Say "attempt to XXX", as the attempt might not succeed.
Fix a copied-and-pasted comment to reflect what
proto_is_frame_protocol() does.
Change-Id: Ia16a98064b87001f019fda43f2db2970a89e355e
Reviewed-on: https://code.wireshark.org/review/37486
Reviewed-by: Guy Harris <gharris@sonic.net>
Add proto_item_get_display_repr(), which returns a string, allocated
with a specified wmem scope, containing the display representation of
the value of a proto_item.
Use it in the LLDP dissector, to append that string to the parent
protocol tree item; use packet scope, so it doesn't hang around forever
(the previous code used the NULL scope, meaning explicit freeing was
required, but it wasn't explicitly freeing the value, so it was
leaking).
Change-Id: I146380118833b1daef9dea8bd9463001e5b9325f
Reviewed-on: https://code.wireshark.org/review/36931
Petri-Dish: Guy Harris <gharris@sonic.net>
Reviewed-by: Guy Harris <gharris@sonic.net>
true_false_strings have no helper function to properly retrieve the
string representing the true or false value, much like unit_strings,
even though this is not uncommon in dissectors.
This change introduces the helper function and modifies the dissectors,
so that they use this helper i.s.o. their own expressions.
Change-Id: I477ed2d90a9a529fc5dcfef7e3ea42ec180d27ae
Reviewed-on: https://code.wireshark.org/review/36920
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In proto_tree_add_item_ret_time_string, we should return the result of
proto_tree_add_node directly like other similar functions.
Change-Id: I5f0cdc32ee3e69ecf3c62f1d56cb8278c91c9c45
Reviewed-on: https://code.wireshark.org/review/36716
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Check is enabled by #ifdef ENABLE_CHECK_FILTER
Remaining issues found by this check are fixed here,
along with a documentation note that the entries
are checked in order and the first match is used.
The only issue not yet fixed is in packet-isup.c,
where the spec was not available to me.
Change-Id: Ife747cda9b91a265bc2b81ce0a53f55f3389919e
Reviewed-on: https://code.wireshark.org/review/36708
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Fixed a few instances where fix were obvious, others are
less clear.
The check in proto.c is protected by ENABLE_CHECK_FILTER.
Change-Id: I4edee4e67bd53bbf2eb809d68c87983a7c5a66f3
Reviewed-on: https://code.wireshark.org/review/36645
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Times before 1970-01-01 should be represented as a negative number of
seconds in nstime_t.
e.g. MP4 creation_time of 0x00000000 (which appears frequently as the
default in mp4 files) was rendered as Feb 6, 2040 07:28:16 CET
Change-Id: I979aeeb8a625caad3dfbce114cff6f9967d59d6e
Reviewed-on: https://code.wireshark.org/review/35904
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
There are some deltas between the UN*X epoch and other epochs that are
used in a number of places; put them into a header.
Change-Id: Ia2d9d69b9d91352d730d97d9e4897518635b4861
Reviewed-on: https://code.wireshark.org/review/35895
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The S/370-and-later TOD clock counts in microseconds, not seconds.
Change-Id: I0b11586df073ed589d69ffc014e6f8661dff3d31
Reviewed-on: https://code.wireshark.org/review/35891
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Those times are in seconds since January 1, 1904, 00:00:00 (proleptic?)
UTC.
MPEG-4 Part 14 (MP4) is based on QuickTime, so it uses classic Mac OS
time stamps, in seconds.
Change-Id: Ibcd7faf1b119d8acbb294c95b66ca0d1fb70cbb3
Reviewed-on: https://code.wireshark.org/review/35886
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Qt GUI uses proto_get_first_protocol() to find the list of protocols
and build the autocompletion list. As pinfo protocols are stored in
another list, they are kept aside.
Let's add them in the same list as normal protocols.
Bug: 16130
Change-Id: I9ff67ea4198a8cc6baf3ded584c48eadfb097092
Reviewed-on: https://code.wireshark.org/review/34778
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
If a ProtoField object was created, but not linked to a Proto, then the
strings field and all elements (depending on type) would leak.
This is a follow-up to g79fef2ae and fixes the real issue in g44870fb1.
Change-Id: I01880a92bb20fae45f68c754b07daeb07630deec
Reviewed-on: https://code.wireshark.org/review/34872
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Vasil Velichkov <vvvelichkov@gmail.com>
Reviewed-by: Roland Knall <rknall@gmail.com>
Add "native" support for the "zig-zag" version of a varint in proto.[ch] and
tvbuff.[ch]. Convert the use of varint in the KAFKA dissector to use the (new)
"native" API.
Ping-Bug: 15988
Change-Id: Ia83569203877df8c780f4f182916ed6327d0ec6c
Reviewed-on: https://code.wireshark.org/review/34386
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
These environment variables are read very frequently, read them once to
globals for performance improvment.
Change-Id: I4f05a5edca85b370674cc5f85fce40bd1af695cb
Reviewed-on: https://code.wireshark.org/review/34449
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
A few dissectors need the functionality of adding a time field to a proto_tree
while also needing the "time to string" value (typically to show on a tree above).
The functionality to do "get value from tvb and convert to string" was being done
in packet-ntp.c.
Instead proto_tree_add_item_ret_time_string can be used with various encoding to
get the necessary functionality with less code duplication.
ENC_TIME_MIP6 was added as a result of the refactoring.
ABSOLUTE_TIME_NTP_UTC was added as another potential "base" type for time fields.
Change-Id: Ie460c33370b0af59ef60bdab893ce9d6eb23b94f
Reviewed-on: https://code.wireshark.org/review/34390
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
packet-frame.c calls proto_item_add_bitmask_tree with a zero length, be
sure not to trigger undefined behavior (right shift by 64). Observed
with the capture from Bug 15247.
