I'm not sold on the name or module the proto_data functions live in, but I believe the function arguments are solid and gives us the most flexibility for the future. And search/replace of a function name is easy enough to do.
The big driving force for getting this in sooner rather than later is the saved memory on ethernet packets (and IP packets soon), that used to have file_scope() proto data when all it needed was packet_scope() data (technically packet_info->pool scoped), strictly for Decode As.
All dissectors that use p_add_proto_data() only for Decode As functionality have been converted to using packet_scope(). All other dissectors were converted to using file_scope() which was the original scope for "proto" data.
svn path=/trunk/; revision=53520
Now that "bytes consumed" can be determined, should tcp_dissect_pdus() take advantage of that?
Should tcp_dissect_pdus return length (bytes consumed)? There are many dissectors that just call tcp_dissect_pdus() then return tvb_length(tvb). Seems like that could all be rolled into one.
svn path=/trunk/; revision=53198
Some small improvements to the Modbus Dissector:
- Better detection of query/response w/ serial line Modbus RTU
- Smallest Modbus RTU message can actually be 6 bytes, not 8.
- Only check 16/32-bit register decoding options with appropriate function codes
svn path=/trunk/; revision=51083
This is a portion of the patch supplied in bug 7902 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7902). Breaking the functionality up into smaller chunks.
This definitively breaks the Modbus dissection into 3 dissectors:
Modbus - real protocol PDU
Modbus/TCP - Encapsulation of Modbus over TCP (with a small header before PDU)
Modbus RTU - Originally an encapsulation of Modbus over serial (with smaller header + CRC), but can also be sent over TCP.
General cleanup/refactoring (including display filter names) based on the 3 dissectors.
Also included:
1. Enhanced dissection to include preferences for register data to be dissected as UINT16, UINT32 or FLOAT
2. Dynamic port registration
3. Additional fields now filterable
svn path=/trunk/; revision=45793
Done on general principles altho upon inspection
none of the cases changed would have actually
resulted in an infinite loop.
svn path=/trunk/; revision=45478
Also (for a few files):
- create/use some extended value strings;
- remove unneeded #include files;
- remove unneeded variable initialization;
- re-order fcns slightly so prefs_reg_handoff...() at end, etc
svn path=/trunk/; revision=44438
Modbus object support for CIP dissector
Support for the Modbus object within the CIP dissector. Essentially wraps the Modbus protocol within a CIP object.
Also included update to Modbus error code per
http://www.wireshark.org/lists/wireshark-dev/201111/msg00187.html
svn path=/trunk/; revision=40371
Specifically: Replace FALSE|0 and TRUE|1 by ENC_BIG_ENDIAN|ENC_LITTLE_ENDIAN as
the encoding parameter for proto_tree_add_item() calls which directly reference
an item in hf[] which has a type of:
FT_UINT8
FT_UINT16
FT_UINT24
FT_UINT32
FT_UINT64
FT_INT8
FT_INT16
FT_INT24
FT_INT32
FT_INT64
FT_FLOAT
FT_DOUBLE
svn path=/trunk/; revision=39288
I made the following improvements to the Modbus/TCP dissector:
1. Implemented protocol to the latest specification (v1.1b). See
http://www.modbus.org/specs.php.
2. Upgraded to "tcp_dissect_pdus" instead of having the dissector do it
manually. This also provides TCP packet reassembly support.
3. Removed support for UDP port 502 because it's not supported by the protocol
specification. I believe "Decode As..." could be used in its place.
4. Added dissector support for the following function codes:
a) 8 - Diagnostics
b) 11 - Event Counter
c) 12 - Event Log
d) 43 - Encapsulation Transport (mostly for 43/14)
5. Removed support for function codes not in the protocol specification. None
of them were really being parsed, they just offered a "name" for the function
code.
6. Moved protocol #defines to header file for access from other dissectors. I
plan to have other dissectors use this, but one patch at a time.
7. Created "modbus" dissector that is accessible to other dissectors.
8. Renamed base "display filter name" to reflect PROTOABBREV.
I removed defines for value_strings, I think it's better to export the vaöue strings if needed.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5923
svn path=/trunk/; revision=37539
This patch registers a dissector table to allow other dissectors to register as
subdissectors for modbus/tcp data.
Additionally it registers the dissector, so it can be invoked by another
dissector by name.
Additionally this version of the patch adds the Data field not as a text field,
but rather as a field which can be selected and tested for by name.
svn path=/trunk/; revision=36925
keys to have _uint in their names, to match the routines that handle
dissector tables with string keys. (Using _port can confuse people into
thinking they're intended solely for use with TCP/UDP/etc. ports when,
in fact, they work better for things such as Ethernet types, where the
binding of particular values to particular protocols are a lot
stronger.)
svn path=/trunk/; revision=35224
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
This patch allows the ModbusTCP dissector (packet-mbtcp.c) to decode ModbusUDP packets. Essentially this is the same packets over UDP instead of TCP.
ModbusUDP isn't an official part of the ModbusTCP specification but used by several vendors.
svn path=/trunk/; revision=26812
Modbus Application Protocol Specification V1.1b includes a function 43 (0x2b)
Encapsulated Interface Transport. When Wireshark encounters this message it is
shown as a TCP message, not a Modbus message.
svn path=/trunk/; revision=26314
epan/dissectors/packet-ncp2222.inc is a bit hard to fix, so we're not
ready to enable that warning by default yet.
Throw in some casts to handle GLib routines that take arbitrary
non-const pointers (they can later return the pointers, and some
callers might want to modify or free up those pointers in cases where
they're known to be writable or allocated).
Use ep_tvb_memdup() rather than a combination of ep_alloc() and
tvb_memcpy().
Clean up some indentation.
svn path=/trunk/; revision=25601
Make the dissector new-style and add simple (better than nothing) heuristics so that it can reject some packets that are obviously not modbus.
change the constants to upper case
the horrors:
replace two instances where tvb_memcpy() were used to read straight into a structure to instead read the structure field by field using tvb_get_...()
This may allow the modbus dissector to actually work.
svn path=/trunk/; revision=16811
add a "match_strval_idx()" routine that does the same thing, and have
"match_strval()" call it.
Make those routines, and "val_to_str()", return a "const" pointer.
Update dissectors as necessary to squelch compiler warnings produced by
that.
Use "val_to_str()" rather than using "match_strval()" and then, if the
result is null, substituting a specific string. Clean up some other
"match_strval()"/"val_to_str()" usages.
Add a null pointer check in the NDPS dissector's "attribute_value()"
routine, as it's not clear that "global_attribute_name" won't be null at
that point.
Make some global variables in the AFS4INT dissector local.
Make some routines not used outside the module they're in static.
Make some tables "static const".
Clean up white space.
Fix Gerald's address in some files.
svn path=/trunk/; revision=14786
Also move ncp222.py, x11-fields, process-x11-fields.pl,
make-reg-dotc, and make-reg-dotc.py.
Adjust #include lines in files that include packet-*.h
files.
svn path=/trunk/; revision=11410
Michael Mann