- use and free glib memory instead of ep_ memory - another dissector down
- propogate errors correctly
- produce a warning if an error occurs loading the DB
- add XXX comments about realloc handling that may or may not be a memory leak
in failure cases
svn path=/trunk/; revision=52865
Bluetooth protocols use items, so dissect it to improve filtering and better user experience - text object cannot be filterable or comparable.
From Michal Labedzki
svn path=/trunk/; revision=52863
convert all existing UAT update callbacks to use glib memory instead of
ephemeral memory for that string.
UAT code paths are entirely distinct from packet dissection, so using ephemeral
memory was the wrong choice, because there was no guarantees about when it would
be freed.
The move away from emem still needs to be propogated deeper into the UAT code
itself at some point.
Net effect: remove another bunch of emem calls from dissectors, where replacing
with wmem would have caused assertions.
svn path=/trunk/; revision=52854
accessing tag_to_type[tag]: while the array is made of enums and the values of
the enum will fit in a guint8 (making the conditional safe) compilers don't
*have* to "right size" the storage for the enum. They very well could be lazy
and store the enum in int's.
Replace it with a macro that tells us the size of the array.
svn path=/trunk/; revision=52842
Change cflow.sysuptime from an FT_UINT32 (milliseconds since the router booted)
to an FT_RELATIVE_TIME (seconds since the router booted). I don't imagine
anyone will care if we show them seconds or milliseconds and it satisfy the
user's request (in that bug) to compare cflow.sysuptime to cflow.timeend (which
is already an FT_RELATIVE_TIME).
(If someone does care, we could always display the field twice, once in
milliseconds and once in seconds.)
svn path=/trunk/; revision=52821
I'm not sure of the correct way of fixing them.
file-elf.c(642) : error C2220: warning treated as error - no 'object' file generated
file-elf.c(642) : warning C4244: '=' : conversion from 'guint64' to 'gint', possible loss of data
file-elf.c(644) : warning C4244: 'function' : conversion from 'guint64' to 'const gint', possible loss of data
file-elf.c(715) : warning C4244: 'function' : conversion from 'guint64' to 'const guint32', possible loss of data
file-elf.c(729) : warning C4244: 'function' : conversion from 'guint64' to 'const guint32', possible loss of data
file-elf.c(752) : warning C4244: 'function' : conversion from 'guint64' to 'const gint', possible loss of data
file-elf.c(917) : warning C4244: 'function' : conversion from 'guint64' to 'gint', possible loss of data
file-elf.c(967) : warning C4244: 'function' : conversion from 'guint64' to 'gint', possible loss of data
file-elf.c(1013) : warning C4244: 'function' : conversion from 'guint64' to 'gint', possible loss of data
file-elf.c(1015) : warning C4244: '+=' : conversion from 'guint64' to 'gint', possible loss of data
file-elf.c(1018) : warning C4244: 'function' : conversion from 'guint64' to 'gint', possible loss of data
file-elf.c(1019) : warning C4244: '+=' : conversion from 'guint64' to 'gint', possible loss of data
file-elf.c(1021) : warning C4244: 'function' : conversion from 'guint64' to 'gint', possible loss of data
file-elf.c(1036) : warning C4244: 'function' : conversion from 'guint64' to 'gint', possible loss of data
file-elf.c(1069) : warning C4244: 'function' : conversion from 'guint64' to 'gint', possible loss of data
file-elf.c(1071) : warning C4244: '+=' : conversion from 'guint64' to 'gint', possible loss of data
file-elf.c(1074) : warning C4244: 'function' : conversion from 'guint64' to 'gint', possible loss of data
file-elf.c(1075) : warning C4244: '+=' : conversion from 'guint64' to 'gint', possible loss of data
file-elf.c(1253) : warning C4244: 'function' : conversion from 'guint64' to 'gint', possible loss of data
file-elf.c(1257) : warning C4244: 'function' : conversion from 'guint64' to 'gint', possible loss of data
file-elf.c(1285) : warning C4244: '=' : conversion from 'guint64' to 'gint', possible loss of data
file-elf.c(1381) : warning C4244: 'function' : conversion from 'guint64' to 'gint', possible loss of data
file-elf.c(1381) : warning C4244: 'function' : conversion from 'guint64' to 'gint', possible loss of data
file-elf.c(1394) : warning C4244: '=' : conversion from 'guint64' to 'gint', possible loss of data
file-elf.c(1411) : warning C4244: 'function' : conversion from 'guint64' to 'const gint', possible loss of data
file-elf.c(1411) : warning C4244: 'function' : conversion from 'guint64' to 'const gint', possible loss of data
file-elf.c(1414) : warning C4244: 'function' : conversion from 'guint64' to 'const gint', possible loss of data
file-elf.c(1414) : warning C4244: 'function' : conversion from 'guint64' to 'const gint', possible loss of data
file-elf.c(1417) : warning C4244: 'function' : conversion from 'guint64' to 'const gint', possible loss of data
