A "new" statistics tap UI is a statistics tap UI where the statistics
are maintained as tables and common code handles the tables; what
matters is the tables, not that it's "new".
Change-Id: I7a0e63cfac98c24cd5e7dce973b9a0cc5b6a03ba
Reviewed-on: https://code.wireshark.org/review/12897
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: Ie39ef054a4a942687bd079f3a4d8c2cc55d5f22c
Reviewed-on: https://code.wireshark.org/review/12485
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Since ssl_dissector_[add|delete] only take TCP dissectors, remove the parameter and just use it within the "internal" ssl_association_add call.
Change-Id: I0fdf941389934c20cbacf910250e17520614e706
Reviewed-on: https://code.wireshark.org/review/11591
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The target here is the Decode As dialog where protocols have multiple registrations into a dissector table and that shows up as multiple entries in the Decode As dialog list with the same name so users are unsure which "dissector" they are choosing.
The "default" behavior (done in this commit) is to not allow duplicates for a dissector table, whether its part of Decode As or not. It's just ENFORCED for Decode As.
Bug: 3949
Change-Id: Ibe14fa61aaeca0881f9cc39b78799e314b5e8127
Reviewed-on: https://code.wireshark.org/review/11405
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
not work with multiple SIP packages in one frame.
Change-Id: Ie142aeea0c6ad28cfdd6206738a6f147094c479f
Reviewed-on: https://code.wireshark.org/review/11516
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I8bc9af431e70243b05f4f0ce8c2b8ee451383788
Reviewed-on: https://code.wireshark.org/review/11463
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
It looks like this one fell through the cracks because it dynamically
registered itself via register_tap_listener_gtksipstat and wasn't listed
in the "/Telephony/" path in main_menubar.c.
Ping-Bug: 11638
Change-Id: I4c82b36d204207c81e82a19efce98b6a091351ca
Reviewed-on: https://code.wireshark.org/review/11293
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Replace CMP_ADDRESS, COPY_ADDRESS, et al with their lower-case
equivalents in the asn1 and epan directories.
Change-Id: I4043b0931d4353d60cffbd829e30269eb8d08cf4
Reviewed-on: https://code.wireshark.org/review/11200
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
transported over SIP as described in RFC 3204, 3.2 QSIG Media Type.
Change-Id: Ida30a7b115e60fa64d30cfc1f4b7c11be724f8ee
Reviewed-on: https://code.wireshark.org/review/9479
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Otherwise it triggers a "packet size limited during capture" exception
preventing following heuristic dissectors to be called
Change-Id: Ifc97e84b4e40a1c7dc0b0c63b7b9e015bd99d178
Reviewed-on: https://code.wireshark.org/review/9774
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
The preferences are still supported for backwards compatibility, but the heuristic_protos file has final say on the "preference" to enable/disable a heuristic dissector.
Also add parameter to heur_dissector_add() for the "default" enable/disable of a heuristic dissector. With this parameter, a few more (presumably weak) heuristic dissectors have been "registered" but of course default to being disabled.
Change-Id: I51bebb2146ef3fbb8418d4f5c7f2cb2b58003a22
Reviewed-on: https://code.wireshark.org/review/9610
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This allows better presentation of heuristic dissectors to the end user.
Change-Id: I2ff3985ab914e83c2989880cc0c7b9904045b3f6
Reviewed-on: https://code.wireshark.org/review/9602
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This patch is partially automatically generated, but are modified
manually. In particular, assignments and function calls have been
audited.
Some debugging comments and ifdef'd prints have been removed. The
lookup tables of the dcm and sip dissectors are now cleared. It is only
called on reopening files anyway.
The isakmp dissector is modified to use g_hash_table_new_full for
destruction of its keys and values.
Fix a memleak in ipsec dissector when libgcrypt is not enabled.
Generated using
https://git.lekensteyn.nl/peter/wireshark-notes/diff/one-off/cleanup-rewrite.py?id=3c6128ee266024d164650955f93c7740484abd68
(with AUDIT = True).
Change-Id: I3fd910bdee663842ac0196334fe0189b67e251b0
Reviewed-on: https://code.wireshark.org/review/9225
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ib533bd2526c27cf5f1161616fcf52136e40c827a
Reviewed-on: https://code.wireshark.org/review/8484
Reviewed-by: Michael Mann <mmann78@netscape.net>
Routines that don't take a tvbuff as an argument shouldn't have tvb_ in
the name.
Change-Id: I3550256551e30b3f329cbbfca71ef27c727d29c0
Reviewed-on: https://code.wireshark.org/review/7302
Reviewed-by: Guy Harris <guy@alum.mit.edu>
There is no guarantee that a g_malloc'ed memory block will be aligned on a 128 bits boundary
Instead use a static variable definition (at the cost of exposing the HAVE_SSE4_2 compilation flag in ws_mempbrk.h)
Change-Id: I661bf479a9d458d64c96bafc940c519d29a4780b
Reviewed-on: https://code.wireshark.org/review/7070
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
This combines the SSE4.2 instructions usage, with pre-compiled
pattern searching usage, for a faster pbrk search method.
Testing against large files of HTTP and SIP, there is about
a 5% performance improvement by using pre-"compiled" patterns
for guint8_pbrk() instead of passing it the search string and
having it build the match array every time.
Similar to regular expressions, "compiling" the pattern match array
in advance only once and using the "compiled" patterns for
the searches is faster than compiling it every time.