Change-Id: I5b5b7f920a37365295603be7b915f51b39d99faf
Fixes: v2.1.0rc0-1776-gb9fb2ceb88 ("Add heuristic dissectors for the variable part of COTP CR and CC PDUs.")
Reviewed-on: https://code.wireshark.org/review/34108
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Change all wireshark.org URLs to use https.
Fix some broken links while we're at it.
Change-Id: I161bf8eeca43b8027605acea666032da86f5ea1c
Reviewed-on: https://code.wireshark.org/review/34089
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Note that even strings fetched with ENC_ASCII may contain them - bytes
with the 8th bit set get mapped to REPLACEMENT CHARACTER.
This means we can format STR_UNICODE fields with format_text(); do so.
Bug: 1372
Change-Id: Ia32c3a92d220ac5174ecd25f33e2d1f85cfb8cb8
Reviewed-on: https://code.wireshark.org/review/34080
Reviewed-by: Guy Harris <guy@alum.mit.edu>
proto_tree_add_item() does no validation if ENC_UTF_8 is used as the
encoding, so there's no guarantee that the value of a string field is
valid UTF-8, and in some dissectors UTF-8 strings are fetched with other
mechanisms and then added with proto_tree_add_string().
We need to do some cleanup on string handling.
Bug: 15848
Change-Id: Ifc43111dbb47c478fa11280f2f771d90202499fa
Reviewed-on: https://code.wireshark.org/review/33677
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It can't be null, and it must never be passed a null pointer.
Fixes Coverity CID 1445961.
Change-Id: Ifad962c51e23706fdc544326a45543fe11b73fd1
Reviewed-on: https://code.wireshark.org/review/33572
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That way, even if we're not building a protocol tree, so that you don't
get protocol tree items, you can get the display string, e.g. to use in
a column.
Replace the use of the "get display string" routines with calls to those
routines.
Change-Id: I23e3e88838bdf837d8660c271f78c79b7d1c5620
Reviewed-on: https://code.wireshark.org/review/33519
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add a BASE_SHOW_ASCII_PRINTABLE flag for the "display" field, to use
with FT_BYTES and FT_UINT_BYTES fields; it specifies that, if the field
consists solely of printable ASCII characters, its value be displayed as
a string, in quotes. Have a routine hfinfo_format_bytes() to do that
formatting, depending on the display field value.
Add routines to fetch the display value of string and
FT_BYTES/FT_UINT_BYTES fields; for strings, it's the result of
hfinfo_format_text(), and for byte arrays, it's the result of
hfinfo_format_bytes().
Use BASE_SHOW_ASCII_PRINTABLE for extended attribute data in SMB and
SMB2. Use the routines in question for extended attribute names
(string) and data (bytes). That keeps us from displaying non-text
extended attribute data as if it were text.
Document BASE_SHOW_ASCII_PRINTABLE.
Change-Id: I24dcf459c14f00985e4daaf9b58f5933964eabd8
Reviewed-on: https://code.wireshark.org/review/33517
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It's a rule for interpretation of the length field of counted-string and
counted-octet-string fields. This means it's 1) not a general rule for
interpreting integers and 2) not a character encoding, as it also
applies to octet strings and, even for character strings, it's
*orthogonal* to the character encoding.
Therefore, it should *not* be one of the character encoding values; it
should be a bit flag.
Make it so. This means that
1) a character encoding can be specified for Zigbee Cluster Library
strings (they appear to have multiple character encodings possible);
2) the test of it that tested it as if it were a flag will no longer get
confused by character encodings that set one or more of the bits in the
old encoding value;
3) you don't have to special-case the encoding value passed to
get_uint_value().
Put in a comment emphasizing that values that aren't character encodings
should *not* be placed in the set of character encodings.
Change-Id: I8f50aaee8ca60b0781044287e9b38111de38c81f
Reviewed-on: https://code.wireshark.org/review/33341
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The outputs of -T ek and -G elastic-mapping don't match. To be effective
the fields in the mapping report and the fields in the traffic output must
be the same.
2 issues have been fixed. The elastic-mapping requires the parent protocol
to be prepended to the field to match the traffic output. The field "dns.a"
has been changed to "dns_dns_a".
The traffic output prints some fields with a leading "text_". This happens
for some fields that have been created under a text only field. One example
is "dns.a", that was printed as "text_dns_a". This has been fixed by accessing
the parent hfinfo resulting in "dns_dns_a" as other fields for the dns
protocol.
Bug: 15759
Change-Id: Ibd000c865102ca49bb6a6394019a475483eae4cc
Reviewed-on: https://code.wireshark.org/review/33099
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Eneko Gómez <eneko.gomez.tecnalia@gmail.com>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Newer versions of elastic are using 'doc' as type. Change the code
according to that.
Fix point (4) of the linked bug.
Bug: 15763
Change-Id: Ia28102a0914c6308eb3516daa57af2e49ce9a4e5
Reviewed-on: https://code.wireshark.org/review/33111
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Eneko Gómez <eneko.gomez.tecnalia@gmail.com>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
This is the new standard in recent Elastic versions.
Fix point (3) of the linked bug.
Bug: 15763
Change-Id: I64ef085c2a8ad9d25ced30a337287c8cb77903e4
Reviewed-on: https://code.wireshark.org/review/33112
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Eneko Gómez <eneko.gomez.tecnalia@gmail.com>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Elastic integer fields are:
integer: signed 32 bit
long: signed 64 bit
Fix values in mapping. uint64 is not handled by elastic, but still
mapped on 'long'.
