It makes it a bit clearer what its purpose is - to allow a value_string
to be used for numeric rather than enumerated fields, giving certain
values of the field a special meaning.
Change the explanation in the documentation to match as well.
Change-Id: Id07b22eee996b79ea5f3473928d29adcabe09bf3
Reviewed-on: https://code.wireshark.org/review/21209
Reviewed-by: Guy Harris <guy@alum.mit.edu>
When building RelWithDebInfo target with MSVC, NDEBUG is automatically defined.
Avoid redefining the macro by checking if it already exists.
Change-Id: I1720f47cce0df210c2b2dff3b20c218dc2ae7b02
Reviewed-on: https://code.wireshark.org/review/21200
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This is a breaking change.
prefs_register_filename_preference hasn't been differentiating
between files to be saved and ones to be opened.
On GTK, a neutral dialog is used, so no problems there.
On Qt, a save dialog has been always used, even in dissectors that
were reading configuration files without modification.
prefs_register_filename_preference now takes an argument to indicate
whether UI could be a save dialog with a warning on overwriting
a file, or whether it's a general purpose open file dialog.
Qt now does this. Previously no warning was shown on overwriting a file,
so it may be used for opening files too without irritating the user.
This has been changed, as non-destructive reads should now use
the open dialog.
Dissectors were changed accordingly.
Change-Id: I9087fefa5ee7ca58de0775d4fe2c0fdcfa3a3018
Reviewed-on: https://code.wireshark.org/review/21086
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The tap was just a trick to get fields and protocols registered as being
of interest. Now that we have mechanisms by which postdissectors can
explicitly register fields and protocols as being of interest, and are
using that, the trick is no longer needed.
Change-Id: I0bccc88a1e4ee4c9fc84b90d968820375594c5c1
Reviewed-on: https://code.wireshark.org/review/21157
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The tap was just a trick to get fields and protocols registered as being
of interest. Now that we have mechanisms by which postdissectors can
explicitly register fields and protocols as being of interest, and are
using that, the trick is no longer needed.
Change-Id: Ib2620ff32c41ffa050203c1d4481c63535fb3f4b
Reviewed-on: https://code.wireshark.org/review/21156
Reviewed-by: Guy Harris <guy@alum.mit.edu>
They deal with sets of hfids, which can belong to protocols as well as
fields (I guess you could argue that a protocol is a field, but...).
Change-Id: Ibd103cfa26427ead4ef54be89f1251908004cfae
Reviewed-on: https://code.wireshark.org/review/21154
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That's currently required to get the fields we want.
Bug: 12161
Change-Id: Ic1066334358c58fa915ef886b2658902393172c7
Reviewed-on: https://code.wireshark.org/review/21153
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Some routines had "matecfg", some had "mc"; be a bit more consistent.
Change-Id: I3406488315483fb281ebc3fb8a23e9e1b2104a14
Reviewed-on: https://code.wireshark.org/review/21152
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Pass it as an argument to everything else, so only packet-mate.c has the
notion of there being *a* configuration, and everything else takes the
configuration as an argument.
Change-Id: Ia92c1539586d3e71580fd822cf07bd3d79a6f093
Reviewed-on: https://code.wireshark.org/review/21151
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Make it local to mate_tree(), and pass it to mate_pdu_tree().
Change-Id: I489683614b4d65aec3ddd94ce2c9077180e769ca
Reviewed-on: https://code.wireshark.org/review/21149
Reviewed-by: Guy Harris <guy@alum.mit.edu>
There's a Lemon bug where this grammar produces a parser that fails
assertions; to work around it, we disable assert() failures.
(A bug report has been sent to sqlite-users about this.)
Change-Id: I6812b20fafe318425b37755a15009b0baf2d68a2
Reviewed-on: https://code.wireshark.org/review/21148
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Flagged during value_string duplication check
Change-Id: Ia6b657b6e0d8e60cf69ea0e40199b78e96837ecc
Reviewed-on: https://code.wireshark.org/review/21133
Reviewed-by: Michael Mann <mmann78@netscape.net>
This reverts commit c63c5c8c42.
