Specifically:
- Set packet.h to be the first wireshark #include after
config.h and "system" #includes.
packet.h added as an #include in some cases when missing.
- Remove some #includes included (directly/indirectly) in
packet.h. E.g., glib.h.
(Done only for those files including packet.h).
- As needed, move "system" #includes to be after config.h and
before wireshark #includes.
- Rework various #include file specifications for consistency.
- Misc.
Change-Id: Ifaa1a14b50b69fbad38ea4838a49dfe595c54c95
Reviewed-on: https://code.wireshark.org/review/5923
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Bluetooth dissector is used to add ability to filter all bluetooth
payload from capture files (there are many transport like:
hci_h4, hci_h1, hci_usb, hci_mon, btle). Also it is used to placeholder for
all data tree used to store additional informations like bd_addrs, names, etc.
Finally it is used to be one point for Bluetooth
Endpoints/Conversation filtering what is enabled now.
Also add Master/Slave Role and Connection Mode tracking.
Change-Id: I67048080fb8ee16fa0f4ec429c1257de81ddd737
Reviewed-on: https://code.wireshark.org/review/5771
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Add support for missing direction flag in dlci.
Change-Id: I1429eb65374014e7b840bb31ca1d6f2ab1959160
Reviewed-on: https://code.wireshark.org/review/3766
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
There are two cases:
1. btl2cap -> btrfcomm -> btobex
2. btl2cap -> btobex
Case 2 is rare, so according to its name and to avoid confusion
I based on it.
Bug:10316
Change-Id: Ibeabeaf2f8376425460c56bad8fb980b460dd940
Reviewed-on: https://code.wireshark.org/review/3225
Reviewed-by: Evan Huus <eapache@gmail.com>
Hopefully that name makes it clear what the routiner's purpose is, and
will encourage people to use it rather than using dissector_add_uint()
with a bogus integer value.
Change-Id: Ic5be456d0ad40b176aab01712ab7b13aed5de2a8
Reviewed-on: https://code.wireshark.org/review/2483
Reviewed-by: Guy Harris <guy@alum.mit.edu>
tvb_new_subset -> tvb_new_subset_remaining it appears that's what the intention is.
Change-Id: I2334bbf3f10475b3c22391392fc8b6864454de2d
Reviewed-on: https://code.wireshark.org/review/1999
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Fix warnings and try to inform user about unknown values in
"Decode As".
Also use define instead of magic number for Unknown L2CAP CIDs.
Change-Id: Ie6f26a9e3330b84cef14bbf8861ffbdbdb789225
Reviewed-on: https://code.wireshark.org/review/1880
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Michal Labedzki <michal.labedzki@tieto.com>
It seems that RFCOMM service can be dynamically changed while
connection is still alive. In other words: host can connect to
remote device and set one RFCOMM service (remote service), but later
remote device can change service to one of host service without
any disconnection. This patch add support for this case.
Also improve searching for useful UUID service through SDP.
Change-Id: I9e03b9b965d6b0d9761b4a451cdeb4a1a33ca017
Reviewed-on: https://code.wireshark.org/review/808
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The majority of the fixes are for calls to uat_new(). Instead of
having each caller cast its private data to (void**), we use void*
in the uat_new() API itself. Inside uat_new(), we cast the void*
to void**.
Some dissectors use val64_string arrays, so a VALS64() macro was
added for those, to avoid using VALS(), which is useful only for
value_string arrays.
packet-mq.c was changed because dissect_nt_sid() requires
a char**, not a guint**. All other callers of dissect_nt_sid() use
char*'s (and take the address of it) for their local storage. So,
this was changed to follow the other practices.
A confusion between gint and absolute_time_display_e in packet-time.c
was cleared up.
The ugliest fix is the addition of ip6_guint8_to_str(), for exactly
one caller. The caller uses one type of ip6 address byte array,
while ip6_to_str() expects another. This new function is in place
until the various address implementations can be consolidated.
Add VALS64() to the developer documentation.
Change-Id: If93ff5c6c8c7cc3c9510d7fb78fa9108e4552805
Reviewed-on: https://code.wireshark.org/review/48
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
From Michal Labedzki
1. Bluetooth: Implement the rest of fields in Low Energy Link Layer dissector
2. Bluetooth: Merge all UUIDs together
3. Bluetooth: Extract LE Channel MAP to separate dissector
4. Ubertooth: Dissect CC2400 registers
svn path=/trunk/; revision=54700
Bluetooth: SCO: Add Source/Destination addresses
Bluetooth: HCRP: Use information from SDP to decoding PSM payload
From Michal Labedzki
svn path=/trunk/; revision=53816
From Michal Labedzki.
