This adds val64_string_ext to parallel value_string_ext in the
same way that val64_string parallels value_string.
Change-Id: Iadbfc49f5a4540000ed92fd0469e8d273911e97e
Reviewed-on: https://code.wireshark.org/review/30385
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
A range string is passed as a table of tables, eg:
range_string = {
{ 0, 24, "Some string for values 0 to 24" },
{ 25, 25, "The string for value 25" },
{ 26, 255, "The string for the remainder" }
}
Included is a minimal Lua test for range strings and value strings
(which did not have one previously.) It will take more time than I
currently have to figure out how to do a more exhaustive test.
Also fixed some grammar issues in error messages along the way.
Change-Id: Ia9d1efc8adabb6528c4bdcf1624c9ede49e2fdc6
Reviewed-on: https://code.wireshark.org/review/30211
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Add the ability to specify maximum function counts for each group to
checkAPIs. Add maximum counts for the "termoutput" and "abort" groups
where needed. Show summaries in various checkAPI targets.
Switch uses of ws_g_warning back to plain g_warning.
Change-Id: I5cbddc8c671729e424eed8551f69116d16491976
Reviewed-on: https://code.wireshark.org/review/29721
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reset handled occurrences counter between each multi field custom
column to be able to handle configurations with occurrence set.
Change-Id: Iaa01da069b661ddbb2871370fcc9f9fde33041bb
Reviewed-on: https://code.wireshark.org/review/29427
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Only detect trailing string characters in FT_STRING, FT_STRINGZ and
FT_STRINGZPAD, and when ENC_ASCII or ENC_UTF_8 (for now).
Support for checking other encodings can be added later.
Bug: 15105
Change-Id: Ib7b61f65e4f99f85998937e843ad5312c6b03a28
Reviewed-on: https://code.wireshark.org/review/29411
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Add support for aliasing one protocol name to another and for filtering
using aliased fields. Mark aliased fields as deprecated.
Rename the BOOTP dissector to DHCP and alias "bootp" to "dhcp". This
lets you use both "dhcp.type" and "bootp.type" as display filter fields
without having to duplicate all 500+ DHCP/BOOTP fields.
To do:
- Add checks to proto.c:check_valid_filter_name_or_fail?
- Transition SSL to TLS.
- Rename packet-bootp.c to packet-dhcp.c?
Change-Id: I29977859995e8347d80b8e83f1618db441b10279
Ping-Bug: 14922
Reviewed-on: https://code.wireshark.org/review/29327
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Trailing stray characters will not show up in the packet tree item
when the string is correctly null terminated. This expert info
will indicate when this occurs, typically from wrongly implemented
protocol encoders.
This will warn about cases like:
tvb = "foo\0bar"
proto_tree_add_item(..., tvb, 0, 7, ...)
Change-Id: I66b9d3ba7bb3e45f1f6e492fa6916b29c9ee9ca4
Reviewed-on: https://code.wireshark.org/review/29310
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We are exporting a registration function from libwireshark just
to have it passed back as a callback. Seems unnecessary.
Change-Id: I7621005c9be11691d319102326824c5e3520a6f3
Reviewed-on: https://code.wireshark.org/review/29328
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
Required to pass the test suite.
28: Process output for suite_unittests.case_unittests.test_unit_fieldcount:
28: -- Begin stdout for command ('run/tshark', '-G', 'fieldcount') --
28: There are 205013 header fields registered, of which:
28: 0 are deregistered
28: 2468 are protocols
28: 15147 have the same name as another field
28:
28: 205000 fields were pre-allocated.
28: * * Please increase PROTO_PRE_ALLOC_HF_FIELDS_MEM (in epan/proto.c)! * *
28:
28: The header field table consumes 1609 KiB of memory.
28: The fields themselves consume 14414 KiB of memory.
28: -- End stdout for command ('run/tshark', '-G', 'fieldcount') --
28: -- Begin stderr for command ('run/tshark', '-G', 'fieldcount') --
28: -- End stderr for command ('run/tshark', '-G', 'fieldcount') --
28/29 Test #28: suite_unittests .....................***Failed 12.72 sec
Change-Id: I694ed42dbd5bef99df9d2037d505d71901afd2dd
Reviewed-on: https://code.wireshark.org/review/29209
Reviewed-by: João Valverde <j@v6e.pt>
Let's make the function accept FT_UINT40, FT_UINT48 and FT_UINT56 types.
