Avoid displaying duplicate port numbers with transport name resolution disabled and
make some dissector code simpler.
Introduces port_with_resolution_to_str_buf() function and amends UDP/TCP/DCCP/SCTP to
use the new field display type.
Change-Id: Ifb97810b9c669ccbb1a310a2c0ffd6e2b63af210
Reviewed-on: https://code.wireshark.org/review/10625
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I6298b3de5f0a1cb988014ff16082eaf8c2a3c3c0
Reviewed-on: https://code.wireshark.org/review/10786
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
v1.99.1rc0-717-ga2c2f87 removed pinfo->private_data assignment, but left
the comment in place. Since v1.99.1rc0-761-g6d207fe, the member is
removed completely, so let's drop the comment.
Change-Id: Ib36b6b979abda786202867ea1e6ef0d11487f61c
Reviewed-on: https://code.wireshark.org/review/10684
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The invalid message occurred for an ack of a TCP segment
which included both retransmitted data and additional new data.
Bug: 11506
Change-Id: Id981d04c91b9e69b6ee1e0dea85aed142bf32594
Reviewed-on: https://code.wireshark.org/review/10395
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Callers may need to know information like retransmissions, etc which will be lost.
Change-Id: I3f8b6b0aeb308701eb34ae6f6f735af6995ed441
Reviewed-on: https://code.wireshark.org/review/9940
Reviewed-by: Michael Mann <mmann78@netscape.net>
The minimum length of MPTCP option is 3 (MP_PRIO)
Signed-off-by: Benjamin Hesmans <benjamin.hesmans@uclouvain.be>
Change-Id: I9742a7923497b07b9a7c761b02d52ac541e28cc7
Reviewed-on: https://code.wireshark.org/review/9585
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This causes them to be freed on shutdown, cleaning up ~800KB of "reachable"
memory according to valgrind. The fact that we even need to construct these as
value_strings is questionable IMHO, but that's a problem for a later date.
Switch epan_scope to the BLOCK allocator now that we're using it for so much
more, this gives a small but measurable increase in startup time.
Change-Id: I187460b769e28da3c6629abac1d9196727ae7dde
Reviewed-on: https://code.wireshark.org/review/9483
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Evan Huus <eapache@gmail.com>
This patch moves g_hash_table_destroy calls from the init routine to
the cleanup routine. Besides that, the conditional check for the hash
table has been removed, assuming that init is always paired with a
cleanup call.
If reassembly_table_init is found, a reassembly_table_destroy call is
prepended to the cleanup function as well.
Comments have been removed from the init function as well as these did
not seem to have additional value ("destroy hash table" is clear from
the context).
The changes were automatically generated using
https://git.lekensteyn.nl/peter/wireshark-notes/diff/one-off/cleanup-rewrite.py?id=4d11f07180d9c115eb14bd860e9a47d82d3d1dcd
Manually edited files (for assignment auditing): dvbci, ositp, sccp,
tcp.
Other files that needed special attention due to the use of
register_postseq_cleanup_routine:
- ipx: keep call, do not add another cleanup routine.
- ncp: remove empty mncp_postseq_cleanup. mncp_hash_lookup is used
even if a frame is visited before (see dissect_ncp_common), hence
the hash table cannot be destroyed here. Do it in cleanup instead.
- ndps: add cleanup routine to kill reassembly table, but do not
destroy the hash table as it is already done in ndps_postseq_cleanup.
Change-Id: I95a72b3df2978b2c13fefff6bd6821442193d0ed
Reviewed-on: https://code.wireshark.org/review/9223
Reviewed-by: Michael Mann <mmann78@netscape.net>
Coming after Jasper talk #Sharkfest15 about TCP stuff
Change-Id: I2b01bc6dfe24e28454101da59720d2c74603b88f
Reviewed-on: https://code.wireshark.org/review/9120
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Bug: 594
Change-Id: Ib41c4c753e24ac78b39463ab1daae7fd00631230
Reviewed-on: https://code.wireshark.org/review/8851
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Observe that tcp_flags_to_str_first_letter is a copy of tcp_flags_to_str
with the flags[][4] variables copied and the loop variables inverted.
This misses the FIN bit, and runs past the flags buffer.
