Capture dissectors could be architected like dissection dissectors, with tables and subtables and possibly using tvbs to pass there data instead of raw byte arrays. This is a first step towards that by refactoring capture_info_packet() to work off of a "capture dissector table"
Registering the capture dissection functions instead of calling them directly also clears up a bunch of dissector header files who sole purpose was providing the capture dissection function definition.
Change-Id: I10e9b79e061f32d2572f009823601d4f048d37aa
Reviewed-on: https://code.wireshark.org/review/12581
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
NSIS script modified to:
- check for KB 3033929 presence on Windows 7 / 2008R2 (as we sign drivers with a SHA2 certificate)
- do not delete the installation folder if not empty
Bug: 11766
Change-Id: I5c7b6378b0775bb75c1b9e58e503997176c12213
Reviewed-on: https://code.wireshark.org/review/12546
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
This includes:
1. new_create_dissector_handle -> create_dissector_handle
2. new_register_dissector -> register_dissector
3. new_register_ber_oid_dissector -> register_ber_oid_dissector
4. new_register_ber_syntax_dissector -> register_ber_syntax_dissector
Also remove PDU_NEW, SYNTAX_NEW and REGISTER_NEW as there is no need for the distinction anymore.
Change-Id: I82c7de7c8ffeeab3259d1b55bb4afc5f6a1e0329
Reviewed-on: https://code.wireshark.org/review/12491
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fix messages generated by 894X phones, which do not always include all fields
Revert accidental change by using of an older packet-skinny.c.in file
Change-Id: I4c6f0ef053579cbbd0c15e90b44dda6a6b173d0d
Reviewed-on: https://code.wireshark.org/review/12478
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Tweak lemonflex-tail.inc to fix an issue this reveals.
It appears that, at least on the buildbots, the Visual Studio compiler
no longer issues warnings for the code generated with %option noyywrap.
Change-Id: Id64d56f1ae8a79d0336488a4a50518da1f511497
Reviewed-on: https://code.wireshark.org/review/12433
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Developed by Emerson Industrial Automation (Control Techniques Division)
eCMP is a protocol for setting up and controlling the devices in a factory
automation system. eCMP has about 30 commands; most are embedded into TCP/IP
messages, but cyclic data messages use the UDP protocol.
Bug: 10562
Change-Id: I9a421f39dfbdbc9e28d8f7cba72c22e270064641
Reviewed-on: https://code.wireshark.org/review/3157
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Use relative path names for the script names and mesa/xcbproto directories so
different paths (from different users) don't cause deltas.
Also, with help from Peter Wu and Graham, get generation of the X11 dissector
working from cmake.
Change-Id: I95cd2a0f973dcbc67f457ff94c28e46a666afb74
Reviewed-on: https://code.wireshark.org/review/12213
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Almost all replacements were done awhile ago, just put the final nail in the coffin.
Change-Id: I0a708d886da5a500c2a1e2c9ee2736794bdb9411
Reviewed-on: https://code.wireshark.org/review/12206
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Avoids absolute paths when using cmake and doing an in-tree build.
Before (source directory is /tmp/wireshark):
/*--- Included file: /tmp/wireshark/asn1/t38/packet-t38-exp.h ---*/
After:
/*--- Included file: packet-t38-exp.h ---*/
Change-Id: Id5c98bff7b97447479e1a09751701f2f52132b20
Reviewed-on: https://code.wireshark.org/review/12118
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Fix the x64 ones missed on commit f1efeb1eba
Change-Id: Iec432c81511c64145711052bb29f6484c6c1c5b1
Reviewed-on: https://code.wireshark.org/review/12020
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Graham Bloice <graham.bloice@trihedral.com>
The hardening check runs on all binaries and quite a few third party binaries
are not hardened, thus leading to a warning on the buildslave.
The change reduces the noise by not counting the binaries that are known to be
"soft". They are still printed in the output though, for reference.
Also fixed the search directory passed to the script.
