Allow the command layer to be shown for duplicated frames
if needed for deep-packet analysis
Change-Id: I2e0026b6e448ebfd96f879f2f002a6f30a0a5031
Reviewed-on: https://code.wireshark.org/review/8874
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The "EPSG Draft Standard 302-A: High Availability" introduces
the new frame "AMNI". This change adds support to correctly
dissect POWERLINK AMNI frames.
Change-Id: I9e402423296c4e82a25e897de964629bb695d566
Reviewed-on: https://code.wireshark.org/review/8215
Reviewed-by: Roland Knall <rknall@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Add a CF_FUNC macro to match VALS, TFS, etc. This should help us to avoid
the following warning:
warning: ISO C forbids initialization between function pointer and 'void *' [-Wpedantic]
We could start adding DIAG_OFF+DIAG_ON everywhere but this seems to be
more consistent with the other macros in proto.h. Update each instance
of BASE_CUSTOM to use CF_FUNC.
Adjust a dummy variable name generated by asn2wrs.py that was triggering
an invalid error in checkhf.pl.
Fix an encoding arguement in packet-elasticsearch.c found by
fix-encoding-args.pl.
Change-Id: Id0e75076c2d71736639d486f47b87bab84e07d22
Reviewed-on: https://code.wireshark.org/review/7150
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Allow manufacturer specific plugins, which will only
be called for certain service IDs which are manufacturer
specific as defined by the POWERLINK specification.
As with e.g. udp.port, a plugin or subdissector may
register with epl.asnd and a given service ID to implement
a plugin for specific ASND Service IDs, which are part
of the manufacturer specific object range (0xA0-0xFE).
Also, all values for the ID fields have been changed to
range_string
Change-Id: Ibfb9c035c16bce5322b13c42f30daf14e096712a
Reviewed-on: https://code.wireshark.org/review/6793
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
With this patch we want to enable a better support of POWERLINK
as a protocol for people who have to perform network diagnostics using
analyzing tools. Up until now, the main tool used was Omnipeek.
Now wireshark will be used more and more, due to the new extcap
infrastructure, which supports debug tools to be added as capture
devices.
To better facilitate that change, we have adapted the textual
representation of the Omnipeek dissector for POWERLINK, as it
allows for a faster and simpler diagnosis routine.
Additionally the name of the protocol has been changed to it's
correct name "POWERLINK" as this is the official name used by
EPSG for describing the protocol.
Changelog:
- Add error code definitions and string values.
- Change name for protocol column to POWERLINK which is more commonly
used than EPL.
- Reformat output in info column to look like output the output of
the POWERLINK plugin for Omnipeek. This facilitates the transition
to Wireshark. The added information and changed output improves the
debugging of POWERLINK nerworks.
Change-Id: I795e2487f2ae7af6b90c29366a1843c9fabffa85
Reviewed-on: https://code.wireshark.org/review/5581
Reviewed-by: Roland Knall <rknall@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Specifically:
- Set packet.h to be the first wireshark #include after
config.h and "system" #includes.
packet.h added as an #include in some cases when missing.
- Remove some #includes included (directly/indirectly) in
packet.h. E.g., glib.h.
(Done only for those files including packet.h).
- As needed, move "system" #includes to be after config.h and
before wireshark #includes.
- Rework various #include file specifications for consistency.
- Misc.
Change-Id: Ifaa1a14b50b69fbad38ea4838a49dfe595c54c95
Reviewed-on: https://code.wireshark.org/review/5923
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Bill Meier <wmeier@newsguy.com>
This allows dissector lists to be looked up by name, so they can be
shared by multiple dissectors.
(This means that there's no "udplite" heuristic dissector list, but
there shouldn't be one - protocols can run atop UDP or UDPLite equally
well, and they share a port namespace and uint dissector table, so they
should share a heuristic dissector table as well.)
Change-Id: Ifb2d2c294938c06d348a159adea7a57db8d770a7
Reviewed-on: https://code.wireshark.org/review/5936
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(for some dissectors which fetch all other integral fields using
ENC_LITTLE_ENDIAN).
Change-Id: Ica72a68ac560f2920d61e0769de83130557c46fd
Reviewed-on: https://code.wireshark.org/review/5752
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Part 2 of many
Change-Id: I50815e7738b011382392f3078a7107d3d9eec4ec
Reviewed-on: https://code.wireshark.org/review/5542
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Remake of the duplicated frames filter with
less memory usage.