Behavior change: for consistency, move the reserved bits to the front
and print reserved bits individually. Old output / new output:
NCEUAPRSRRR
RRRNCEUAPRSF
Tested with this pcap with all flag bits set (0x0fff). hexdump:
d4c3b2a1020004000000000000000000ff7f000065000000b6b77455f3ac
06002800000028000000450000280001000040067ccd7f0000017f000001
0014005000000000000000005fff2000907f0000
Change-Id: I70e070808d1f0f9cd60eaf4f2b3f4ac6e3cfaada
Reviewed-on: https://code.wireshark.org/review/8826
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The 1.99.4 is still in progress.
This reverts commit 260c84729c.
Change-Id: I8c24d301c103dd45e2ac2cdb4cda34b918ac5a37
Reviewed-on: https://code.wireshark.org/review/7758
Reviewed-by: Gerald Combs <gerald@wireshark.org>
works as proto_tree_add_item(), but also returns the value of (u)ints
of 8,16,24 and 32 bits length in a 32 bit variable. It's based on Hadriels
previous work.
Change-Id: If3b4b8588b63251f1ee9b954a202acde7c02ce86
Reviewed-on: https://code.wireshark.org/review/7230
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add FT_FRAMENUM_ACK and FT_FRAMENUM_DUP_ACK and set them for
tcp.analysis.acks_frame and tcp.analysis.duplicate_ack_frame. Draw a
single or double check mark in the packet list accordingly.
These are probably specific to TCP, but as it happens there are a lot of
TCP packets.
Change-Id: I35416506419159a79ad8cc2e35f8a14485edfb7e
Reviewed-on: https://code.wireshark.org/review/7568
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It allows to properly handle a use case were several TCP connections would be encapsulated
Note that it is safe to use the same key for struct tcp_analysis and proto_tree as they are not using the same scope (and thus list)
Change-Id: I37423eca225960f2e72817f6faf543f6676cf489
Reviewed-on: https://code.wireshark.org/review/7606
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It allows to get rid of the following error when compiling with gcc 4.7.2:
variable 'plen' might be clobbered by 'longjmp' or 'vfork' [-Werror=clobbered]
Change-Id: I1a647a6de7ddd25136b76237914ee7c5a8c7fa0a
Reviewed-on: https://code.wireshark.org/review/7580
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Originally suggested by Bill Meier for the MQTT protocol[1], but the
Websocket protocol can also benefit from this. Since
DESEGMENT_ONE_MORE_SEGMENT is a valid packet length, use the zero length
instead as an indicator that the length is not yet known.
Updated documentation too and remove the function documentation from
packet-tcp.c since it is duplicated in packet-tcp.h.
A noteworthy WSDG change is that the get_pdu_len parameter of
tcp_dissect_pdus gained another void pointer since
v1.99.2rc0-890-gceb8d95 ("Lua: Expose tcp_dissect_pdus() to Lua").
[1]: https://www.wireshark.org/lists/wireshark-dev/201405/msg00044.html
Change-Id: I4eba380e00cd757635eb5639c2857356dae3171e
Reviewed-on: https://code.wireshark.org/review/7279
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
Change-Id: I0c9cc5d574fdd73ecf1f8b32dbbf0ddb2b885116
Reviewed-on: https://code.wireshark.org/review/7437
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Provide a way for Lua-based dissectors to invoke tcp_dissect_pdus()
to make TCP-based dissection easier.
Bug: 9851
Change-Id: I91630ebf1f1fc1964118b6750cc34238e18a8ad3
Reviewed-on: https://code.wireshark.org/review/6778
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Hadriel Kaplan <hadrielk@yahoo.com>
Adjust any other ep_ related APIs related to the transition.
Change-Id: I961b371c2c4bda557e0f1817705c27eef0dae66c
Reviewed-on: https://code.wireshark.org/review/6388
Reviewed-by: Anders Broman <a.broman58@gmail.com>
* Add Fast Close subtype
* Sender MAC => Sender HMAC
* Display some reserved field
* Add new flag (Checksum, Extensibility, HMAC-SHA1...) from MP Capability subtype
* Use also proto_tree_add_bitmask for flag
Change-Id: I2e4dfd75623d3218c574e3a112e799666adcc377
Reviewed-on: https://code.wireshark.org/review/6034
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
"stat name" has been official changed to "endpoints" for all dissectors, rather than a mixture of "host"/"endpoints" based on dissector.