Change-Id: I1619066c687c9ba934ab38fccbbf2011108328e4
Reviewed-on: https://code.wireshark.org/review/12016
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Graham Bloice <graham.bloice@trihedral.com>
Use -isystem instead of -I for external headers with GCC/clang to squash
all the noise.
cmake already uses -isystem by default for supported platforms/compilers.
Change-Id: Ia6c9d1eb9b894fda6f48c531094d792e16fd39fc
Reviewed-on: https://code.wireshark.org/review/11947
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: Id218dec9e5a721d6c63fd34962ffe50b6ab8dd56
Reviewed-on: https://code.wireshark.org/review/11946
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Diederik de Groot <dkgroot@talon.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use GResource instead, if available. Add autotools and cmake compile time
checks for build requirements (GIO >= 2.32 and GDK-Pixbuf >= 2.26).
Merge all the various static pixbuf csource header files into
a single pixbuf-csource.h header with external linkage through use of the
tools/make-pixbuf-csource.pl script.
Fix inline pixbuf build target for some image paths (broken for GTK
in gb4a4de7).
Add missing 'expert_ok.png' file to distribution (GTK only).
Minor improvements to style/structure of ui/gtk/Makefile.am.
Bug: 10750
Change-Id: I031296b666ee8b92730400dfa6f71f9ee4304863
Reviewed-on: https://code.wireshark.org/review/10992
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a dissector for reading Sysdig event blocks. It only handles plain
events but it's usable for reading trace files on hand here.
Use a script to generate various parts of the dissector. As an experiment,
update parts in-place instead of using a template.
Ultimately there should probably be a top-level "Syscall" or "Event"
dissector alongside the "Frame" dissector, which could then call this.
You could then directly compare an executable's system calls alongside
its network traffic.
For now leverage the pcapng_block dissector and keep everything under
"Frame".
Next steps:
- Items listed at the top of packet-sysdig-event.c.
Change-Id: I17077e8d7f40d10a946d61189ebc077d81c4da37
Reviewed-on: https://code.wireshark.org/review/11103
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
being run in.
Do this by forcing the time zone to be UTC (by modifying the environment).
Change-Id: I13c47deada82b55a464006f9c3cc60115b2e4f20
Reviewed-on: https://code.wireshark.org/review/11378
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The buildbots have been using pre-built packages from The Qt Company for
a while now and it's unlikely we'll have to compile our own in the future.
Change-Id: Iee93ab05af46f40585256f991b176392f018727a
Reviewed-on: https://code.wireshark.org/review/11449
Reviewed-by: Gerald Combs <gerald@wireshark.org>
For example, to ensure that "field = value" is not a valid dfilter (as was
recently a problem).
As suggested by Alexis.
Change-Id: Ibf498c30325579e3d5474bb2d397f1bbb9ffc07f
Reviewed-on: https://code.wireshark.org/review/11339
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ie8132f317f2d1c27af83218c48874941bd3cc5d0
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/11390
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Quit immediately, don't even bother allocating a buffer for the pathname
of the file we found.
Revert some other cosmetic changes, to reduce the differences between us
and upstream.
Change-Id: I217fecee64c7e6bac9272486d0cc334e192b501e
Reviewed-on: https://code.wireshark.org/review/11253
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I3b0740f5ccc3b9b87ed351e26f198152bbb1e599
Reviewed-on: https://code.wireshark.org/review/10801
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Id32864d324f72ffee9c1033f0f36a79eb2651334
Reviewed-on: https://code.wireshark.org/review/10797
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This is to avoid complaints from clang of the form:
wireshark/epan/dissectors/x11-extension-implementation.h:17021:18: error:
equality comparison with extraneous parentheses [-Werror,-Wparentheses-equality]
if ((f_class_id == 0)) {
~~~~~~~~~~~^~~~
Change-Id: I91d629ad47677b71909d7da517c4a6198c276186
Reviewed-on: https://code.wireshark.org/review/11186
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The size calculation for the struct will be wrong (too small) which looks
strange in the GUI when the children elements extend past the region
marked by their parent. But it doesn't seem to cause any actual problems,
there is only one request affected by this, and correct size calculation
(by recursing the switch) would take a fair amount of work.
