Change-Id: I1d1adb6456c4a80f2a157cb29dc19c63755ee3fd
Reviewed-on: https://code.wireshark.org/review/31485
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The (optional) JSON-GLib library adds dependencies on GObject, GIO. For
statically linked oss-fuzz builds it also adds libffi and more. To avoid
these dependencies, replace JSON-GLib by some custom code. This allows
`tshark -G elastic-mapping` to be enabled by default without extra deps.
API design goals of the new JSON dumper library:
- Small interface without a lot of abstraction.
- Avoid memory allocations if possible (currently none, but maybe
json_puts_string will be replaced to improve UTF-8 support).
- Do not implement parsing, this is currently handled by jsmn.
Methods to open/close array/objects and to set members are inspired by
the JsonGlib interface. The interfaces to write values is inspired by
the sharkd code (json_puts_string is also borrowed from that).
The only observed differences in the tshark output:
- JSON-GLib ignores duplicates, json_dumper does not and may produce
duplicates and currently print two "ip.opt.sec_prot_auth_unassigned".
- JSON-GLib adds a space before a colon (unimportant formatting detail).
- (Not observed, but UTF-8 strings will be wrong like bug 14948.)
A test was added to catch changes in the tshark output. I also fuzzed
json_dumper with libFuzzer + UBSAN/ASAN and fixed an off-by-one error.
Change-Id: I0c85b18777b04d1e0f613a3d59935ec59be87ff4
Link: https://www.wireshark.org/lists/wireshark-dev/201811/msg00052.html
Reviewed-on: https://code.wireshark.org/review/30732
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
SEP_SPACE and BASE_NONE both default to colon (:). Fix SEP_SPACE and add SEP_NONE
Bug: 15253
Change-Id: Ib5db997714414370b08ffb9458c73d4aeef6aacf
Reviewed-on: https://code.wireshark.org/review/30447
Reviewed-by: Jeremy Martin <boardermartin@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
A range string is passed as a table of tables, eg:
range_string = {
{ 0, 24, "Some string for values 0 to 24" },
{ 25, 25, "The string for value 25" },
{ 26, 255, "The string for the remainder" }
}
Included is a minimal Lua test for range strings and value strings
(which did not have one previously.) It will take more time than I
currently have to figure out how to do a more exhaustive test.
Also fixed some grammar issues in error messages along the way.
Change-Id: Ia9d1efc8adabb6528c4bdcf1624c9ede49e2fdc6
Reviewed-on: https://code.wireshark.org/review/30211
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
These macros were evil as they silently ignored bad casts. Together with
an updated checkAPIs.pl, this should reduce the likelihood of errors.
Change-Id: I40ecc48a57b2061b4c65db4f4f7fffff21f159a8
Reviewed-on: https://code.wireshark.org/review/29757
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Add support for aliasing one protocol name to another and for filtering
using aliased fields. Mark aliased fields as deprecated.
Rename the BOOTP dissector to DHCP and alias "bootp" to "dhcp". This
lets you use both "dhcp.type" and "bootp.type" as display filter fields
without having to duplicate all 500+ DHCP/BOOTP fields.
To do:
- Add checks to proto.c:check_valid_filter_name_or_fail?
- Transition SSL to TLS.
- Rename packet-bootp.c to packet-dhcp.c?
Change-Id: I29977859995e8347d80b8e83f1618db441b10279
Ping-Bug: 14922
Reviewed-on: https://code.wireshark.org/review/29327
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We are exporting a registration function from libwireshark just
to have it passed back as a callback. Seems unnecessary.
Change-Id: I7621005c9be11691d319102326824c5e3520a6f3
Reviewed-on: https://code.wireshark.org/review/29328
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
Add ENC_TIME_SECS_NSECS and ENC_TIME_SECS_USECS; they make it more
explicit (especially to those not familiar with UN*X data types) what
the representation is, allow for ENC_TIME_SECS_MSECS etc. if they're
needed, and match names such as ENC_TIME_SECS and ENC_TIME_MSECS.
