Change-Id: Ifaf25ca5a7974f1d398ceebbb4c6733d4d3e001a
Reviewed-on: https://code.wireshark.org/review/20006
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If a pane is not used in the layout it should not be possible to show
and hide this from the menu, as this may give unexpected results.
Change-Id: I335168e66e1dffc89992cad480dd7daaea7e9d59
Reviewed-on: https://code.wireshark.org/review/20140
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Mimic functionality of g_hash_table_get_keys
Change-Id: I7702854ed771a5b3bf7ea5295a67c42f0f477cdf
Reviewed-on: https://code.wireshark.org/review/20039
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Mimic functionality of g_hash_table_steal
Change-Id: Iaf4aeef951b60934569143b2d119f782aeefe380
Reviewed-on: https://code.wireshark.org/review/20038
Reviewed-by: Michael Mann <mmann78@netscape.net>
All cases of the "original" format_text have been handled to add the
proper wmem allocator scope. Remove the "original" format_text
and replace it with one that has a wmem allocator as a parameter.
Change-Id: I278b93bcb4a17ff396413b75cd332f5fc2666719
Reviewed-on: https://code.wireshark.org/review/19884
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This allows for a wmem_allocator for users of format_text who want
it (dissectors for wmem_packet_scope()). This lessens the role of
current format_text functionality in hopes that it will eventually
be replaced.
Change-Id: I970557a65e32aa79634a3fcc654ab641b871178e
Reviewed-on: https://code.wireshark.org/review/19855
Reviewed-by: Michael Mann <mmann78@netscape.net>
Register all reassembly tables with a central unit, allowing the
central unit to have the callback that initializes and destroys
the reassembly tables, rather than have dissectors do it individually.
Change-Id: Ic92619c06fb5ba6f1c3012f613cae14982e101d4
Reviewed-on: https://code.wireshark.org/review/19834
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This can be used similarly to wmem_tree_new_autoreset for hash tables that need
reset after capture file change.
Change-Id: I3a2f0b0a0cad3eca46266523c594d3d7aac17489
Reviewed-on: https://code.wireshark.org/review/19794
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
Move "struct preference" into prefs.c, essentially creating a "private"
structure to handle preferences. The 2 motivating factors were:
1. Better memory management so that clients/users of API don't have to worry
about it.
2. Hide the ugliness of the union stuff and make it transparent to the API.
A few bugs related to preference <-> Decode As integration were fixed
while in the neighborhood.
Change-Id: I509b9a236235d066b139c98222b701475e0ed365
Reviewed-on: https://code.wireshark.org/review/19578
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Create pinos for all of the PPP protocols options and a dissector table to store
them all. Adapt a new version of dissect_ip_tcp_options, (now ppp_dissect_options)
that uses the dissector tables for name of options and dissection function.
Also standardize the dissectors for all protocols so that all include type and
length in the dissection.
Change-Id: I0033574e2831789040a1ce2857bf0e825d791cbe
Reviewed-on: https://code.wireshark.org/review/19656
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This emphasizes that there is no such thing as *the* routine to
construct a subset tvbuff; you need to choose one of
tvb_new_subset_remaining() (if you want a new tvbuff that contains
everything past a certain point in an existing tvbuff),
tvb_new_subset_length() (if you want a subset that contains everything
past a certain point, for some number of bytes, in an existing tvbuff),
and tvb_new_subset_length_caplen() (for all other cases).
Many of the calls to tvb_new_subset_length_caplen() should really be
calling one of the other routines; that's the next step. (This also
makes it easier to find the calls that need fixing.)
Change-Id: Ieb3d676d8cda535451c119487d7cd3b559221f2b
Reviewed-on: https://code.wireshark.org/review/19597
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This is for dissectors that need distinguishing names either for registering
multiple dissection functions in a single dissector table or for "internal"
dissectors whose just need a name associated with the dissection function.
Features like enable/disable are handled by the "parent" protocol.
This avoids clutter in the "official" protocol list.
Change-Id: I69e7d27d332ae85286f254e95e8d79920da7a9e2
Reviewed-on: https://code.wireshark.org/review/19464
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
We save a list of dissectors that are disabled through the Enabled Protocols
dialog. This is because we assume dissectors are enabled by default.
For dissectors that are disabled by default, we have no way to keep them
enabled through the Enabled Protocols dialog. A dissector that defaults
to being disabled has to be reset to enabled each time Wireshark is launched.
Add a list similar to the disabled list for enabling dissectors that are
disabled by default.
This mostly applies to post-dissectors.
Change-Id: I31a8d97a9fdbc472fe2a8666384e0f8786bb8e9f
Reviewed-on: https://code.wireshark.org/review/19405
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Many proto_item_append_text calls were just adding a unit string to a field.
There's a better way to do that now.
Change-Id: Id18d5ac1ea4d8ecdc4cbe7ebaec07fbd2eab6e78
Reviewed-on: https://code.wireshark.org/review/19289
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
proto_tree_add_uint_format_value had the most use of unit strings, this
patch handles all of the other proto_tree_add_xxx_format_value calls that
could be better served using BASE_UNIT_STRING with a "unit string" in hf_ field.