Change-Id: I1847f736153daf59b8dbf3299005a772ffe9673a
Reviewed-on: https://code.wireshark.org/review/11107
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
my $count here shadows my $count in the outer scope, preventing the size
of constant sized arrays from being calculated correctly.
Change-Id: I89c989ee2d288d4828871ebab650807fbde747dd
Reviewed-on: https://code.wireshark.org/review/11106
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Despite promises from the Perl maintainers to remove or at least
drastically change given/when and smartmatch, that still hasn't happened
as of 5.22.
We can cross that bridge when we come to it. Until then, assume they're
never going to break given/when.
Change-Id: If9270bd6fd819d24c58f31f2dfe0d88e831b19fe
Reviewed-on: https://code.wireshark.org/review/11104
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Also, die more gracefully than:
Can't use string ("1") as a HASH ref while "strict refs" in use at
../../tools/process-x11-xcb.pl line 675.
at ../../tools/process-x11-xcb.pl line 1859
at ../../tools/process-x11-xcb.pl line 1859
when blacklisted (previously unused) structures start being used in the
xcbproto source.
(It's still not possible to regenerate the X11 dissector but this is a step...)
Change-Id: I1dec16a7a479d5f453c5f54e561aa8238eb21280
Reviewed-on: https://code.wireshark.org/review/10972
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Add "/WX" to the Visual C++ compiler flags if DISABLE_WERROR is off,
similar to config.nmake.
We haven't compiled C++ code with -Wshorten-64-to-32 for quite
some time so there's no need to add -Wno-shorten-64-to-32 in
ui/qt/CMakeLists.txt.
Additionally, squelch
----
C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\INCLUDE\algorithm(3050) : warning C4267: 'argument' : conversion from 'size_t' to 'int', possible loss of data (.\rpc_service_response_time_dialog.cpp)
C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\INCLUDE\algorithm(3065) : see reference to function template instantiation 'void std::_Median<_RanIt,bool(__cdecl *)(const QString &,const QString &)>(_RanIt,_RanIt,_RanIt,_Pr)' being compiled
with
[
_RanIt=QList<QString>::iterator
, _Pr=bool (__cdecl *)(const QString &,const QString &)
]
C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\INCLUDE\algorithm(3127) : see reference to function template instantiation 'std::pair<_RanIt,_RanIt> std::_Unguarded_partition<_RanIt,bool(__cdecl *)(const QString &,const QString &)>(_RanIt,_RanIt,_Pr)' being compiled
with
[
_RanIt=QList<QString>::iterator
, _Pr=bool (__cdecl *)(const QString &,const QString &)
]
C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\INCLUDE\algorithm(3157) : see reference to function template instantiation 'void std::_Sort<_Iter,int,bool(__cdecl *)(const QString &,const QString &)>(_RanIt,_RanIt,_Diff,_Pr)' being compiled
with
[
_Iter=QList<QString>::iterator
, _RanIt=QList<QString>::iterator
, _Diff=int
, _Pr=bool (__cdecl *)(const QString &,const QString &)
]
.\rpc_service_response_time_dialog.cpp(130) : see reference to function template instantiation 'void std::sort<QList<QString>::iterator,bool(__cdecl *)(const QString &,const QString &)>(_RanIt,_RanIt,_Pr)' being compiled
with
[
_RanIt=QList<QString>::iterator
, _Pr=bool (__cdecl *)(const QString &,const QString &)
]
C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\INCLUDE\algorithm(3051) : warning C4267: 'argument' : conversion from 'size_t' to 'int', possible loss of data (.\rpc_service_response_time_dialog.cpp)
C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\INCLUDE\algorithm(3052) : warning C4267: 'argument' : conversion from 'size_t' to 'int', possible loss of data (.\rpc_service_response_time_dialog.cpp)
C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\INCLUDE\algorithm(3053) : warning C4267: 'argument' : conversion from 'size_t' to 'int', possible loss of data (.\rpc_service_response_time_dialog.cpp)
----
in both rpc_service_response_time_dialog.cpp and wireshark_application.cpp
so that we'll compile successfully.
