This adds the global and personal plugins directories to the
package.path setting in Lua, so doing 'require' will work
properly.
Change-Id: Iec33bc60cd7d41aa122da456db91d4ccc3085f82
Reviewed-on: https://code.wireshark.org/review/841
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I5a34a59c88a4119be2fac4acdd352d474ffc62cd
Reviewed-on: https://code.wireshark.org/review/840
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I6d294a901af88f993ca6a44ababad194fb44a693
Reviewed-on: https://code.wireshark.org/review/839
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
use value_string instead of our own data type
read the type string in one go
Change-Id: I115c99c4636540702c1fd301f09a92a0dd466fcd
Reviewed-on: https://code.wireshark.org/review/838
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
the parameter for proto_tree_add_text() is the length, not the end offset
Change-Id: Ie24d5982b7ff13363061fb087438dd714cae748a
Reviewed-on: https://code.wireshark.org/review/837
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
This adds new functions to get plugins path info, find out if a directory
exists, make a new one, remove one, etc. It also creates a file environment
for user-supplied Lua scripts, to prevent global variable contamination as
well as supply the script-specific file name. Some other minor cleanup was
done as I found them.
A new testsuite was added to test the existing and new directory functions.
Change-Id: I19bd587b5e8a73d89b8521af73670e023314fb33
Reviewed-on: https://code.wireshark.org/review/832
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This adds the ability for a Lua script to register expert info fields,
similar to C-code dissectors. This change also removes the need for
the expert_add_info_format_internal() function. Existing Lua scripts
do not have to change, because the existing expert info function
uses the internal "_ws.lua" protocol instead of nothing; but using
the new functionality provides more benefits since it correctly
registers the expert info fields to the dissector's protocol.
The test suite was amended to generate both old and new forms.
Change-Id: Ib5ae74e927cfa81312baf7b04ff4104b0b4f936e
Reviewed-on: https://code.wireshark.org/review/830
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: If95ece8e2db1b650de5804465128020caf391956
Reviewed-on: https://code.wireshark.org/review/828
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: Iaa7dfdc979e78f53b53f2b9a0b093873c9004f2d
Reviewed-on: https://code.wireshark.org/review/827
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
data to the png dissector
Change-Id: I112733f97ba35d9ec497b427c64b2f5ea99fd963
Reviewed-on: https://code.wireshark.org/review/818
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
It seems that RFCOMM service can be dynamically changed while
connection is still alive. In other words: host can connect to
remote device and set one RFCOMM service (remote service), but later
remote device can change service to one of host service without
any disconnection. This patch add support for this case.
Also improve searching for useful UUID service through SDP.
Change-Id: I9e03b9b965d6b0d9761b4a451cdeb4a1a33ca017
Reviewed-on: https://code.wireshark.org/review/808
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In real option "SBC" was Default/Off, now user can choose between
Default and Force SBC Codec.
Change-Id: I605320d89fade11dc7172793bc0492bc4b319e9c
Reviewed-on: https://code.wireshark.org/review/822
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This enhances the Lua API doc generator Perl script to handle
meta-information in description comments, such as bold, italics,
raw code, version info, etc.
The supported markup and codes are documented in make-wsluarm.pl.
It's not beautiful Perl code (I don't know Perl), and I'd rather
do it using Lua, but I think keeping it Perl makes more sense in
the long run.
Change-Id: I477b3ebe770075dcea9ec52708e2d6fb5758d2f4
Reviewed-on: https://code.wireshark.org/review/802
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Remove some more 802.11i references, and replace a reference to the
"WEP" bit with a reference to the "Protected" bit.
Change-Id: I77b50af2b34e2bdc4c21af29b54627ed19219090
Reviewed-on: https://code.wireshark.org/review/821
Reviewed-by: Guy Harris <guy@alum.mit.edu>
802.11i was absorbed into a revision of the 802.11 spec, so speak of
"IEEE 802.11 RSNA EAPOL"/"wlan_rsna_eapol" until somebody comes up with
a better name for it.
Also, add in one more key flags bit that's in 802.11-2012 but not
802.11i-2004.
Change-Id: Ia825f7466f3b3d159706eb681546b5bbb4e066bf
Reviewed-on: https://code.wireshark.org/review/820
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I1824407cae4cded0680b01e9dea1de6f0408c607
Reviewed-on: https://code.wireshark.org/review/817
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Look for a dissector for "ppi_fnet" and use it if found, otherwise
just display the fnet tag on the data.
Change-Id: I07009215faa8faad0e6a82468bad33f266778426
Reviewed-on: https://code.wireshark.org/review/778
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ia6db5839a8bbbc79a5196406e3f8d59f7ce7498a
Reviewed-on: https://code.wireshark.org/review/814
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Issue requested by Tomasz Mon, thanks.
Change-Id: I9931f561294ef34573c6426f17a299c8929a2341
Reviewed-on: https://code.wireshark.org/review/810
Reviewed-by: Anders Broman <a.broman58@gmail.com>
CID has two roles: Source CID and Destination CID. This two roles
have another two different meanings: one if frame is received, another if frame
is sent (SCID is "DCID", etc). Then using information that PDU is "request"
or "response" we can correctly recognize CID.
This should fix unrecognized L2CAP payload while there were no valid
Disconnection Request.
Change-Id: Ibcbbb9e6966873b6af12c1e3c65c6a3983aa4163
Reviewed-on: https://code.wireshark.org/review/807
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add some command codes seen in Core 4.1 specification.