Fix point (2) of the linked bug.
Bug: 15763
Change-Id: I14afa1cb7fcb6ad98d44707a8b506420e29ceb83
Reviewed-on: https://code.wireshark.org/review/33109
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The string type is the default in elasticsearch, then there is no
need to put those entries in the mapping report. This shortens a lot
the list.
Small indentation fix, while here.
Change-Id: If304d409a3ee2c30f24b5de4d90be522bbfae41e
Ping-Bug: 15719
Reviewed-on: https://code.wireshark.org/review/33053
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Fixing some "implicit conversion loses integer precision" warnings
reported by clang with -Wshorten-64-to-32 option
Change-Id: Icd641d5f4fd8ff129f03f1b9e1da0fc86329f096
Reviewed-on: https://code.wireshark.org/review/31901
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Proto objects were only freed while reloading Lua plugins, be sure to
release these on program exit too. Fix missing deallocation of heur_list
(matches per-protocol cleanup in proto_cleanup_base).
Be sure to keep a reference to the "Pref" object after registering it to
a Proto, otherwise it could be garbage-collected early, resulting in
memleaks (because the preference was still in use).
Fixes a lot of memory leaks reported by ASAN for tests, ten tests were
affected by Proto_new leaks, four were affected by the new_pref leaks.
Change-Id: Ica52718849a33eda614775f533dc0fcefec9cc74
Reviewed-on: https://code.wireshark.org/review/31746
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Found by scan-build.
Change-Id: I467e56bfa4f20f5c87efa47823d54691503de318
Reviewed-on: https://code.wireshark.org/review/31486
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Found by clang-tidy.
Change-Id: Iaf6cf84c33b03ddfcd39a333b49f4987002afa56
Reviewed-on: https://code.wireshark.org/review/31338
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The (optional) JSON-GLib library adds dependencies on GObject, GIO. For
statically linked oss-fuzz builds it also adds libffi and more. To avoid
these dependencies, replace JSON-GLib by some custom code. This allows
`tshark -G elastic-mapping` to be enabled by default without extra deps.
API design goals of the new JSON dumper library:
- Small interface without a lot of abstraction.
- Avoid memory allocations if possible (currently none, but maybe
json_puts_string will be replaced to improve UTF-8 support).
- Do not implement parsing, this is currently handled by jsmn.
Methods to open/close array/objects and to set members are inspired by
the JsonGlib interface. The interfaces to write values is inspired by
the sharkd code (json_puts_string is also borrowed from that).
The only observed differences in the tshark output:
- JSON-GLib ignores duplicates, json_dumper does not and may produce
duplicates and currently print two "ip.opt.sec_prot_auth_unassigned".
- JSON-GLib adds a space before a colon (unimportant formatting detail).
- (Not observed, but UTF-8 strings will be wrong like bug 14948.)
A test was added to catch changes in the tshark output. I also fuzzed
json_dumper with libFuzzer + UBSAN/ASAN and fixed an off-by-one error.
Change-Id: I0c85b18777b04d1e0f613a3d59935ec59be87ff4
Link: https://www.wireshark.org/lists/wireshark-dev/201811/msg00052.html
Reviewed-on: https://code.wireshark.org/review/30732
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
SEP_SPACE and BASE_NONE both default to colon (:). Fix SEP_SPACE and add SEP_NONE
Bug: 15253
Change-Id: Ib5db997714414370b08ffb9458c73d4aeef6aacf
Reviewed-on: https://code.wireshark.org/review/30447
Reviewed-by: Jeremy Martin <boardermartin@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This adds val64_string_ext to parallel value_string_ext in the
same way that val64_string parallels value_string.
Change-Id: Iadbfc49f5a4540000ed92fd0469e8d273911e97e
Reviewed-on: https://code.wireshark.org/review/30385
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
A range string is passed as a table of tables, eg:
range_string = {
{ 0, 24, "Some string for values 0 to 24" },
{ 25, 25, "The string for value 25" },
{ 26, 255, "The string for the remainder" }
}
Included is a minimal Lua test for range strings and value strings
(which did not have one previously.) It will take more time than I
currently have to figure out how to do a more exhaustive test.
Also fixed some grammar issues in error messages along the way.
Change-Id: Ia9d1efc8adabb6528c4bdcf1624c9ede49e2fdc6
Reviewed-on: https://code.wireshark.org/review/30211
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Add the ability to specify maximum function counts for each group to
checkAPIs. Add maximum counts for the "termoutput" and "abort" groups
where needed. Show summaries in various checkAPI targets.
Switch uses of ws_g_warning back to plain g_warning.
Change-Id: I5cbddc8c671729e424eed8551f69116d16491976
Reviewed-on: https://code.wireshark.org/review/29721
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reset handled occurrences counter between each multi field custom
column to be able to handle configurations with occurrence set.
Change-Id: Iaa01da069b661ddbb2871370fcc9f9fde33041bb
Reviewed-on: https://code.wireshark.org/review/29427
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Only detect trailing string characters in FT_STRING, FT_STRINGZ and
FT_STRINGZPAD, and when ENC_ASCII or ENC_UTF_8 (for now).
Support for checking other encodings can be added later.
Bug: 15105
Change-Id: Ib7b61f65e4f99f85998937e843ad5312c6b03a28
Reviewed-on: https://code.wireshark.org/review/29411
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Add support for aliasing one protocol name to another and for filtering
using aliased fields. Mark aliased fields as deprecated.
Rename the BOOTP dissector to DHCP and alias "bootp" to "dhcp". This
lets you use both "dhcp.type" and "bootp.type" as display filter fields
without having to duplicate all 500+ DHCP/BOOTP fields.