Change-Id: I457bcede99dcb1f3c1001f1f559c4901bb000357
Reviewed-on: https://code.wireshark.org/review/10533
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Make sure we can build from the tarball using CMake. Tested on Windows.
Change-Id: Iffc1ac964279e573aa2a8280b9bb4e799f10a974
Reviewed-on: https://code.wireshark.org/review/11066
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Otherwise a call to proto_tree_add_uint_format_value will trigger an assert
Bug: 11550
Change-Id: Ic30b07a424cd94b861cee8999b91154ceeb72469
Reviewed-on: https://code.wireshark.org/review/10689
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
It looks like "items" could have contributed to fields/data being at an incorrect level off of a tree.
Change-Id: I93616ef8b6b364c578f989882045dee42cb6d3c3
Reviewed-on: https://code.wireshark.org/review/8558
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This simplifies some of the logic required for field formatting.
Change-Id: I2f9a612b18e3e4ca01311683d9cf61cbad9950f4
Reviewed-on: https://code.wireshark.org/review/10649
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ie67892caec2cddee591631045233f8a3f1cc0bc6
Reviewed-on: https://code.wireshark.org/review/10648
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
On Windows, add a hardening-check target which checks for DYNAMICBASE
and NXCOMPAT using the PowerShell script Get-HardenFlags.ps1.
For a Visual Studio solution, run the check by calling:
msbuild /m /p:Configuration=RelWithDebInfo hardening-check.vcxproj
using the config as appropriate for your build.
Otherwise if we find the Debian/Fedora hardening-check script add a
target which runs it for each of our executables.
Change-Id: I62263e81d155c66e8c8edc751ffab535bf9f3b96
Reviewed-on: https://code.wireshark.org/review/10641
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The "old" method of populating the INFO column was to dissect all fields of a function/subfunction, then do a search in the tree to find the hf_ values of interest to then format into something for the INFO column. This is very expensive and requires "low level" APIs (for tree manipulation) which really shouldn't be used in a dissector.
The "new" method populates the INFO column at the same time a field is parsed, so nothing has to be revisited (and allows for more fields to be displayed on some malformed packets).
There are still expert infos (and possibly column APIs) under if (tree)s, but I'm not sure how FAKE_TREE_IS_VISIBLE factors into that. Removing the FAKE_TREE_IS_VISIBLE seems to negatively affect dissection.
Change-Id: Ie487e851c2f6558dd12f0c7010757b4a5f36226b
Reviewed-on: https://code.wireshark.org/review/10631
Reviewed-by: Michael Mann <mmann78@netscape.net>
Its time has finally come.
Technically I just renamed it to proto_tree_add_text_internal and removed the WS_DLL_PUBLIC (so it shouldn't link outside of epan). It's still (legitimately) used by expert.c otherwise I would have made it static within proto.c (and the rename wouldn't have been necessary).
Change-Id: I9bdf888d5e92bc7b70a3f5461b9297a66d994b80
Reviewed-on: https://code.wireshark.org/review/10594
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
The "old" method of populating the INFO column was to dissect all fields of a function/subfunction, then do a search in the tree to find the hf_ values of interest to then format into something for the INFO column. This is very expensive and requires "low level" APIs (for tree manipulation) which really shouldn't be used in a dissector.
The "new" method populates the INFO column at the same time a field is parsed, so nothing has to be revisited.
There are still expert infos (and possibly column APIs) under if (tree)s, but with the FAKE_TREE_IS_VISIBLE "hacks" removed, there should be less fear in removing the tree checks.
Change-Id: I847827395fc28704f468df8bc8b47b297dde8479
Reviewed-on: https://code.wireshark.org/review/10572
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Christian Tellefsen