Change-Id: I6ab36fb4da70563587141cd65ffff8523477b0c4
Reviewed-on: https://code.wireshark.org/review/28564
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Remove -DBUILD_WINDOWS and sections of code that we no longer use.
Bug: 14715
Change-Id: Iae1a950e2f52f4ce45fcf0ae5dea06c1172c3a28
Reviewed-on: https://code.wireshark.org/review/28466
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
"redefined" to handle the same way as before.
In dissectors using the new API, add all currently used proto_tree_add_xxx
functions to the list of functions that take care of NEW_PROTO_TREE_API changes.
Modify the dissectors that worked around the missing change.
Change-Id: Ib6d6ec2c225d96c98c2a8f507648d7ad4bfb6c68
Reviewed-on: https://code.wireshark.org/review/28002
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
The generated elastic mapping file is huge and it can hassle softwares
like Kibana. This change adds the ability to append desired filters
that will appear in the mapping file.
This change adds the option --elastic-mapping-filter <protocols> to tshark.
Example: tshark -G elastic-mapping --elastic-mapping-filter ip,udp,dns
make only those 3 protocols to appear in the mapping file.
Change-Id: Ie2dcd6e44be2d084e8e50cd6554bd90178da4e38
Reviewed-on: https://code.wireshark.org/review/27001
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Have it take a format and argument list as arguments, and have the
formatting done inside the reporting code. That way, we're not relying
on any particular wmem scope working.
If WIRESHARK_ABORT_ON_DISSECTOR_BUG is set, try to add the message to
the crash information (currently only supported in macOS), and print it
to the standard error, before crashing. We won't necessarily have a
usable crash dump to analyze, so we can't rely on that to find the cause
of the crash.
Ping-Bug: 14490
Change-Id: I2b39169c45c84f2ada31efa1d413bd28c140f8f4
Reviewed-on: https://code.wireshark.org/review/26643
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Used to support variable length in QUIC protocol
Bug: 13881
Change-Id: Ia274b1530152376c5fb4e364fc4cf5ab246be1b3
Reviewed-on: https://code.wireshark.org/review/24990
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Craig Jackson <cejackson51@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Allow epan itself to be extended by plugins. Adds the following new plugin
interfaces:
void plugin_epan_init()
void plugin_epan_dissect_init(epan_dissect_t *)
void plugin_epan_dissect_cleanup(epan_dissect_t *)
void plugin_epan_cleanup()
void plugin_epan_register_all_protocols(register_cb, gointer) [OPTIONAL]
void plugin_epan_register_all_handoffs(register_cb, gointer) [OPTIONAL]
Any one of these can be an empty function but the first four must be
present.
The motivation for the change is a better way to implement a language binding
other than registering a fake protocol and stuffing everything into a single
dissector call (and maybe require an extra packet_info field) but I expect
there would be other interesting use cases.
Change-Id: I215d50750ac7561fe25fdcdcfbc6a3f351984785
Reviewed-on: https://code.wireshark.org/review/24813
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
Put different types of plugins (libwiretap, libwireshark) in different
subdirectories, give libwiretap and libwireshark init routines that
load the plugins, and have them scan the appropriate subdirectories
so that we don't even *try* to, for example, load libwireshark plugins
in programs that only use libwiretap.
Compiled plugins are stored in subfolders of the plugin folders, with
the subfolder name being the Wireshark minor version number (X.Y). There is
another hierarchical level for each Wireshark library (libwireshark, libwscodecs
and libwiretap).
The folder names are respectively plugins/X.Y/{epan,codecs,wiretap}.
Currently we only distribute "epan" (libwireshark) plugins.
Change-Id: I3438787a6f45820d64ba4ca91cbe3c8864708acb
Reviewed-on: https://code.wireshark.org/review/23983
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
Add the "special handling" of length = 0xFF for single byte or 0xFFFF
for uint16 value means size of field to follow is 0.