To do:
- Add checks to proto.c:check_valid_filter_name_or_fail?
- Transition SSL to TLS.
- Rename packet-bootp.c to packet-dhcp.c?
Change-Id: I29977859995e8347d80b8e83f1618db441b10279
Ping-Bug: 14922
Reviewed-on: https://code.wireshark.org/review/29327
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Trailing stray characters will not show up in the packet tree item
when the string is correctly null terminated. This expert info
will indicate when this occurs, typically from wrongly implemented
protocol encoders.
This will warn about cases like:
tvb = "foo\0bar"
proto_tree_add_item(..., tvb, 0, 7, ...)
Change-Id: I66b9d3ba7bb3e45f1f6e492fa6916b29c9ee9ca4
Reviewed-on: https://code.wireshark.org/review/29310
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We are exporting a registration function from libwireshark just
to have it passed back as a callback. Seems unnecessary.
Change-Id: I7621005c9be11691d319102326824c5e3520a6f3
Reviewed-on: https://code.wireshark.org/review/29328
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
Required to pass the test suite.
28: Process output for suite_unittests.case_unittests.test_unit_fieldcount:
28: -- Begin stdout for command ('run/tshark', '-G', 'fieldcount') --
28: There are 205013 header fields registered, of which:
28: 0 are deregistered
28: 2468 are protocols
28: 15147 have the same name as another field
28:
28: 205000 fields were pre-allocated.
28: * * Please increase PROTO_PRE_ALLOC_HF_FIELDS_MEM (in epan/proto.c)! * *
28:
28: The header field table consumes 1609 KiB of memory.
28: The fields themselves consume 14414 KiB of memory.
28: -- End stdout for command ('run/tshark', '-G', 'fieldcount') --
28: -- Begin stderr for command ('run/tshark', '-G', 'fieldcount') --
28: -- End stderr for command ('run/tshark', '-G', 'fieldcount') --
28/29 Test #28: suite_unittests .....................***Failed 12.72 sec
Change-Id: I694ed42dbd5bef99df9d2037d505d71901afd2dd
Reviewed-on: https://code.wireshark.org/review/29209
Reviewed-by: João Valverde <j@v6e.pt>
Let's make the function accept FT_UINT40, FT_UINT48 and FT_UINT56 types.
Ping-Bug: 15050
Change-Id: I35440a7c0b9cbf25bd8d903c425b6026d6a987f0
Reviewed-on: https://code.wireshark.org/review/29044
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Other routines that fetch values and can report a type/length error
without throwing an exception return a value, even if it's not the
appropriate value (as there is no appropriate value); make
get_time_value() do the same.
Ideally, we'd mark the protocol tree item, and the value, as being
invalid, and treat invalid values specially, but that's a bigger change
that would involve significantly more mucking about in the innards of
epan/proto.c as well as in code that looks at the protocol tree and at
field values, as well as deciding what the appropriate thing to do is
with a field with no value when, for example, -T {fields,pdml,json,ek,etc.}
is used.
Bug: 14957
Change-Id: Iab91198e560f52809d989cfce8b51b1b027cff73
Reviewed-on: https://code.wireshark.org/review/28722
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add ENC_TIME_SECS_NSECS and ENC_TIME_SECS_USECS; they make it more
explicit (especially to those not familiar with UN*X data types) what
the representation is, allow for ENC_TIME_SECS_MSECS etc. if they're
needed, and match names such as ENC_TIME_SECS and ENC_TIME_MSECS.
Change-Id: I6ab36fb4da70563587141cd65ffff8523477b0c4
Reviewed-on: https://code.wireshark.org/review/28564
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add support for 8-byte-seconds/8-byte-nanoseconds and 8-byte-seconds/
4-byte-nanoseconds time values. Use them in the 9P dissector, with
proto_tree_add_item().
Only do the length validity checking for time values in
get_time_value().
Change-Id: I0f1d791d7aa503093a491d2c33300bd55ca7866e
Reviewed-on: https://code.wireshark.org/review/28560
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Throw an exception if they don't correspond to data available in the
packet - and do so even if the protocol tree argument is null, so that
we catch very long strings that could cause the offset to overflow.
Ask why we try to handle a null pointer passed as the string argument,
while we're at it.
Bug: 14738
Change-Id: I2fa79ad0dcd1f41608844a573e045197ac60aa62
Reviewed-on: https://code.wireshark.org/review/28179
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Put routine to free all dynamically registered header fields in the
UAT reset callback to avoid ASAN report for memory leaks on exit.
Handle duplicated entries without leaking memory.
Call proto_free_deregistered_fields() in proto_cleanup() and move
this after prefs_cleanup() to free the memory used in UATs.
Change-Id: I96545177b5b23b9c20ad8e7751a0d5621c9ca10f
Reviewed-on: https://code.wireshark.org/review/27907
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
That could help find the problem if all we have is the error message, as
it'd at least indicate where the problem is occurring.
Change-Id: I01154ff62088a4b710c131cb153e8e4593ebc3b2
Reviewed-on: https://code.wireshark.org/review/27878
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That way, if the attempt to create the protocol tvbuff throws an
exception, we won't leak the protocol representation string, as we won't
even try to allocate it.
Bug: 14719
Change-Id: Id2855bc97e71aa0682737d1a04486a2a01f5f1e6
Reviewed-on: https://code.wireshark.org/review/27730
Reviewed-by: Guy Harris <guy@alum.mit.edu>
According to RFC2030, chapter 3.
If bit 0 is set, the UTC time is in the range 1968-2036 and
UTC time is reckoned from 0h 0m 0s UTC on 1 January 1900.