Ping-Bug: 15050
Change-Id: I35440a7c0b9cbf25bd8d903c425b6026d6a987f0
Reviewed-on: https://code.wireshark.org/review/29044
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Other routines that fetch values and can report a type/length error
without throwing an exception return a value, even if it's not the
appropriate value (as there is no appropriate value); make
get_time_value() do the same.
Ideally, we'd mark the protocol tree item, and the value, as being
invalid, and treat invalid values specially, but that's a bigger change
that would involve significantly more mucking about in the innards of
epan/proto.c as well as in code that looks at the protocol tree and at
field values, as well as deciding what the appropriate thing to do is
with a field with no value when, for example, -T {fields,pdml,json,ek,etc.}
is used.
Bug: 14957
Change-Id: Iab91198e560f52809d989cfce8b51b1b027cff73
Reviewed-on: https://code.wireshark.org/review/28722
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add ENC_TIME_SECS_NSECS and ENC_TIME_SECS_USECS; they make it more
explicit (especially to those not familiar with UN*X data types) what
the representation is, allow for ENC_TIME_SECS_MSECS etc. if they're
needed, and match names such as ENC_TIME_SECS and ENC_TIME_MSECS.
Change-Id: I6ab36fb4da70563587141cd65ffff8523477b0c4
Reviewed-on: https://code.wireshark.org/review/28564
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add support for 8-byte-seconds/8-byte-nanoseconds and 8-byte-seconds/
4-byte-nanoseconds time values. Use them in the 9P dissector, with
proto_tree_add_item().
Only do the length validity checking for time values in
get_time_value().
Change-Id: I0f1d791d7aa503093a491d2c33300bd55ca7866e
Reviewed-on: https://code.wireshark.org/review/28560
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Throw an exception if they don't correspond to data available in the
packet - and do so even if the protocol tree argument is null, so that
we catch very long strings that could cause the offset to overflow.
Ask why we try to handle a null pointer passed as the string argument,
while we're at it.
Bug: 14738
Change-Id: I2fa79ad0dcd1f41608844a573e045197ac60aa62
Reviewed-on: https://code.wireshark.org/review/28179
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Put routine to free all dynamically registered header fields in the
UAT reset callback to avoid ASAN report for memory leaks on exit.
Handle duplicated entries without leaking memory.
Call proto_free_deregistered_fields() in proto_cleanup() and move
this after prefs_cleanup() to free the memory used in UATs.
Change-Id: I96545177b5b23b9c20ad8e7751a0d5621c9ca10f
Reviewed-on: https://code.wireshark.org/review/27907
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
That could help find the problem if all we have is the error message, as
it'd at least indicate where the problem is occurring.
Change-Id: I01154ff62088a4b710c131cb153e8e4593ebc3b2
Reviewed-on: https://code.wireshark.org/review/27878
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That way, if the attempt to create the protocol tvbuff throws an
exception, we won't leak the protocol representation string, as we won't
even try to allocate it.
Bug: 14719
Change-Id: Id2855bc97e71aa0682737d1a04486a2a01f5f1e6
Reviewed-on: https://code.wireshark.org/review/27730
Reviewed-by: Guy Harris <guy@alum.mit.edu>
According to RFC2030, chapter 3.
If bit 0 is set, the UTC time is in the range 1968-2036 and
UTC time is reckoned from 0h 0m 0s UTC on 1 January 1900.
If bit 0 is not set, the time is in the range 2036-2104 and
UTC time is reckoned from 6h 28m 16s UTC on 7 February 2036.
Change-Id: I9cf25449a1cb3c12d5514e3c7820a204525589d6
Reviewed-on: https://code.wireshark.org/review/27553
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Like the proto_item_set_XXX functions, check proto_item pointer validity
before using it. It can be NULL on first pass for example.
Bug: 14703
Change-Id: I94957e0738d66f99793682dc0ea1c7c0a65ceecd
Reviewed-on: https://code.wireshark.org/review/27629
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
g_ptr_array_free(a, FALSE) returns "a->pdata". Callers that do not
handle this will leak memory (e.g. "tshark -G plugins"). Convert other
users to use the return value instead of direct access to "a->pdata".