Also add some missing fields.
Change-Id: If3761744b1ada185027a560bceb66804d7eea8ec
Reviewed-on: https://code.wireshark.org/review/806
Reviewed-by: Anders Broman <a.broman58@gmail.com>
A few more filtering name separated by "." for convention.
Change-Id: Ie1ceb0ba807e033085c43826c334933c6b178389
Reviewed-on: https://code.wireshark.org/review/804
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Instead of having a switch statement in the EAPOL dissector for Key
Descriptor types, have a dissector table, and:
have the EAPOL dissector register with a dissector for the RC4
type;
have the 802.11 dissector register with dissectors for WPA and
RSN types.
This means that ieee_80211_add_tagged_parameters() no longer needs to be
public; make it static.
Change-Id: I68e0592c3ea055c693d6d5d5a9eb88634ea37a95
Reviewed-on: https://code.wireshark.org/review/800
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This makes the code's if/then/else bracketing clearer.
Make the if/then/else style more consistent in one case, which also helps.
Change-Id: I7c765b761d92c6710461181b3e3ccd77d2a40f83
Reviewed-on: https://code.wireshark.org/review/799
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This adds a Struct.values() function to get the number of values
needed/returned with Struct.pack/unpack. It also changes the existing
Struct functions such that they don't coerce a non-string argument
into a string. (not preventing it confused a user on ask.wireshark.org)
Change-Id: I93d5846105e55b67680e1c276a7286535c77b039
Reviewed-on: https://code.wireshark.org/review/790
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When the capture file in Bug 9915 is opened in wireshark with GTK2,
the console prints out 'Pango-WARNING **: Invalid UTF-8' warnings.
This capture file was a subset of the one in fuzzbot crash bug 9883.
I believe it is what's causing the crash in 9883, because GTK is
finicky about such things. But my system doesn't crash for bug 9883,
so perhaps it's not the same root cause.
Change-Id: Ifaaed9157f9abd34014001c954647f7db51d650b
Reviewed-on: https://code.wireshark.org/review/786
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Lua can create a file reader/writer, to open new capture file
formats or write to new ones. To save local state, it can save
things in Lua itself; but since there can be multiple open files
at the same time (for example during a reload), the Lua script
won't know for which file and state its read/write functions are
being invoked for. To remedy this, and also provide a convenient
way to store such state, this commit adds the ability for a Lua
script to store a Lua table in the wtap/wtap_dumper's priv
data member, just like C-code-based reader/writers do.
Change-Id: Ifc9e0d5f0379accee56f2a04b6080238670fec52
Reviewed-on: https://code.wireshark.org/review/766
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fixed a null de-reference in packet-ieee80211.c caused by change-id
I742726027bcab7d25ca4a9ce3a406518db6d272f, commit g4b8b83407ac744d114462235a8bcca0d480954c7.
See Bug 9909 for details.
Change-Id: I7189476faee3ae6ab34fb52c1564ac668496679a
Reviewed-on: https://code.wireshark.org/review/780
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I7114028ce296ffa875ddfbb24b935dc2573f964c
Reviewed-on: https://code.wireshark.org/review/770
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: Id82763dd17e8c4e0902ae8e31ec6554e8f174b59
Reviewed-on: https://code.wireshark.org/review/769
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
There's a relatively new feature in 1.11.3 to select a specific file format
reader, instead of relying on magics or heuristics. If you select a file
reader and open a file, open it, and then click the reload-file button or go
to View->Reload or press the ctrl-R keymap, the file is reloaded but using the
magic/heuristics again instead of the file format reader you previously chose.
Likewise, the Lua relaod() function has the same issue (which is how I found
this problem).
I have tested this change by hand, using a Lua script, but I didn't add it
to the testsuite because I need another change for my test script to work
correctly. (an enhancement rather than a bug fix, which I'll submit separately)
Change-Id: I48c2d9ea443e37fd9d41be43d6b6cd5a866d5b01
Reviewed-on: https://code.wireshark.org/review/764
Reviewed-by: Anders Broman <a.broman58@gmail.com>
packet-epl.c:2248: warning: declaration of 'index' shadows a global declaration
packet-epl.c: In function 'dissect_epl_sdo_command_write_multiple_by_index':
packet-epl.c:2380: warning: declaration of 'index' shadows a global declaration
packet-epl.c: In function 'dissect_epl_sdo_command_read_by_index':
packet-epl.c:2489: warning: declaration of 'index' shadows a global declaration
Change-Id: Ib1a1d1d2aa596df558162839e7594b7fd12559a3
Reviewed-on: https://code.wireshark.org/review/765
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Each package is dissected using a reference to object indeces, so
that in the view of the dissector output, a clear indication
to what the index means and what the subindices mean is given.
Additional special entries (mappings, timestamps) have their own hf
fields, and can be searched for via display filter.
Signed-off-by: Lukas Emersberger <lukas.emersberger@gmail.com>
Change-Id: I928c11a9f4a5b762c8947713a0f70e03bd711158
Reviewed-on: https://code.wireshark.org/review/730
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Lukas Emersberger <lukas.emersberger@br-automation.co.at>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
- Adding a typedefinition which can be deactivated, so
that certain types of frames are only detected in their
respective transport protocols
- Rename bytes array as it is a key-word for some IDEs and
hinders syntax checking
- Add node info to the time request from/by fields
- EPL: add message type to heuristic dissection call
Change-Id: Ia572bb68fc1d24d70e72b77867f0dad323b055b9
Reviewed-on: https://code.wireshark.org/review/750
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
There have been enough gnarly bus in sip/sdp/rtp that it needs
to have good debug printing. Using a debugger isn't good enough
because there's interaction across multiple frames and it's too
hard to follow what's going on without real printed data history.