Added more "common" unit string values to unit_strings.[ch]
Change-Id: I0fb680be781e10037eb7bd40dd21a9ee20c1fb1c
Reviewed-on: https://code.wireshark.org/review/19288
Reviewed-by: Michael Mann <mmann78@netscape.net>
Several calls to proto_tree_add_uint_format_value could be better served
using BASE_UNIT_STRING with a "unit string" in hf_ field. There also
a few cases where proto_tree_add_uint_format_value could just be
proto_tree_add_uint.
Added a few more "common" unit string values to unit_strings.[ch]
Change-Id: Iaedff82c515269c9c31ab9100dff19f5563c932d
Reviewed-on: https://code.wireshark.org/review/19242
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Several calls to proto_tree_add_[float|double]_xxx could be better served
using BASE_UNIT_STRING with a "unit string" in hf_ field.
Added a few more "common" unit string values to unit_strings.[ch]
Change-Id: Id0da7b579403898d20c2667d6c4abcd59d5a48d4
Reviewed-on: https://code.wireshark.org/review/19241
Reviewed-by: Michael Mann <mmann78@netscape.net>
This was inspired by the https://www.wireshark.org/lists/wireshark-dev/201505/msg00029.html thread.
Used TCP and NTP dissectors as the guinea pig with sample use.
Documentation updates includes some unrelated cleanup just because it was noticed.
Change-Id: I59b26e1ca3b95e3473e4757f1759d7ad82976965
Reviewed-on: https://code.wireshark.org/review/19211
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Those routines can handle any single-byte character set whose characters
map to characters in the Basic Multilingual Plane; it could be used for
extended ASCII, but we have another routine for that, mapping only
characters with code points > 0x7f, so we just say "nonascii" rather
than "ebcdic".
Change-Id: I3d55b5d58e3e7ab08f3dfbfdb57a0301a30e71d4
Reviewed-on: https://code.wireshark.org/review/19214
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Remove symbols from plugins; they're not part of libwireshark.
Put all the get_rtd_ symbols together.
Add some new symbols.
Change-Id: I724ca7fd19ad083b7e05526a30974c23fa321e0b
Reviewed-on: https://code.wireshark.org/review/19060
Reviewed-by: Guy Harris <guy@alum.mit.edu>
A new "--export-object <protocol>,<destdir>" option is added to tshark.
This required refactoring Export Object behavior in all GUIs to give the
export object handling to the dissector, rather than the ui layer.
Included in the refactoring was fixing some serious memory leaks in Qt
Export Object dialog, crash due to memory scope issues in GTK Export
Object dialog, and addition sorting column feature in Qt dialog (set
up by creating a widget to manage the items that were previously
leaking memory)
Bug: 9319
Ping-Bug: 13174
Change-Id: I515d7662fa1f150f672b1476716f347ec27deb9b
Reviewed-on: https://code.wireshark.org/review/18927
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This allows dissectors to not need to know about the internal preference structure.
Change-Id: I1ae67248cd0b0132aefc225ea0a9befaf9afdde2
Reviewed-on: https://code.wireshark.org/review/18864
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Use the model from the 2.0 branch and earlier that only "tapped" the
follow data in a single location. This fixes duplicate data for
reassembled data and handles out-of-order packets.
Bug: 12855
Change-Id: I5268f13e3c08e9271acf026b859de693ad794c94
Reviewed-on: https://code.wireshark.org/review/18368
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Add support for defragmentation of fragments that use the defragmentation
scheme of PPP MP (RFC 1990). Instead of getting "sequence_number,
fragment_number, last" as in other protocols, PPP MP provides a single
sequence number that is effectively "seqnum + fragnum", though it provides
flags for both the first and last fragment of a reassembly.
See Appendix A of RFC 4623 (PWE3 Fragmentation and Reassembly) for a list
of protocols that use this style, including PPP MP (RFC 1990), PWE3 MPLS
(RFC 4385), L2TPv2 (RFC 2661), L2TPv3 (RFC 3931), ATM, and Frame Relay.
Also add support for the Multi-class Extension to Multilink PPP (RFC 2686),
which uses some of the previously reserved bits as classes that distinguish
otherwise identical sequence numbers.
Bug: 12548
Change-Id: Ic2ce3c50e61ab2eb50e4d92fd353ca4d2a48fe18
Reviewed-on: https://code.wireshark.org/review/16327
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Mirror it after protocol dissector API.
Change-Id: I7985bcfa9e07654c7cf005efec94efc205d7a304
Reviewed-on: https://code.wireshark.org/review/18496
Reviewed-by: Michael Mann <mmann78@netscape.net>
Will now show country and operator
Change-Id: Ic16623c226228ab0c3e31d33cda81953c80551d6
Reviewed-on: https://code.wireshark.org/review/18512
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I75c0165948325c2e50918706d8a821411761727b
Signed-off-by: Francesco Fondelli <francesco.fondelli@gmail.com>
Reviewed-on: https://code.wireshark.org/review/17734
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This patch introduces new APIs to allow dissectors to have a preference for
a (TCP) port, but the underlying data is actually part of Decode As functionality.
For now the APIs are intentionally separate from the regular APIs that register a
dissector within a dissector table. It may be possible to eventually combine the
two so that all dissectors that register with a dissector table have an opportunity
to "automatically" have a preference to adjust the "table value" through the
preferences dialog.
