I've just had a bug in one of our private dissectors which meant
that the handle passed to call_dissector was null. This seemed to give
varying behavior - on some Windows installations it hit wireshark's
in-built exception handling, and displayed that the dissector had an
error (correct), but on some installations it just crashed wireshark
(not helpful). I _think_ the difference was whether MSVC was installed
or not, but on a sample of only 3 machines.
Should call_dissector include explicit null handle checks, and if so,
should it:-
a) g_assert - the simple patch attached
b) fallback to doing a data decode (as disabled protocols do)
c) try to invoke the wireshark exception handling for the packet
Or is the correct answer none of the above - the exception handler
should already cope ?
svn path=/trunk/; revision=18869
Dissectors registered with register_postdissector() will be called after all other dissectors have been called.
Use it to register mate.
svn path=/trunk/; revision=17089
04-stream.diff
A simplified packet reassembly API built on top of fragment_add_seq_next for
reassembling fragments that are delivered in-order, where fragments are
identified by a framenum and an offset into that frame. Streams are attached
to a conversation or a circuit and are unidirectional.
svn path=/trunk/; revision=16082
and that extract IPv6 addresses into a "struct e_in6_addr", with
tvb_get_ipv4() and tvb_get_ipv6() calls - except for some that we
remove, by using proto_tree_add_item(), rather than replacing.
Have epan/tvbuff.h include epan/ipv6-utils.h, to define "struct
e_in6_addr" (not necessary to declare the tvbuff routines, but including
it there means "struct e_in6_addr" is guaranteed to be defined before
those declarations, so we don't get compiler complaints if we define it
*after* those declarations).
svn path=/trunk/; revision=15758
so instead for g-alloc and g_free data
just use ep_alloc() that is automatically freed instead.
this also gets rid of one more GMemChunk
svn path=/trunk/; revision=15346
(presumably-)harmless-but-otherwise-unremovable const-to-nonconst
warnings.
In the TACACS dissector, clean up the variables used in option parsing
to avoid some const-to-nonconst warnings.
Clean up some white space.
svn path=/trunk/; revision=15043
This is very naughty and will cause problems when we have assigned a dissector to a dynamic port using conversation_set_dissector().
To make ethereal handle this case I have changed the try_conversation_dissector() to allow it to fail and return 0, meaning yes there is indeed a protocol registered for this conversation but that protocol rejected this packet.
(which only happens for "new" style dissectors, "old" style dissectors will never reject a packet that way)
When this happens the decode_udp_port() helper will still allow other dissectors to be tried, in the hope that the conversation is now used for some other protocol and thus someone else might be able to decode the packet.
Update SNMP and TFTP dissectors to check that even if there already is a conversation but that conversation does NOT have snmp/tftp registered as the dissector for it, then create a new conversation anyway and attach the proper dissector.
Since ethereal keeps track of which frame number a conversation started in, this actually works really well.
svn path=/trunk/; revision=14345
indicating the direction, narrowband/broadband, and interface number.
- Add support to display the direction and interface number.
- Add support to packet-mtp2.c to use the broadband/narrowband indication.
svn path=/trunk/; revision=14265
structures allocated by a dissection. Currently, it's the same as
"init_dissection()", but they should be split with "init_dissection()"
allocating the initial data structures and "cleanup_dissection()"
freeing them and *not* reallocating the initial data structures.
Use "cleanup_dissection()" in "cf_close()" to make it easier to find leaks.
svn path=/trunk/; revision=13881
filter/selector/protocol associations for each dissector. This will be
used to improve our automated tests, but someone with time on their
hands could probably use it to generate a protocol poster using Graphviz.
svn path=/trunk/; revision=13721
in the frame. The filter "frame.protocols contains ip:icmp:ip" could
be used to find any ICMP packets containing IP headers.
Clean up whitespace.
svn path=/trunk/; revision=13118
include of <resolv.h> in any system header file gets the system
<resolv.h> (needed for builds on Tru64 with GTK+ 1.2[.x]).
svn path=/trunk/; revision=11615
they have LF at the end of the line on UN*X and CR/LF on Windows;
hopefully this means that if a CR/LF version is checked in on Windows,
the CRs will be stripped so that they show up only when checked out on
Windows, not on UN*X.
svn path=/trunk/; revision=11400
(and the fact that nbss does not register its conversation)
this caused WANT_PDU_TRACKING to be decremented multiple times between
the dissectors
and thus ethereal could no longer reliably spot SMB PDUs that started in the middle of a tcp segment (unless we do reassembly which we dont do unless we have to since it eats soo many resources)
FIX so that ethereal once again can spot SMB (and other) protocol PDUs that start in the middle of a segment.
svn path=/trunk/; revision=10219
that dissectors for pass-through proxying protocols such as SOCKS can
allow the subdissectors they call to ask that desegmentation be done.
svn path=/trunk/; revision=9488
* Add a "match_string" field to the "packet_info" structure,
saving the string value that matched in a string dissector
lookup, by analogy to "match_port" - this was required for
dissection with token rendering of WBXML content when no public
ID was given (e.g. Nokia/Ericsson OTA provisioning data).
* Add support for textual content type based WBXML token
mapping.
* Add extra WBXML public identifiers.
* Add the Nokia/Ericsson OTA provisioning (version 7) token
definitions.
* Inform the user when a content-type based token match is found.
svn path=/trunk/; revision=9061
Make "proto_is_protocol_enabled()" and "proto_get_protocol_short_name()"
take a "protocol_t *" as an argument, so they don't have to look up the
"protocol_t" - this will probably speed them up considerably, and
they're called on almost every dissector handoff.
Get rid of a number of "proto_is_protocol_enabled()" calls that aren't
necessary (dissectors called through handles, including those called
through dissector tables, or called as heuristic dissectors, aren't even
called if their protocol isn't enabled).
Change some direct dissector calls to go through handles.
svn path=/trunk/; revision=8979
Make the Ethereal "decode as" stuff not blow up with string dissector
tables.
Selectors for uint dissector tables are unsigned, not signed.
svn path=/trunk/; revision=8408
comparison function to use based on the type value passed in. For the
traditional unsigned integer table, require FT_UINT{8,16,24,32}; if the
type is FT_STRING or FT_STRINGZ, use the string hashing functions
instead.
Add routines for manipulating entries and looking up dissectors in
string dissector tables.
svn path=/trunk/; revision=8407
Add a new routine to iterate through all dissector tables, calling a
routine for each table, to support having the "-d" code list all
dissector tables.
Get rid of "dissector_handle_get_dissector_name()"; it was put in there
for "-d", but turns out not to be necessary for that.
Clean up the usage message a bit (using the convention, adhered to by at
least some UNIX utilities, of listing all the flags with no arguments in
a single lump, and then listing the ones with arguments individually,
and also putting "-v" and "-h" in a separate lump, as Ethereal does).
svn path=/trunk/; revision=7788
ONCRPC dissector updated to provide hint to TCP where the next RPCoverTCP
PDU starts as example.
Trivial updates to the other TCP based protocols required to amke them handle
this as well. See the updates to packet-rpc.c as an example.
This is enabled by activating tcp analysis and provides hints to TCP to know where PDUs starts when not aligned to the start of the segment.
svn path=/trunk/; revision=7543
to "protect" what's currently in the column, so that attempts to clear
the column will only clear stuff after the fence and attempts to
overwrite the column will append stuff after the fence. This, for
example, allows a dissector to arrange that the Info column contain
information for its protocol and for protocols running atop it.
svn path=/trunk/; revision=7466