Change-Id: If34bcb5165b493948e784ba038ab202803a59843
Reviewed-on: https://code.wireshark.org/review/6154
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I1d258923a7a63539ec8456d3e306bca5016a1e4b
Reviewed-on: https://code.wireshark.org/review/6060
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Packet scoped memory cannot be used here; let's use the pinfo pool
Change-Id: If76605f7a3021f5900fd46ce7d1c642a518c902f
Reviewed-on: https://code.wireshark.org/review/6061
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Change-Id: I40d0c8253743183aecef252040b7dd6742ae5c71
Reviewed-on: https://code.wireshark.org/review/5934
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fifth batch (packet-rtp.c -> end).
Will look at cleaning up and committing script afterwards.
Change-Id: I8ed61dc941d98d3f7259a9d1f74e214eb7b4bfa2
Reviewed-on: https://code.wireshark.org/review/6052
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
The kind for TFO is 34
Split dissect TFO option in dedicated function (Using also in TCP Option Experimental with Magic 0xf989)
Change-Id: I18ff9ba110fba708a955f448f272ec7c4a7e264e
Reviewed-on: https://code.wireshark.org/review/6033
Reviewed-by: Michael Mann <mmann78@netscape.net>
Specifically:
- Set packet.h to be the first wireshark #include after
config.h and "system" #includes.
packet.h added as an #include in some cases when missing.
- Remove some #includes included (directly/indirectly) in
packet.h. E.g., glib.h.
(Done only for those files including packet.h).
- As needed, move "system" #includes to be after config.h and
before wireshark #includes.
- Rework various #include file specifications for consistency.
- Misc.
Change-Id: Ifaa1a14b50b69fbad38ea4838a49dfe595c54c95
Reviewed-on: https://code.wireshark.org/review/5923
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Bill Meier <wmeier@newsguy.com>
This allows dissector lists to be looked up by name, so they can be
shared by multiple dissectors.
(This means that there's no "udplite" heuristic dissector list, but
there shouldn't be one - protocols can run atop UDP or UDPLite equally
well, and they share a port namespace and uint dissector table, so they
should share a heuristic dissector table as well.)
Change-Id: Ifb2d2c294938c06d348a159adea7a57db8d770a7
Reviewed-on: https://code.wireshark.org/review/5936
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I5868a40b71a989a3a1522cb091064bb0aaec6daf
Reviewed-on: https://code.wireshark.org/review/5828
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(for some dissectors which fetch all other integral fields using
ENC_BIG_ENDIAN).
Change-Id: Ic18e3172aad76af12b12d6732c88497be22aed56
Reviewed-on: https://code.wireshark.org/review/5748
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Have dissectors register their desire to be part of "color" conversation filters and have the GUI use that registered list. GUI actually using API will come in a separate commit.
Change-Id: I5ffe922d97894fe7bf3182056b76ab5839a9461a
Reviewed-on: https://code.wireshark.org/review/5658
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: If56209f1274245f54100d0acfaf14098c8df4582
Reviewed-on: https://code.wireshark.org/review/5520
Reviewed-by: Michael Mann <mmann78@netscape.net>
This was changed in g8881f3f in an attempt to avoid throwing an exception when decoding the options field
Bug: 10514
Change-Id: Ia4b49f484d6255090c5a6e425a9716b48ccc4cb5
Reviewed-on: https://code.wireshark.org/review/5495
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I13197cc48068bb35ee12a7023cfe5f76bbc4e264
Reviewed-on: https://code.wireshark.org/review/5486
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
enabled
tcp_analysis::base_seq could be set several times when the
TCP ISN was set to 0, thus inducing some undesired wraps such as 0-1
Bug: 10713
Change-Id: I69a0dfe677e93bf51015bf7a39ebf888631b12a4
Reviewed-on: https://code.wireshark.org/review/5387
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
Change-Id: Ib160211198ca02f7eacf29d04568628c11f208a5
Reviewed-on: https://code.wireshark.org/review/5407
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 10692
Change-Id: I8d9874a2c0a6b98497d43804bcf27a8c7e152a9b
Reviewed-on: https://code.wireshark.org/review/5275
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Dissectors that need this set break badly when it isn't. Dissectors which don't
need this set will still generally be understandable without it, since e.g.
retransmissions will link to the original packet at the TCP layer, and
presumably the subdissector payload is exactly the same in that case.
Change-Id: I2871c2a90c601637bdfb8cffaa34a7407995c603
Ping-Bug: 10525
Ping-Bug: 10289
Reviewed-on: https://code.wireshark.org/review/4487
Reviewed-by: Evan Huus <eapache@gmail.com>