file-elf.c(1453) : warning C4244: '=' : conversion from 'guint64' to 'gint', possible loss of data
file-elf.c(1486) : warning C4244: 'function' : conversion from 'guint64' to 'const gint', possible loss of data
file-elf.c(1486) : warning C4244: 'function' : conversion from 'guint64' to 'const gint', possible loss of data
file-elf.c(1489) : warning C4244: 'function' : conversion from 'guint64' to 'const gint', possible loss of data
file-elf.c(1489) : warning C4244: 'function' : conversion from 'guint64' to 'const gint', possible loss of data
file-elf.c(1492) : warning C4244: 'function' : conversion from 'guint64' to 'const gint', possible loss of data
file-elf.c(1581) : warning C4244: 'function' : conversion from 'guint64' to 'gint', possible loss of data
file-elf.c(1581) : warning C4244: 'function' : conversion from 'guint64' to 'gint', possible loss of data
file-elf.c(1586) : warning C4244: 'function' : conversion from 'guint64' to 'gint', possible loss of data
file-elf.c(1586) : warning C4244: 'function' : conversion from 'guint64' to 'gint', possible loss of data
file-elf.c(1592) : warning C4244: 'function' : conversion from 'guint64' to 'gint', possible loss of data
file-elf.c(1592) : warning C4244: 'function' : conversion from 'guint64' to 'gint', possible loss of data
file-elf.c(1598) : warning C4244: '=' : conversion from 'guint64' to 'gint', possible loss of data
file-elf.c(1601) : warning C4244: 'function' : conversion from 'guint64' to 'gint', possible loss of data
file-elf.c(1612) : warning C4244: '=' : conversion from 'guint64' to 'gint', possible loss of data
file-elf.c(1615) : warning C4244: 'function' : conversion from 'guint64' to 'gint', possible loss of data
file-elf.c(1626) : warning C4244: '=' : conversion from 'guint64' to 'gint', possible loss of data
file-elf.c(1637) : warning C4244: '=' : conversion from 'guint64' to 'gint', possible loss of data
file-elf.c(1640) : warning C4244: 'function' : conversion from 'guint64' to 'gint', possible loss of data
file-elf.c(1641) : warning C4244: '+=' : conversion from 'guint64' to 'gint', possible loss of data
file-elf.c(1680) : warning C4244: 'function' : conversion from 'guint64' to 'gint', possible loss of data
file-elf.c(1686) : warning C4244: 'function' : conversion from 'guint64' to 'gint', possible loss of data
file-elf.c(1698) : warning C4244: 'function' : conversion from 'guint64' to 'gint', possible loss of data
svn path=/trunk/; revision=52781
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8818
Add support for dissection ELF files. It opens as a "capture" file via wiretap
at the moment for simplicity's sake, but the intention is eventually to have
this (and other file types we dissect) open through some other program sharing
much of the libwireshark infrastructure.
svn path=/trunk/; revision=52775
When a new Field is created, does as following:
* Check whether that field is registered, by using `proto_registrar_get_byname`. This is current behavior.
* (patched) If not registered, check whether that field is defined in LUA and will be registered. This is performed in `wslua_is_field_available` accessing LUA context.
* If not, an error "a field with this name must exist" occurs.
svn path=/trunk/; revision=52771
for FT_UINT_STRINGs and FT_UINT_BYTEs is still in the TVB. Any infinite loop
that adds a counted field ought to be extracting the length for its own offset
anyways, in which case it will overflow on the next iteration and won't actually
loop forever.
svn path=/trunk/; revision=52766
- remove duplicate/unneeded #includes
- remove some boilerplate comments
- fix up whitespace: indentation, trailing & etc
- remove 'if (tree)'
(Note: 'if (tree)' needs to be around all the code (as in the previous
version of packet-wsmp) or none so that the same value of offset is used
in various function calls whether or not 'tree == NULL'.
For the moment I've chosen to remove the 'if (tree)' since (in theory)
the (external) data dissector shouldn't be called under 'if (tree)'.
- revert SVN #52757 since no it's longer needed with the removal of 'if (tree)';
- remove another unneeded line of code.
svn path=/trunk/; revision=52761
Didn't integrate
0010-frsrpc-Regenerate-frsrpc-due-to-changes-in-the-pidl-.patch
0016-Regenerate-the-dnserver.patch
due to compilation errors on Windows.
svn path=/trunk/; revision=52744
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9312
Anders, this may be related to your recent TVB optimizations, since I don't
think it happened before that? Did you change the behaviour of tvb_find_line_end
or its callees at all?
svn path=/trunk/; revision=52730
After recent changes it's possible that epan_dissect_cleanup() can be called if there were
no dissection run on it (epan_dissect_run()) In such case ->tvb will have random value,
just initialize it to NULL in _init() and see if it's working.
