We presumably want "decode as" behavior to be consistent across UIs so
call load_decode_as_entries() from read_prefs().
svn path=/trunk/; revision=53498
Fix 2 minor bugs wherein an incorrect (NULL) tree was always used;
Remove some unneeded initializers;
Localize some variables;
Use consistent indentation & whitespace formatting
Add editor modelines.
svn path=/trunk/; revision=53497
improve relative offset calculations for Kyoto-Tycoon protocol
from me:
use col_append_sep_str()
set the correct length in dissect_kt()
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9418
svn path=/trunk/; revision=53495
Provide the capability to define a list of value_strings once and
then to expand the list as an enum and/or as a value_string array.
svn path=/trunk/; revision=53487
Create/use value_string_ext_free();
Display certain numbers also as hex in the
"forced to fall back to linear search: ..." value-string warning msg
Add editor-modelines to some files;
Do some whitespace changes.
svn path=/trunk/; revision=53484
Use FT_BOOLEAN instead of FT_UINT16 with 'ptp_bool_vals' value_string array;
Add editor modelines;
Do some whitespace & formatting changes.
svn path=/trunk/; revision=53477
Add menu items for each corresponding item in gtk/main_menubar.c that
calls gtk_stats_tree_cb(). Hopefully that's everything. Note that we use
quite a bit less code than the GTK+ flavor and why we might not want to
do that. Change a few things in ui/qt/CMakeLists.txt to more closely
match the GTK+ version. Add plumbing for tap registrations in
CMakeLists.txt and Makefile.am. Add the ability to copy text as CSV or
YAML.
svn path=/trunk/; revision=53464
Based on attachment #12139 (diff for adding the table) by rtsking117,
but keep original formatting and encoding (ASCII).
svn path=/trunk/; revision=53457
Specifically, proto_tree_add_expert() must take an actual tree node (for example
from proto_item_add_subtree()) and cannot take just any old item node. The
original intent (before the conversion) appeared to be just to put it on the
tree, so do that.
Another assertion gone from
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9406
svn path=/trunk/; revision=53456
The basic idea behind this design is to have dissectors register with a "decode as list" with their name and dissector table. When "Decode As" dialog is launched, any "registered" dissector found in the packet will cause a tab to be created in the dialog. Any GUI (GTK+/Qt/tshark) can just hook into the "decode as list" to see what can be provided.
This patch includes the GUI portion of the functionality (including packet-dcerpc.[ch] because it had some GUI dependencies that are now removed).
Other notes:
1. Some "GUI text" (UTF8_LEFTWARDS_ARROW and similar) made their way into the dissector code. Not sure how necessary it is and if reformatting the strings to avoid the macros is desired (TCP/UDP use it, SCTP doesn't).
2. I converted the SCTP functionality to have 2 tabs (instead of radio button), currently both are labeled "Transport" which could be confusing to users. Naming suggestions welcome (as well as for naming of tabs from other dissectors).
3. BER and DCERPC have more opportunity to use Decode As now that they are selected based on dissector presense, not packet_info values.
4. Catapult DCT2000 populates pinfo->ipproto, yet under new design will not show up to do Decode As. Should a "decode as item" be created for it?
5. BER dissector doesn't have Clear/Show Current functionality working (never did)
6. Bluetooth (in old design) could have been used "capture wide" instead of single packet (creating tabs of values not present in current packet), which goes against what I believe to be in the intent of Decode As, but I'm willing to hear counter-arguments.
svn path=/trunk/; revision=53446
The basic idea behind this design is to have dissectors register with a "decode as list" with their name and dissector table. When "Decode As" dialog is launched, any "registered" dissector found in the packet will cause a tab to be created in the dialog.
This patch includes just the dissector portion of the functionality (minus packet-dcerpc.[ch] because it has hooks to the current GUI)
svn path=/trunk/; revision=53445
The main driving force for this was my new Decode As functionality (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9450) that wants a dissector/subdissector table relationship for all dissectors wanting to use Decode As functionality. The ethertype() function provides the value to the "ethertype" subdissector table, so I think it should be matched to a dissector. Only odd side effect is the display filter of "ethertype" returns no packets because there is no "item" associated with the dissector.
svn path=/trunk/; revision=53443
Add support for new PostgreSQL (9.3) error/notice message fields
Improves the PostgreSQL protocol dissector by adding support for the new error and notice fields which are new in PG 9.3:
http://www.postgresql.org/docs/9.3/interactive/protocol-error-fields.html
In particular, it adds support for the 'p', 'q', 's', 't', 'c', 'd', and 'n' field codes.
