This emphasizes that there is no such thing as *the* routine to
construct a subset tvbuff; you need to choose one of
tvb_new_subset_remaining() (if you want a new tvbuff that contains
everything past a certain point in an existing tvbuff),
tvb_new_subset_length() (if you want a subset that contains everything
past a certain point, for some number of bytes, in an existing tvbuff),
and tvb_new_subset_length_caplen() (for all other cases).
Many of the calls to tvb_new_subset_length_caplen() should really be
calling one of the other routines; that's the next step. (This also
makes it easier to find the calls that need fixing.)
Change-Id: Ieb3d676d8cda535451c119487d7cd3b559221f2b
Reviewed-on: https://code.wireshark.org/review/19597
Reviewed-by: Guy Harris <guy@alum.mit.edu>
They already know who they are when they register themselves. Saving the
handle then to avoid finding it later.
Not sure if this will increase unnecessary register_dissector functions
(instead of using create_dissector_handle in proto_reg_handoff function)
when other dissectors copy/paste, but it should make startup time
a few microseconds better.
Change-Id: I3839be791b32b84887ac51a6a65fb5733e9f1f43
Reviewed-on: https://code.wireshark.org/review/19481
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When registering preferences, make sure our titles and descriptions are
valid UTF-8. Make sure our titles are short and only contain printable
characters.
Fix problematic titles and descriptions.
Change-Id: I20d3f93438f2b3c30266f934297feb79897f2ee5
Reviewed-on: https://code.wireshark.org/review/18998
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ie5bfe4d366a679ebcb561716f23d174e7b9bf487
Reviewed-on: https://code.wireshark.org/review/18754
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Mirror it after protocol dissector API.
Change-Id: I7985bcfa9e07654c7cf005efec94efc205d7a304
Reviewed-on: https://code.wireshark.org/review/18496
Reviewed-by: Michael Mann <mmann78@netscape.net>
Similar to the "tcp.port" changes in I99604f95d426ad345f4b494598d94178b886eb67,
convert dissectors that use "udp.port".
More cleanup done on dissectors that use both TCP and UDP dissector
tables, so that less preference callbacks exist.
Change-Id: If07be9b9e850c244336a7069599cd554ce312dd3
Reviewed-on: https://code.wireshark.org/review/18120
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This is an attempt to standardize display/handling of checksum fields for all dissectors.
The main target is for dissectors that do validation, but dissectors that just report the
checksum were also included just to make them easier to find in the future.
Bug: 10620
Bug: 12058
Ping-Bug: 8859
Change-Id: Ia8abd86e42eaf8ed50de6b173409e914b17993bf
Reviewed-on: https://code.wireshark.org/review/16380
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Register for:
ERF_TYPE_COLOR_ETH
ERF_TYPE_DSM_COLOR_ETH
ERF_TYPE_COLOR_HASH_ETH
Change-Id: I5877ca5721abaa269f937cca0414df4f6b1a5eef
Reviewed-on: https://code.wireshark.org/review/15398
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Use eth_maybefcs instead of eth_withoutfcs.
ERF_TYPE_ETH records almost always have FCS, but using maybe means the "Assume
packets have FCS" is respected.
Mark the erf_ethfcs preference as obsolete. It was being ignored.
This was broken by Change 3670 which changed the ERF dissector to use
a dissector table.
Change-Id: I45cffdaed3890f8a0f505b2011be8c5204d9b2a6
Reviewed-on: https://code.wireshark.org/review/15360
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
nothing to do with IP protocol 97 called EoIP. Instead it is a GRE encapsulation
with Ethertype 0x6400. It sets the GRE version to 1 but doesn't use a sequence
number (in violation of RFC2637). Welcome to the real world.
Change-Id: I3d916f8fc134ef14bcaf0b946a10f7170a9f6a75
Reviewed-on: https://code.wireshark.org/review/14596
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
This saves many dissectors the need to find the data dissector and store a handle to it.
There were also some that were finding it, but not using it.
For others this was the only reason for their handoff function, so it could be eliminated.
Change-Id: I5d3f951ee1daa3d30c060d21bd12bbc881a8027b
Reviewed-on: https://code.wireshark.org/review/14530
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Started by grepping call_dissector_with_data, call_dissector_only and call_dissector and traced the handles passed into them to a find_dissector within the dissector. Then replaced find_dissector with find_dissector_add_dependency and added the protocol id from the dissector.
"data" dissector was not considered to be a dependency.