Change-Id: I7c8694b5ae69c919b866bbc661bad5e3f0a3e1d7
Reviewed-on: https://code.wireshark.org/review/4773
Reviewed-by: Roland Knall <rknall@gmail.com>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Lukas Emersberger <lukas.emersberger@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fixed an error that retransmitted frames were added to the
reassembly table.
Change-Id: I314412cb8f2ce49142e4b7f001613948f5e03bf6
Reviewed-on: https://code.wireshark.org/review/4916
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Lukas Emersberger <lukas.emersberger@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The subindex of the R/TPDO frames was interpreted false.
Now the subindex is correctly interpreted.
ASend SDO Write Multiple Parameter by Index interpreted
the mapping data false.
Change-Id: Icfb1896e96f5486c5479c1dd060eb1032695f9f6
Reviewed-on: https://code.wireshark.org/review/4397
Reviewed-by: Lukas Emersberger <lukas.emersberger@gmail.com>
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
The offset was calculated too high, as it was added
to itself and sizes were added multiple times
Change-Id: I1a581e96e2ab66e40f5566074e8bd1089f55bdb0
Reviewed-on: https://code.wireshark.org/review/4049
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I525ac2aae2bdbfd5f3a2f3b35f1bf10dde053f66
Reviewed-on: https://code.wireshark.org/review/2667
Tested-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The data that is sent when downloading or uploading from a server is
sent in segments to the client.To clearly display all the segments
belonging together the splitted payload needs to be reassembled.
The behaviour is described in the powerlink specification 301 v1.2.0
chapter 6.3.2.4.1.1 Download Protocol and chapter 6.3.2.4.2 Upload
Protocol. The payload of the download/upload is now reassembled.
Signed-off-by: Lukas Emersberger <lukas.emersberger@gmail.com>
Change-Id: I17c30f15e75da47bcaba8f1fda1e412849ec268c
Reviewed-on: https://code.wireshark.org/review/1120
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The MN interprets the CMD layer data only if the CN increments
the Send-Sequence-Counter => new data. The MN interprets the
data only once, if the same frame is sent again the MN ignores
the data.
The behaviour is described in the powerlink specification 301 v1.2.0
chapter 6.3.2.3.2.3 Error: Duplication of Frame
Frames which duplicate previous sent data are now marked as
duplicated frames.
Signed-off-by: Lukas Emersberger <lukas.emersberger@gmail.com>
Change-Id: I9ef24b52712bfd3c735856b0cd5747c47aeef72a
Reviewed-on: https://code.wireshark.org/review/992
Reviewed-by: Evan Huus <eapache@gmail.com>
which can be used to call the found heuristic dissector on the next pass.
Introduce call_heur_dissector_direct() to be used to call a heuristic
dissector which accepted the frame on the first pass.
Change-Id: I524edd717b7d92b510bd60acfeea686d5f2b4582
Reviewed-on: https://code.wireshark.org/review/1697
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This squelches a run-time warning.
Change-Id: I5b147530b7f9255c3564fe24b56e0ea3eab45852
Reviewed-on: https://code.wireshark.org/review/995
Reviewed-by: Guy Harris <guy@alum.mit.edu>
packet-epl.c:2248: warning: declaration of 'index' shadows a global declaration
packet-epl.c: In function 'dissect_epl_sdo_command_write_multiple_by_index':
packet-epl.c:2380: warning: declaration of 'index' shadows a global declaration
packet-epl.c: In function 'dissect_epl_sdo_command_read_by_index':
packet-epl.c:2489: warning: declaration of 'index' shadows a global declaration
Change-Id: Ib1a1d1d2aa596df558162839e7594b7fd12559a3
Reviewed-on: https://code.wireshark.org/review/765
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Each package is dissected using a reference to object indeces, so
that in the view of the dissector output, a clear indication
to what the index means and what the subindices mean is given.
Additional special entries (mappings, timestamps) have their own hf
fields, and can be searched for via display filter.
Signed-off-by: Lukas Emersberger <lukas.emersberger@gmail.com>
Change-Id: I928c11a9f4a5b762c8947713a0f70e03bd711158
Reviewed-on: https://code.wireshark.org/review/730
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Lukas Emersberger <lukas.emersberger@br-automation.co.at>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
- Adding a typedefinition which can be deactivated, so
that certain types of frames are only detected in their
respective transport protocols
- Rename bytes array as it is a key-word for some IDEs and
hinders syntax checking
- Add node info to the time request from/by fields
- EPL: add message type to heuristic dissection call
Change-Id: Ia572bb68fc1d24d70e72b77867f0dad323b055b9
Reviewed-on: https://code.wireshark.org/review/750
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
- For PollResponse-Chaining SyncReq and SyncResp frames were introduced.