Ping-Bug: 14138
Change-Id: I0baa40f63152b9420a6569ca6cc5eba638fbc790
Reviewed-on: https://code.wireshark.org/review/24428
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Craig Jackson <cejackson51@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Also update ENC_VARINT_PROTOBUF documentation while we're at it
Change-Id: I72e1f9175adc0c6a8bb03ceddba04ffd4844a12e
Reviewed-on: https://code.wireshark.org/review/24485
Reviewed-by: Michael Mann <mmann78@netscape.net>
That allows a parallel typedef of ws_in4_addr for guint32.
Change-Id: I03b230247065e0e3840eb87635315a8e523ef562
Reviewed-on: https://code.wireshark.org/review/24073
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Modeled after BASE_PT_XXX, this will format a FT_UINT24 to look a OUI, in the form of:
XX:XX:XX (Manufacturer Name) for display.
For display filtering, it will treat the value as hexadecimal.
It requires that FT_UINT24 be the field type.
Change-Id: I8716ae4dfcd4e854764a2425e2ff13c50f571d52
Reviewed-on: https://code.wireshark.org/review/23869
Reviewed-by: Richard Sharpe
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
FI_BITS_XXX were using bits 5-15 of the field_info->flags bitmask.
Move FI_VARINT to be outside of that range.
Change-Id: I92efcb5644cdbb562537d2813b611e583315874b
Reviewed-on: https://code.wireshark.org/review/23871
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
That's consistent with the other DISSECTOR_ASSERT_FIELD_TYPE... macros.
Change-Id: I1f5711b29ae8a440b0529373eb7903ff122ea18e
Reviewed-on: https://code.wireshark.org/review/23681
Reviewed-by: Guy Harris <guy@alum.mit.edu>
For a sane plugin build environment. Include config.h as the first
header in the .c file instead.
Fix by moving required compiler attribute macros to a new
"ws_attributes.h" API header.
Change-Id: I34f58a927f68c1a0e59686c14d214825149749e1
Reviewed-on: https://code.wireshark.org/review/23400
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
"enterprise-numbers" is converted to tab-separated values and renamed
"enterprises". Unused fields are stripped.
PENs are stored in a hash table loaded at run-time.
User "enterprises" file is loaded from the personal config dir.
Misc make-sminmpec.pl improvements and fixes.
Note: names of type "Entity (formerly ...)" have the formerly part commented out for a cleaner output.
Change-Id: I60c533afbe3e399077fbf432088064471ad3e1e2
Reviewed-on: https://code.wireshark.org/review/22246
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: João Valverde <j@v6e.pt>
It does what it says on the label. You get back TRUE or FALSE in a
gboolean.
While we're at it, remove a copied-and-pasted comment that doesn't
apply, and update another comment.
Change-Id: I117391d2ffe44124a614a7f64dad1b389c1ebc6a
Reviewed-on: https://code.wireshark.org/review/21394
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Just like proto_tree_add_item_ret_uint, but with 64-bit support
Change-Id: Ie0cbfda9e63bf21e85df2d674e391a6c0abe92f7
Reviewed-on: https://code.wireshark.org/review/21355
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
It makes it a bit clearer what its purpose is - to allow a value_string
to be used for numeric rather than enumerated fields, giving certain
values of the field a special meaning.
Change the explanation in the documentation to match as well.
Change-Id: Id07b22eee996b79ea5f3473928d29adcabe09bf3
Reviewed-on: https://code.wireshark.org/review/21209
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It's sufficient to include <epan/proto.h>...
...as long as <epan/proto.h> includes <epan/tfs.h>, just as it includes
<epan/value_string.h>.
And, since it's already including <epan/value_string.h>, it doesn't need
to have a definition of struct _value_string as an incomplete type,
given that <epan/value_string.h> gives a definition of it as a complete
type.
Change-Id: Ic296bc0b0d68277ba7e0569412b780fd847ecca2
Reviewed-on: https://code.wireshark.org/review/21033
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
XXX_prime_with_YYY makes it a bit clearer than does XXX_prime_YYY that
we're not priming YYY, we're priming XXX *using* YYY.