The tcp.port dissector table was used as the guinea pig. This will eventually be
expanded to other dissector tables as well (most notably UDP ports). Some
dissectors that "shared" a TCP/UDP port preference were also converted. It also
removed the need for some preference callback functions (mostly when the callback
function was the proto_reg_handoff function) so there is cleanup around that.
Dissectors that has a port preference whose default was 0 were switched to using
the dissector_add_for_decode_as_with_preference API rather than dissector_add_uint_with_preference
Also added comments for TCP ports used that aren't IANA registered.
Change-Id: I99604f95d426ad345f4b494598d94178b886eb67
Reviewed-on: https://code.wireshark.org/review/17724
Reviewed-by: Michael Mann <mmann78@netscape.net>
This should make drag-and-drop support (reordering) in Qt easier. It
also ensures that memcpy is used as fallback if copy_cb does not exist.
Change-Id: Iefe358890c49dcda4727054f7a2cee05614a36f6
Reviewed-on: https://code.wireshark.org/review/17992
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
These APIs can insert or remove a single value into a range structure.
Adding a value may extend an existing range or create a new one.
Removing a value may remove a range item.
Change-Id: Ia6995ecf7760aca1fb7fd9b4c53972298a57675f
Reviewed-on: https://code.wireshark.org/review/17836
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add an FT_CHAR type, which is like FT_UINT8 except that the value is
displayed as a C-style character constant.
Allow use of C-style character constants in filter expressions; they can
be used in comparisons with all integral types, and in "contains"
operators.
Use that type for some fields that appear (based on the way they're
displayed, or on the use of C-style character constants in their
value_string tables) to be 1-byte characters rather than 8-bit numbers.
Change-Id: I39a9f0dda0bd7f4fa02a9ca8373216206f4d7135
Reviewed-on: https://code.wireshark.org/review/17787
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have all dissector tables have a "supports Decode As" flag, which
defaults to FALSE, and which is set to TRUE if a register_decode_as()
refers to it.
When adding a dissector to a dissector table with a given key, only add
it for Decode As if the dissector table supports it.
For non-FT_STRING dissector tables, always check for multiple entries
for the same protocol with different dissectors, and report an error if
we found them.
This means there's no need for the creator of a dissector table to
specify whether duplicates of that sort should be allowed - we always do
the check when registering something for "Decode As" (in a non-FT_STRING
dissector table), and just don't bother registering anything for "Decode
As" if the dissector table doesn't support "Decode As", so there's no
check done for those dissector tables.
Change-Id: I4a1fdea3bddc2af27a65cfbca23edc99b26c0eed
Reviewed-on: https://code.wireshark.org/review/17402
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Some symbols are marked as appearing in 2.2 intentionally,
because they are cherry-picked to master-2.2.
Change-Id: Ia7807b3bddab0a069812f56c1be2eca8bf7d1cd4
Reviewed-on: https://code.wireshark.org/review/17232
Reviewed-by: Balint Reczey <balint@balintreczey.hu>
Petri-Dish: Balint Reczey <balint@balintreczey.hu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Iea69b5ef533b9b524a624b96bf82e178fd428ce9
Reviewed-on: https://code.wireshark.org/review/16934
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This allows for much easier anonymized captures for protocols running
atop TCP/UDP.
Added support for "TCP dissector data" tag within export PDU (34) so that
the tcpinfo struct that TCP dissector normally passes to its subdissectors
can be saved.
Change-Id: Icd63c049162332e5bcb2720159e5cf8aac893788
Reviewed-on: https://code.wireshark.org/review/16285
Reviewed-by: Michael Mann <mmann78@netscape.net>
This is an attempt to standardize display/handling of checksum fields for all dissectors.
The main target is for dissectors that do validation, but dissectors that just report the
checksum were also included just to make them easier to find in the future.
Bug: 10620
Bug: 12058
Ping-Bug: 8859
Change-Id: Ia8abd86e42eaf8ed50de6b173409e914b17993bf
Reviewed-on: https://code.wireshark.org/review/16380
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Rather than have a bitmask for each desired field, have a dissector
provide a list of structures that represent data that goes into
the PDU.
Change-Id: I125190cbaee489ebffb7d9f5d8bc6f3be2d06353
Reviewed-on: https://code.wireshark.org/review/16122
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
This will copy an address's "byte format" into a buffer. The original
intended design is for export_pdu functionality, which tries to do
this "manually" for many address types (and creates undesired dependencies)
The default functionality if a "byte format function" isn't provided
(currently the case for all address types) is a memcpy of the address
data. Providing "address to byte" functions to aid export PDU
functionality will be provided later.
Change-Id: I3703f9e617a8cef09165ad53a0f98c6372676b9b
Reviewed-on: https://code.wireshark.org/review/16070
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Ran across enough situations that proto_tree_add_bitmask_list couldn't
solve that it seemed necessary.
Change-Id: I6a540ac6efca76cae7c4571a84bb400538652784
Reviewed-on: https://code.wireshark.org/review/15880
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The formatting of the address type is determined by a preference in
packet-mtp3.c, so just make MTP3 register the address type.
Use address_type_get_by_name in other dissectors (and export_pdu)
to use the address type.