Those frame-types are not recognized by Wireshark yet.
- Currently only the FeatureFlags 0-13 where interpreted by Wireshark.
Flags 14-15 and all extended flags where missing.
14 = SDO Read/Write All by Index
15 = SDO Read/Write Multiple Parameter by Index
16 = Multiple-ASend Support (TRUE = Device supports Multiple-ASend; FALSE = Device doesn’t support Multiple-ASend)
17 = Ring Redundancy (TRUE = MN supports ring redundancy; FALSE = MN does not support ring redundancy)
18 = PResChaining (TRUE = Device supports PResChaining; FALSE = Device does not support PResChaining)
19 = Multiple PReq/PRes (TRUE = Device supports Multiple PReq/PRes; FALSE = Device does not support Multiple PReq/PRes)
20 = Dynamic Node Allocation (TRUE = Device supports DNA; FALSE = Device does not support DNA)
Signed-off-by: Lukas Emersberger <lukas.emersberger@gmail.com>
Change-Id: I9ac19f8b71b1be1094f410141c0f806996b1cb25
Reviewed-on: https://code.wireshark.org/review/589
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This is a permanent solution for bug #9786. guint overflows
are now prevented, and the remaining length is queried from
tvb and taken into consideration.
As a side-effect, the fix brought up two bugs in the openSAFETY
dissector, which where fixed as well.
Upd: Remove stdio.h and fix one encoding error found by
fix-encoding-args.pl
Change-Id: Ic2d478a8ea15b0bcfd2536a074c217daf610fe08
Reviewed-on: https://code.wireshark.org/review/291
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Up until now, openSAFETY hooked into a heuristic filter for epl
and dissected the whole package, handing back some epl header
information by calling epl again. This was time-consuming and
on a busy network led to an increase in dropped packages and
memory usage, as well as unresponsivness.
This patch only takes the payload data of epl frames, and
therefore greatly reduces the dissection overhead of openSAFETY.
On a second note, intergap data between safety frames is now
being displayed as Data, but only if the option for doing so
is specifically enabled in the openSAFETY preferences, as it
changes the behaviour of the dissector output.
Upd: Because of the gap handling, some frames where marked
as being truncated, although they were not, or did not contain
openSAFETY frames at all. In the course of the fix for this,
the byte copying for the byte swap with MBTCP has been moved
to only occur when needed, and is additionaly guarded.
Upd2: Identation and comment fixes
Upd3: Change memcpy to memdup and move find_dissector ( "data" )
to proto_reg_handoff
PLK: Store data dissector pointer
Move the if-clause to proto_reg_handoff as documented
in comment of Change-id: 191
Change-Id: I3038ed465900a2b5e63b3a0967abd62a4c66f318
Reviewed-on: https://code.wireshark.org/review/191
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Up until now, the heuristic dissector for epl allways passed the
complete epl frame. Therefore a lot of information got passed,
which was not needed, resulting in subdissectors to have to call
the epl dissector again, if the epl data had to be dissected.
This patch adds a second heuristic dissector (not breaking the
way, the existing one is working), which only passes the payload
of the epl frame to a sub-dissector, therefore reducing memory
overhead and increasing dissection speed.
Upd: Changes according to comments in patchset
Change-Id: I2ef309310f421f24d96dd1c188e188ccfa5935cd
Reviewed-on: https://code.wireshark.org/review/190
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
- when the text parameter is constant col_add_str() and col_set_str() are equivalent but col_set_str() is faster.
- same for replace col_append_fstr and col_append_str
- remove col_clear() when it's redundant:
+ before a col_set/col_add if the dissector can't throw an exception.
- replace col_append() after a col_clear() with faster col_add... or col_set
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9344
svn path=/trunk/; revision=52948
There seem to be several cases of proto_tree_add_string_format where a "string" value/filter doesn't really make sense because it's always empty, and is just being used as a "filterable subtree header (placeholder)". They appear to be more for "presense" than "value" and should probably be FT_NONE, although I'd almost argue for removing the filter in favor of proto_tree_add_text.
svn path=/trunk/; revision=52296
was done using textual search+replace, not anything syntax-aware, so presumably
it got most comments as well (except where there were typos).
Use a consistent coding style, and make proper use of the WS_DLL_* defines.
Group the functions appropriately in the header.
I ended up getting rid of most of the explanatory comments since many of them
duplicated what was in the value_string.c file (and were out of sync with the
recent updates I made to those in r48633). Presumably most of the comments
should be in the .h file not the .c file, but there's enough churn ahead that
it's not worth fixing yet.
Part of https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8467
svn path=/trunk/; revision=48634