Change-Id: Ifcbc14a6c93f32d15663a10d974bacdca5119a8e
Ping-Bug: 10798
Reviewed-on: https://code.wireshark.org/review/6990
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
if captured length < reported length, this will trigger an infinite loop
Change-Id: I6557b455e7bbff12658a934e5bb13a42c023e133
Reviewed-on: https://code.wireshark.org/review/7053
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Copy addresses with wmem-scope instead of (forced) seasonal scope. All existing instances were converted to wmem_file_scope, but the flexibility is there for other scopes.
Change-Id: I8e58837b9ef574ec7dd87e278470d7063ae8c1c2
Reviewed-on: https://code.wireshark.org/review/6564
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fifth batch (packet-rtp.c -> end).
Will look at cleaning up and committing script afterwards.
Change-Id: I8ed61dc941d98d3f7259a9d1f74e214eb7b4bfa2
Reviewed-on: https://code.wireshark.org/review/6052
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Specifically:
- Set packet.h to be the first wireshark #include after
config.h and "system" #includes.
packet.h added as an #include in some cases when missing.
- Remove some #includes included (directly/indirectly) in
packet.h. E.g., glib.h.
(Done only for those files including packet.h).
- As needed, move "system" #includes to be after config.h and
before wireshark #includes.
- Rework various #include file specifications for consistency.
- Misc.
Change-Id: Ifaa1a14b50b69fbad38ea4838a49dfe595c54c95
Reviewed-on: https://code.wireshark.org/review/5923
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Bill Meier <wmeier@newsguy.com>
This allows dissector lists to be looked up by name, so they can be
shared by multiple dissectors.
(This means that there's no "udplite" heuristic dissector list, but
there shouldn't be one - protocols can run atop UDP or UDPLite equally
well, and they share a port namespace and uint dissector table, so they
should share a heuristic dissector table as well.)
Change-Id: Ifb2d2c294938c06d348a159adea7a57db8d770a7
Reviewed-on: https://code.wireshark.org/review/5936
Reviewed-by: Guy Harris <guy@alum.mit.edu>
and continues trough the next segment(s).
Change-Id: I8efe69361fda0c60ec6544cc6bbe28c91f07207c
Reviewed-on: https://code.wireshark.org/review/5583
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I82cbfed770b41404bc42cb6a4413db07d04dffdc
Reviewed-on: https://code.wireshark.org/review/5462
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
They don't handle values outside the range -1 to 127, and their behavior
is locale-dependent. Use g_ascii_isXXX() and g_ascii_toXXX() instead of
isXXX() and toXXX().
If you're checking for printable ASCII, don't use isascii() and don't
use iscntrl(), use g_ascii_isprint(). If you're checking for graphical
ASCII, i.e. printable ASCII except for a space, use g_ascii_isgraph().
Use ws_xton() to convert a hex digit character to the corresponding
numeric value.
Change-Id: Id3039bc586fbf66d8736c2df248c790c0d7a2330
Reviewed-on: https://code.wireshark.org/review/4851
Reviewed-by: Guy Harris <guy@alum.mit.edu>
fixes the endless loop reported in
Bug: 10521
- Fix a typo.
Change-Id: I17b4a15e780d1d6122841a308348518063f82a59
Reviewed-on: https://code.wireshark.org/review/4467
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I8d66b1bc7dbdfee3d4bf6fd3b3c21c6323b66f44
Reviewed-on: https://code.wireshark.org/review/2946
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fetch header value, only when we need to parse it.
Change-Id: I3c170ef8ab03985c8111a1b84ac1afc87bc8b5ca
Reviewed-on: https://code.wireshark.org/review/2767
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use tvb_pbrk_guint8, tvb_find_guint8 when possible.
Change-Id: If8090d9b9b92146e9c216f139c056130d6b04e78
Reviewed-on: https://code.wireshark.org/review/2569
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Added dissection of the SIP Service-Route header.
Change-Id: Ic4523edb374ae03492af5853863dde501a0c30e0
Reviewed-on: https://code.wireshark.org/review/2721
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Profling SIP shows that gperf generated hashing code, is
3 times faster than using GHashTable & g_str_hash/_equal()
This result in about 1% improve of whole dissection (sip traffic with filter).
Change-Id: Id6bf64bacd872e2d1c30a1b6356db444b25ba326
Reviewed-on: https://code.wireshark.org/review/2116
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Don't manually fetch each character to find ',' use tvb_find_guint8()
Change-Id: I29711421469e868a86bf2edd7adf8dcc85ed26eb
Reviewed-on: https://code.wireshark.org/review/2446
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
- Combine tvb_find_guint8() for comma, semicolon into one tvb_pbrk_guint8()
- Instead of fetching each character use tvb_pbrk_guint8() to fast
forward.
- Remove not needed tvb_find_guint8() call, as the result is discarded.
Change-Id: I38d6775b187146656d47cea9b64f8e0ccad18d36
Reviewed-on: https://code.wireshark.org/review/2384
Reviewed-by: Anders Broman <a.broman58@gmail.com>
tvb_new_subset -> tvb_new_subset_remaining it appears that's what the intention is.
Change-Id: I2334bbf3f10475b3c22391392fc8b6864454de2d
Reviewed-on: https://code.wireshark.org/review/1999
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
sip dissector when filtering spends ~5% of Ir in tvb_format_text(),
avoid calling.
Change-Id: I1de8e970b300354c0536aead65178401f140f509
Reviewed-on: https://code.wireshark.org/review/1974
Reviewed-by: Anders Broman <a.broman58@gmail.com>