5933
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I74ddb6fc629ef32b217dede7a3ba652cbbf5ab12
Reviewed-on: https://code.wireshark.org/review/5932
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
You can now add column with Custom type with more than one field
by using OR "||" splitter.
Bug: 9695
Change-Id: Ia82a91e7a35b867647d36cb9626e3870f46c0d85
Reviewed-on: https://code.wireshark.org/review/5804
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Have dissectors register their desire to be part of "color" conversation filters and have the GUI use that registered list. GUI actually using API will come in a separate commit.
Change-Id: I5ffe922d97894fe7bf3182056b76ab5839a9461a
Reviewed-on: https://code.wireshark.org/review/5658
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It's proto_tree_add_bitmask with the ability to control the data appended to header.
Change-Id: Icce97437ba7cfc9158ec204a837da8db8138424a
Reviewed-on: https://code.wireshark.org/review/5533
Reviewed-by: Michael Mann <mmann78@netscape.net>
It appears that Wireshark allows (and currently has) fields with the
same name with differing "strings" content.
Change-Id: Iddac5a2c9f456a97ea676f2007f43d786482eebd
Reviewed-on: https://code.wireshark.org/review/5491
Reviewed-by: Bill Meier <wmeier@newsguy.com>
This improvement avoids use of deallocated memory (crash) if using a
deregistered field in display filter, color filter, custom column and
other cases when the field is used as "interesting field".
This functionality is currently used in http, imf and ldap preferences.
Also removed unused proto_registrar_n() as this does not work correctly
after deregistering fields.
Change-Id: I043e3bf7a98bd773c9801e712a012d1eab8a7f94
Reviewed-on: https://code.wireshark.org/review/5161
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Stig Bjørlykke <stig@bjorlykke.org>
it returns the parent tree of a given tree object
Change-Id: I191e0221651ffb5b26df761e9a25075aa0eb2ad3
Reviewed-on: https://code.wireshark.org/review/4954
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
That slightly better expresses the intent.
Also, fix the message printed for bad bytes in a field name to handle
bytes that are bad because they don't correspond to printable ASCII
characters.
Change-Id: I01f232c35bbbe30286999b6c607bfcf3d491453d
Reviewed-on: https://code.wireshark.org/review/4976
Reviewed-by: Guy Harris <guy@alum.mit.edu>
When the user hovers over a byte view field, highlight it and show a
description in the status bar.
Add a "byte" status bar context and fix a label stack pop bug.
Keep proto_find_field_from_offset from matching generated items.
Otherwise hovering and selecting finds things like GeoIP entries and
checksum validation information. This affects the GTK+ UI as well.
Change-Id: Ic81c0d8159510a72d30c41f961807d8a48d05e16
Reviewed-on: https://code.wireshark.org/review/4943
Reviewed-by: Gerald Combs <gerald@wireshark.org>
This function did not work after svn revision 51396.
This fix affects http, imf and ldap preferences.
Change-Id: I6fcb24c968d03c7d1fdc018cfa907f9cfd8809bb
Reviewed-on: https://code.wireshark.org/review/4881
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
The result of the '>>' expression is undefined if mask_greatest_bit_offset = 0.
Change-Id: I15b094a5220a5075878bad65ab0b8c5279e80e8a
Reviewed-on: https://code.wireshark.org/review/4723
Reviewed-by: Evan Huus <eapache@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
- use G_GINT64_MODIFIER instead of "%ll"
- use G_GUINT64_CONSTANT instead of ULL
- add some missing explicit casts
Change-Id: Ic048d9ee8966ea504ea542cefe55688edcfb2dc7
Reviewed-on: https://code.wireshark.org/review/4644
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
There are protocols out there that have 64-bit wide bit mask fields, so
make the internal representation and bitfield decoders 64-bit aware.
For this, the ws_ctz() fallback and bits_count_ones() have to be tweaked
slightly.
Change-Id: I19237b954a69c9e6c55864f281993c1e8731a233
Reviewed-on: https://code.wireshark.org/review/4158
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
We rarely, if ever, want to, or need to, explicitly set the captured
length of a packet; we want to set the *reported* length and let the
tvbuff code figure out how much of that data was actually captured.
Change-Id: I9b93d296197989f677d888b10954589dfc1edc59
Reviewed-on: https://code.wireshark.org/review/4138
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Replace some conditional + fprintf + DISSECTOR_ASSERT()s with
DISSECTOR_ASSERT_HINT() or just change the DISSECTOR_ASSERT() to
DISSECTOR_ASSERT_NOT_REACHED() when the hint requires formatting.
Change-Id: I80c7c6579d7755a60d644b5ef60ec4e3299ba0ab
Reviewed-on: https://code.wireshark.org/review/4115
Reviewed-by: Evan Huus <eapache@gmail.com>
Petri-Dish: Evan Huus <eapache@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
If we try we may (in the case of setting the length or end) mistakenly assert
out.
Bug: 10329
Change-Id: I52083ba17f6427712a6a363f48f1f7ae51f2b74b
Reviewed-on: https://code.wireshark.org/review/4093
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>