Change-Id: I1686b8b5469bc0f0bd6db8551fb6301776a1b133
Reviewed-on: https://code.wireshark.org/review/21031
Reviewed-by: Guy Harris <guy@alum.mit.edu>
BASE_VALS_NO_UNKNOWN is a special value_string value for only a single
(maybe 2) numerical value(s). If a field has the numerical value
that doesn't match anything in the value_string, just the number
is supplied for the field (no "Unknown")
Dissectors that had this use case have been converted in the patch.
Change-Id: Ie63a36cceec2fe4436938ec7e3d7f9e690d2b8d9
Reviewed-on: https://code.wireshark.org/review/20736
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add a "report a warning message" routine to the "report_err" code in
libwsutil, and rename files and routines appropriately, as they don't
only handle errors any more.
Have a routine read_enabled_and_disabled_protos() that reads all the
files that enable or disable protocols or heuristic dissectors, enables
and disables them based on the contents of those files, and reports
errors itself (as warnings) using the new "report a warning message"
routine. Fix that error reporting to report separately on the disabled
protocols, enabled protocols, and heuristic dissectors files.
Have a routine to set up the enabled and disabled protocols and
heuristic dissectors from the command-line arguments, so it's done the
same way in all programs.
If we try to enable or disable an unknown heuristic dissector via a
command-line argument, report an error.
Update a bunch of comments.
Update the name of disabled_protos_cleanup(), as it cleans up
information for disabled *and* enabled protocols and for heuristic
dissectors.
Support the command-line flags to enable and disable protocols and
heuristic dissectors in tfshark.
Change-Id: I9b8bd29947cccdf6dc34a0540b5509ef941391df
Reviewed-on: https://code.wireshark.org/review/20966
Reviewed-by: Guy Harris <guy@alum.mit.edu>
While at it fix expert info a typo and an calculation.
Change-Id: I071a36edb7eed5f58708b98aebcb24bc6c34f2a8
Reviewed-on: https://code.wireshark.org/review/20766
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add some new encodings for absolute time stamps, and use them as
appropriate; this fixes some cases where the time stamps in question
were being dissected incorrectly.
For the encodings with seconds and 1/2^32s of a second, don't
arbitrarily give only microsecond resolution; 2^32 is greater than 1
million, and, in fact, at least some NTP RFCs explicitly talk about time
resolution greater than 1 microsecond.
Update references in the RELOAD dissector to reflect the documents in
question having been updated and published as RFCs.
Change-Id: Icbe0b696d65eb622978eb71e99ddf699b84e4fca
Reviewed-on: https://code.wireshark.org/review/20759
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It's some weird hybrid of UN*X time and NTP time stamps, using UN*X's
epoch and NTP's seconds/fractions split. I'm sure they had their
reasons for not using something like struct timespec or regular NTP
time, and instead inventing something that's halfway in between them.
Change-Id: I1f39ec1368af52b82adfa2a22677dfa6e9341309
Reviewed-on: https://code.wireshark.org/review/20711
Reviewed-by: Guy Harris <guy@alum.mit.edu>
From a look at the libosmocom code, time stamps in
GSMTAP_TYPE_OSMOCORE_LOG messages appear to be UN*X struct timevals with
a 4-byte tv_sec, not anything NTP-like with the fraction-of-a-second
part in units of 1/2^32s of a second.
Add ENC_TIME_TIMEVAL to handle time stamps like that, and use it rather
than ENC_TIME_NTP_BASE_ZERO.
Change-Id: Ia1511527ee292fb7725b2a64c0af16d23ff10a6d
Reviewed-on: https://code.wireshark.org/review/20710
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Also add documentation strings to the base values.
Change-Id: I00ac8f154fdd0382106ed27d740e16956520be97
Reviewed-on: https://code.wireshark.org/review/20554
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
This is for dissectors that need distinguishing names either for registering
multiple dissection functions in a single dissector table or for "internal"
dissectors whose just need a name associated with the dissection function.
Features like enable/disable are handled by the "parent" protocol.