If bit 0 is not set, the time is in the range 2036-2104 and
UTC time is reckoned from 6h 28m 16s UTC on 7 February 2036.
Change-Id: I9cf25449a1cb3c12d5514e3c7820a204525589d6
Reviewed-on: https://code.wireshark.org/review/27553
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Like the proto_item_set_XXX functions, check proto_item pointer validity
before using it. It can be NULL on first pass for example.
Bug: 14703
Change-Id: I94957e0738d66f99793682dc0ea1c7c0a65ceecd
Reviewed-on: https://code.wireshark.org/review/27629
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
g_ptr_array_free(a, FALSE) returns "a->pdata". Callers that do not
handle this will leak memory (e.g. "tshark -G plugins"). Convert other
users to use the return value instead of direct access to "a->pdata".
Change-Id: I29835477d587f5f54bf0d94cdae9f375e3da3ce3
Reviewed-on: https://code.wireshark.org/review/27437
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Previously, checksum code would override the expert_field summary
string configured by dissectors, and display the generic "Bad checksum"
string in the Expert Information dialog.
This change uses the configured expert_field summary string instead.
eg: "CRC-S1 incorrect [should be 0xff]" instead of "Bad checksum [should
be 0xff]"
This fixes problem #2 in the linked bug.
Bug: 14425
Change-Id: I168b2be92ec2d8d6f956beeaf6292574bc1d9dab
Reviewed-on: https://code.wireshark.org/review/25758
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
proto_tree_add_split_bits_item_ret_val can handle bits from an arbitrary
sized buffer, as long as it covers no more than 64 bits. If the
octet-aligned mask covers up to 32 bits, then this mask is also shown.
If this mask was larger than 64 bits, then undefined behavior could
occur, so check for that.
For larger masks, instead of "= GmPRS Terminal Type: Unknown (96)",
display "7 bits = GmPRS Terminal Type: Unknown (96)" instead.
Bug: 13613
Change-Id: I111cf6a0705f999e42d83bfe57ac84f414946d0b
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1158
Reviewed-on: https://code.wireshark.org/review/27517
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This is shown by a bunch of coverity reports all pointing at this line.
Every buffer has a ITEM_LABEL_LENGTH, but label_mark_truncated access it
at ITEM_LABEL_LENGTH (off-by-one).
CIDs:
1435461
1435462
1435465
1435466
1435471
1435472
1435477
1435481
1435483
1435484
1435485
1435489
1435492
1435500
Fixes: v1.11.3-rc1-1837-gf94674d2fb ("truncate UTF-8 strings only at the boundary between two characters")
Change-Id: I3781c36594f7db880bc9f76b64d261dbc498c0ce
Reviewed-on: https://code.wireshark.org/review/27425
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
"packet_dialog.cpp" does not use setCaptureFile, resulting in a NULL
dereference while trying to obtain the dissection context. Apply a fix
similar to v2.5.1rc0-121-g9198448f9d (pass a fixed dissection context to
ProtoTree). Additionally, fix a memleak and correct documentation.
Why not add "proto_tree_->setCaptureFile(cap_file_.capFile())" in
PacketDialog? Well, it also uses "proto_tree_->setRootNode(edt_.tree)"
which means that "cf_->edt" would be different from "edt_". If that is
the case, then "proto_construct_match_selected_string" will not return a
filter for FT_NONE fields (see the call chain in proto.c).
Bug: 14620
Change-Id: I6eeaf32b650a2095e15f64bbe64b54cdd545c7a9
Fixes: v2.5.0rc0-1608-g4d6454e180 ("Qt: Drag n Drop Filter expression from Packet Tree")
Reviewed-on: https://code.wireshark.org/review/27160
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The generated elastic mapping file is huge and it can hassle softwares
like Kibana. This change adds the ability to append desired filters
that will appear in the mapping file.
This change adds the option --elastic-mapping-filter <protocols> to tshark.
Example: tshark -G elastic-mapping --elastic-mapping-filter ip,udp,dns
make only those 3 protocols to appear in the mapping file.
Change-Id: Ie2dcd6e44be2d084e8e50cd6554bd90178da4e38
Reviewed-on: https://code.wireshark.org/review/27001
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
In order to simplify the display filter scanner, try to restrict the use
of dots ('.') in field names. Forbid leading dots, does not affect
current dissectors. Fix '..' typo in fpp dissector and forbid it. Forbid
trailing dots after fixing dissectors: some of them just have an excess
dot, others are missing a name after the dot.
Change-Id: I6e58a04ef0306ee8c16fbf6a3cabb076d7fc69c9
Reviewed-on: https://code.wireshark.org/review/26967
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add 8-bit, 16-bit, 24-bit, and 32-bit "fetch signed value" routines, and
use them rather than casting the result of the 8/16/24/32-bit "fetch
unsigned value" routines to a signed type (which, BTW, isn't sufficient
for 24-bit values, so this appears to fix a bug
in epan/dissectors/packet-zbee-zcl.c).
Use numbers rather than sizeof()s in various tvb_get_ routines.
Change-Id: I0e48a57fac9f70fe42de815c3fa915f1592548bd
Reviewed-on: https://code.wireshark.org/review/26844
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Have it take a format and argument list as arguments, and have the
formatting done inside the reporting code. That way, we're not relying
on any particular wmem scope working.
If WIRESHARK_ABORT_ON_DISSECTOR_BUG is set, try to add the message to
the crash information (currently only supported in macOS), and print it
to the standard error, before crashing. We won't necessarily have a
usable crash dump to analyze, so we can't rely on that to find the cause
of the crash.