Change-Id: Ifb32d7de27aeaa23cee8e803e25ffb3c905547b5
Reviewed-on: https://code.wireshark.org/review/15856
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This allows the decoupling of a dissector registering an address type
so it doesn't need to export the returned registered type.
Change-Id: I49c913d042e70bd4b7ea1e964ba9511bb27304f5
Reviewed-on: https://code.wireshark.org/review/15855
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ief8ca64391033e84fb37c6a55ec29d32d800920d
Reviewed-on: https://code.wireshark.org/review/15645
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
It requires some "extra work" to get it to work properly. Despite
documenting it, some previous use cases didn't do the extra work.
Let's just see how we get by without it.
Change-Id: I31dba1d5038d793085f6c9e4b4a6eda574e86872
Reviewed-on: https://code.wireshark.org/review/15610
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
rawshark shouldn't be converting FT_ and BASE_ values into strings on its own, there's a function for that.
Change-Id: Ib4ce1651ee130a03644b5de3ab471333444e19a9
Reviewed-on: https://code.wireshark.org/review/15341
Reviewed-by: Michael Mann <mmann78@netscape.net>
This saves many dissectors the need to find the data dissector and store a handle to it.
There were also some that were finding it, but not using it.
For others this was the only reason for their handoff function, so it could be eliminated.
Change-Id: I5d3f951ee1daa3d30c060d21bd12bbc881a8027b
Reviewed-on: https://code.wireshark.org/review/14530
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Dissector and heuristic tables now setup protocol dependencies.
"Manual" dependencies in separate patch.
Ping-Bug: 1402
Change-Id: I8da1239306de8676dcb05f8807914376816fc44f
Reviewed-on: https://code.wireshark.org/review/14447
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bluetooth Specifications specify properties of every characteristics
(read, write, indicate, notify, write without response, signed write etc.)
Check it and add expert info about invalid usage if detected use of wrong
opcode with the characteristic.
Change-Id: I98ad8280b9ee65b4015a021e732ea748cc9e7a83
Reviewed-on: https://code.wireshark.org/review/14313
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
OTS/OTP is the newset "profile" announced by Bluetooth SIG.
It name describe what it doing: Object Transfer Service/Profile,
so it is something like OPP.
While we are at this move some HID attributes to get right
order in switch-case.
Change-Id: I460963a422c7292b2cabf7e88f32dbd6e8d7051f
Reviewed-on: https://code.wireshark.org/review/13735
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
The proto tree is needed in several cases when using Lua field extractors,
because they fetch values from the tree. Without a valid field extractor
a Lua plugin may misbehave and display wrong column info.
This fixes column issues when:
- Calling resetColumns() in Qt. This involves adding a display filter,
change time display format, change name resolution and other changes
in UI which requires column updates.
- Print summary lines.
- Export as CSV and PSML.
Change-Id: Ieed6f8578cdf2759f1f836cd8413a4529b7bbd80
Reviewed-on: https://code.wireshark.org/review/13708
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It adds string-type fields to the protocol tree and returns the value of
the string.
Add the new bitmask-adding routines to the Debian symbol list while
we're at it.
Change-Id: Idaeec44c9cd373588cadce85010f3eaf1f3febb5
Reviewed-on: https://code.wireshark.org/review/13657
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Create a "registration" system for Follow functionality so most of the work can be abstracted into a dissector and GUI can just be responsible for "display".
This also removes the global variables in follow.c to open up multithreading possibilities.
TCP, UDP and HTTP all have the same "tap interface" for Follow functionality (passing a tvb with byte data to "follow"). SSL still has it's own behavior, so Follow structures have to take that into account.
TShark through the Follow registration now has support for HTTP.
The only thing possibly missing is dynamic menu generation to further reduce explicit knowledge of Follow "type" (and rely on registration)
Bug: 11988
Change-Id: I559d9ee1312406ad0986d4dce9fa67ea2103b339
Reviewed-on: https://code.wireshark.org/review/13161
Reviewed-by: Michael Mann <mmann78@netscape.net>
proto_item_get_len() is *not* guaranteed to return a correct value.
Even if there's a non-null tree item, it might be pointing to a "faked"
item; it really shouldn't be used.
So add proto_tree_add_item_ret_length() and
proto_tree_add_item_new_ret_length(), which calculate the real length
themselves and return it through a pointer.
Fix as many places as we straightforwardly can to use them rather than
to use proto_item_get_len(). (There's a Lua API for
proto_item_get_len(), so we keep it around, but we should add Lua APIs
for the new routines, and deprecate the old API.)
Fix ptvcursor_add() to do the same thing that
proto_tree_add_item_ret_length() and
proto_tree_add_item_new_ret_length() do.
Split the TRY_TO_FAKE_THIS_ITEM macros into a macro to check for the
tree being null and to try to fake the item. We don't always use the
former macro, as we might need to do more than just return NULL if the
incoming tree is null (for example, calculating the item's real length
and using it...).
new_field_info() never returns NULL; remove checks for it. The check
for a null tree is done before the calls to new_field_info().
