Model get_manuf_name after get_ether_name so that a string (either name resolved or colon-separated bytes) is always stored in a hash table. This will make name resolution of addresses perform a little better because it doesn't have to work about the wmem_allocator.
Change-Id: I80f465ae0845290255a659ab63310ac3cc35506e
Reviewed-on: https://code.wireshark.org/review/7075
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I5de4c34e2acafbe47a8ca3f07040a774e72d0d3e
Reviewed-on: https://code.wireshark.org/review/6787
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I973c672e9d573ad67e9b9fd82a5610aaf8a74efa
Reviewed-on: https://code.wireshark.org/review/6605
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I79c613cbdd8dc939dd4c29ebc477fb6eefd5bfc4
Reviewed-on: https://code.wireshark.org/review/6371
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fourth batch (packet-mac-lte.c -> packet-rtp.c).
Will look at cleaning up and committing script afterwards.
Change-Id: Id921f07f4b274f0cfb77ce81abe4a285fdb8b644
Reviewed-on: https://code.wireshark.org/review/6023
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Specifically:
- Set packet.h to be the first wireshark #include after
config.h and "system" #includes.
packet.h added as an #include in some cases when missing.
- Remove some #includes included (directly/indirectly) in
packet.h. E.g., glib.h.
(Done only for those files including packet.h).
- As needed, move "system" #includes to be after config.h and
before wireshark #includes.
- Rework various #include file specifications for consistency.
- Misc.
Change-Id: Ifaa1a14b50b69fbad38ea4838a49dfe595c54c95
Reviewed-on: https://code.wireshark.org/review/5923
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Bill Meier <wmeier@newsguy.com>
(for some dissectors which fetch all other integral fields using
ENC_BIG_ENDIAN).
Change-Id: Ic18e3172aad76af12b12d6732c88497be22aed56
Reviewed-on: https://code.wireshark.org/review/5748
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Part 2 of many
Change-Id: I50815e7738b011382392f3078a7107d3d9eec4ec
Reviewed-on: https://code.wireshark.org/review/5542
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I51702e9372551a28ea604d21d4bbf0eb4d9588ae
Reviewed-on: https://code.wireshark.org/review/4831
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add macros to set entries of a vec_t, one for use when you have a
pointer to private data, and one for use when you have data in a tvbuff.
The latter wraps the use of tvb_get_ptr(), so that you're not directly
calling it in a dissector.
Move ip_checksum() to epan/in_cksum.c, and add an ip_checksum_tvb() that
wraps the use of tvb_get_ptr().
In the CARP dissector, give the length variable an unsigned type -
there's no benefit to it being signed, and that requires some casts to
be thrown around.
In the DCCP dissector, check only against the coverage length to see if
we have enough data, combine the "should we check the checksum?" check
with the "*can* we check the checksum?" check in a single if, and throw
a dissector assertion if the source network address type isn't IPv4 or
IPv6.
Get rid of inclues of <epan/in_cksum.h> in dissectors that don't use any
of the Internet checksum routines.
In the HIP dissector, make sure we have the data to calculate the
checksum before doing so.
Change-Id: I2f9674775dbb54c533d33082632809f7d32ec8ae
Reviewed-on: https://code.wireshark.org/review/3517
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: Idd1b20ab32c0960ea52c6f3bc5346462c37c5684
Reviewed-on: https://code.wireshark.org/review/2853
Reviewed-by: Michael Mann <mmann78@netscape.net>
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
obvious that the returned string is ephemeral, and opens up the original names
in the API for versions that take a wmem pool (and thus can work in any scope).
svn path=/trunk/; revision=54249
1. Case sensitivity differences between hf_ field name and formatted string.
2. Unnecessary whitespace between hf_ field name and colon in formatted string
There are cases where the hf_ field name doesn't quite match the proto_tree_add_uint_format, but it's close enough that one of them should be "right", I'm just not sure which is, I just know the string in proto_tree_add_uint_format is the one displayed.
svn path=/trunk/; revision=52098
The script didn't catch as many as I would have liked, but it's a start.