This avoids clutter in the "official" protocol list.
Change-Id: I69e7d27d332ae85286f254e95e8d79920da7a9e2
Reviewed-on: https://code.wireshark.org/review/19464
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
There are times when byte arrays don't want to show their value
in the packet tree or there is a field that is the "header" of
a subtree where showing the field value distracts from the tree
display. For these cases, BASE_NO_DISPLAY_VALUE can be used
to not display the value.
Change-Id: I8c9f1f57cd2e663dbee07e2289e7f5e1f22d1e32
Reviewed-on: https://code.wireshark.org/review/19479
Reviewed-by: Michael Mann <mmann78@netscape.net>
We save a list of dissectors that are disabled through the Enabled Protocols
dialog. This is because we assume dissectors are enabled by default.
For dissectors that are disabled by default, we have no way to keep them
enabled through the Enabled Protocols dialog. A dissector that defaults
to being disabled has to be reset to enabled each time Wireshark is launched.
Add a list similar to the disabled list for enabling dissectors that are
disabled by default.
This mostly applies to post-dissectors.
Change-Id: I31a8d97a9fdbc472fe2a8666384e0f8786bb8e9f
Reviewed-on: https://code.wireshark.org/review/19405
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add handling of STR_ASCII and STR_UNICODE as base types for string
and stringz. Add handling of SEP_DOT, SEP_DASH, SEP_COLON and
SEP_SPACE for bytes and uint_bytes. Add SEP_NONE for completeness.
Change-Id: Ida46c215fee7ec7132ec91ab5dd6cb3de4628920
Reviewed-on: https://code.wireshark.org/review/19337
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Also added a note above field_display_e enum to indicate that this
values are parsed in make-init-lua.pl to build init.lua.
Change-Id: Ibd125684f9a68e1b8116fae0ccbc72147825d75d
Reviewed-on: https://code.wireshark.org/review/19336
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Several calls to proto_tree_add_[float|double]_xxx could be better served
using BASE_UNIT_STRING with a "unit string" in hf_ field.
Added a few more "common" unit string values to unit_strings.[ch]
Change-Id: Id0da7b579403898d20c2667d6c4abcd59d5a48d4
Reviewed-on: https://code.wireshark.org/review/19241
Reviewed-by: Michael Mann <mmann78@netscape.net>
This was inspired by the https://www.wireshark.org/lists/wireshark-dev/201505/msg00029.html thread.
Used TCP and NTP dissectors as the guinea pig with sample use.
Documentation updates includes some unrelated cleanup just because it was noticed.
Change-Id: I59b26e1ca3b95e3473e4757f1759d7ad82976965
Reviewed-on: https://code.wireshark.org/review/19211
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Have a routine that takes a 256-element translation table and uses it to
map various flavors of EBCDIC to Unicode. Have separate translation
tables for "common" EBCDIC (everything that's the same in all EBCDIC
code pages that include the original EBCDIC characters) and EBCDIC code
page 037. Add ENC_EBCDIC_CP037 for code page 037.
Change-Id: Ia882b3c0abef9e30eb54cd47396e6fa0d6342044
Reviewed-on: https://code.wireshark.org/review/19212
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Bug: 13032
Change-Id: I6bf2cc2c43a6262d899a304df6576d9831115966
Reviewed-on: https://code.wireshark.org/review/18350
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Apply mask and bit shift on the returned value.
Change-Id: I00aebc854756f01a25199a259d6d5252abea4349
Reviewed-on: https://code.wireshark.org/review/17958
Reviewed-by: Anders Broman <a.broman58@gmail.com>
No functional change, fixes typos, adds some meaningful function
parameters and tries to clarify the memory management concerns.
Also fix a -Wdocumentation issue in epan/proto.h
Change-Id: I59d1fcd2ce96178e0a64a0709409a9a7a447c7c6
Reviewed-on: https://code.wireshark.org/review/17431
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Change-Id: Ibc43b1976d5827e8c40252a5200852fbcd00b70c
Reviewed-on: https://code.wireshark.org/review/16763
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: João Valverde <j@v6e.pt>
This is an attempt to standardize display/handling of checksum fields for all dissectors.