Change-Id: I002a218d1f810c73e0de837e0ac6ebcde21bacec
Reviewed-on: https://code.wireshark.org/review/13139
Reviewed-by: Guy Harris <guy@alum.mit.edu>
[KISS - Keep It Simple, Stupid]
Convert the Follow TCP functionality to use a tap from the TCP dissector that passes the tvb of the payload. This makes things A LOT simpler, but relies on the TCP dissector to make all decisions.
The "tap" logic passes tvb data
1. Before calls to process_tcp_payload
2. Before hf_tcp_segment_data fields (that aren't retransmissions or otherwise handled)
Follow up patches will be necessary to clean up all of the supporting "follow" functionality that is now useless.
Bug: 6925
Bug: 9780
Change-Id: I4e7f5d453519be839de39a109bafa899b9987139
Reviewed-on: https://code.wireshark.org/review/13038
Reviewed-by: Michael Mann <mmann78@netscape.net>
Instead, prime the epan_dissect_t's tree to look for rtp.ssrc, and
extract that value with proto_get_finfo_ptr_array().
Also, have the filter used to check whether the packet is a candidate
for RTP analysis to check for RTPv2 (and add a check for IPv4 or IPv6
back to the Qt version), and get rid of an unnecessary extra level of
indirection for that string.
In the Qt version, if findStreams() set the error string, don't
overwrite it with a "No streams found." indication, and fix error
handling for the "filter didn't compile" case.
Change-Id: I09d0ea37ccd4806d99e3b6394f2a8a376e974705
Reviewed-on: https://code.wireshark.org/review/13045
Reviewed-by: Guy Harris <guy@alum.mit.edu>
remove redundant HT MCS/rate table. Preparation for duration calculations
that will use this data as well.
Change-Id: Iee4fb2eefb00eaa53a6368eca4ed60f705ff49df
Reviewed-on: https://code.wireshark.org/review/12856
Reviewed-by: Michael Mann <mmann78@netscape.net>
GTK already has it, but Qt forgot about it, so multi-field custom column
works ok if previously saved in GTK-shark. Invalid validation prevent from
modifying and saving multi-field custom column in Qt version.
While at it, rename "custom field" to "custom fields" to ensure
we think about multi-field custom column.
Change-Id: I99588150ccb38be11b75f5dd5b0f6443e7055ebb
Reviewed-on: https://code.wireshark.org/review/12685
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Capture dissectors could be architected like dissection dissectors, with tables and subtables and possibly using tvbs to pass there data instead of raw byte arrays. This is a first step towards that by refactoring capture_info_packet() to work off of a "capture dissector table"
Registering the capture dissection functions instead of calling them directly also clears up a bunch of dissector header files who sole purpose was providing the capture dissection function definition.
Change-Id: I10e9b79e061f32d2572f009823601d4f048d37aa
Reviewed-on: https://code.wireshark.org/review/12581
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Most of the deregister functions are used internally from Lua
while reloading plugins. Don't export them for others to use.
Change-Id: I919dbfa807f696c38d409ca7206104a0fba1ae65
Reviewed-on: https://code.wireshark.org/review/12508
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
This includes:
1. new_create_dissector_handle -> create_dissector_handle
2. new_register_dissector -> register_dissector
3. new_register_ber_oid_dissector -> register_ber_oid_dissector
4. new_register_ber_syntax_dissector -> register_ber_syntax_dissector
Also remove PDU_NEW, SYNTAX_NEW and REGISTER_NEW as there is no need for the distinction anymore.
Change-Id: I82c7de7c8ffeeab3259d1b55bb4afc5f6a1e0329
Reviewed-on: https://code.wireshark.org/review/12491
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
with new_ to plain function names without changing all at the same time.
Change-Id: I52682996704ff2472c9830bb62fda2a3cbef6589
Reviewed-on: https://code.wireshark.org/review/12401
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Both old and new style API existed, just remove the "old" one.
Change-Id: If725e778a0ecad5a431d634ed5c4856b4a281013
Reviewed-on: https://code.wireshark.org/review/12107
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Most of it wasn't used in current Wireshark source anyway.
Change-Id: If395e4e940adc76a2701d226ba4f7c9b17cb795d
Reviewed-on: https://code.wireshark.org/review/12108
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
new_register_dissector will eventually take its place, but that search/replace should be done when all "old style" APIs have been removed.
Change-Id: Ic3fdec67d5761fd72beeca7355f9de617562bb77
Reviewed-on: https://code.wireshark.org/review/12095
Reviewed-by: Michael Mann <mmann78@netscape.net>
Added get_column_tooltip() to use common code in GTK and Qt.
Change-Id: I2f6ce95e2e129752bbb958a28aec6f42aa81be3d
Reviewed-on: https://code.wireshark.org/review/12047
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Check if description (protocol name) and short_name are used before
registering the protocol. This because proto_register_protocol() makes
sure there's not already a protocol with any of the names registered
and duplicates will be reported with a g_error() which terminates the
Wireshark unexpectedly.
Also check if short_name contains valid characters.
Give appropriate error messages.
Bug: 11739
Change-Id: Ib9776a2a3406ae5278ce744defd61864ebed0282
Reviewed-on: https://code.wireshark.org/review/11995
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Some vendors use UUID128 as own services/attributes.
Sometimes they use UUID16 for it too. Support both cases.
