Hopefully that name makes it clear what the routiner's purpose is, and
will encourage people to use it rather than using dissector_add_uint()
with a bogus integer value.
Change-Id: Ic5be456d0ad40b176aab01712ab7b13aed5de2a8
Reviewed-on: https://code.wireshark.org/review/2483
Reviewed-by: Guy Harris <guy@alum.mit.edu>
bit decoding for these values.
Change-Id: I7ab6c4badf5b66d6f434a47523e2b35730ecb65d
Reviewed-on: https://code.wireshark.org/review/2338
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
which can be used to call the found heuristic dissector on the next pass.
Introduce call_heur_dissector_direct() to be used to call a heuristic
dissector which accepted the frame on the first pass.
Change-Id: I524edd717b7d92b510bd60acfeea686d5f2b4582
Reviewed-on: https://code.wireshark.org/review/1697
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This patch adds a new "ip.checksum_calculated" field that can be used
for display in a column.
Based on d7c4bde279 ("tcp: display
calculated checksum").
Change-Id: Ide5eb6640d51ded88b1df309092a0a3aaf482b03
Reviewed-on: https://code.wireshark.org/review/1676
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
This cleans up the implementation of the extension header, but also allows Decode As functionality for Next Header fields. This allows "old" SHIM6 IP protocol number (not IANA registered) to still be dissected.
bug:9995
Change-Id: I6f29a1f7db144478c5b6416d27da2c9c5a7a1de1
Reviewed-on: https://code.wireshark.org/review/1378
Reviewed-by: Michael Mann <mmann78@netscape.net>
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Offloading seems to be very common nowadays and having this option
enabled by default generates a lot of false positives. Suggested by
Laura Chappell.
Change-Id: I285f218efb3c9f164d8ad7a6d6de8270e442ffff
Reviewed-on: https://code.wireshark.org/review/426
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Part of the fix includes having the IPv6 dissector populate as much of a ws_ip structure as possible to pass to subdissectors of the "ip.proto" table, so the ttl value can be picked up.
svn path=/trunk/; revision=53522
The basic idea behind this design is to have dissectors register with a "decode as list" with their name and dissector table. When "Decode As" dialog is launched, any "registered" dissector found in the packet will cause a tab to be created in the dialog.
This patch includes just the dissector portion of the functionality (minus packet-dcerpc.[ch] because it has hooks to the current GUI)
svn path=/trunk/; revision=53445
protocol IDs. This is substantially more efficient, which means we can build it
all the time rather than only if tree (in my benchmarks the extra time taken is
not large enough to be statistically significant even over tens of thousands of
packets).
This fixes what was probably a bug in btobex that relied on layer_names for
non-tree dissection. It also enables a much simpler fix for
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9303
svn path=/trunk/; revision=53089
1. Case sensitivity differences between hf_ field name and formatted string.
2. Unnecessary whitespace between hf_ field name and colon in formatted string
There are cases where the hf_ field name doesn't quite match the proto_tree_add_uint_format, but it's close enough that one of them should be "right", I'm just not sure which is, I just know the string in proto_tree_add_uint_format is the one displayed.
svn path=/trunk/; revision=52098
The script didn't catch as many as I would have liked, but it's a start.
The most common (ab)use of proto_tree_add_uint_format was for appending strings to CRC/checksum values to note good or bad CRC/checksum.
svn path=/trunk/; revision=52045
This should allow the ugly IPIP/TAPA hack to be replaced with a proper heuristic, but I don't see any sample TAPA traces to feel confident in making the change myself.
svn path=/trunk/; revision=49930
was done using textual search+replace, not anything syntax-aware, so presumably
it got most comments as well (except where there were typos).
Use a consistent coding style, and make proper use of the WS_DLL_* defines.
Group the functions appropriately in the header.
I ended up getting rid of most of the explanatory comments since many of them
duplicated what was in the value_string.c file (and were out of sync with the
recent updates I made to those in r48633). Presumably most of the comments
should be in the .h file not the .c file, but there's enough churn ahead that
it's not worth fixing yet.
Part of https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8467
svn path=/trunk/; revision=48634
be done on flows from one address to another; reassembly for protocols
running atop TCP should be done on flows from one TCP endpoint to
another.
We do this by:
adding "reassembly table" as a data structure;
associating hash tables for both in-progress reassemblies and
completed reassemblies with that data structure (currently, not
all reassemblies use the latter; they might keep completed
reassemblies in the first table);
having functions to create and destroy keys in that table;
offering standard routines for doing address-based and
address-and-port-based flow processing, so that dissectors not
needing their own specialized flow processing can just use them.
This fixes some mis-reassemblies of NIS YPSERV YPALL responses (where
the second YPALL response is processed as if it were a continuation of
a previous response between different endpoints, even though said
response is already reassembled), and also allows the DCE RPC-specific
stuff to be moved out of epan/reassembly.c into the DCE RPC dissector.
svn path=/trunk/; revision=48491
number of SACK ranges found in the SACK option.
This involved extending the IP options framework to include an extra
void* data field, which in the case of TCP is filled in with the tap
struct - other users currently pass NULL.
I first implemented the graph to sort the SACK ranges and show (in red)
the unacknowledged regions between them, but this became confusing where
the number of ranges is limited by TCP padding bytes. i.e. you can't
tell how many SACKs could have been encoded, so some of the gaps between
ranges may already have been received.
svn path=/trunk/; revision=46006
- ipv6.traffic_class.dscp use ext string so and need BASE_EXT_STRING flag (fix SIGSEGV)
- dscp_vals was removed from .h file, so make it static
- export dscp_vals_ext
svn path=/trunk/; revision=45380
The reassembled fragments tree in the Packet Details view is awesome, but it
lacks one thing: a field that exposes the reassembled data.
tcp.data already exists for exposing a single TCP segment's payload as a byte
array. It would be handy to have something similar for a single application
layer PDU when TCP segment reassembly is involved. I propose
tcp.reassembled.data, named and placed after the already existing field
tcp.reassembled.length.
My primary use case for this feature is outputting tcp.reassembled.data with
tshark for further processing with a script.
The attached patch implements this very feature. Because the reassembled
fragment tree code is general purpose, i.e. not specific to just TCP, any
dissector that relies upon it can add a similar field very cheaply. In that
vein I've also implemented ip.reassembled.data and ipv6.reassembled.data, which
expose reassembled fragment data as a single byte stream for IPv4 and IPv6,
respectively. All other protocols that use the reassembly code have been left
alone, other than inserting NULL into their initializer lists for the newly
introduced struct field reassemble.h:fragment_items.hf_reassembled_data.
svn path=/trunk/; revision=44802
packet-ax25.c and packet-arp.c.
Add an "ax25.pid" dissector table for those protocol IDs, use it in the
AX.25 dissector, and have dissectors register in that table with their
protocol IDs.
Get rid of some unneeded includes.
Clean up some "AX25"s in user-visible strings - say "AX.25" instead.
Clean up some indentation.
svn path=/trunk/; revision=44235