Ping-Bug: 14490
Change-Id: I2b39169c45c84f2ada31efa1d413bd28c140f8f4
Reviewed-on: https://code.wireshark.org/review/26643
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
DISSECTOR_ASSERT_NOT_REACHED() doesn't say *why* the code in question
was reached; it's better to give a more explicit error message.
Change-Id: I88b930e5a90ba8692aeac6ee29fa8fda21b5067b
Reviewed-on: https://code.wireshark.org/review/26639
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Presumably the intent is to check for unsigned integer and signed
integer types, not to check twice for unsigned integer types.
Thanks and a tip of the Hatlo hat to Visual Studio Code Analyzer for
finding this.
Change-Id: Ie8e4d231af929ee8e626c5c9258c3356d5209f4f
Reviewed-on: https://code.wireshark.org/review/26187
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Handle them in free_deregistered_field() and
proto_registrar_dump_values().
Change-Id: I38c7b440adc46e32dde8bd629e58535baac9dd6d
Reviewed-on: https://code.wireshark.org/review/25916
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The first is deprecated, as per https://spdx.org/licenses/.
Change-Id: I8e21e1d32d09b8b94b93a2dc9fbdde5ffeba6bed
Reviewed-on: https://code.wireshark.org/review/25661
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We've added more fields, increment the pre-allocation amount.
Change-Id: Ia5f1aab7a2fa120049162d17a63f99bf21a3fe37
Reviewed-on: https://code.wireshark.org/review/25566
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
We've added more fields, increment the pre-allocation amount
Change-Id: If0e68697c797e8709349a59b86fbcd4397730476
Reviewed-on: https://code.wireshark.org/review/25220
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Used to support variable length in QUIC protocol
Bug: 13881
Change-Id: Ia274b1530152376c5fb4e364fc4cf5ab246be1b3
Reviewed-on: https://code.wireshark.org/review/24990
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Craig Jackson <cejackson51@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I618df2f2608adcd1be5da02262c5296e4d86cfba
Reviewed-on: https://code.wireshark.org/review/24866
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Add default type handling in proto_custom_set() to prevent crashes when
trying to use FT_IPXNET, FT_AX25 or FT_VINES items as custom columns.
This will also work as a safeguard when adding new types.
Change-Id: Iaf3b48aec72f0e5c10332b0e6d5f7221b0196e15
Reviewed-on: https://code.wireshark.org/review/24836
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Allow epan itself to be extended by plugins. Adds the following new plugin
interfaces:
void plugin_epan_init()
void plugin_epan_dissect_init(epan_dissect_t *)
void plugin_epan_dissect_cleanup(epan_dissect_t *)
void plugin_epan_cleanup()
void plugin_epan_register_all_protocols(register_cb, gointer) [OPTIONAL]
void plugin_epan_register_all_handoffs(register_cb, gointer) [OPTIONAL]
Any one of these can be an empty function but the first four must be
present.
The motivation for the change is a better way to implement a language binding
other than registering a fake protocol and stuffing everything into a single
dissector call (and maybe require an extra packet_info field) but I expect
there would be other interesting use cases.
Change-Id: I215d50750ac7561fe25fdcdcfbc6a3f351984785
Reviewed-on: https://code.wireshark.org/review/24813
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
Put different types of plugins (libwiretap, libwireshark) in different
subdirectories, give libwiretap and libwireshark init routines that
load the plugins, and have them scan the appropriate subdirectories
so that we don't even *try* to, for example, load libwireshark plugins
in programs that only use libwiretap.
Compiled plugins are stored in subfolders of the plugin folders, with
the subfolder name being the Wireshark minor version number (X.Y). There is
another hierarchical level for each Wireshark library (libwireshark, libwscodecs
and libwiretap).
The folder names are respectively plugins/X.Y/{epan,codecs,wiretap}.
Currently we only distribute "epan" (libwireshark) plugins.
Change-Id: I3438787a6f45820d64ba4ca91cbe3c8864708acb
Reviewed-on: https://code.wireshark.org/review/23983
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
This is valuable when adding a expert info field as custom column,
but will also make sense for other FT_NONE types.
Change-Id: Ib1a14c59a5450f2e713f190aecf3484586d116c4
Reviewed-on: https://code.wireshark.org/review/24787
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Change from the text "Yes" to a utf8 check mark to indicate the
precense of a protocol in custom columns.
Change-Id: I9510333fc12148bf1f61aa2ddea2c6d390a9491a
Reviewed-on: https://code.wireshark.org/review/24783
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Add the "special handling" of length = 0xFF for single byte or 0xFFFF
for uint16 value means size of field to follow is 0.
Ping-Bug: 14138
Change-Id: I0baa40f63152b9420a6569ca6cc5eba638fbc790
Reviewed-on: https://code.wireshark.org/review/24428
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Craig Jackson <cejackson51@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
While we are at it, let's use the FIELD_DISPLAY() macro everywhere.
Bug: 14169
Change-Id: I685cb7eb4b9c52f836762c92baeb636570a6d12f
Reviewed-on: https://code.wireshark.org/review/24285
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Not used. Remove also weird pre-hash hash optimization in proto.c.
Change-Id: Ibebc12dbe90ac1d05fb1ba601d32fe98797fbd56
Reviewed-on: https://code.wireshark.org/review/24254
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: João Valverde <j@v6e.pt>
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
FT_IPv6 doesn't expose the prefix, which is used only for values in
filter expressions, not values in protocol fields; do the same for
FT_IPv4, hiding the netmask, and using fvalue_get_integer() to get the
value, having it return a network-byte-order value for the address.
(This also makes it opaque whether the address and netmask are stored in
host or network byte order.)