From me :
Fix wrong hf name...
svn path=/trunk/; revision=53431
Add RFC6066 CertificateUrl TLS extension
This is not supported by OpenSSL or NSS, the extension itself seems
unsafe, but some implementations seem to support it[1].
Untested, no capture available.
[1]: http://www.ietf.org/mail-archive/web/tls/current/msg02535.html
svn path=/trunk/; revision=53417
Add status_request_v2 TLS extension dissection (RFC6961)
Besides adding status_request_v2 support, this patch moves the
Certificate Status Type from the OCSP Status subtree to its parent
(the extension tree). This is needed because this type applies to all
OCSPResponse fields.
The check for "tree != NULL" seems unnecessary here, it was not
clarified in the original patch so I removed it.
From me
Fix typo
Remove unneeded tvb_ensure_bytes_exist
Use proto_tree_add_item
svn path=/trunk/; revision=53416
Add TLS StatusRequest (RFC6066) ClientHello extension recognition
Only empty Responder ID lists and empty Request Extensions are
implemented. I could not really find existing clients or servers that
populate these.
This status_request extension has a different signature for a
ClientHello and ServerHello, in the latter the extension_data field
must be empty. Therefore an additional parameter is added to
dissect_ssl3_hnd_hello_ext.
From me :
Fix typo
svn path=/trunk/; revision=53415
dissector for Kyoto Tycoon binary protocol
from me:
make port range preference work
highlight the correct bytes for records
remove trailing commas
correct(?) 64->32 cast
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9418
svn path=/trunk/; revision=53383
'localize' some variables;
Remove some unneeded initializers;
Move proto_reg_handoff_...() to the end of the file as per convention;
Add forward declarations for proto_register_...() & proto_reg_hand_off_...();
Reformat some long lines;
Tweak some whitespace;
Add editor modelines.
svn path=/trunk/; revision=53358
'#if 0' variable 'set but never used' & related code;
'localize' some variables;
Remove some unneeded initializers;
Tweak some whitespace;
Add editor modelines.
svn path=/trunk/; revision=53357
Collect packet numbers when following streams so that we can correlate
text positions with packets. Add a FollowStreamText class so that we can
track mouse events. Add a hint label that shows the packet under the
cursor along with packet counts and the number of "turns".
Add the packet number to the C array dump. Note that dumping to YAML
might be useful for Scapy users.
svn path=/trunk/; revision=53314
help from Matthieu Patou.
If the DCE-RPC heuristic failed to identify a TVB, *but* we've already decoded
a DCE-RPC layer in this packet *and* the heuristic failed because we didn't have
enough data, make the reasonable assumption that it actually is another DCE-RPC
packet, and ask TCP to desegment more data for us and try again.
svn path=/trunk/; revision=53310
dissector_try_uint to dissector_try_uint_new: protocols called due to TCP port
matching were not getting added to the list of protocols in the frame. The
"add_proto_name" parameter should be TRUE except in unusual circumstances.
svn path=/trunk/; revision=53308
Create a new dialog each time the user follows a stream. A lot of the
follow code seems to assume one and only one dialog so there are likely
outstanding bugs.
Don't use the global cfile (should we deprecate its usage?). We want to
move closer to multiple documents, not further away.
Clean up after ourselves. Free our payload list and unlink our temp
file. Make a bunch of gchar*s QStrings. Make sure our destructor gets
called and use it.
Make member variable and method names more consistent.
svn path=/trunk/; revision=53306
x11-extensions-implementation.h .
This change was manually applied to the .h file as I can't currently rebuild
the X11 dissector.
svn path=/trunk/; revision=53298
the ftenum_t for the fvalue's ftype, rather than a pointer to the ftype
(which isn't all that useful except as a handle, unless you import the
internal header).
Have fvalue_to_string_repr() return NULL, rather than failing, if the
fvalue's ftype has no val_to_string_repr method.