Change-Id: I15d0d77301306587ef8e7af5876e74231816890d
Reviewed-on: https://code.wireshark.org/review/14509
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This will make it easier to determine protocol dependencies.
Some LLC OUI dissector tables didn't have an associated protocol, so they were left without one (-1 used)
Change-Id: I6339f16476510ef3f393d6fb5d8946419bfb4b7d
Reviewed-on: https://code.wireshark.org/review/14446
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add fields for the absolute time stamp (and another field for a presence
flag for the absolute time stamp) and the packet encapsulation for the
packet.
This lets us remove the field for the packet encapsulation in the
frame_data structure; do so.
Change-Id: Ifb910a9a192414e2a53086f3f7b97f39ed36aa39
Reviewed-on: https://code.wireshark.org/review/13499
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have a dissector that is passed a "struct eth_phdr" pointer, indicating
whether there is an FCS, there is no FCS, or there's maybe an FCS, and
an "eth_maybefcs" dissector, to be called from other dissectors. The
latter takes no data argument.
That obviates the need for callers of the latter to fill in an
"eth_phdr" structure.
Note in a comment that setting the "assume an FCS" preference overrides
a file format handler in Wiretap saying "we have no FCS". I seem to
remember that this might be intentional.
Ping-Bug: 9933
Change-Id: I600e1351d468ab31d48369edb96832d6da3e480c
Reviewed-on: https://code.wireshark.org/review/13432
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It's called from some places other than packet-frame.c, at least one of
which currently can't call anything else (the ATM dissector, for
VC-multiplexed bridged frames, where you don't know whether the frames
include the FCS or not), so the frame's pseudo-data doesn't necessarily
have the appropriate "FCS length" value. Have it explicitly check the
data argument, and explicitly pass the appropriate value to it.
Ping-Bug: 9933
Change-Id: I0c75f921d25d1e2b75e476c15ff9625205036b25
Reviewed-on: https://code.wireshark.org/review/13382
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I8512cfa1d424f82a873a0e0e1d22c7b075fdd7f3
Reviewed-on: https://code.wireshark.org/review/13069
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
While it currently only contains packet_counts, it will hopefully stabilize the capture function signature if more fields are added.
Change-Id: I003552c58043c7c2d67aec458187b12b233057e2
Reviewed-on: https://code.wireshark.org/review/12690
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
These were created from capture dissector functions that had switch statements determine "next" protocol/dissector. The registration decreases the need for function declarations in header files.
Added new capture dissection tables for IP, IPv6, TCP and UDP as that seems like the next logical place to expand
Change-Id: I1ec0cd54eecda4f400669ee5b026bf6e2b46545a
Reviewed-on: https://code.wireshark.org/review/12634
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
They are modeled after dissection dissector tables, but for the moment, don't have/need the flexibility. They are intended to be much simpler/faster than full dissection.
The two most used/needed are "wtap_encap" and "ethertype", so they were the basis of starting to use and test capture dissector table API. Others may be added in the future.
The "capture dissector" function signature needed a bit of tweeking to handling "claiming" of a packet.
The current application of this is capture functions returning TRUE if they affected a "type" of packet count. Returning FALSE ends up considering the packet an "other" type.
Change-Id: I81d06a6ccb2c03665f087258a46b9d78d513d6cd
Reviewed-on: https://code.wireshark.org/review/12607
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This will make it easier to mold into (capture) dissector tables.
Change-Id: Iad63f2c2869782977992a3a072adb020be4b1818
Reviewed-on: https://code.wireshark.org/review/12587
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Capture dissectors could be architected like dissection dissectors, with tables and subtables and possibly using tvbs to pass there data instead of raw byte arrays. This is a first step towards that by refactoring capture_info_packet() to work off of a "capture dissector table"
Registering the capture dissection functions instead of calling them directly also clears up a bunch of dissector header files who sole purpose was providing the capture dissection function definition.
Change-Id: I10e9b79e061f32d2572f009823601d4f048d37aa
Reviewed-on: https://code.wireshark.org/review/12581
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ie39ef054a4a942687bd079f3a4d8c2cc55d5f22c
Reviewed-on: https://code.wireshark.org/review/12485
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Picking off "easy" dissectors that only have one or two exit points at most.