Change-Id: I4285a87f6ccef2c0ccec040490ddcd15d787326e
Reviewed-on: https://code.wireshark.org/review/24177
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Just directly use the addr field, converting from host to network byte
order if necessary.
Change-Id: Ie1cd9ea5527b7824014dc315225ad2a6adb61c38
Reviewed-on: https://code.wireshark.org/review/24176
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Do what the errors in the master buildbots say to do.
Change-Id: I2b926bd9a75a1490390c42b8080f29e48096a3b4
Reviewed-on: https://code.wireshark.org/review/24143
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That allows a parallel typedef of ws_in4_addr for guint32.
Change-Id: I03b230247065e0e3840eb87635315a8e523ef562
Reviewed-on: https://code.wireshark.org/review/24073
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Modeled after BASE_PT_XXX, this will format a FT_UINT24 to look a OUI, in the form of:
XX:XX:XX (Manufacturer Name) for display.
For display filtering, it will treat the value as hexadecimal.
It requires that FT_UINT24 be the field type.
Change-Id: I8716ae4dfcd4e854764a2425e2ff13c50f571d52
Reviewed-on: https://code.wireshark.org/review/23869
Reviewed-by: Richard Sharpe
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
ptvcursor_add_ret_uint
ptvcursor_add_ret_int
ptvcursor_add_ret_string
ptvcursor_add_ret_boolean
Change-Id: I41fa91b1ab805778d34a61215830b12a1331e864
Reviewed-on: https://code.wireshark.org/review/23895
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
That produces better error messages, giving the name of the offending
field.
Change-Id: I155ac29c68ecd7811cc9752980db9cdc37fea72e
Reviewed-on: https://code.wireshark.org/review/23685
Reviewed-by: Guy Harris <guy@alum.mit.edu>
IS_FT_UINT includes both 32 and 64 bit unsigned integers, but fvalue_get_uinteger
only allows 32-bit values, so add IS_FT_UINT32 macro for distinguishing between
using fvalue_get_uinteger and fvalue_get_uinteger64.
All other cases that use fvalue_get_uinteger vs fvalue_get_uinteger64 are done
first with switch statements and don't rely on IS_FT_UINT to distinguish
between 32 and 64 bit values
Bug: 14063
Change-Id: I9d1400259e7c2661c2b5ebf96aaa0e9d773651fe
Reviewed-on: https://code.wireshark.org/review/23528
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
When using a length of -1, use the tvb remaining length instead of 0.
Change-Id: I569e9c9f57531914a3b613c3a6a9bff076fba362
Reviewed-on: https://code.wireshark.org/review/22931
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I02b6ff7f57f81f0ac6b54806a9325ebb16b40476
Reviewed-on: https://code.wireshark.org/review/22553
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
proto.c’s proto_custom_set() was missing a test for
BASE_UNIT_STRING under the 64 bit based integer case. Any
custom columns sourced from a field stored in a 64 bit integer
and having the BASE_UNIT_STRING attribute would only display the
units but not the actual number.
With this patch 64 bit based integer fields having the
BASE_UNIT_STRING attribute will now properly display both
their value and units when added to the packet list as a
custom column.
Change-Id: Icb9532771eb2f4098891dedd82886fd6223ce7a6
Reviewed-on: https://code.wireshark.org/review/21771
Petri-Dish: Jim Young <jim.young.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
v2.3.0rc0-3618-gd962e7ae71 tried to simplify logic, but missed
use of TRY_TO_FAKE_THIS_REPR. Create a "friendlier" version
TRY_TO_FAKE_THIS_REPR_NESTED which allows for the "base"
proto_tree_add_xxx to be called in proto_tree_add_xxx_format[_value]
functions.
Bug: 13736
Change-Id: I98883ad4581d2327edb8da5efd8ef8a89b55e3d0
Reviewed-on: https://code.wireshark.org/review/21764
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Call proto_tree_add_bytes first so it can do all of the basic
field checks that were being duplicated.
Change-Id: Idc9a3cbf9498aa612a39cc80e3381eba52ce9fa4
Reviewed-on: https://code.wireshark.org/review/21750
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bug: 13705
Change-Id: I6bd006f216440d071e5c1eeb6b1f996b4a364c62
Reviewed-on: https://code.wireshark.org/review/21629
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It should be allowed to have an FT_UINT_BYTES hf entry with
BASE_NONE|BASE_ALLOW_ZERO. At the moment, this triggers an assert:
Err Field 'Data block' (image-gif.data_block) is an FT_UINT_BYTES
but is being displayed as (Bit count: 2048) instead of BASE_NONE
For FT_UINT_BYTES entries, we should make the same checks as for
FT_BYTES. Don't fall through to the default case.
Change-Id: I986a9b779d130919d17595f08b3b63306b3956f2
Reviewed-on: https://code.wireshark.org/review/21606
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
It does what it says on the label. You get back TRUE or FALSE in a
gboolean.
While we're at it, remove a copied-and-pasted comment that doesn't
apply, and update another comment.
Change-Id: I117391d2ffe44124a614a7f64dad1b389c1ebc6a
Reviewed-on: https://code.wireshark.org/review/21394
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Just like proto_tree_add_item_ret_uint, but with 64-bit support
Change-Id: Ie0cbfda9e63bf21e85df2d674e391a6c0abe92f7
Reviewed-on: https://code.wireshark.org/review/21355
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
It makes it a bit clearer what its purpose is - to allow a value_string
to be used for numeric rather than enumerated fields, giving certain
values of the field a special meaning.
Change the explanation in the documentation to match as well.