This lets us not include the ftypes internal header in
ui/cli/tap-diameter-avp.c.
svn path=/trunk/; revision=53290
All dissectors that call tcp_dissect_pdus() have the same relative tree position, so it doesn't need to be specifically saved in the packet_info.
svn path=/trunk/; revision=53253
This was acheived by adding a void* data parameter to the dissect_function_t typedef in packet-rpc.h (r53213). After converting the pinfo->private_data, I'm not sure if it would be better to change the void* data pointer to be a rpc_call_info_value* explicitly. Not all "dissector functions" use it, but it would certainly save a lot of casting...
svn path=/trunk/; revision=53232
airpdcap.c:470:18: error: declaration of 'address' shadows a global declaration [-Werror=shadow]
airpdcap.c:611:18: error: declaration of 'address' shadows a global declaration [-Werror=shadow]
svn path=/trunk/; revision=53216
I didn't realize how expansive this change would be, so committing it now before replacing the pinfo->private_data, so if something needs to be reverted, all of this is not lost.
svn path=/trunk/; revision=53213
Now that "bytes consumed" can be determined, should tcp_dissect_pdus() take advantage of that?
Should tcp_dissect_pdus return length (bytes consumed)? There are many dissectors that just call tcp_dissect_pdus() then return tvb_length(tvb). Seems like that could all be rolled into one.
svn path=/trunk/; revision=53198
subtypes, e.g. Network Monitor version 1 and Network Monitor version 2
are separate "file types", even though they both come from Network
Monitor.
Rename various functions, #defines, and variables appropriately.
svn path=/trunk/; revision=53166
(both using Linux) it's time to be able to play with
the new HFI code.
Run cmake with -DHAVE_HFI_SECTION_INIT and you are good to go.
svn path=/trunk/; revision=53155
/home/jmayer/work/wireshark/svn/trunk/epan/dissectors/packet-mint.c:205:26: error: ‘hfi_mint_control_0x0c_unknown4’ defined but not used [-Werror=unused-variable]
static header_field_info hfi_mint_control_0x0c_unknown4 MINT_HF_INIT =
^
svn path=/trunk/; revision=53154
cd /home/jmayer/work/wireshark/svn/build/qt-gtk3/epan && /usr/bin/cc -DG_DISABLE_DEPRc
In file included from /home/jmayer/work/wireshark/svn/trunk/epan/packet.h:29:0,
from /home/jmayer/work/wireshark/svn/trunk/epan/dissectors/packet-2dp:
/home/jmayer/work/wireshark/svn/trunk/epan/dissectors/packet-2dparityfec.c: In functio:
/home/jmayer/work/wireshark/svn/trunk/epan/proto.h:2128:2: error: ISO C90 forbids mixe]
extern header_field_info __start__data_ ##proto[]; \
^
/home/jmayer/work/wireshark/svn/trunk/epan/dissectors/packet-2dparityfec.c:331:4: note’
proto_register_fields(proto_2dparityfec, hfi, array_length(hfi));
^
cc1: all warnings being treated as errors
svn path=/trunk/; revision=53152
This work was done in bug 7615 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7615), but the tie in to use the RlcMacPrivateData_t structure (passed by the GSMTAP dissector) was never completed. Whenever that picks up again, the data parameter of the dissector should be used instead of pinfo->private_data.
svn path=/trunk/; revision=53128
Instead of incrementing the offset for each new segment by one we add the length of the segment so that each segment is correctly shown in the segment list.
It proves to be very useful to find which packet (segment) is causing an application dissector to go wrong.
From Matthieu Patou
svn path=/trunk/; revision=53118
tvbuff.c:1258: warning: passing argument 2 of '__builtin___memcpy_chk' makes pointer from integer without a cast
tvbuff.c:1258: warning: passing argument 2 of '__inline_memcpy_chk' makes pointer from integer without a cast
svn path=/trunk/; revision=53117
In the process, fix various man page descriptions of the -t flag,
and add support for UTC absolute times in the iousers and iostat TShark
taps.
svn path=/trunk/; revision=53114
Note: I hope the following is not indicative of something wrong with the code.
(I've just marked di as _U_).
packet-dcerpc-netlogon.c: In function 'dissect_secchan_nl_auth_message':
packet-dcerpc-netlogon.c:7582:75: error: unused parameter 'di' [-Werror=unused-parameter]
proto_tree *tree, dcerpc_info *di, guint8 *drep)
svn path=/trunk/; revision=53104
All "generated" source was manually modified (with the power of search/replace), but I believe the "source input" files have been adjusted (checked into revs 53098 and 53099) to reflect the necessary changes (with possible whitespace formatting differences).