This is probably easier than just abandoning it and trying to remove it from my repository.
https://xkcd.com/1597/
Change-Id: Ibba2107cfa9c60c86862b16a4cac31689670e137
Reviewed-on: https://code.wireshark.org/review/21127
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Builds on my machines, physical and virtual, crash with an assertion
failure in the MATE Lemon grammar when parsing the MATE configuration
file in bug 12161 - on Mac OS X Lion with llvm-gcc, Ubuntu 15.10 with
GCC, and on macOS Sierra with clang.
Builds on the macOS buildbot do *not* fail.
So put the result of Lemon in the MATE plugin into the release tarball,
so I can compare it with what Lemon generates on my machine.
Change-Id: I2d5ecee68535a8b4803de0bd7f02d448ab629083
Reviewed-on: https://code.wireshark.org/review/21126
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
register.c, and the plugin.c for various plugins, are generated by tools
that must be available to do a build, and aren't distributed as part of
the source tarball. That means "make distclean" should remove them. Do
so.
Change-Id: I9e37abdafb50234cf1ebb5fb828446e45e605d78
Reviewed-on: https://code.wireshark.org/review/21125
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Field 'Stream Based Volume ID' (unistim.stream.volume.id) has a conflicting entry in its value_string: 111 is at indices 0 (C1=0xFF00 C2=0x00 C3=0x00 c4=0x00 Steady on. -13 dBmO per frequency.) and 1 (C1=0x0505 C2=0x0505 C3=0x0505 c4=0xFF00 3 burst(0.1 sec on,0.1 sec off),Then steady on.-13 dBmO per frequency.))
Change-Id: I49f50688b9e68d597190d891b114eea1ff3e4858
Reviewed-on: https://code.wireshark.org/review/21059
Reviewed-by: Michael Mann <mmann78@netscape.net>
As the comments say, proto_find_finfo() is slower than
proto_get_finfo_ptr_array(), as it has to scan the entire tree, and,
given that we're priming the tree with the fields we need (which we
*have* to do to *guarantee* that we'll get the fields we want;
requesting that a protocol tree be constructed isn't sufficient, and
asking for a "visible" protocol tree is overkill),
proto_get_finfo_ptr_array() will work.
Change-Id: Ic1e21105a0a89003a3cdd3d7a2e55ac287ddad5e
Reviewed-on: https://code.wireshark.org/review/21068
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This makes sure that postdissectors that indicate that they need certain
fields in the first pass will get them.
While we're at it:
Fix the field-fetching code in TRANSUM not to assume it got any
instances of the field being fetched.
Rename process_packet_first_pass() in sharkd to process_packet(), as
it's the only routine in sharkd that processes packets.
Rename process_packet() in tshark and tfshark to
process_packet_single_pass(), as it's what's used if we're only doing
one-pass analysis.
Clean up comments and whitespace.
Change-Id: I3769af952c66f5ca4b68002ad6213858ab9cab9b
Reviewed-on: https://code.wireshark.org/review/21063
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Currently, this is only used to determine whether a protocol tree needs
to be built on the first pass or not - if there are postdissectors that
need fields, it does - but eventually we should be able to use it to
prime the dissection to deliver those fields in cases where we don't
need the *entire* protocol tree (rather than using a hack such as
cooking up a fake tap with a fake filter to do that).
Update MATE and TRANSUM to use it.
Clean up code to check whether we need a protocol tree, and add comments
before that code indicating, in each case, what the criteria are.
The array of postdissectors includes a length, so we don't need to
separately keep track of the number of postdissectors.
Clean up indentation while we're at it.
Change-Id: I71d4025848206d144bc54cc82941089a50e80ab7
Reviewed-on: https://code.wireshark.org/review/21029
Reviewed-by: Guy Harris <guy@alum.mit.edu>
BASE_VALS_NO_UNKNOWN is a special value_string value for only a single
(maybe 2) numerical value(s). If a field has the numerical value
that doesn't match anything in the value_string, just the number
is supplied for the field (no "Unknown")
Dissectors that had this use case have been converted in the patch.
