1- removed unnecessary include <wiretap/erf.h>
2- used fall through in protocol switch case instead of calling same
function with same params.
fixes/changes after review with Evan Huus, changes ETH/IPv4/IPv6/Infiniband/InfinibandLink
to use dissector table instead of direct function calls.
other protocols should be called in the same way, we'll do it when have
the time.
instead of calling subdissector directly from packet-erf.c code it's
easier to declare this and each time we need to register a new
protocol over erf format we sould easily extend it from the protcol module
instead using "dissector_add_uint()" function.
the change is still backward compatible, if no upper protocol is
registered for the specifc type an old fasion direct function call
is performed.
Change-Id: I3ae1ccfdd49ab8f90667185296cc950dc2184475
Reviewed-on: https://code.wireshark.org/review/3670
Petri-Dish: Evan Huus <eapache@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This is very similar in architecture to the changes made to the Conversation table functionality. Since all conversations have endpoints/hostlists, the "registered" list is shared for both.
Change-Id: Ie8c6910a68a1b3f27c5b18c4494f49b9404a7b31
Reviewed-on: https://code.wireshark.org/review/3214
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
I intentionally left the fields displayed alone (so they don't exactly match Wireshark GUI), because as Guy points out in bug 6310, not sure its A Bug or A Feature. But at least all types of conversations allowed are in sync with Wireshark GUI.
Bug:6310
Change-Id: I722837df510a39dadc1f9a07a99275509516698c
Reviewed-on: https://code.wireshark.org/review/3212
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Refactor (non-GUI) conversation table functionality from gtk/Qt to epan. Also refactor "common GUI" conversation table functionality.
The idea is to not have to modify the GUI when a dissector adds a new "conversation type"
Change-Id: I11f08d0d7edd631218663ba4b902c4a4c849acda
Reviewed-on: https://code.wireshark.org/review/3113
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Hopefully that name makes it clear what the routiner's purpose is, and
will encourage people to use it rather than using dissector_add_uint()
with a bogus integer value.
Change-Id: Ic5be456d0ad40b176aab01712ab7b13aed5de2a8
Reviewed-on: https://code.wireshark.org/review/2483
Reviewed-by: Guy Harris <guy@alum.mit.edu>
In Anders profile output[1] is looks like that get_ether_name() is called
four times, twice for src and dst. get_ether_name() takes ~2% of Ir, so
caching result should reduce Ir count by 1%.
Similar thing was already done for UDP and TCP - 5235dc6ca0
[1] http://www.wireshark.org/lists/wireshark-dev/201405/msg00063.html
Change-Id: I9ca582b0522387dbfaad866a48a0934693a2849f
Reviewed-on: https://code.wireshark.org/review/1808
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
which can be used to call the found heuristic dissector on the next pass.
Introduce call_heur_dissector_direct() to be used to call a heuristic
dissector which accepted the frame on the first pass.
Change-Id: I524edd717b7d92b510bd60acfeea686d5f2b4582
Reviewed-on: https://code.wireshark.org/review/1697
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The main driving force for this was my new Decode As functionality (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9450) that wants a dissector/subdissector table relationship for all dissectors wanting to use Decode As functionality. The ethertype() function provides the value to the "ethertype" subdissector table, so I think it should be matched to a dissector. Only odd side effect is the display filter of "ethertype" returns no packets because there is no "item" associated with the dissector.
svn path=/trunk/; revision=53443
The script didn't catch as many as I would have liked, but it's a start.
The most common (ab)use of proto_tree_add_uint_format was for appending strings to CRC/checksum values to note good or bad CRC/checksum.
svn path=/trunk/; revision=52045
epan/show_exception.c, as it's used outside
epan/dissectors/packet-frame.c. Update their callers to include
<epan/show_exception.h> to get their declaration.
Add a CATCH_NONFATAL_ERRORS macro that catches all exceptions that, if
there's more stuff in the packet to dissect after the dissector call
that threw the exception, doesn't mean you shouldn't go ahead and
dissect that stuff. Use it in all those cases, including ones where
BoundsError was inappropriately being caught (you want those passed up
to the top level, so that the packet is reported as having been cut
short in the capture process).
Add a CATCH_BOUNDS_ERRORS macro that catches all exceptions that
correspond to running past the end of the data for a tvbuff; use it
rather than explicitly catching those exceptions individually, and
rather than just catching all exceptions (the only place that
DissectorError should be caught, for example, is at the top level, so
dissector bugs show up in the protocol tree).
Don't catch and then immediately rethrow exceptions without doing
anything else; just let the exceptions go up to the final catcher.
Use show_exception() to report non-fatal errors, rather than doing it
yourself.
If a dissector is called from Lua, catch all non-fatal errors and use
show_exception() to report them rather than catching only
ReportedBoundsError and adding a proto_malformed item.
Don't catch exceptions when constructing a trailer tvbuff in
packet-ieee8023.c - just construct it after the payload has been
dissected, and let whatever exceptions that throws be handled at the top
level.
