be done on flows from one address to another; reassembly for protocols
running atop TCP should be done on flows from one TCP endpoint to
another.
We do this by:
adding "reassembly table" as a data structure;
associating hash tables for both in-progress reassemblies and
completed reassemblies with that data structure (currently, not
all reassemblies use the latter; they might keep completed
reassemblies in the first table);
having functions to create and destroy keys in that table;
offering standard routines for doing address-based and
address-and-port-based flow processing, so that dissectors not
needing their own specialized flow processing can just use them.
This fixes some mis-reassemblies of NIS YPSERV YPALL responses (where
the second YPALL response is processed as if it were a continuation of
a previous response between different endpoints, even though said
response is already reassembled), and also allows the DCE RPC-specific
stuff to be moved out of epan/reassembly.c into the DCE RPC dissector.
svn path=/trunk/; revision=48491
tvbuff and runs to the end of the tvbuff? Let me count the ways....
Replace a bunch of different ways of doing that (some incorrect, in that
they're not properly handling tvbuffs where the captured and reported
lengths are different) with tvb_new_subset_remaining().
svn path=/trunk/; revision=47751
Updates to the OPCUA plugin so that subtrees of the dissector select the
appropriate number of bytes. Also fix dissection of the array dimensions
field for matrix values and the highlighting for empty string fields.
svn path=/trunk/; revision=47673
Cast away some implicit 64-bit-to-32-bit conversion errors due to use of
sizeof.
Cast away some implicit 64-bit-to-32-bit conversion errors due to use of
strtol() and strtoul().
Change some data types to avoid those implicit conversion warnings.
When assigning a constant to a float, make sure the constant isn't a
double, by appending "f" to the constant.
Constify a bunch of variables, parameters, and return values to
eliminate warnings due to strings being given const qualifiers. Cast
away those warnings in some cases where an API we don't control forces
us to do so.
Enable a bunch of additional warnings by default. Note why at least
some of the other warnings aren't enabled.
randpkt.c and text2pcap.c are used to build programs, so they don't need
to be in EXTRA_DIST.
If the user specifies --enable-warnings-as-errors, add -Werror *even if
the user specified --enable-extra-gcc-flags; assume they know what
they're doing and are willing to have the compile fail due to the extra
GCC warnings being treated as errors.
svn path=/trunk/; revision=46748
Enable the plugin to detect and reassemble chunked UA messages for displaying them correctly.
From me:
- Partly applied by hand.
- move hf and ett asignments inseide the register routine as per convention.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8068
svn path=/trunk/; revision=46436
from makefiles (and thus from the buildbot).
The intention is to be able to tell when a human is running the tool so we
can provide more code-review guidance.
As a starter, enable the "too many proto_tree_add_text() calls" check when
a human is running the tool.
svn path=/trunk/; revision=41943
1. If there's no character encoding (ENC_ASCII, ...) specified
then use ENC_ASCII.
2. For all but FT_UINT_STRING, always use ENC_NA
(replacing any existing True/1/FALSE/0
/ENC_BIG_ENDIAN/ENC_LITTLE_ENDIAN).
svn path=/trunk/; revision=39429
Specifically: Replace FALSE|0 and TRUE|1 by ENC_BIG_ENDIAN|ENC_LITTLE_ENDIAN as
the encoding parameter for proto_tree_add_item() calls which directly reference
an item in hf[] which has a type of:
FT_BOOLEAN
FT_IPv4
FT_EUI64
FT_GUID
FT_UINT_STRING
Also: For type FT_ITv6 use ENC_NA. (This was missed in an earlier SVN)
svn path=/trunk/; revision=39329
Specifically: Replace FALSE|0 and TRUE|1 by ENC_BIG_ENDIAN|ENC_LITTLE_ENDIAN as
the encoding parameter for proto_tree_add_item() calls which directly reference
an item in hf[] which has a type of:
FT_UINT8
FT_UINT16
FT_UINT24
FT_UINT32
FT_UINT64
FT_INT8
FT_INT16
FT_INT24
FT_INT32
FT_INT64
FT_FLOAT
FT_DOUBLE
svn path=/trunk/; revision=39292
- Define macros for certain CFLAGS in config.nmake iso of having defs in each makefile;
a. -DHAVE_CONFIG_H and -D_U_="" are now part of a macro named STANDARD_CFLAGS;
b. -WX has been replaced by WARNINGS_ARE_ERRORS (defined as -WX in config.nmake)
(This allows disabling "Warnings as Errors" by just changing config.nmake)
c. CVARSDLL definitions (not usage) have been removed from the various makefiles.