Change-Id: Ie63a36cceec2fe4436938ec7e3d7f9e690d2b8d9
Reviewed-on: https://code.wireshark.org/review/20736
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add a "report a warning message" routine to the "report_err" code in
libwsutil, and rename files and routines appropriately, as they don't
only handle errors any more.
Have a routine read_enabled_and_disabled_protos() that reads all the
files that enable or disable protocols or heuristic dissectors, enables
and disables them based on the contents of those files, and reports
errors itself (as warnings) using the new "report a warning message"
routine. Fix that error reporting to report separately on the disabled
protocols, enabled protocols, and heuristic dissectors files.
Have a routine to set up the enabled and disabled protocols and
heuristic dissectors from the command-line arguments, so it's done the
same way in all programs.
If we try to enable or disable an unknown heuristic dissector via a
command-line argument, report an error.
Update a bunch of comments.
Update the name of disabled_protos_cleanup(), as it cleans up
information for disabled *and* enabled protocols and for heuristic
dissectors.
Support the command-line flags to enable and disable protocols and
heuristic dissectors in tfshark.
Change-Id: I9b8bd29947cccdf6dc34a0540b5509ef941391df
Reviewed-on: https://code.wireshark.org/review/20966
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We don't allow that. Use proto_tree_add_boolean() instead.
Change-Id: I59ed0f0dc731b1ce4b5d921cd4e85b1c101cb2a8
Reviewed-on: https://code.wireshark.org/review/20821
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I5c74a34619ea66c3ac2a77d10b31a3f1256c6595
Reviewed-on: https://code.wireshark.org/review/20707
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
PDPortStatistic with BlockVersionLow = 1 has 2 bytes CounterStatus while
PDPortStatistic with BlockVersionLow = 0 has 2 bytes Padding.
Change-Id: I39783ad29993501249bfa7875760b505ded6a8e9
Reviewed-on: https://code.wireshark.org/review/20563
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Since AMFilterData block is removed from PROFINET specification,
related parts are removed from dissector.
Change-Id: I0f9f346fd409fc0cb78f4d7a8ca5869229d68bed
Reviewed-on: https://code.wireshark.org/review/20546
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Dissecting AMR doesn't work properly when AM_Location.Structure don't equal to 2.
Bug: 13480
Change-Id: Ie116e10f6e88e240b2f1ae4e1eab27b24350e55a
Reviewed-on: https://code.wireshark.org/review/20529
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Birol Capa <birol.capa@siemens.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
A special ARType for System redundancy IOCARSR (0x0020) used to indicate
SR during the IODConnectReq for Advanced Startup ARs (StartupMode:=1).
With this change, the ARUUID is subdivided into several parts.
APDUStatus dissection is affected by Primary/Backup switchover.
Bug: 13456
Change-Id: I0504ad2f4d15c491b0142c6d24bb8b849a929ba2
Reviewed-on: https://code.wireshark.org/review/20422
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Allow the enable/disable of an element
Change-Id: I9652e8d74b261ba259cebfba53e7bc7ef560d347
Reviewed-on: https://code.wireshark.org/review/20370
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Allow to add and remove single items from a selector list and also
fixing the selection of items in a selector list
Change-Id: I0c69ea97db6ca1a6932939f0df9049c6fb720f77
Reviewed-on: https://code.wireshark.org/review/20363
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Small improvement in the title texts.
Change-Id: Ia413577386dab11f78fd141d6333944beefb5b33
Reviewed-on: https://code.wireshark.org/review/20295
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Creates an interface for plugins and other parts of the code, to
add a new toolbar to the system and have various widget types interact
with this toolbar.
All toolbars added via this interface, will be added to an additional
submenu called "Additional Toolbars" within Wireshark.
Also a demo plugin is being provided, demonstrating various features
of the toolbar, including updating the gui elements. It also demonstrates
how to update toolbar items.
Change-Id: I8d0351224b3d7f4b90220d58970b51695551d7e3
Reviewed-on: https://code.wireshark.org/review/19803
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
proto_find_finfo doesn't have NULL tree protection, so protect it from
transum dissector.