Thanks goes to Evan for backtrace.
svn path=/trunk/; revision=52722
This time it makes more sense, cause for each dissection we need two wmem allocators.
Reseting wmem allocator is much faster than destroy & create.
svn path=/trunk/; revision=52706
It'd be actually good idea to seperate packet_info data (packet.c) from epan_dissect_t (epan.c),
but this rule is already violated.
Strict seperation could allow for example allow multiple dissection on the same epan_dissect_t
(I think it was idea behind it), but it's not working.
svn path=/trunk/; revision=52705
doubling leads to all sorts of very subtle badness (including test failures due
to funny internal assertions because the two wmems have mismatching state).
Make wmem_init and wmem_cleanup PUBLIC instead of LOCAL so that they don't get
stripped and don't cause a link failure when trying to build oids_test (now that
it's not linking with libwmem explicitly). There is possibly a better way to fix
this, but I'm not sure what it is.
svn path=/trunk/; revision=52694
Not sure which memory allocation should be used here (using wmem caused crash), but this revision can at least be easily backported to 1.10 where the bug was reported.
Also allow a single number to be used in the stats range since it's considered a valid "range" by the UAT.
svn path=/trunk/; revision=52679
not finding it, I finally found it in column_info.h
Renamed column_info.h to column-info.h to have consistency
with the column*h files.
svn path=/trunk/; revision=52667
Compilation fails on (only the ?) OSX-10.6-x64 buildbot with error:
netscaler.c: In function 'nstrace_read_v30':
netscaler.c:1295: warning: implicit conversion shortens 64-bit value into a 32-bit value
(Life is too short for me to dig multiple levels deep into a set of macros to try to see which
actual line of code is causing the problem. Maybe the patch submitter can identify the problem).
svn path=/trunk/; revision=52666
very smallest part of its logic. Just call tvb_get_guint8 directly and check
that the return is between 1 and 4. Properly fixes the set-but-unused and
associated warnings that were showing up.
svn path=/trunk/; revision=52648
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9273
This patch adds modelines and cleans up the irregular indentation of
this dissector's code. The only other change was in
asn1/c1222/packet-c1222-template.c to consolidate an #ifdef that had a
redundant #endif (line 812) and subsequent reopening #ifdef (line
824). The only thing between them was comments, so the span of the
original #ifdef (line 644) was simply extended by eliminating those
two lines.
The purpose for this patch is to make the file easier to edit and
understand in advance of more substantive patches later. This patch
is intended to be easy to review by having only non-substantive
changes.
svn path=/trunk/; revision=52636
WIRESHARK_DEBUG_WMEM_OVERRIDE environment variable once in wmem_init, not every
time wmem_allocator_new is called. We currently create a new pinfo pool for
every packet we dissect, so this is a small performance win, especially when
getenv is slow (which may happen if a large number of environment variables are
set, such as when fuzz-testing).
svn path=/trunk/; revision=52634
Add tshark -G column-formats report and document the missing ftypes, heuristic-decodes and plugins reports.
From me: Sort the reports. Add modelines to epan/column.c. Minor whitespace changes.
svn path=/trunk/; revision=52627
These consist of the following bitmask fields:
[packet-smb.c] 'Create Flags', 'Access Mask', 'File Attributes', 'Share Access', 'Create Options',
'Security Flags', 'Optional Support'(in TreeConnect AndX responses), and "Quota Flags"
[packet-smb2.c] 'Flags', 'Session Flags', 'Security mode', and 'Interface Capabilities'.
[packet-smb.c] Made the tfs_file_attribute_xxx true_false_string values less verbose and more compact.
[packet-smb2.c] Changed all references to "RMDA" to RDMA".
[packet_smb.c] In dissect_qfi_SMB_FILE_NETWORK_OPEN_INFO() (GetInfo response) changed "Unknown Field"
to "Reserved" (See capture 'DMtrace2.cap' frame 20023).
svn path=/trunk/; revision=52623
other way around. Also add an assert so it blows up if we get it wrong, rather
than leading to uninitialized memory.
Fixes the last errors I can find in
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9268
svn path=/trunk/; revision=52615
Changes:
- All messages now have a checksum (and not only version and verack).
- In the version message: user agent added as a string preceded by a varint length.
- Port in an address is in little endian and not big endian.
- In the version message the receiving and emitting address where inverted.
From Eric Masson
svn path=/trunk/; revision=52609
proto_tree_add_item was valid *before* we short-circuited based on a NULL tree.
This was good in that it removed a common source of really-long-loop bugs. It
was less good in that it cost us about 8% in speed when doing a tree-less
dissection, but we decided the tradeoff was worth it.