Change-Id: I001692b94fcc2f86eafa81012790e9134b0f2a36
Reviewed-on: https://code.wireshark.org/review/11976
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Having a single function call to format source-destination port column info serves the
current (and presently only) use case better by having a single place to manage the
display format.
This commit does not introduce any actual formatting changes.
Change-Id: I1d479d0fd5690d12afb47e538057fdc2dd369ca2
Reviewed-on: https://code.wireshark.org/review/11539
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Since ssl_dissector_[add|delete] only take TCP dissectors, remove the parameter and just use it within the "internal" ssl_association_add call.
Change-Id: I0fdf941389934c20cbacf910250e17520614e706
Reviewed-on: https://code.wireshark.org/review/11591
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This is hopefully just the first step in getting DCE/RPC dissection to use "standard" APIs instead of homegrown ones.
For starters, it allows Decode As functionality to be less hacky (although incomplete in Qt)
Change-Id: Ia0923a3d8d514ab7acce32e26ee7e08f6e24feca
Reviewed-on: https://code.wireshark.org/review/11468
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
In the GTK, there was "colorize" (via context menu using color_dissector_filter.{c,h}) or "not colorize" (via main menu using dissector_filters.{c,h}). In Qt, you have the option to colorize (via context menu using color_dissector_filter.{c,h}) or not colorize (via main menu using color_dissector_filter.{c,h}).
Combine all into "colorize" and convert GTK to use color_dissector_filter.{c,h} in the "not colorize" main menu like Qt.
Change-Id: Ib3ca1c822f5f66ab5b812632d808f7905b328483
Reviewed-on: https://code.wireshark.org/review/11263
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: If5897e8137f729503edf2cafb49b2ebeab4716ad
Reviewed-on: https://code.wireshark.org/review/10997
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Do not leak the key and SSID. Note that there are still some leaks in
the GTK UI related to get_wireshark_keys(), but I did not track them
down.
Caught by LeakSanitizer.
Change-Id: I639166e6ea457605d6ae0ebd58e56d7594a7b7db
Reviewed-on: https://code.wireshark.org/review/10860
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Its time has finally come.
Technically I just renamed it to proto_tree_add_text_internal and removed the WS_DLL_PUBLIC (so it shouldn't link outside of epan). It's still (legitimately) used by expert.c otherwise I would have made it static within proto.c (and the rename wouldn't have been necessary).
Change-Id: I9bdf888d5e92bc7b70a3f5461b9297a66d994b80
Reviewed-on: https://code.wireshark.org/review/10594
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
This is further encouragement to not try to manually create a bitstring while formatting a field.
Change-Id: I4efbeb39a210cf1fd26203cd8560859276b333b0
Reviewed-on: https://code.wireshark.org/review/10494
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This is intended for use in expert_add_info_format or proto_tree_add_expert_format to get the "base" string to then append additional information, but I'm sure other uses can be found.
Similar to some of the proto_get_xxx APIs, but still only "create as needed".
Change-Id: Ib76e6ed557c2ae41e0a40957a9efa4bf485909da
Reviewed-on: https://code.wireshark.org/review/10420
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It works similar to tcp_dissect_pdus, but only works on a single packet. Intended for protocols that go over TCP and UDP so that they can have a common dissection function.
Will of course, also work on UDP-only protocols with a fixed length header and size.
Used DNP3 as a guinea pig since "multiple PDU support" over UDP was just added.
Change-Id: Ib7af8eaf7102c96b4f8b5c1b891ae2d8f0886f9d
Reviewed-on: https://code.wireshark.org/review/10083
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This is initial support for reloading Lua plugins without
restarting the application.
Still todo:
- Deregister FileHandlers
- Support deregister ProtoField with existing abbrev (same_name_hfinfo)
- Add a progress dialog when reloading many plugins
- Search for memory leakages in wslua functions
Change-Id: I48870d8741251705ca15ffe1068613fcb0cb18c1
Reviewed-on: https://code.wireshark.org/review/5028
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
As it turns out we *do* need to free table elements. We also need to
free the tables themselves and clear the table array. Do so.
Change-Id: Ic1c81388eac8f47f74caea0169c79685a83aaff9
Reviewed-on: https://code.wireshark.org/review/9901
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Move the boolean flag for using captured DNS packet info for name resolution
to the Name Resolution preferences settings, as it was rather surprising to
disable Name Resolution preferences and still have names being resolved. Also
disble them all if the '-n' command line switch is used, and re-enable it for
a 'd' character in the '-N' option.
Bug: 10337
Change-Id: Ie4d47bab0100db3360cc447cd3e446b2e39aa917
Reviewed-on: https://code.wireshark.org/review/9786
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
This allows for a global place to enable/disable all heuristic dissectors. This removes the need for individual dissector preferences, but those will be removed at a later date. The more important part is the epan code to save/restore the enabled state of the heuristic dissector. The GTK dialog was more for quickly testing the feature (there was already some GTK code in place that started the heuristic dialog tab)
Change-Id: Ie10687505c27a4456c49d5c4c69a5fc5f6394275
Ping-Bug:11152
Reviewed-on: https://code.wireshark.org/review/9508
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Currently reassembly tables are not freed on shutdown. This makes
memleak debugging more difficult due to noise. Support cleanup
routines that can do smarter things.