The main target is for dissectors that do validation, but dissectors that just report the
checksum were also included just to make them easier to find in the future.
Bug: 10620
Bug: 12058
Ping-Bug: 8859
Change-Id: Ia8abd86e42eaf8ed50de6b173409e914b17993bf
Reviewed-on: https://code.wireshark.org/review/16380
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Allow a dissector to mark its protocol as "disabled by default", which
means that the "enable all protocols" routine won't enable it. This is
necessary in order to allow the disabling of protocols not to be
unintentionally changed due to profile changes; see bug 9826.
Change-Id: I3947f794c21350b70a8de06899cfc7715b77f90f
Ping-Bug: 9826
Reviewed-on: https://code.wireshark.org/review/16109
Reviewed-by: Guy Harris <guy@alum.mit.edu>
assertion.
If a dissector forces registration of fields during dissection it needs to do
so in a way that clears the prefix registration. Otherwise epan will call the
registration routine a 2nd time (which will cause us to assert out) if a user
types a display filter (with the dissector's prefix) that doesn't exist.
Update the proto_register_prefix() comments to reflect this.
Change-Id: I3ce29243395fb55192bb5dfd950baa88410ac136
Reviewed-on: https://code.wireshark.org/review/15881
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Ran across enough situations that proto_tree_add_bitmask_list couldn't
solve that it seemed necessary.
Change-Id: I6a540ac6efca76cae7c4571a84bb400538652784
Reviewed-on: https://code.wireshark.org/review/15880
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It requires some "extra work" to get it to work properly. Despite
documenting it, some previous use cases didn't do the extra work.
Let's just see how we get by without it.
Change-Id: I31dba1d5038d793085f6c9e4b4a6eda574e86872
Reviewed-on: https://code.wireshark.org/review/15610
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
packet-wsp.c hasn't used proto_tree_append_string() since
Ic5467289aae7d54e78c1fd65f93358387d6139aa. Use packet-frame as the example
instead.
Change-Id: I69fb10679ec1685a61aac182414e596b345153fd
Reviewed-on: https://code.wireshark.org/review/15563
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
rawshark shouldn't be converting FT_ and BASE_ values into strings on its own, there's a function for that.
Change-Id: Ib4ce1651ee130a03644b5de3ab471333444e19a9
Reviewed-on: https://code.wireshark.org/review/15341
Reviewed-by: Michael Mann <mmann78@netscape.net>
Don't just treate the strings as piles of ASCII characters.
Add a proto_tree_add_item_ret_string_and_length() routine to help do
this. Clean up some of the documentation of the proto_tree_add_item_ret
routines while we're at it.
Change-Id: Ib4c52bd8a8331eac97312583326f5be9175889d9
Reviewed-on: https://code.wireshark.org/review/15291
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Having to define two macros for marking a function as never returning
seems a bit redundant. Merge the MSVC and GCC-like attributes into a
single WS_NORETURN.
Tested with Clang 3.7.1, GCC 4.4.7 and even GCC 4.1.2 using this small
program (-Wall -Wextra, the first two generate warnings for
uninitialized variables, the last one compiles without warnings):
#include <stdlib.h>
__attribute__((noreturn)) void foo() { exit(1); }
__attribute__((noreturn)) void bar();
void bar() { exit(1); }
int main() {
int j, i;
if (i) { bar(); return j; }
foo();
return j;
}
Change-Id: I7d19c15e61b8f8fa4936864407199c4109f8cc82
Reviewed-on: https://code.wireshark.org/review/14822
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
(The check to ensure the delayed field registration had been done was still
wrapped inside an if(tree) but a bunch of proto_add_*()'s had been pulled out
from under if(tree)'s thus causing some hf's to be used before registered.)
Also simplify the code to ensure the fields are registered since we're doing it
potentially many times per frame: do an integer comparison rather than looking
up an hf by name.