The most common (ab)use of proto_tree_add_uint_format was for appending strings to CRC/checksum values to note good or bad CRC/checksum.
svn path=/trunk/; revision=52045
Also:
- #if 0 out some unused hf[] entries;
- use val_to_str_const() in a few places;
- remove some unneeded initializers;
- do col_set_str()/col_clear() before referencing tvb;
- reformat hf[] entries;
- Fix whitespace (4-space tabs, etc).
svn path=/trunk/; revision=42746
Specifically: Replace FALSE|0 and TRUE|1 by ENC_BIG_ENDIAN|ENC_LITTLE_ENDIAN as
the encoding parameter for proto_tree_add_item() calls which directly reference
an item in hf[] which has a type of:
FT_BOOLEAN
FT_IPv4
FT_EUI64
FT_GUID
FT_UINT_STRING
Also: For type FT_ITv6 use ENC_NA. (This was missed in SVN #39260)
svn path=/trunk/; revision=39328
Specifically: Replace FALSE|0 and TRUE|1 by ENC_BIG_ENDIAN|ENC_LITTLE_ENDIAN as
the encoding parameter for proto_tree_add_item() calls which directly reference
an item in hf[] which has a type of:
FT_UINT8
FT_UINT16
FT_UINT24
FT_UINT32
FT_UINT64
FT_INT8
FT_INT16
FT_INT24
FT_INT32
FT_INT64
FT_FLOAT
FT_DOUBLE
svn path=/trunk/; revision=39288
keys to have _uint in their names, to match the routines that handle
dissector tables with string keys. (Using _port can confuse people into
thinking they're intended solely for use with TCP/UDP/etc. ports when,
in fact, they work better for things such as Ethernet types, where the
binding of particular values to particular protocols are a lot
stronger.)
svn path=/trunk/; revision=35224
The attached patch improves NHRP dissection and encompasses the following
changes:
1) Now displays Request ID and CIE Reply code or Error code in Info column.
2) Added support for RFC 2520 and RFC 2735 extensions and error codes.
References:
-> http://www.ietf.org/rfc/rfc2520.txt?number=2520
-> http://www.ietf.org/rfc/rfc2735.txt?number=2735
Note: Cisco's NAT Address Extension conflicts with RFC 2735's published
Device Capabilities Extension. Both are assigned type 9. As such, I have had
to add some heuristics to differentiate between them. It should be reliable
though since the former carries a CIE with length > 8 bytes, and the latter a
fixed-length payload of 8 bytes.
3) A few fields previously not filterable now are: hf_nhrp_hdr_op_type,
hf_nhrp_hdr_version and hf_nhrp_error_code.
4) Added support for authentication and vendor-private extension header decode.
NOTE: The authentication extension has been added according to RFC 2332. In
practice, it seems that at least with certain Cisco equipment (I tested with
cisco 2851 IOS version 12.4(15)T), they use their own non-standard
authentication extension format. Because of this, Cisco's version of the
extension will likely either be displayed a little differently than one may
expect or be indicated as being mal-formed ... because in reality, it is.
5) Utilizes expert info in a couple more places to indicate mal-formed packets.
Cisco's Error Indication packet, for example, violates RFC 2332 Section 5.2.7
by including extensions in the Error Indication packet as well as by including
erroneous data following the End Extension. Both cases are reported via expert
info now. Previously, at least with the case of the erroneous data following
the End Extension, the packet would almost certainly have been marked
mal-formed anyway. I now just prevent Wireshark from even attempting to decode
the non-sensical mess.
svn path=/trunk/; revision=29833
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
An NHRP extension offset of 0 is not an error - it means there are no
extensions.
Start using the address family number to determine the type of
link-layer addresses in NHRP. Don't fetch IPv4 addresses and add them
to the tree - just use proto_tree_add_item().
svn path=/trunk/; revision=28286
a trailer.
Clean up the NHRP dissector's handling of the protocol ID to fully
implement RFC 2332 (and mention that 2332 is the RFC for NHRP). Don't
compute the checksum unless we have all the packet data, and don't use
the captured length as the actual packet length. Check for an invalid
extension offset value. Get rid of some unneeded
tvb_ensure_bytes_exist() calls. Dissect - and set the columns -
regardless of whether we're building the protocol tree. Mark the packet
in error reports as an error packet.
svn path=/trunk/; revision=28273