Change-Id: Ifb5bb1fb580be81f988569ece79d238a9c030c34
Reviewed-on: https://code.wireshark.org/review/688
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This fixes the crashing on buildbot, but only in the sense that
it now calls DESSECTOR_ASSERT_NOT_REACHED() for the case that's
causing the crash - which is a null dereference, due to something
going wrong in add_tagged_field() of packet-ieee80211.c.
I don't know what the right thing to do is, but at least this
gets buildbot going again. (that file is over 25k lines!)
Change-Id: I1658944f9704a071dffc7f4834b9294fffc0e7ba
Reviewed-on: https://code.wireshark.org/review/757
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Apparently, some systems write out big-endian Prism headers (probably
big-endian-MIPS-based Wi-Fi APs running $LINUX_DISTRIBUTION and the
like), so check for both big-endian and little-endian message codes,
and, for the fields in the header, use the byte order that matched.
Change-Id: Ia13df606676bb7dbc5d12fe4e297681bebb6f478
Reviewed-on: https://code.wireshark.org/review/759
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I8e080b250b81976898d2950da9e91fb32b719590
Reviewed-on: https://code.wireshark.org/review/756
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I17e4bb3968e503b250b9c8d6a7a9bb2abf0f6868
Reviewed-on: https://code.wireshark.org/review/755
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
This patch causes Wireshark/tshark to segfault if the file is reread(open a file and press reload).
The test suite also fails on
2.1.1 Step: Exit status for existing file: "/home/wireshark/builders/trunk/sol10sparc/build/test/captures/dhcp.pcap" must be 0/home/wireshark/builders/trunk/sol10sparc/build/test/suite-clopts.sh: line 149: 6646 Segmentation Fault (core dumped) $TSHARK -r "${CAPTURE_DIR}dhcp.pcap" > ./testout.txt 2>&1
OSX build bot chokes on
pcapng.c: In function 'pcapng_destroy_option_value':
pcapng.c:377: warning: implicit declaration of function 'g_byte_array_unref'
pcapng.c:379: warning: implicit declaration of function 'g_array_unref'
pcapng.c: In function 'pcapng_collect_block_option':
pcapng.c:419: warning: implicit declaration of function 'g_byte_array_new_take'
pcapng.c:419: warning: initialization makes pointer from integer without a cast
these functions are glib 2.22
This reverts commit 7b13a3b0f6.
Change-Id: Ia82fdb2d08287bc2cd2841e1e941ae68cbc2e009
Reviewed-on: https://code.wireshark.org/review/749
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Interface options[1], and more generally pcapng options[2], are useful
information that can provide improved dissector output.
Prior to this change, only certain pcapng interface options were interpreted
and made available to dissectors, e.g. the interface name or description.
This change augments the situation by providing epan_get_interface_option( ),
which returns an array of byte arrays if the option code exists
(otherwise NULL). Each element of the array is a byte buffer containing
the raw data of the option. An array-of-buffers is used because pcapng
allows for multiple instances of the same option to be present in the file.
All interface options found in a pcapng file are thus made available to the
dissector.
The implementation also provides infrastructure to collect options from
other pcapng blocks such as the section header. Currently these options
are discarded, but could be retained in the future to support more features.
[1] http://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html#sectionidb
[2] http://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html#sectionopt
Change-Id: I944b6f0f03dde9b8e7d1348b76acde6f9d312f37
Reviewed-on: https://code.wireshark.org/review/331
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Now Androit Logcat (Logger) binary logs are supported.
Try "adb logcat -Bf /sdcard/log.logcat; adb pull /sdcard/log.logcat".
Also there is possibility to save logs to text format like by "adb".
Change-Id: If7bfc53d3fbd549a0978d1dbf96f3fff671fd601
Reviewed-on: https://code.wireshark.org/review/235
Reviewed-by: Anders Broman <a.broman58@gmail.com>
packet-ieee80211.c:8583: warning: integer constant is too large for 'long' type
packet-ieee80211.c:8584: warning: integer constant is too large for 'long' type
packet-ieee80211.c:8585: warning: integer constant is too large for 'long' type
Change-Id: I5badc6e0d2595d4353e33cd273d55f28737b34a8
Reviewed-on: https://code.wireshark.org/review/737
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
If the interface class is not yet known (for example, in the enumeration
phase; or if the interface descriptor was missed), then a HID descriptor
would not get dissected. Instead of printing an unhelpful "unknown
descriptor" message, always try to find a HID descriptor.
Change-Id: Ic162d6b93b0428a1edd3a925229093dfcc52c42d
Reviewed-on: https://code.wireshark.org/review/735
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This makes the usb.data_fragment field more useful in tshark, i.e.,
showing the bytes for the data stage. Previously, the GUI would just
show the "Data Fragment" text label which is not really useful on its
own.