Avoid some TRY/CATCH/ENDTRY cases by using checks such as
tvb_bytes_exist() before even looking in the tvbuff.
svn path=/trunk/; revision=47924
- ... and make that distinction configurable for capture files that do not have padding in small frames, but do have trailers
- Add VSS-Monitoring dissector to show by the TAP inserted time- and portstamps
svn path=/trunk/; revision=40108
Specifically: Replace FALSE|0 and TRUE|1 by ENC_BIG_ENDIAN|ENC_LITTLE_ENDIAN as
the encoding parameter for proto_tree_add_item() calls which directly reference
an item in hf[] which has a type of:
FT_BOOLEAN
FT_IPv4
FT_EUI64
FT_GUID
FT_UINT_STRING
Also: For type FT_ITv6 use ENC_NA. (This was missed in SVN #39260)
svn path=/trunk/; revision=39328
Specifically: Replace FALSE|0 and TRUE|1 by ENC_BIG_ENDIAN|ENC_LITTLE_ENDIAN as
the encoding parameter for proto_tree_add_item() calls which directly reference
an item in hf[] which has a type of:
FT_UINT8
FT_UINT16
FT_UINT24
FT_UINT32
FT_UINT64
FT_INT8
FT_INT16
FT_INT24
FT_INT32
FT_INT64
FT_FLOAT
FT_DOUBLE
svn path=/trunk/; revision=39288
will process the FCS if it's known to be present and will attempt to
guess whether it's present if it's not known not to be present.
svn path=/trunk/; revision=38990
Also did some whitespace cleanup, converting tabs to spaces since most of the file was spaced, not tabbed, and swapped the order that the lg and ig bits get added to the tree because I think it looks better reading bits left-to-right.
TODO: I'm not entirely sure what to do in capture_eth() if that invalid range is encountered, so for now I just added some #if 0'd code as a placeholder.
Ref: http://www.wireshark.org/lists/wireshark-users/201106/msg00127.html
svn path=/trunk/; revision=37832
keys to have _uint in their names, to match the routines that handle
dissector tables with string keys. (Using _port can confuse people into
thinking they're intended solely for use with TCP/UDP/etc. ports when,
in fact, they work better for things such as Ethernet types, where the
binding of particular values to particular protocols are a lot
stronger.)
svn path=/trunk/; revision=35224
given UDP port; this is to handle the output for the Cisco CMTS "cable
intercept" command - it encapsulates Ethernet frames in UDP packets, but
the UDP port is user-defined.
svn path=/trunk/; revision=33964
Patch utilizes techniques incorporated in the packet-ieee8023.c dissect_802_3()
routine to dynamically calculate the remaining payload length. This is then
compared to the length included in the CCSDS header.
svn path=/trunk/; revision=29329
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
FCS; this handles protocols where there's no length field, so that the
"is there a trailer and/or an FCS?" heuristic can't work.
svn path=/trunk/; revision=28432
CCSDS packets may reside within an 802.3 packet. This patch provides a way for
the CCSDS dissector to be called from the 802.3 dissector.
svn path=/trunk/; revision=27257
This patch adds a heuristic dissector to the ethernet trailer under the
keystring "eth.trailer". This allows for other protocol plugins which coopt
the ethernet trailer for their own devices to register for trailer traffic
without requiring any further changes to the executable.
svn path=/trunk/; revision=23880
move TRY block in its own function.
__attribute__((noinline)) does not compile with MS VC 6
nor does __declspec(noinline)
Applied the patch without it.
svn path=/trunk/; revision=23424
packets in the Packet Details View.
This "appendix" bytes are not copied with the Copy functions or in the
Export Selected Packet Bytes.
svn path=/trunk/; revision=22887
ethernet IG/LG bit changes with minor modifications
(only dissect LG if it is a unicast address
put a hint what locally administered means in the dissect tree
)
svn path=/trunk/; revision=19033
inside this expansion show
1, eth.addr so people can see that this field exists (i think it is futile to use "hidden" fields and expect people to search through the infinitely long list of fields, better show everything and they will see themself what fuields they can filter on)
2, bit 0x01 of the first byte to show if it is Multi or Uni-cast
3, bit 0x02 of the first byte to show if it is a locally administrated address or not.
I do use the (to laymen) more descriptive names "factory default" instead of LocallyAdminAddr in the true_false string though.
svn path=/trunk/; revision=17378
directory to the epan directory. Some of them should perhaps ultimately
be moved to epan/dissectors, if they pertain only to stuff exported by a
particular dissector.
Fix Gerald's e-mail address in files we're moving.
svn path=/trunk/; revision=15844
making pointers to byte data be "guint8 *" rather than "char *",
and making buffers holding byte data arrays of "guint8" rather
than arrays of "char";
making pointers to text strings "char *" rather than "guchar *";
appropriately casting pointers (cast to "guint8 *" when passing
to routines expecting "guint8 *" or when assigning to "guint8
*");
making port-number preferences "guint";
making enum preferences "gint";
making hf_ variables "int".
Clean up white space.
svn path=/trunk/; revision=14884
It should not dump core as far as all my tests are concerned and Menu_Statistics/ProtocolHierStats work
It needs more testing and there might still be cases where it will crash that will need to be fixed but I feel it will be worth it since it will decrease the time to filter very large capture files dramatically.
Real significant performance boost for very large captures.
(If we cant fix all the problems we can just revert this patch)
svn path=/trunk/; revision=14051
Ethernet frames, one for encapsulated frames that include an FCS and one
for encapsulated frames that don't include an FCS. Use the appropriate
versions.
In the ISL dissector, do the same sort of processing we do in the
Ethernet dissector to figure out whether the frame has a trailer or not
and whether it has an FCS or not.
svn path=/trunk/; revision=12593
might have 0 in what would be the Ethernet type field.
Also, handle the first 5 octets of the destination address of an ISL
frame being 0C-00-0C-00-00.
svn path=/trunk/; revision=12484
include of <resolv.h> in any system header file gets the system
<resolv.h> (needed for builds on Tru64 with GTK+ 1.2[.x]).
svn path=/trunk/; revision=11615
Also move ncp222.py, x11-fields, process-x11-fields.pl,
make-reg-dotc, and make-reg-dotc.py.
Adjust #include lines in files that include packet-*.h
files.
svn path=/trunk/; revision=11410