Change-Id: Id07b22eee996b79ea5f3473928d29adcabe09bf3
Reviewed-on: https://code.wireshark.org/review/21209
Reviewed-by: Guy Harris <guy@alum.mit.edu>
XXX_prime_with_YYY makes it a bit clearer than does XXX_prime_YYY that
we're not priming YYY, we're priming XXX *using* YYY.
Change-Id: I1686b8b5469bc0f0bd6db8551fb6301776a1b133
Reviewed-on: https://code.wireshark.org/review/21031
Reviewed-by: Guy Harris <guy@alum.mit.edu>
BASE_VALS_NO_UNKNOWN is a special value_string value for only a single
(maybe 2) numerical value(s). If a field has the numerical value
that doesn't match anything in the value_string, just the number
is supplied for the field (no "Unknown")
Dissectors that had this use case have been converted in the patch.
Change-Id: Ie63a36cceec2fe4436938ec7e3d7f9e690d2b8d9
Reviewed-on: https://code.wireshark.org/review/20736
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add a "report a warning message" routine to the "report_err" code in
libwsutil, and rename files and routines appropriately, as they don't
only handle errors any more.
Have a routine read_enabled_and_disabled_protos() that reads all the
files that enable or disable protocols or heuristic dissectors, enables
and disables them based on the contents of those files, and reports
errors itself (as warnings) using the new "report a warning message"
routine. Fix that error reporting to report separately on the disabled
protocols, enabled protocols, and heuristic dissectors files.
Have a routine to set up the enabled and disabled protocols and
heuristic dissectors from the command-line arguments, so it's done the
same way in all programs.
If we try to enable or disable an unknown heuristic dissector via a
command-line argument, report an error.
Update a bunch of comments.
Update the name of disabled_protos_cleanup(), as it cleans up
information for disabled *and* enabled protocols and for heuristic
dissectors.
Support the command-line flags to enable and disable protocols and
heuristic dissectors in tfshark.
Change-Id: I9b8bd29947cccdf6dc34a0540b5509ef941391df
Reviewed-on: https://code.wireshark.org/review/20966
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Don't force display of BASE_DEC
Change-Id: Id6f115c074f0d4b1bd277dcbf6c523ffaa295edb
Reviewed-on: https://code.wireshark.org/review/20918
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Don't just report an assertion failure with a line in proto.c; give the
name of the field with the wrong type, and a list of the types that are
valid for the routine in question.
Change-Id: Id3ed7c376fdc72bf6cff69c647833946cfa99ee6
Reviewed-on: https://code.wireshark.org/review/20824
Reviewed-by: Guy Harris <guy@alum.mit.edu>
While at it fix expert info a typo and an calculation.
Change-Id: I071a36edb7eed5f58708b98aebcb24bc6c34f2a8
Reviewed-on: https://code.wireshark.org/review/20766
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add some new encodings for absolute time stamps, and use them as
appropriate; this fixes some cases where the time stamps in question
were being dissected incorrectly.
For the encodings with seconds and 1/2^32s of a second, don't
arbitrarily give only microsecond resolution; 2^32 is greater than 1
million, and, in fact, at least some NTP RFCs explicitly talk about time
resolution greater than 1 microsecond.
Update references in the RELOAD dissector to reflect the documents in
question having been updated and published as RFCs.
Change-Id: Icbe0b696d65eb622978eb71e99ddf699b84e4fca
Reviewed-on: https://code.wireshark.org/review/20759
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It's some weird hybrid of UN*X time and NTP time stamps, using UN*X's
epoch and NTP's seconds/fractions split. I'm sure they had their
reasons for not using something like struct timespec or regular NTP
time, and instead inventing something that's halfway in between them.
Change-Id: I1f39ec1368af52b82adfa2a22677dfa6e9341309
Reviewed-on: https://code.wireshark.org/review/20711
Reviewed-by: Guy Harris <guy@alum.mit.edu>
From a look at the libosmocom code, time stamps in
GSMTAP_TYPE_OSMOCORE_LOG messages appear to be UN*X struct timevals with
a 4-byte tv_sec, not anything NTP-like with the fraction-of-a-second
part in units of 1/2^32s of a second.
Add ENC_TIME_TIMEVAL to handle time stamps like that, and use it rather
than ENC_TIME_NTP_BASE_ZERO.
Change-Id: Ia1511527ee292fb7725b2a64c0af16d23ff10a6d
Reviewed-on: https://code.wireshark.org/review/20710
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I30b44cb0145f76c3929cac92337756a4164df1d2
Reviewed-on: https://code.wireshark.org/review/20609
Reviewed-by: Juan Jose Martin Carrascosa <juanjo@rti.com>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
In proto_get_first_protocol_field() we must check for an empty
protocol->fields because Lua scripts may have protocols without
fields and g_ptr_array_index() does not perform bounds checking
on the given index.
Bug: 13223
Change-Id: Ib2f6286d0799541243450348dcf345a965b2825c
Reviewed-on: https://code.wireshark.org/review/20455
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
A user reported that the TNS dissector would show "Malformed Packet" in
the Info column in Qt. The actual packet details and Expert Info dialog
however had no trace of the issue.
It turns out that proto_tree_add_item_new_ret_length did not correctly
set the length. Test case (based on pcap from SampleCaptures wiki):
tshark -r TNS_Oracle1.pcap -w 19.pcap -Y frame.number==19
tshark -r 19.pcap -Y tcp
Change-Id: I82cb1ccbc7c3b33d2bcdb22f89a1754c1a4575e7
Fixes: v2.1.0rc0-1394-gc67c6e8f30 ("Add routines to add an item and return the item's real length.")
Reviewed-on: https://code.wireshark.org/review/20098
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
Reviewed-by: Michael Mann <mmann78@netscape.net>