Change-Id: Id0ca39a9a144a37aa6d0b4ae65c1d655deb76748
Reviewed-on: https://code.wireshark.org/review/734
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
packet-ieee80211.c:8581: warning: implicit conversion shortens 64-bit value into a 32-bit value
packet-ieee80211.c:8582: warning: integer constant is too large for 'long' type
packet-ieee80211.c:8583: warning: integer constant is too large for 'long' type
packet-ieee80211.c:8583: warning: implicit conversion shortens 64-bit value into a 32-bit value
packet-ieee80211.c:8584: warning: integer constant is too large for 'long' type
packet-ieee80211.c:8584: warning: implicit conversion shortens 64-bit value into a 32-bit value
Change-Id: I8f8c5518239c7d6e55006abfca8d9452f9a09c6a
Reviewed-on: https://code.wireshark.org/review/733
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
wslua_file.c:92:13: error: request for implicit conversion from 'WFILE_T' to 'FILE_T' not permitted in C++ [-Werror=c++-compat]
Change-Id: Iff9cc716333802a3902429a8c68e5f4cdac2ee9e
Reviewed-on: https://code.wireshark.org/review/732
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
(according to the 9th draft of the standard)
Closed-bug: 8594
Change-Id: I742726027bcab7d25ca4a9ce3a406518db6d272f
Reviewed-on: https://code.wireshark.org/review/632
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
trailing space in packet-lg8979.c
Change-Id: I80e5c93846c66aad1d1bc6f91b20501e0f384a6c
Reviewed-on: https://code.wireshark.org/review/729
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The Buildbot found a crash which is cause by a bug that has
been there all along, but a recent change exposed. This bug is
likely in 1.10.6 as well, so I'll backport this if I can
reproduce it in 1.10.6.
Change-Id: I505bc73cbe6281e6d64f00de441c8e6231b55000
Reviewed-on: https://code.wireshark.org/review/702
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Commit includes dissector code for lg8979 as well as additions to RTAC Serial code to call dissector when required.
See bug report 9874 for further details and sample pcap files
UPDATE1: L&G 8979 commit for addressing comments from Anders and Alexis and added Cmakelists.txt
UPDATE2: address further comments from Alexis re. proto_item_set_text / proto_item_add_text entries. Also add modelines
UPDATE3: fix compilation error noted by Alexis
UPDATE4: address proto_tree_add_* comments from Michael
Change-Id: I6e69d2b7b7e91e6efa12e4a5fb7dbd140c0540ed
Reviewed-on: https://code.wireshark.org/review/610
Reviewed-by: Michael Mann <mmann78@netscape.net>
This enables a Lua script to implement a brand new capture file format reader/writer, so that for example one could write a script to read from vendor-specific "logs" of packets, and show them as normal packets in wireshark.
Change-Id: Id394edfffa94529f39789844c382b7ab6cc2d814
Reviewed-on: https://code.wireshark.org/review/431
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(based upon an OK from Anders).
(The commit caused 'reload_framing_info' to be referenced before being set).
This reverts commit b3ce4ecc14.
svn path=/trunk/; revision=52004
Change-Id: If715e1cad041fd832f460411cc652d9b5764d069
Reviewed-on: https://code.wireshark.org/review/718
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Tested-by: Bill Meier <wmeier@newsguy.com>
- Use tvb_reported_length() iso tvb_length() in various places;
- Add some 'if(tree) {...}';
- Remove an unneeded length-check;
- Use a consistent formatting style for hf[]array entries;
- Do some minor whitespace changes;
- Add editor modelines.
Change-Id: Iac0a74142c5a5944e69fc911e54b0fbdfd1f5bab
Reviewed-on: https://code.wireshark.org/review/717
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Tested-by: Bill Meier <wmeier@newsguy.com>
(Found by Jalil Moraney in change to add 802.11ad support review 632)
Change-Id: I547bf647ae7400633ad27c7849088fd088928075
Reviewed-on: https://code.wireshark.org/review/708
Reviewed-by: Anders Broman <a.broman58@gmail.com>
../../asn1/atn-ulcs/packet-atn-ulcs-template.c(126) : fatal error C1083: Cannot
open include file: 'stdint.h': No such file or directory
Change-Id: I8825a2f0b6440ec5a4bbfb49ea5c183dd8cbf03f
Reviewed-on: https://code.wireshark.org/review/705
Reviewed-by: Anders Broman <a.broman58@gmail.com>
precedence filling in the avp_item string. Use that in a couple of places.
Change-Id: I1af7a1ca4c14fb56ddeaab336202e6c2a18e556b
Reviewed-on: https://code.wireshark.org/review/699
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
There have been discussions on -dev about removing this and I believe I was the last holdout. Finally convinced that I should just have a local copy (ignored by git)
Change-Id: Ic72a22baf58e3412023cf851f0fce16eb07113b0
Reviewed-on: https://code.wireshark.org/review/681
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
[ 5%] Building C object epan/CMakeFiles/epan.dir/dissectors/packet-umts_fp.c.o
/home/jmayer/work/wireshark/git/epan/dissectors/packet-umts_fp.c: In function ‘umts_fp_init_protocol’:
/home/jmayer/work/wireshark/git/epan/dissectors/packet-umts_fp.c:4526:17: error: enum conversion in assignment is invalid in C++ [-Werror=c++-compat]
umts_fp_conversation_info->iface_type = uat_umts_fp_ep_and_ch_records[i].interface_type;
^
/home/jmayer/work/wireshark/git/epan/dissectors/packet-umts_fp.c:4527:17: error: enum conversion in assignment is invalid in C++ [-Werror=c++-compat]
umts_fp_conversation_info->division = uat_umts_fp_ep_and_ch_records[i].division;
^
/home/jmayer/work/wireshark/git/epan/dissectors/packet-umts_fp.c:4533:17: error: enum conversion in assignment is invalid in C++ [-Werror=c++-compat]
umts_fp_conversation_info->rlc_mode = uat_umts_fp_ep_and_ch_records[i].rlc_mode;
^
cc1: all warnings being treated as errors
Change-Id: Ie783a261c40d26ffd105822d5f45bd0513aa1914
Reviewed-on: https://code.wireshark.org/review/693
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
presetup conversations with FP dissection data.