XXX: It appears the usage of CVARSDLL can also be removed (not yet done) since:
-DWIN32 and -DNULL=0 do not appear to be needed (any more);
-D_MT and _D_DLL are not needed since /MP causes these definitions.
d. Define a macro WARNINGS_CFLAGS with additional specific compiler (level4) warnings to be enabled.
E.G., 4295: array is too small to include a terminating null character
- config.nmake: reformat some long lines for readability;
- plugins\Makefile.nmake: clean-deps does nothing: remove it (and usage in top-level makefile);
- dissectors/Makefile.nmake: test to enable packet-rrc.obj target needs to include MSVC2010 ...
svn path=/trunk/; revision=35747
keys to have _uint in their names, to match the routines that handle
dissector tables with string keys. (Using _port can confuse people into
thinking they're intended solely for use with TCP/UDP/etc. ports when,
in fact, they work better for things such as Ethernet types, where the
binding of particular values to particular protocols are a lot
stronger.)
svn path=/trunk/; revision=35224
Until now the info column only shows the OPC UA transport protocol type (Hello,
Ack, Secure Conversion message).
After connections establishment has finished this column shows only Secure
Conversion message, because every service is sent over the secure channel.
This patch adds the useful support of displaying the service type in the info
column. This makes it easier to find specific service calls in huge capture
files.
svn path=/trunk/; revision=35119
This patch adds support for displaying OPC UA ExtensionObjects.
An ExtensionObject is a mechanism to transport user defined structures as
serialized blobs. Some types of ExtensionObjects are already defined by the OPC
Foundation's OPC UA Specifications.
These types can be implemented by this dissector, because they are well-known.
Real user-defined or vendor-defined types are unlikely to be implemented by a
passive dissector, because this would require browsing of the UA server's
address space to retrieve the type information.
Currently only the following types are supported:
* DataChangeNotification
* EventNotification
Others OPC defined types will follow.
From me: fix warnings: "format not a string literal and no format arguments"
svn path=/trunk/; revision=34906
This patch fixes displaying OPCUA Strings and ByteStrings.
From me: fix warnings: "format not a string literal and no format arguments"
svn path=/trunk/; revision=34905
I attached a patch which fixes some problems in the array handling of OPC UA
data when the array length is zero or -1 which is a Null-Array.
svn path=/trunk/; revision=34880
1) don't set thei SOVERSION - run-time-loaded modules don't have
an SOVERSION;
2) build them with link mode MODULE, not SHARED, on all
platforms.
(Fixing 1) also fixes the problem with building them as MODULE on OS X.)
svn path=/trunk/; revision=34243
I try to configure Wireshark with cmake on macosx 10.6.
It fails with : set_target_properties called with incorrect number of arguments.
Attached a patch to fix this issue.
svn path=/trunk/; revision=34201
(Thank you, sed, for doing the 90% of the work for me.)
Note that two of these files says "do not modify" implying that they are
machine generated but AFAIK we don't have the means to rebuild them.
svn path=/trunk/; revision=32561
- Add checking for linker flags
- Install plugins with the name including the Wireshark version.
This will make it easier to find matching plugin versions if
files get just copied over.
svn path=/trunk/; revision=32231
ABSOLUTE_TIME_LOCAL or ABSOLUTE_TIME_UTC, indicating whether to display
the date/time in local time or UTC. (int)ABSOLUTE_TIME_LOCAL ==
(int)BASE_NONE, so there's no source or binary compatiblity issue,
although we might want to eliminate BASE_NONE at some point and have the
BASE_ values used with integral types start at 0, so that you can't
specify BASE_NONE for an integral field.
svn path=/trunk/; revision=31319
Guy Harris