1. Bluetooth: HFP: Fix recognizing roles. There is need to check which side SDP record is, then it is possible to recognize roles.
2. Bluetooth: RFCOMM/HFP: Fix recognizing services and roles. Direction bit means only that device is initiator of connection or not. But need information who is owner of connection (remote device or localhost), so use this information from L2CAP.
3. Bluetooth: HFP: Fix unexpected expert info
4. Bluetooth: HCI: Set addresses to host/controller. Also optimize a little handing of dissectors handles.
svn path=/trunk/; revision=53628
I'm not sold on the name or module the proto_data functions live in, but I believe the function arguments are solid and gives us the most flexibility for the future. And search/replace of a function name is easy enough to do.
The big driving force for getting this in sooner rather than later is the saved memory on ethernet packets (and IP packets soon), that used to have file_scope() proto data when all it needed was packet_scope() data (technically packet_info->pool scoped), strictly for Decode As.
All dissectors that use p_add_proto_data() only for Decode As functionality have been converted to using packet_scope(). All other dissectors were converted to using file_scope() which was the original scope for "proto" data.
svn path=/trunk/; revision=53520
The basic idea behind this design is to have dissectors register with a "decode as list" with their name and dissector table. When "Decode As" dialog is launched, any "registered" dissector found in the packet will cause a tab to be created in the dialog.
This patch includes just the dissector portion of the functionality (minus packet-dcerpc.[ch] because it has hooks to the current GUI)
svn path=/trunk/; revision=53445
protocol IDs. This is substantially more efficient, which means we can build it
all the time rather than only if tree (in my benchmarks the extra time taken is
not large enough to be statistically significant even over tens of thousands of
packets).
This fixes what was probably a bug in btobex that relied on layer_names for
non-tree dissection. It also enables a much simpler fix for
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9303
svn path=/trunk/; revision=53089
- when the text parameter is constant col_add_str() and col_set_str() are equivalent but col_set_str() is faster.
- same for replace col_append_fstr and col_append_str
- remove col_clear() when it's redundant:
+ before a col_set/col_add if the dissector can't throw an exception.
- replace col_append() after a col_clear() with faster col_add... or col_set
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9344
svn path=/trunk/; revision=52948
Bluetooth protocols use items, so dissect it to improve filtering and better user experience - text object cannot be filterable or comparable.
From Michal Labedzki
svn path=/trunk/; revision=52863
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8824
Convert bluetooth emem trees to wmem trees.
Add modelines and fix indentation.
Correct typo in wmem_tree.h that still referred to emem.
svn path=/trunk/; revision=50076
It complains that service_info may be used uninitialized, but my manual analysis
agrees with GCC 4.7 that it can't, so just defaulting it to NULL will be fine.
svn path=/trunk/; revision=48663
Add basic support for Bluetooth GNSS profile. It uses NMEA-0183, but that is not
free, so all we can do is add filtering and displaying for ASCII content.
Also add colors for DUN, GNSS to show them in contrast to RFCOMM.
svn path=/trunk/; revision=48662
Be consistent in short name of protocols
Use prefix "BT " in short name for all Bluetooth dissectors. A reason
for that is protocol names start by "bt", Bluetooth dissectors can
be easy identificated, also DecodeBy looks better (sorted).
Please be note that "SDP" is reserved for different dissector, so using
"BT SDP" is good choice.
Also fix two naming mistakes.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8304
svn path=/trunk/; revision=48389
Bluetooth: Improve support of MAP, PBAP, BPP and BIP in OBEX
Add support for recognize profiles using OBEX (by "Target"), then add
all Application Parameters specific for MAP, PBAP, BPP, BIP.
Also fix one FIXME, so now dissecting by OBEX does not cause malformed
frames while jumping over dissected packets.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8304
svn path=/trunk/; revision=47632
Bluetooth: Improve internal Decode By Channel for RFCOMM
Use UAT to allow user to force set top dissector per channel.
Only first found dissection for specified channel is used,
the rest can be used as well-known protocol on channel, but not for
current logs. Also user can turn on/off this dissection by one-click
preference.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7639
svn path=/trunk/; revision=45037
HFP is moved from RFCOMM where named HF.
Then fix name to one used by SIG specification: HFP.
Next step is improve dissection of HFP by dissect
specific for this profile AT commands.
From Michal Labedzki on behalf of Tieto Corporation
Part of bug #7639
svn path=/trunk/; revision=44877
Bill Meier