Change-Id: Ibced63bf944d7268751f8055095eb26477664be1
Reviewed-on: https://code.wireshark.org/review/643
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: ronnie sahlberg <ronniesahlberg@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
packet-icmp.c:1245:7: error: taking the absolute value of unsigned type 'unsigned int' has no effect [-Werror,-Wabsolute-value]
packet-icmp.c:1245:7: note: remove the call to 'abs' since unsigned values cannot be negative
packet-icmp.c:1245:30: error: taking the absolute value of unsigned type 'unsigned int' has no effect [-Werror,-Wabsolute-value]
packet-icmp.c:1245:30: note: remove the call to 'abs' since unsigned values cannot be negative
packet-icmp.c:1254:6: error: taking the absolute value of unsigned type 'unsigned int' has no effect [-Werror,-Wabsolute-value]
packet-icmp.c:1254:6: note: remove the call to 'abs' since unsigned values cannot be negative
packet-icmp.c:1254:29: error: taking the absolute value of unsigned type 'unsigned int' has no effect [-Werror,-Wabsolute-value]
packet-icmp.c:1254:29: note: remove the call to 'abs' since unsigned values cannot be negative
packet-icmp.c:1623:7: error: taking the absolute value of unsigned type 'guint32' (aka 'unsigned int') has no effect [-Werror,-Wabsolute-value]
packet-icmp.c:1623:7: note: remove the call to 'abs' since unsigned values cannot be negative
packet-icmp.c:1629:7: error: taking the absolute value of unsigned type 'guint32' (aka 'unsigned int') has no effect [-Werror,-Wabsolute-value]
packet-icmp.c:1629:7: note: remove the call to 'abs' since unsigned values cannot be negative
Change-Id: I6b344d01b8239fb93aedf95d954ef1243ba45a6b
Reviewed-on: https://code.wireshark.org/review/673
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Support type 0 (legacy), type 1 (peek), type 3 (pcap+radio) mode
via preference
type 2 (airmagnet) is no yet supported
Change-Id: I4f0d10e5d9b87bdcf5863d84e565201acaeee45b
Reviewed-on: https://code.wireshark.org/review/647
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This fixes a "Argument with 'nonnull' attribute passed null" warning
generated by the clang static analyzer. It's a false positive, but
easy to remedy.
Change-Id: Id737d1ac29765ed26a416c5cd13bedafee478fb6
Reviewed-on: https://code.wireshark.org/review/661
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We no longer need a preference to determine the byte order of the T and
L in the TLVs, as libpcap and libwiretap both, when reading a file,
translate from the file's byte order to the reading host's byte order
and, in fact, currently don't use the variable in which the preference
is stored; eliminate the preference.
Change-Id: Id06a6284960c1ac77028af07f3937eb4a7b0acaa
Reviewed-on: https://code.wireshark.org/review/656
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Bugs fixed:
- Catch exceptions during heuristics test so that the sequence of
dissector heuristics tests is not terminated abnormally;
(Prevents incorrect tshark "one-pass" dissection);
- Comment out registration of heuristic for TCP; TCP dissection
requires different code than for UDP. ("XXX: ToDo" added)
Misc:
- Create/use two extended value_strings;
- "UL" is not needed as a modifier for several constants;
- Remove some unneeded initializers;
- Localize some variables;
- Remove unneeded '#include <stdlib.h>
- Do some whitespace changes.
Change-Id: Ida11cb6b26911c0032155fde7491dd2a6f136c34
Reviewed-on: https://code.wireshark.org/review/650
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Tested-by: Bill Meier <wmeier@newsguy.com>
This adds the ability for Lua scripts to register heuristic dissectors
for any protocol that has registered a heuristic dissector list, such
as UDP, TCP, and ~50 others. The Lua function can also establish a
conversation tied to its Proto dissector, to avoid having to check the
heuristics for the same flow. The example dissector in the testsuite
has also been enhanced to include a heuristic dissector, to verify
the functionality and provide an example implementation.
Change-Id: Ie232602779f43d3418fe8db09c61d5fc0b59597a
Reviewed-on: https://code.wireshark.org/review/576
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Added the field information for Phase 1 for the Send Routing Info
For Sm message per request of ticket 9704. Code per the suggestion of
Anders Broman. Adding Phase 1 code to GSMMAP.asn.
Did not have any data to verify that the change worked.
Change-Id: Ic387e2e12e8893abb0f453f5010909ffbfd1808c
Reviewed-on: https://code.wireshark.org/review/147
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Make field filterable and use value_string for status
Based from capture available in bug 9855
Need to continue... lot of enhance is possible in ZigBee dissector...
Change-Id: I0ac84e05a7b8b54e9879abbb7495034318188394
Reviewed-on: https://code.wireshark.org/review/631
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The PeekRemote headers are 802.11, so "Dot80211" is redundant.