Add a note to the docs for proto_register_prefix() to make it clear that the
initializer routine may not be called before the dissector is asked to dissect
something.
Change-Id: I5dc1154638a290c3a94149184d56570c3abb836a
Reviewed-on: https://code.wireshark.org/review/14711
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
It adds string-type fields to the protocol tree and returns the value of
the string.
Add the new bitmask-adding routines to the Debian symbol list while
we're at it.
Change-Id: Idaeec44c9cd373588cadce85010f3eaf1f3febb5
Reviewed-on: https://code.wireshark.org/review/13657
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add tables for heuristic dissectors, and add dissectors for the stuff
Microsoft puts there for RDP; they're violating the COTP spec, but I
guess they're stuck because they're using TP0, which doesn't support
user data.
While we're at it, add variants of proto_tree_add_bitmask() and
proto_tree_add_bitmask_flags() that return the bitmask, for use by
callers.
A side-effect of the change is that the proto_tree_add_bitmask routines
no longer treat the encoding as a Boolean, so we have to pass
ENC_LITTLE_ENDIAN or ENC_BIG_ENDIAN, not just some non-zero or zero
value. Do so.
Rename ositp_decode_CC() to ositp_decode_CR_CC(), to note that it
decodes both CR and CC PDUs.
Bug: 2626
Change-Id: If5fa2a6dfecd9eb99c1cb8104f2ebceccf1e57c2
Reviewed-on: https://code.wireshark.org/review/13648
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Output from BASE_HEX et al has always been zero-padded to according to
the field type - 8 digits for FT_UINT32, etc.
When the field has a bitmask, this is definitely not appropriate - the
field type is used to indicate the size of the bitfield container, and
tells us nothing about the size of this field.
Instead, determine the actual size of the field by inspecting the
bitmask, and output the corresponding number of hex digits.
Change-Id: I10ec4e93e1e40e8b1354d5368cc8945cf671a617
Reviewed-on: https://code.wireshark.org/review/13225
Reviewed-by: João Valverde <j@v6e.pt>
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
proto_item_get_len() is *not* guaranteed to return a correct value.
Even if there's a non-null tree item, it might be pointing to a "faked"
item; it really shouldn't be used.
So add proto_tree_add_item_ret_length() and
proto_tree_add_item_new_ret_length(), which calculate the real length
themselves and return it through a pointer.
Fix as many places as we straightforwardly can to use them rather than
to use proto_item_get_len(). (There's a Lua API for
proto_item_get_len(), so we keep it around, but we should add Lua APIs
for the new routines, and deprecate the old API.)
Fix ptvcursor_add() to do the same thing that
proto_tree_add_item_ret_length() and
proto_tree_add_item_new_ret_length() do.
Split the TRY_TO_FAKE_THIS_ITEM macros into a macro to check for the
tree being null and to try to fake the item. We don't always use the
former macro, as we might need to do more than just return NULL if the
incoming tree is null (for example, calculating the item's real length
and using it...).
new_field_info() never returns NULL; remove checks for it. The check
for a null tree is done before the calls to new_field_info().
Change-Id: I002a218d1f810c73e0de837e0ac6ebcde21bacec
Reviewed-on: https://code.wireshark.org/review/13139
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Instead, prime the epan_dissect_t's tree to look for rtp.ssrc, and
extract that value with proto_get_finfo_ptr_array().
Also, have the filter used to check whether the packet is a candidate
for RTP analysis to check for RTPv2 (and add a check for IPv4 or IPv6
back to the Qt version), and get rid of an unnecessary extra level of
indirection for that string.
In the Qt version, if findStreams() set the error string, don't
overwrite it with a "No streams found." indication, and fix error
handling for the "filter didn't compile" case.
Change-Id: I09d0ea37ccd4806d99e3b6394f2a8a376e974705
Reviewed-on: https://code.wireshark.org/review/13045
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(Probably inserted by a script.)