Bug: 13395
Change-Id: I1037c675cf10b959f116b20b12cc7b388c175cd3
Reviewed-on: https://code.wireshark.org/review/20077
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I795fc3a3cf4ca93483f870d229668d7f747bb799
Reviewed-on: https://code.wireshark.org/review/20147
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Register all reassembly tables with a central unit, allowing the
central unit to have the callback that initializes and destroys
the reassembly tables, rather than have dissectors do it individually.
Change-Id: Ic92619c06fb5ba6f1c3012f613cae14982e101d4
Reviewed-on: https://code.wireshark.org/review/19834
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This function will free the resources allocated by the caller.
Change-Id: Ib486c14e4fd3c321662fb71f7fd06733ce9a64a4
Reviewed-on: https://code.wireshark.org/review/19375
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This emphasizes that there is no such thing as *the* routine to
construct a subset tvbuff; you need to choose one of
tvb_new_subset_remaining() (if you want a new tvbuff that contains
everything past a certain point in an existing tvbuff),
tvb_new_subset_length() (if you want a subset that contains everything
past a certain point, for some number of bytes, in an existing tvbuff),
and tvb_new_subset_length_caplen() (for all other cases).
Many of the calls to tvb_new_subset_length_caplen() should really be
calling one of the other routines; that's the next step. (This also
makes it easier to find the calls that need fixing.)
Change-Id: Ieb3d676d8cda535451c119487d7cd3b559221f2b
Reviewed-on: https://code.wireshark.org/review/19597
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This is mostly to address memory leaks in range preferences (the biggest
user of range functionality) on shutdown.
Now range preferences must use epan scoped memory when referencing
internal preference structures to keep consistency.
Change-Id: Idc644f59b5b42fa1d46891542b53ff13ea754157
Reviewed-on: https://code.wireshark.org/review/19387
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
grepping for "Decode As" comments reveals exactly was pinos were
created for - distinguishing multiple dissection functions in a
single dissection table.
Change-Id: Iaa9294045e9d0633563e7d763cb585c0e6dc598f
Reviewed-on: https://code.wireshark.org/review/19490
Reviewed-by: Michael Mann <mmann78@netscape.net>
They already know who they are when they register themselves. Saving the
handle then to avoid finding it later.
Not sure if this will increase unnecessary register_dissector functions
(instead of using create_dissector_handle in proto_reg_handoff function)
when other dissectors copy/paste, but it should make startup time
a few microseconds better.
Change-Id: I3839be791b32b84887ac51a6a65fb5733e9f1f43
Reviewed-on: https://code.wireshark.org/review/19481
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This prevents MATE from (falsely) being included in the list of
protocols for any given frame.
Change-Id: I9ffdfb52cf31dfda89b674a41bcc0992e17de5e8
Reviewed-on: https://code.wireshark.org/review/19432
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
1. Enable/disable preference not needed - just use Enabled Protocol
dialog interface. Added support for backwards compatibility of preference.
2. Add value_string for calculation values
3. Create an structured array of "hfs of interest" so they can more easily
be extended.
4. Convert a bunch of arrays into hash tables and lists. For the amount
of wasted space they were taking up, we can live with the very slight
performance degrade. Also puts less limits on number of things to process.
Change-Id: I7399789d62432b507062ed9cdc20ad974b9dde1b
Reviewed-on: https://code.wireshark.org/review/19406
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Per bug 12915, SMB2 message ID should be treated as a unsigned 64bit value.
Have transum logic match that as it was assuming SMB2 message ID was a
signed 64bit value
Change-Id: Ide0c12b505d1eef2aeb89d165a3ea59058e6be34
Reviewed-on: https://code.wireshark.org/review/19407
Reviewed-by: Michael Mann <mmann78@netscape.net>
Set a variable that we were supposed to be setting.
Also, note some items that should probably be expert info items instead
of, or in addition to, additional text at the end of protocol tree items.
Addresses CID 1397702.
Change-Id: I2ff0c2549f229546035964efa6af19b77646f7d2
Reviewed-on: https://code.wireshark.org/review/19397
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I70ccf182160086a4c04467eec214857a461a2869
Reviewed-on: https://code.wireshark.org/review/19373
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Guy Harris