"Wep" really means "Protected" as there's also WPA/WPA2.
"FlagsN" means "802.11n", not "802.11ac", and the "n" in "flagsn"
indicates that. Also, "Hz" stands for "Hertz", as in "Heinrich Hertz",
so the "H" is capitalized.
Change-Id: If46cc4859ae8d65a199c9ad1fd48d2f2128ccd3d
Reviewed-on: https://code.wireshark.org/review/630
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This adds support for a variant of the current Aruba ERM format,
a new format that provides rdio information. This addresses
enhancment bug 9880.
Change-Id: Ia38ff09d9f814193bdc544466dbd005123771262
Reviewed-on: https://code.wireshark.org/review/629
Reviewed-by: Anders Broman <a.broman58@gmail.com>
That just breaks too many things.
This catches the examples of that found in bug 9878. There might be
others that my grepping didn't find.
We should also have the checkAPIs.pl script check for this, so this
isn't a full fix for bug 9878.
Change-Id: I3bf6f1fc0fe8654d0f54a995e72f1966ae012f5e
Reviewed-on: https://code.wireshark.org/review/623
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Information about value of flags from Emburey
Change-Id: Iba79fba8e95cd2fc80f6fba5fa937d5485fbb381
Closed-bugs: 9586
Reviewed-on: https://code.wireshark.org/review/595
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
The behavior for SIP/SDP handling of RTP conversation tracking
changed in v1.10, with some unintended consequences. The bugs did not
show up at the time because wireshark makes 2 passes of the packet list,
and so the problems auto-corrected themselves in most cases. Unfortunately,
a change in r53641 modified how UDP behaves, making it always create
conversations for UDP packets, and that exposed the bugs inherent in the
SIP/SDP code changes.
This commit reverts the behavior of SIP/SDP to its pre-1.10 model, but
creates a new preference setting for "Delay SDP changes for tracking media",
which if enabled, will turn on the new (but buggy) model introduced in 1.10.
This preference is *disabled* by default, since for a majority of cases the
new behavior is worse than the previous behavior.
The preference, and this commit's fix, is not intended to last long. I intend
to re-write the SIP/SDP/RTP interaction model for release 1.11 - I think it's
too big a change for 1.10, however, which is why I submitted this commit.
Change-Id: Ic5601749d6c2344e952ced8206dd9296bfdc4b90
Reviewed-on: https://code.wireshark.org/review/543
Reviewed-by: Evan Huus <eapache@gmail.com>
The status line of the 200 OK during a deregistration is (1 bindings), but it
should be (0 bindings). Wireshark should check the "expires=0" in the contact
header not just count the number of the contact lines. But since it's not
truly valid to have expires=o contacts in responses, this commit adds expert
info warning of such.
Also, the REGISTER request itself already says "(remove all bindings)"
in the Info column currently if the Contact was a '*', but it didn't
say something similar if only de-registering one or more explicit
contacts. This has been fixed as well.
Lastly, this fixes three other bugs I found while reading the code and testing:
(1) comma-separated Contact headers will be displayed as a single one if
the first one(s) don't have header params but a subsequent one does; and
(2) the last Contact header param is displayed with the trailing '\r\n'
header separator; and (3) the SIP REGISTER response code displayed contact
binding info for responses other than 2xx, which isn't logical.
Since all of these are in the same area and not critical, I'm lumping these
all together.
A test capture file used for testing is attached to the bug.
As an aside, the SIP header parsing code needs to be refactored. Most SIP
headers follow a common ABNF pattern, and should be parsed using a common
function(s) so these issues don't crop up for specific headers.
Change-Id: I16c531fcb244dc121fc0e8046908e475b41489f9
Reviewed-on: https://code.wireshark.org/review/612
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
* Fix modelines (no CR after modelines)
* Add UDP Port (Attributed in draft 04 Port 4789)
* Update link to last draft (no specify change)
Change-Id: I4cd89719ae00eb64ce4c234c39b9e18cdc1b8b93
Reviewed-on: https://code.wireshark.org/review/613
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
this was broken in 21aa7168c7
to be on the safe side, we assue that return value >= 0 means success,
< 0 means failure
Change-Id: I1d03000e6b6d70fac6bef8766d28990d953c8e27
Reviewed-on: https://code.wireshark.org/review/609
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
- For PollResponse-Chaining SyncReq and SyncResp frames were introduced.
Those frame-types are not recognized by Wireshark yet.
- Currently only the FeatureFlags 0-13 where interpreted by Wireshark.
Flags 14-15 and all extended flags where missing.
14 = SDO Read/Write All by Index
15 = SDO Read/Write Multiple Parameter by Index
16 = Multiple-ASend Support (TRUE = Device supports Multiple-ASend; FALSE = Device doesn’t support Multiple-ASend)
17 = Ring Redundancy (TRUE = MN supports ring redundancy; FALSE = MN does not support ring redundancy)
18 = PResChaining (TRUE = Device supports PResChaining; FALSE = Device does not support PResChaining)
19 = Multiple PReq/PRes (TRUE = Device supports Multiple PReq/PRes; FALSE = Device does not support Multiple PReq/PRes)
20 = Dynamic Node Allocation (TRUE = Device supports DNA; FALSE = Device does not support DNA)
Signed-off-by: Lukas Emersberger <lukas.emersberger@gmail.com>
Change-Id: I9ac19f8b71b1be1094f410141c0f806996b1cb25
Reviewed-on: https://code.wireshark.org/review/589
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Due to the change I made previously for how methods are accessed, if you try
to access one that doesn't exist (for example mistype it or whatever), you get
an internal Lua error about a loop in table get, as opposed to the right error
message about the field not existing.
