Provide a way for Lua-based dissectors to invoke tcp_dissect_pdus()
to make TCP-based dissection easier.
Bug: 9851
Change-Id: I91630ebf1f1fc1964118b6750cc34238e18a8ad3
Reviewed-on: https://code.wireshark.org/review/6778
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Hadriel Kaplan <hadrielk@yahoo.com>
Adjust any other ep_ related APIs related to the transition.
Change-Id: I961b371c2c4bda557e0f1817705c27eef0dae66c
Reviewed-on: https://code.wireshark.org/review/6388
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This affects both the dissector (that has been added with a tap interface and a stats generator) and the UI (to recall the stats menu).
Change-Id: I90658f7aa6707aa39bdd787a51b20fed4dbddc53
Reviewed-on: https://code.wireshark.org/review/6236
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: I1d258923a7a63539ec8456d3e306bca5016a1e4b
Reviewed-on: https://code.wireshark.org/review/6060
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Specifically:
- Set packet.h to be the first wireshark #include after
config.h and "system" #includes.
packet.h added as an #include in some cases when missing.
- Remove some #includes included (directly/indirectly) in
packet.h. E.g., glib.h.
(Done only for those files including packet.h).
- As needed, move "system" #includes to be after config.h and
before wireshark #includes.
- Rework various #include file specifications for consistency.
- Misc.
Change-Id: Ifaa1a14b50b69fbad38ea4838a49dfe595c54c95
Reviewed-on: https://code.wireshark.org/review/5923
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Bill Meier <wmeier@newsguy.com>
(for some dissectors which fetch all other integral fields using
ENC_BIG_ENDIAN).
Change-Id: Ic18e3172aad76af12b12d6732c88497be22aed56
Reviewed-on: https://code.wireshark.org/review/5748
Reviewed-by: Bill Meier <wmeier@newsguy.com>
It seems the Replacement Length field calculated by Wireshark (which Wireshark calls "rReplacement Length"), is the length of the first label of the DNS name in the Replacement, instead of the entire DNS name length.
Issue found by Boaz
Bug:10700
Change-Id: I8b726f3a3bf316d688a40c3ade100d255ca3be42
Reviewed-on: https://code.wireshark.org/review/5300
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
In the attached pcap file, there's a single DNS packet with WKS RR in the Prerequisites section.
The Protocol field of this RR is read as if it is 4 bytes long instead of 1, which actually reads part of the bytes of the following RR.
Found by boaz
Bug:10675
Change-Id: Icf12c7f3864b629a242598373c06eee4de0ca098
Reviewed-on: https://code.wireshark.org/review/5170
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The queries RRs and answers RRs are parsed fine.
However, only the first 2 authoritative RRs are parsed and none of the 3 additional RRs are parsed.
The second authoritative RR is of type NXT, and even though it has data length of 9, Wireshark reads all the bytes until the end of the packet as if they are part of bitmap in this RR (it reads 317 bytes too many).
This causes it to not parse the rest of the RRs correctly.
Found by boaz
Bug:10615
Change-Id: I22e5987c44a11399b07c3106fbb70c6e9e867afe
Reviewed-on: https://code.wireshark.org/review/4940
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Some other cleanup while in the neighborhood. Not sure the all the proto_tree_add_expert calls are needed after each field (having implicit bounds error thrown should be sufficient), but left them in there.
Change-Id: I3ca75ec9f51ccbed6b6ca792789daa8e7cebf34a
Reviewed-on: https://code.wireshark.org/review/4574
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
For:
- FT_BYTES: Always use just ENC_NA
- integral/floating (other than FT_[U]INT8): Do ENC_NA --> ENC_BIG_ENDIAN
Also:
- FT_UINT... --> FT_UINT8 in a few cases (to match proto_tree_add_item...)
- Change one case of incorrect '||' to '|'
Change-Id: I427e0e61618ff8faf55691c8a695930f67d455b0
Reviewed-on: https://code.wireshark.org/review/4184
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Not yet tested on real dns traffic
Update also last updated DNS parameters (2014-08-12)
Change-Id: I6109d585584e5fca11c606a2230d8ef89cdbf7b6
Reviewed-on: https://code.wireshark.org/review/3870
Reviewed-by: Evan Huus <eapache@gmail.com>
Use DS dissector for CDS (see section 3.1) and DNSKEY dissector for CDNSKEY (see section 3.2)
Change-Id: I2ee11dc0eb2b5c74447b58604b1611ed249bc329
Reviewed-on: https://code.wireshark.org/review/3869
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Other minor cleanup while in the area.
Change-Id: Id8d957d3d68a2e3dd5089f490bd59d773e1be967
Reviewed-on: https://code.wireshark.org/review/3427
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I2ea1892b5963cc5578cbdd2b03029ca8424f2267
Reviewed-on: https://code.wireshark.org/review/2640
Tested-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I24fe3cc4a3589dadc4528a77fe7ff13d06b1a983
Reviewed-on: https://code.wireshark.org/review/2245
Reviewed-by: Michael Mann <mmann78@netscape.net>
tvb_new_subset -> tvb_new_subset_remaining it appears that's what the intention is.
Change-Id: I2334bbf3f10475b3c22391392fc8b6864454de2d
Reviewed-on: https://code.wireshark.org/review/1999
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Add ep_ to routines that may return ephemeral strings.
Change "get_XXX" to "XXX_to_display" if the routine returns a formatted
string if it can't get a name.
Change-Id: Ia0e82784349752cf4285bf82788316c9588fdd88
Reviewed-on: https://code.wireshark.org/review/1217
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Z field of edns0 in Additinal records is decoded to text description incorrectly (wrong bitmask)
Found by Jittinan Suwanrueangsri
Closed-Bug: 9767
Change-Id: I8171b211cce79cb096a0f354764992f5cb18617c
Reviewed-on: https://code.wireshark.org/review/226
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Now that "bytes consumed" can be determined, should tcp_dissect_pdus() take advantage of that?
Should tcp_dissect_pdus return length (bytes consumed)? There are many dissectors that just call tcp_dissect_pdus() then return tvb_length(tvb). Seems like that could all be rolled into one.
svn path=/trunk/; revision=53198
The script didn't catch as many as I would have liked, but it's a start.
The most common (ab)use of proto_tree_add_uint_format was for appending strings to CRC/checksum values to note good or bad CRC/checksum.
svn path=/trunk/; revision=52045