After this change, "init" routines are not called anymore when
closing files. Further changes should split init routines to
cleanup routines as needed.
Change-Id: Ib0b2cef6dd9c16905259063ac2c2fdfb7e066be6
Reviewed-on: https://code.wireshark.org/review/9135
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ib6e5a48fa0b0802c920e68d3dc7d62362818d36b
Reviewed-on: https://code.wireshark.org/review/9465
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add the wireless toolbar to the Qt UI.
Start adding AirPcap support to ui/80211_utils. Add FCS validation
routines to ws80211_utils.
Move a bunch of AirPcap routines that require epan from caputils to
ui/gtk. They were required for driver key management, which we'll
leave to the AirPcap Control Panel in the Qt UI.
Move frequency-utils to wsutil.
Change-Id: I44446758046621d183f5c2ba9f6526bf01e084f1
Reviewed-on: https://code.wireshark.org/review/8910
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Please found it under Bluetooth menu. It shows all devices found
in logs, not only connected, all that its address can be found in
logs. Show if device is local (in most cases: capturing on it side)
and manufacturer and LMP version what should answer the question what
version of Bluetooth is used by Bluetooth device chip.
Also firmware version.
Change-Id: I32e3b7100cdebcaa850b6541de0ab89dff41c0e1
Reviewed-on: https://code.wireshark.org/review/8901
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Tested-by: Michal Labedzki <michal.labedzki@tieto.com>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Add proto_tree_add_bitmask_value, proto_tree_add_bitmask_value_with_flags and proto_tree_add_bitmask_list to aid in the removal of proto_tree_add_boolean "groupings" as well as "groups" of fields that use proto_tree_add_item with the same offset/len.
This may be able to be optimized later, but the first step will be converting dissectors to use it. A sample conversion of each API is also included.
Change-Id: I53febc7450ad632482f82615a7fa62174f8472c9
Reviewed-on: https://code.wireshark.org/review/8038
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I4ec48067e9ca2cbe88e1cf2e6c9dc1e382379221
Reviewed-on: https://code.wireshark.org/review/7767
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
works as proto_tree_add_item(), but also returns the value of (u)ints
of 8,16,24 and 32 bits length in a 32 bit variable. It's based on Hadriels
previous work.
Change-Id: If3b4b8588b63251f1ee9b954a202acde7c02ce86
Reviewed-on: https://code.wireshark.org/review/7230
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This "encourages" (forces) dissectors to use the bitmask field of the header_field_info structure to get "bitmask formatting" of a field.
other_decode_bitfield_value should be treated the same (eventually eliminated), but there are still replacements to be made in the dissectors.
Change-Id: I8a0d829c3fef2d5e5a588667a259e231bca559e6
Reviewed-on: https://code.wireshark.org/review/7736
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This allows for exporting the SSL session keys for captures which were
decrypted using a RSA certificate, but where the server does not support
session resumption.
To avoid frequent reallocations, the expected length is used as initial
string size.
Tested against a nginx server with ssl_session_cache off.
Note that all keys loaded via ssl.keylog_file are exported, not just the
displayed ones!
Change-Id: Ie3a93d3692885502f46442953fa53303d16672d7
Reviewed-on: https://code.wireshark.org/review/7175
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This is mostly to reduce tvb_get_ptr calls that were used to pass into get_ether_name.
Some optimizations were made to packet-ieee80211.c in the process of conversion.
Change-Id: I81d3c65d4c09a15237fc287c2e989eb6e6936b1f
Reviewed-on: https://code.wireshark.org/review/7492
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Convert dissectors to using the API where appropriate.
Change-Id: I059582f73a75635d4a0338d02d4c4b212162480b
Reviewed-on: https://code.wireshark.org/review/7296
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Move filter_expression_nuke from ui/gtk to epan and rename it to
filter_expression_free. Call it in prefs_reset along with the other
preference reset routines.
This keeps the Qt filter toolbar from filling up with duplicate
expressions when the profile changes.
Change-Id: I9fae9a7b48944079ea342a126979d9e79af0d22b
Reviewed-on: https://code.wireshark.org/review/7281
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Add address_with_resolution_to_str API that returns address string + name resolution in the format %s (%s), first string is resolved name (if available) and second string is raw address string.
Convert AT_FCWWN to using proper name resolution format
First use of address_with_resolution_to_str with field types in proto.c
Change-Id: I2ae77c29a4ffc30bb919fbec00f06629830898c2
Reviewed-on: https://code.wireshark.org/review/7196
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Model get_manuf_name after get_ether_name so that a string (either name resolved or colon-separated bytes) is always stored in a hash table. This will make name resolution of addresses perform a little better because it doesn't have to worry about the wmem_allocator.
Change-Id: If976fe7b0c3f9cd053225096c2ac05418f061af6
Reviewed-on: https://code.wireshark.org/review/7081
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
If the UAT file failed a field check, then the user_data pointer may be
empty. As a result uat_save() triggers an invalid write.
(Discovered while working with a dfilter_macros file having duplicate
names for bug 10957, caught by ASAN.)
The second issue fixed in this patch is that the validity of an item is
only calculated when a new record is added. So even if the user edits
the UAT and makes the entry valid, it would not be saved. This is solved
by adding a new uat_update_record() function which got wires up into GTK
and Qt.