That's because I had set the class' metatable __index metamethod to point to
the class table, which of course has the metatable with the __index
metamethod, causing a lookup loop. Blech.
Change-Id: I20d3717feadd45f652c2640e1671846184e7082d
Reviewed-on: https://code.wireshark.org/review/593
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I0f6887c86afeb5b4ae8b9910688863c7dc866a99
Reviewed-on: https://code.wireshark.org/review/599
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
don't make private key and keylog file mutually exclusive
if we find a private key that does not match or is not usable for
getting the pre-master secret (e.g. because we're using an ephemeral
cipher suite), don't give up and exit with an error
continue reading the keylog file and search for our master secret there
Change-Id: I59fb460339e3e606a077b3a902fa1f9777b5e118
Reviewed-on: https://code.wireshark.org/review/590
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Should make the licensecheck buildbot happy.
Also add "Public domain MIT/X11 (BSD like)" to the list of permitted licenses,
since it is a combination of two permitted licenses.
Change-Id: Ibc4ead09af89e9225c4e0589a2b7d06dcee6a44e
Reviewed-on: https://code.wireshark.org/review/581
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
- Remove _U_from a function param;
document usage of the param;
add a DISSECTOR_ASSERT for the param;
- Remove a few unneeded variable initalizers;
- Use -1 iso tvb_length() in proto_tree_add_protocol_format(..);
- Add editor modelines.
Change-Id: I7d7a8ea1176a26ea319d9fc0dab5d3a51050edd5
Reviewed-on: https://code.wireshark.org/review/584
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Tested-by: Bill Meier <wmeier@newsguy.com>
- fixes the wrap multiplier (for COUNT) for 12-bit sequence numbers
- fixes dissection of non-ciphered IP payloads
- adds a way for private protocols to set keys. The ueid->key lookup is now broken out into a separate function, and these settings are used in preference to the UAT ones
Change-Id: I723307df3ee20425897b82beb9b431a0860075cf
Reviewed-on: https://code.wireshark.org/review/583
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
add newline at the end of the file
Change-Id: I9a10751977260bd24497734f3788b5e794a3dd8d
Reviewed-on: https://code.wireshark.org/review/578
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I3b87e156ab35e14e3c6e3800ee2058b1a6be57d6
Reviewed-on: https://code.wireshark.org/review/577
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I6eee13cda755b1f1d1a61288a6314fcebb681efb
Reviewed-on: https://code.wireshark.org/review/180
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
While Lua's built-in pattern support is ok for simple things, many people end
up wanting a real regex engine. Since Wireshark already includes the GLib
Regex library (a wrapper for PCRE), it makes sense to expose that library to
Lua scripts. This has been done using Lrexlib, one of the most popular regex
bindings for Lua. Lrexlib didn't support binding GLib's Regex in particular -
it does for PCRE but GLib is a different API - so I've done that. A fairly
thorough testsuite came along with that, which has been incorporated into the
wireshark wslua testuites as well in this commit.
Change-Id: I05811d1edf7af8d7c9f4f081de6850f31c0717c7
Reviewed-on: https://code.wireshark.org/review/332
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I8fe6ceb148ec8145a1e71002d42bbdace58edbb6
Reviewed-on: https://code.wireshark.org/review/574
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Discovered investigating bug #9833, not the cause of that bug.
Change-Id: I53ee5c792eba8429d2c203c03e2f359a433ca262
Reviewed-on: https://code.wireshark.org/review/562
Reviewed-by: Evan Huus <eapache@gmail.com>
Change-Id: Ic57c2a36c88a7528c4e37681bc5db4309174019d
Reviewed-on: https://code.wireshark.org/review/463
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
IE "chosen channel" in message "perform location request" on Lb interface (BSC <-> SMLC) is decoded incorrectly. IE "chosen channel" on Lb interface is decoded as 2 octets data.
It should be 3 octet IE on Lb interface (IEI, length and data).
Change-Id: Ic815a7b4ac08a035c5b292985c64d14e986fe8d7
Closed-bug: 9531
Reviewed-on: https://code.wireshark.org/review/565
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Accessing a pref before it's registered causes a segfault, because prefs_p->next
is not being checked for NULL in wslua_proto.c:Prefs__index().
Change-Id: I270978ddb9238a9e8d2c533a96fc01ee0df385c7
Reviewed-on: https://code.wireshark.org/review/563
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Otherwise it runs past the end of the array into stack memory. Should fix the
intermittent DVB-CI decryption test suite failures.
Change-Id: Ice17497e661c8579baf3a546efcb5529beda6b49
Reviewed-on: https://code.wireshark.org/review/559
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
This patch adds some more ciphers to the list of ciphers that can be
decrypted by wireshark. Most of them are PSK based ciphers. To do the a
actually decryption in most cases the TLS pre master secret or the
master secret is needed.
In the changed lines just a comment with the name of the cipher was
added.
This was generated with the help of Peter Wu's generate-wireshark-cs
script from https://git.lekensteyn.nl/peter/wireshark-notes.git .
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Change-Id: I347dc5a530380a04cc00418640f00bbda0db8de8
Reviewed-on: https://code.wireshark.org/review/558
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Some systems do not have webbrowser or have strange browser.