The Microsoft compiler doesn't flag "unused function parameters", so I apologize in advance if I may have missed a few. The "dcerpc_info* di" parameter is used in almost every function.
svn path=/trunk/; revision=53100
This is the "Wireshark DCERPC" input file changes necessary to support removing pinfo->private_data from the DCERPC dissectors in favor of passing it through function parameters. I didn't regenerate the dissector source, so this is just a "good faith" effort to mimic the manual changes.
svn path=/trunk/; revision=53099
This is the PIDL input file changes necessary to support removing pinfo->private_data from the DCERPC dissectors in favor of passing it through function parameters. I didn't regenerate the dissector source, so this is just a "good faith" effort to mimic the manual changes.
svn path=/trunk/; revision=53098
protocol IDs. This is substantially more efficient, which means we can build it
all the time rather than only if tree (in my benchmarks the extra time taken is
not large enough to be statistically significant even over tens of thousands of
packets).
This fixes what was probably a bug in btobex that relied on layer_names for
non-tree dissection. It also enables a much simpler fix for
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9303
svn path=/trunk/; revision=53089
Add more detail for SPI Open LPOO Structure
Add more int_to_vals for INQ_Q_MGR reply
Add more display detail for encoding value
Some fix and display correction
Note: The patch used was the *original* patch submitted (plus some fixes by me).
That is: (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=11962)
plus my fixes
See: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9367 and comments for
details.
From me:
- Fix bug which resulted in a macro expansion fail on GCC
- Fix a -Wshadow error in packet-mq-pcf.c
svn path=/trunk/; revision=53078
pinfo memory pool, they have exactly the same scope. Simplification and minor
performance win (one GHashTable we longer have to create/destroy on every
packet).
svn path=/trunk/; revision=53076
ieee80211: Decode Radio Measurements (Action Frames)
The length of the fixed fields are dependent on the radio measurement
action. Before this patch, fields following the action code were
ignored, leading to wrong decoding results. This patch adds recognition
for the Radio Measurement action management frames as specified in
IEEE Std 802.11-2012.
From me:
* Rename some hf (Add ff_ in name)
* Link Margin and Transmit Power are signed
* Use always proto_tree_add_item (replace proto_tree_add_text)
svn path=/trunk/; revision=53074
0010-frsrpc-Regenerate-frsrpc-due-to-changes-in-the-pidl-.patch
0016-Regenerate-the-dnserver.patch
are now integrated, but modified to compile on Windows. I suspect the PIDL generators may need to be updated to support this, otherwise regeneration will break the build on Windows again.
svn path=/trunk/; revision=53067
1. AVDTP: Fix double decoded stream
2. AVDTP: Use items for logical block objects
3. HCI_USB use handoffed dissector handles instead of find_dissector()
From Michal Labedzki
svn path=/trunk/; revision=53052
(No time right now to figure the problem out).
CC libdissectors_la-packet-mq-base.lo
In file included from packet-mq-base.c:32:0:
packet-mq.h:42:54: error: expected '=', ',', ';', 'asm' or '__attribute__' before '_ext'
#define DEF_VALSEXT(A) value_string_ext GET_VALSV(A)_ext = VALUE_STRING_EXT_INIT(GET_VALSV(A))
^
packet-mq-base.c:1301:1: note: in expansion of macro 'DEF_VALSEXT'
DEF_VALSEXT(selector);
^
packet-mq.h:42:54: error: expected '=', ',', ';', 'asm' or '__attribute__' before '_ext'
#define DEF_VALSEXT(A) value_string_ext GET_VALSV(A)_ext = VALUE_STRING_EXT_INIT(GET_VALSV(A))
^
packet-mq-base.c:1495:1: note: in expansion of macro 'DEF_VALSEXT'
DEF_VALSEXT(mqcmd);
^
svn path=/trunk/; revision=53033
Add more detail for SPI Open LPOO Structure
Add more int_to_vals for INQ_Q_MGR reply
Add more display detail for encoding value
Some fix and display correction
See: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9367
svn path=/trunk/; revision=53027
The original intent was to just deal with struct tcpinfo data, but after finding it was unnecessary (and somewhat limited dissection in COL_INFO), I took the cleanup a little farther. Sample traces from wiki and bug 5956 were very helpful in proving I didn't break anything.
svn path=/trunk/; revision=53025