Change-Id: Ibf4e4d84c0c036841971df8dad54a916502d6909
Reviewed-on: https://code.wireshark.org/review/13036
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add support for IEEE-11073 32-bit FLOAT and 16 bit SFLOAT field types.
Use them in Bluetooth ATT dissector.
Change-Id: Ife0f3843da84a9af23483b0a0d9b69cd2f511d08
Reviewed-on: https://code.wireshark.org/review/12680
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Michal Labedzki <michal.labedzki@tieto.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Most of the deregister functions are used internally from Lua
while reloading plugins. Don't export them for others to use.
Change-Id: I919dbfa807f696c38d409ca7206104a0fba1ae65
Reviewed-on: https://code.wireshark.org/review/12508
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
<MISSING> implies that the field should be there and isn't. Allow dissectors to specify when a zero-sized array for a field is perfectly valid.
Ping-Bug: 11803
Change-Id: I3fd60e3c6f832c6b4a3a8837ebc52c3e74e795ae
Reviewed-on: https://code.wireshark.org/review/12271
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: João Valverde <j@v6e.pt>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This prevents some false positives for fix-encoding_args.pl which doesn't like constant values (like 0) passed as the last argument to any proto_tree_add_xxx call.
Change-Id: Iab7b09b425bf0d48126533daa0e65490bd7b8890
Reviewed-on: https://code.wireshark.org/review/12167
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Check if description (protocol name) and short_name are used before
registering the protocol. This because proto_register_protocol() makes
sure there's not already a protocol with any of the names registered
and duplicates will be reported with a g_error() which terminates the
Wireshark unexpectedly.
Also check if short_name contains valid characters.
Give appropriate error messages.
Bug: 11739
Change-Id: Ib9776a2a3406ae5278ce744defd61864ebed0282
Reviewed-on: https://code.wireshark.org/review/11995
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
RTPS uses NTP encoding with a BASETIME equal to 0.
Also, changed "magic" by "Magic"
Change-Id: I2512176f2018396edaa6b2a1478facd26118cb13
Reviewed-on: https://code.wireshark.org/review/11184
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: If5897e8137f729503edf2cafb49b2ebeab4716ad
Reviewed-on: https://code.wireshark.org/review/10997
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
tvb_get_ipv6() takes a struct e_in6_addr *, use that here too.
Change-Id: Id8b368daa05c151a61d4bc01dc88c00da13e9c88
Reviewed-on: https://code.wireshark.org/review/10953
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Balint Reczey <balint@balintreczey.hu>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: Ic6b3d71c3c9a14688b55d98f402d359f69524394
Reviewed-on: https://code.wireshark.org/review/10939
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Avoid displaying duplicate port numbers with transport name resolution disabled and
make some dissector code simpler.
Introduces port_with_resolution_to_str_buf() function and amends UDP/TCP/DCCP/SCTP to
use the new field display type.
Change-Id: Ifb97810b9c669ccbb1a310a2c0ffd6e2b63af210
Reviewed-on: https://code.wireshark.org/review/10625
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
While IPv4 subnet masks are obviously related and similar to IPv4
addresses, they are distinct enough that they need to be treated
seperately in some aspects. For instance, there is no value in
attempting to resolve a subnet mask.
This change creates a new display type: BASE_NETMASK, which allows distinction from FT_IPv4
(and possible name resolution) where appropriate.
Change-Id: I99e19c9a58eb613f8e58d481af84c30e2e5e14d7
Reviewed-on: https://code.wireshark.org/review/10438
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
are registered.
Change-Id: I06f10d96916640cb9a782cae87898a5dd6c9c6e3
Reviewed-on: https://code.wireshark.org/review/10601
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Its time has finally come.
Technically I just renamed it to proto_tree_add_text_internal and removed the WS_DLL_PUBLIC (so it shouldn't link outside of epan). It's still (legitimately) used by expert.c otherwise I would have made it static within proto.c (and the rename wouldn't have been necessary).
Change-Id: I9bdf888d5e92bc7b70a3f5461b9297a66d994b80
Reviewed-on: https://code.wireshark.org/review/10594
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>