Do not try to use it and dislayed URL for user information.
Change-Id: I3f5bcca6701b20cafa942629cbee78aa1fc689b1
Reviewed-on: https://code.wireshark.org/review/516
Reviewed-by: Evan Huus <eapache@gmail.com>
(Need to continue on other packet-dcerpc-* file...)
Change-Id: I536d52017940cac9c810693045649a67e77a336a
Reviewed-on: https://code.wireshark.org/review/549
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This corrects a couple issues with the DNP3 Dissector:
- Refactored Read Object String lookups to use value_string
- Corrected issue with multiple object types in a single read not being processed
- Added processing for Direct Operate No ACK Messages
Fixes issues noted in Bug 9839
Change-Id: I9895e509a8d3931c805ce53b718a4951f8f8039e
Reviewed-on: https://code.wireshark.org/review/538
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Adds support for BLUETOOTH_LE_LL_WITH_PHDR, dissector integrates with existing
BTLE dissector.
Fixes BTLE dissector to correctly extract packet CRC.
Adds CRC checking to BTLE dissector.
Provides optional context to BTLE dissector that allows RF captures to provide
link-layer hints for dissection details. Significantly, parameters for
determining CRC correctness are provided, as well as Access Address validity
information.
Change-Id: I7d4936b053353a7f9c524021c01f67f5828253fb
Reviewed-on: https://code.wireshark.org/review/310
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When there is more then one interface or adapter then AVDTP dissector
incorrectly mixing it data together. Patch extends keys to support
multiple interfaces/adapters. Also do little simplification on trees.
There are two device, both use SEPs to configuration and
it is possible to use the same SEID. SetConfiguration use
remote "ACP" SEID and local "INT" SEID, so there is need to
distinguish them and please remember then INT SEID types can be
unknown in most case.
Change-Id: I150f3625f532386a1078deb8d0ac70a1c05c3f04
Reviewed-on: https://code.wireshark.org/review/473
Reviewed-by: Evan Huus <eapache@gmail.com>
When a single media line is rejected in an SDP answer, for example a second
'm=video' line, wireshark disables ALL media sessions, instead of just that
one. But per the RFCs, all it should do is disable just the one RTP media
session the m= line represents. This commit fixes that, so that a disabled
media session (one with a m= port of 0) in the SDP answer only disables its
associated/paired media stream in the offer.
Change-Id: I9bd0d3fc88b8eaa55207c9bf3f3e37da7746fd14
Reviewed-on: https://code.wireshark.org/review/526
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
LE Advertising Report with length 0 is valid, so check
it before dissecting adverising data.
Change-Id: I4937ec2de5d703b05c6e5f5bac7f81d153e49b40
Reviewed-on: https://code.wireshark.org/review/475
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ib8779b0db790a78fff8bd1970a7240bbd8f49f75
Reviewed-on: https://code.wireshark.org/review/537
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I397eeed3008d91aeb6c025c9146b9ed6d98881a6
Reviewed-on: https://code.wireshark.org/review/535
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Source/Destination BD_ADDRs and name are filterable.
Also simplify code around wmem trees, and enable commented "data"
field in unreassembled case and fix btl2cap offsets
(discovered by enabling "data" field).
Change-Id: Ic28c9bf19bcd6281b652be538b221da74df4bb76
Reviewed-on: https://code.wireshark.org/review/471
Reviewed-by: Evan Huus <eapache@gmail.com>
Interface ID should correspond to the Wireshark Interface Id
to avoid mixing data from various interfaces in dissectors.
Change-Id: Ibaa3ddab7f0ebd0985efea74439b94a5881145a7
Reviewed-on: https://code.wireshark.org/review/472
Reviewed-by: Evan Huus <eapache@gmail.com>
When capturing, they'll be in host byte order. The top of the libpcap
trunk and 1.5 branch, when reading a file, will, if necessary, byte-swap
the type and length values so that they're in the byte order of the host
reading the file (rather than the host that wrote the file).
Do the same when we read a file, and have the NFLOG dissector assume
host byte order for those fields.
Change-Id: I493aed1e07b626af1157d75f3bc293b0a694ad07
Reviewed-on: https://code.wireshark.org/review/148
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(Copyright or info about file...)
Change-Id: I90ba8b1c3ec8406b0c3365a69a8555837fc4bbb1
Reviewed-on: https://code.wireshark.org/review/515
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Create a placeholder protocol tree item under which to put the options,
do the analysis of fields from the fixed-length portion of the TCP
header (such as sequence numbers), and then do a straightforward
dissection of the options, throwing an exception if we run past the end
of the options field.
This is a bit simpler, and doesn't add confusing notes about
truncation of the options.
XXX - we're currently not including selective acknowledgments in any of
the SEQ/ACK analysis; should we? That means, of course, that we have to
dissect the options before doing that analysis, and if the options were
cut short by slicing, you lose....
Change-Id: I425a6c83f26512b802267f76739cbf40121b3040
Reviewed-on: https://code.wireshark.org/review/511
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The previous macro gave the correct alignment, but there was one case where it
would add a whole block of unnecessary ALIGN_SIZE bytes. The new one is also
slightly faster to compute.
Benchmark win of about 3%.
Change-Id: I5d8bad0f78dc0e383e14c2c7a951328a06400020
Reviewed-on: https://code.wireshark.org/review/492
Reviewed-by: Evan Huus <eapache@gmail.com>
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>