Change-Id: I3d5e576b796556ef070bb36d8b55da0b175dcba8
Reviewed-on: https://code.wireshark.org/review/11805
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I8bc9af431e70243b05f4f0ce8c2b8ee451383788
Reviewed-on: https://code.wireshark.org/review/11463
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Rename the color_dissector_filters.[ch] files to just
dissector_filters.[ch], and rename the routines not to include the
string "color_", as those filters can be used as color filters *or*
display filters.
Remove "color_" from other places where we're not doing colorization.
In the GTK+ code, combine the two loops that add menu items for filters
in the dissector-provided filters list into one.
Change-Id: I08ecccc6b1b1be675e4129a0589f36c9f240407c
Reviewed-on: https://code.wireshark.org/review/11379
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Replace CMP_ADDRESS, COPY_ADDRESS, et al with their lower-case
equivalents in the asn1 and epan directories.
Change-Id: I4043b0931d4353d60cffbd829e30269eb8d08cf4
Reviewed-on: https://code.wireshark.org/review/11200
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I87f6f9f40e1c33148de43b53a8881d51416f5d2c
Reviewed-on: https://code.wireshark.org/review/7898
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Just reduces the overall tvb_get_ptr usage count in the dissector directory.
Change-Id: I455dc4cc9b082ecccdd254a2e5121f3353b5a812
Reviewed-on: https://code.wireshark.org/review/7491
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I0c9cc5d574fdd73ecf1f8b32dbbf0ddb2b885116
Reviewed-on: https://code.wireshark.org/review/7437
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I7c8cfbcf201b3b73afe731302572646ce7833d64
Reviewed-on: https://code.wireshark.org/review/7284
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Not all changes were able to remove their corresponding tvb_get_ptr, because there are other API dependent on the (tvb_get)pointer, but future iterations optimizing those other APIs will then be able to remove it.
Change-Id: Id7cefd440b81834de1d1aace7cd0789b1c871a22
Reviewed-on: https://code.wireshark.org/review/6358
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
"stat name" has been official changed to "endpoints" for all dissectors, rather than a mixture of "host"/"endpoints" based on dissector.
Change-Id: If34bcb5165b493948e784ba038ab202803a59843
Reviewed-on: https://code.wireshark.org/review/6154
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Packet scoped memory cannot be used here; let's use the pinfo pool
Change-Id: If76605f7a3021f5900fd46ce7d1c642a518c902f
Reviewed-on: https://code.wireshark.org/review/6061
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Second batch (packet-eth.c -> packet-icmpv6.d).
Will look at cleaning up and committing script afterwards.
Change-Id: I14295758b81a59115d8c88899f166cc3d5d17594
Reviewed-on: https://code.wireshark.org/review/6013
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Change-Id: I8cce9fddbfe950e27e96ea8a5a6d2e0921ff4260
Reviewed-on: https://code.wireshark.org/review/5933
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Specifically:
- Set packet.h to be the first wireshark #include after
config.h and "system" #includes.
packet.h added as an #include in some cases when missing.
- Remove some #includes included (directly/indirectly) in
packet.h. E.g., glib.h.
(Done only for those files including packet.h).
- As needed, move "system" #includes to be after config.h and
before wireshark #includes.
- Rework various #include file specifications for consistency.
- Misc.
Change-Id: Ifaa1a14b50b69fbad38ea4838a49dfe595c54c95
Reviewed-on: https://code.wireshark.org/review/5923
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Bill Meier <wmeier@newsguy.com>
This allows dissector lists to be looked up by name, so they can be
shared by multiple dissectors.
(This means that there's no "udplite" heuristic dissector list, but
there shouldn't be one - protocols can run atop UDP or UDPLite equally
well, and they share a port namespace and uint dissector table, so they
should share a heuristic dissector table as well.)
Change-Id: Ifb2d2c294938c06d348a159adea7a57db8d770a7
Reviewed-on: https://code.wireshark.org/review/5936
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I5868a40b71a989a3a1522cb091064bb0aaec6daf
Reviewed-on: https://code.wireshark.org/review/5828
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Have dissectors register their desire to be part of "color" conversation filters and have the GUI use that registered list. GUI actually using API will come in a separate commit.
Change-Id: I5ffe922d97894fe7bf3182056b76ab5839a9461a
Reviewed-on: https://code.wireshark.org/review/5658
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I189a5b2d5f769395fa5e387f8be49b81903fb252
Reviewed-on: https://code.wireshark.org/review/5262
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I60fd9c6c486b9b3b90e32fb9ccce3973569cc2ee
Reviewed-on: https://code.wireshark.org/review/5204
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
Guy Harris