After Anders' recent mail to -dev about performance, I started thinking about
how to optimize this. It occurred to me that the vast majority of the logic
involved in the check was dealing with the length value - fetching the actual
length if it was a counted string, calculating the length if it was -1, adding
the length to the offset in a way that was free from overflows, etc.
All of this is (theoretically) unnecessary - simply checking the offset without
worrying about the length will still catch the very-long-loops, since it is the
offset that increases in each iteration, not the length.
All that to justify:
- implement tvb_ensure_offset_exists which throws an exception if the offset is
not within the tvb
- use it instead of all the complicated other logic in the pre-short-circuit
step of proto_tree_add_item and friends
This gives us back about 3/4 of the performance we lost in the original patch.
We're still ~2% slower than without any check, but this is the best I can think
of right now.
svn path=/trunk/; revision=52578
dissecting without tree, they are costly because they now happen for every
proto_tree_add_item call even if tree is NULL.
svn path=/trunk/; revision=52575
tree_data and reference it directly when allocating/freeing tree items. This
lets us keep multiple around when we need them, and still lets us use
wmem_free_all for a major speedup. It also, coincidentally, lets us get rid of
the annoying fi_tmp hack that was needed before, since that element gets swept
up in the free_all with everything else.
Keep one pool cached to avoid creating/destroying a pool for each packet,
another minor performance win.
The various changes in approach seem to balance out pretty much exactly, this
still gives ~11% over pre-52569.
svn path=/trunk/; revision=52573
field_info separately. We still have to walk the tree in order to free certain
fvalues, but that's not a big deal. Another ~11% speed-up running "tshark -nVr"
on a large capture.
svn path=/trunk/; revision=52569
Even without making use of free_all (which should be possible) this still
results in ~8% speedup running "tshark -nVr" on a large file in my tests.
svn path=/trunk/; revision=52568
Add a new strutil function format_text_chr that replaces unprintable characters
with a single passed-in char (eg a '.' or a '-') instead of a C-style escape.
This is useful for displaying binary data that frequently but not always
contains text; otherwise the number of C escape codes makes it unreadable.
svn path=/trunk/; revision=52563
a typedef of a *pointer* to the struct, not the struct itself, which are
different sizes.
This doesn't show up under valgrind because the length isn't checked in that
case, everything gets subsumed in valgrind's malloc/free hooks.
Fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9264
svn path=/trunk/; revision=52560
Fix memory leaks and bad memory accesses in c1222 dissector.
From me: use realloc in a handoff function since it may get called multiple
times, and we only need the latest.
svn path=/trunk/; revision=52497
Fix1: The proto_tree_add_item() was changed to proto_tree_add_uint.
Fix2: "If (len==0) PROTO_ITEM_SET_GENERATED(item);" was added to dissect_nt_create_options_bits(), dissect_nt_share_access_bits(), dissect_smb_access_mask_bits(), dissect_nt_create_bits(), and dissect_file_ext_attr_bits().
svn path=/trunk/; revision=52494
Patch was tested with snaplens of:
49 and 52: (TCP fixed header incomplete) TCP analysis NOT performed.
54: (Fixed header complete but entire options wfield was sliced off) TCP analysis ran and was OK.
64: (Fixed header complete but a portion of the options field was missing) Options were dissected to the extent possible. TCP analysis ran and was OK.
66: (Fixed header and options complete) TCP analysis ran and was OK.
70: (Fixed header and options complete plus 4 bytes) TCP analysis ran and was OK.
svn path=/trunk/; revision=52467
Just break out of the loop if offset doesn't go up.
There's almost certainly a better fix - the dissector is weird, and I'm not sure
if all the _length_remaining() checks are important or legacy, and what affect
they have on this issue.
At the very least this will pacify the fuzzbots until somebody has time to
figure it out properly.
svn path=/trunk/; revision=52458
much, but I think this way's a little clearer, and it made it much easier to
figure out where the memory leak was.
Fixes the leaks from https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9243
svn path=/trunk/; revision=52448
tYN flag in named messages
Named messages are both used for connectionless
messaging and connection setup requests. A SYN
flag is now represented by the previously reserved
bit 18 in word 0 to differentiate named messages from
connection requests.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9241
svn path=/trunk/; revision=52440
tipc: update discovery protocol header according to spec
Dissection of word 1 in the TIPC ndisc protocol header
is wrong. The field called "Broadcast ack no" should
be "Node Signature" (16 bits wide).
"Requested Links" is also wrong. This should actually be
5 bits reserved, followed by a 8 bit "Minor protocol version"
field
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9241
svn path=/trunk/; revision=52439
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9232
Use wmem_strbuf instead of manual string management in btsdp. Fixes fuzz
failure.
From me: minor tweak to make the patch apply to current trunk.
svn path=/trunk/; revision=52438