Some open-coded g_array_index and UAT[_USER]_INDEX_PTR are also
converted.
Even after this patch, Qt has some issues with UAT handling. In
particular, it saves new, but empty/invalid, items. It also it does not
check individual fields when saving all fields (unlike Gtk). This patch
focused on getting Gtk fixed first so ignores those existing issues.
Change-Id: Ia35cfe9d2b793c65144ae7e29a1ed706b6668d99
Reviewed-on: https://code.wireshark.org/review/7120
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
One use in a GUI function isn't really enough to justify making the structure public.
Change-Id: Ic7dee275ba0a2bd4e19c06702a867417c5624c27
Reviewed-on: https://code.wireshark.org/review/7080
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change name from proto_tree_add_new_bytes to
proto_tree_add_bytes_with_length and other tweaks
pointed by Peter Wu.
Change-Id: I6058c28a74a154e2882e4eb04558bedcede6f508
Reviewed-on: https://code.wireshark.org/review/7039
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Model get_manuf_name after get_ether_name so that a string (either name resolved or colon-separated bytes) is always stored in a hash table. This will make name resolution of addresses perform a little better because it doesn't have to work about the wmem_allocator.
Change-Id: I80f465ae0845290255a659ab63310ac3cc35506e
Reviewed-on: https://code.wireshark.org/review/7075
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
One use in a GUI function isn't really enough to justify making the structure public.
Change-Id: I6d70b9bacbc0fa1898150f59c0c69779a6cd5d51
Reviewed-on: https://code.wireshark.org/review/7074
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This combines the SSE4.2 instructions usage, with pre-compiled
pattern searching usage, for a faster pbrk search method.
Testing against large files of HTTP and SIP, there is about
a 5% performance improvement by using pre-"compiled" patterns
for guint8_pbrk() instead of passing it the search string and
having it build the match array every time.
Similar to regular expressions, "compiling" the pattern match array
in advance only once and using the "compiled" patterns for
the searches is faster than compiling it every time.
Change-Id: Ifcbc14a6c93f32d15663a10d974bacdca5119a8e
Ping-Bug: 10798
Reviewed-on: https://code.wireshark.org/review/6990
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It is a GUI+QT feature that introduce Bluetooth menu and
"ATT Server Attributes" that present all handle+UUID pairs
as table. User may copy cell value, row, selected rows or whole
table within header. On activate user will go to packet that
introduce UUID for specified handle.
Change-Id: If17e53aff5feb89ededc740a595ba5882b90be5e
Reviewed-on: https://code.wireshark.org/review/6911
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Change-Id: Iddd1200e62bf3200cb1a68408378dd9d47120b77
Reviewed-on: https://code.wireshark.org/review/6939
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Evan Huus <eapache@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
These will be used to replace cases where packet-scope isn't valid for val_to_str/val_to_str_ext calls
Change-Id: Ie8a4c423a8608548c837c1ae7edde52c4d728340
Reviewed-on: https://code.wireshark.org/review/6880
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Also, remove some no-longer-existent functions from checkAPIs.pl.
Change-Id: I2bf11e3ec03a34f9e89d58d560e340d76fd3ddc1
Reviewed-on: https://code.wireshark.org/review/6645
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: Id336dc16f97a0973754993094aa637813c0ca31c
Reviewed-on: https://code.wireshark.org/review/6604
Reviewed-by: Michael Mann <mmann78@netscape.net>
Thanks to Michael's work, it is now totally unused.
Change-Id: I67b5f7c69535a08f96f449c36c429e2548f4ea11
Reviewed-on: https://code.wireshark.org/review/6505
Petri-Dish: Evan Huus <eapache@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
Change-Id: I4a803d83844d937804849b2ad3b067381c9b96d0
Reviewed-on: https://code.wireshark.org/review/6448
Petri-Dish: Evan Huus <eapache@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
It was only used by 1 dissector and that dissector can just use bitmasking in the hf_ field.
Change-Id: I99179356dd7cbfab0c7be1512357a7e4c0eecde6
Reviewed-on: https://code.wireshark.org/review/6390
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Adjust any other ep_ related APIs related to the transition.
Change-Id: I961b371c2c4bda557e0f1817705c27eef0dae66c
Reviewed-on: https://code.wireshark.org/review/6388
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I79c613cbdd8dc939dd4c29ebc477fb6eefd5bfc4
Reviewed-on: https://code.wireshark.org/review/6371
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I8aa7d7374db94685fd875cbf358c3bfbc83f3255
Reviewed-on: https://code.wireshark.org/review/6370
Reviewed-by: Michael Mann <mmann78@netscape.net>
Also change bytestring_to_str to match bytes_to_ep_str_punct functionality (limiting byte string size)
Change-Id: Idb958c7f0c203d103629469302b81fa922714f7e
Reviewed-on: https://code.wireshark.org/review/6369
Reviewed-by: Michael Mann <mmann78@netscape.net>
Use wmem equivalent bytestring_to_str
Change-Id: I1ec7509e3adb36ab0f65317459653cb3b4b11af8
Reviewed-on: https://code.wireshark.org/review/6368
Reviewed-by: Michael Mann <mmann78@netscape.net>
Michael Mann