Change-Id: I29835477d587f5f54bf0d94cdae9f375e3da3ce3
Reviewed-on: https://code.wireshark.org/review/27437
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Previously, checksum code would override the expert_field summary
string configured by dissectors, and display the generic "Bad checksum"
string in the Expert Information dialog.
This change uses the configured expert_field summary string instead.
eg: "CRC-S1 incorrect [should be 0xff]" instead of "Bad checksum [should
be 0xff]"
This fixes problem #2 in the linked bug.
Bug: 14425
Change-Id: I168b2be92ec2d8d6f956beeaf6292574bc1d9dab
Reviewed-on: https://code.wireshark.org/review/25758
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
proto_tree_add_split_bits_item_ret_val can handle bits from an arbitrary
sized buffer, as long as it covers no more than 64 bits. If the
octet-aligned mask covers up to 32 bits, then this mask is also shown.
If this mask was larger than 64 bits, then undefined behavior could
occur, so check for that.
For larger masks, instead of "= GmPRS Terminal Type: Unknown (96)",
display "7 bits = GmPRS Terminal Type: Unknown (96)" instead.
Bug: 13613
Change-Id: I111cf6a0705f999e42d83bfe57ac84f414946d0b
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1158
Reviewed-on: https://code.wireshark.org/review/27517
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This is shown by a bunch of coverity reports all pointing at this line.
Every buffer has a ITEM_LABEL_LENGTH, but label_mark_truncated access it
at ITEM_LABEL_LENGTH (off-by-one).
CIDs:
1435461
1435462
1435465
1435466
1435471
1435472
1435477
1435481
1435483
1435484
1435485
1435489
1435492
1435500
Fixes: v1.11.3-rc1-1837-gf94674d2fb ("truncate UTF-8 strings only at the boundary between two characters")
Change-Id: I3781c36594f7db880bc9f76b64d261dbc498c0ce
Reviewed-on: https://code.wireshark.org/review/27425
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
"packet_dialog.cpp" does not use setCaptureFile, resulting in a NULL
dereference while trying to obtain the dissection context. Apply a fix
similar to v2.5.1rc0-121-g9198448f9d (pass a fixed dissection context to
ProtoTree). Additionally, fix a memleak and correct documentation.
Why not add "proto_tree_->setCaptureFile(cap_file_.capFile())" in
PacketDialog? Well, it also uses "proto_tree_->setRootNode(edt_.tree)"
which means that "cf_->edt" would be different from "edt_". If that is
the case, then "proto_construct_match_selected_string" will not return a
filter for FT_NONE fields (see the call chain in proto.c).
Bug: 14620
Change-Id: I6eeaf32b650a2095e15f64bbe64b54cdd545c7a9
Fixes: v2.5.0rc0-1608-g4d6454e180 ("Qt: Drag n Drop Filter expression from Packet Tree")
Reviewed-on: https://code.wireshark.org/review/27160
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The generated elastic mapping file is huge and it can hassle softwares
like Kibana. This change adds the ability to append desired filters
that will appear in the mapping file.
This change adds the option --elastic-mapping-filter <protocols> to tshark.
Example: tshark -G elastic-mapping --elastic-mapping-filter ip,udp,dns
make only those 3 protocols to appear in the mapping file.
Change-Id: Ie2dcd6e44be2d084e8e50cd6554bd90178da4e38
Reviewed-on: https://code.wireshark.org/review/27001
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
In order to simplify the display filter scanner, try to restrict the use
of dots ('.') in field names. Forbid leading dots, does not affect
current dissectors. Fix '..' typo in fpp dissector and forbid it. Forbid
trailing dots after fixing dissectors: some of them just have an excess
dot, others are missing a name after the dot.
Change-Id: I6e58a04ef0306ee8c16fbf6a3cabb076d7fc69c9
Reviewed-on: https://code.wireshark.org/review/26967
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add 8-bit, 16-bit, 24-bit, and 32-bit "fetch signed value" routines, and
use them rather than casting the result of the 8/16/24/32-bit "fetch
unsigned value" routines to a signed type (which, BTW, isn't sufficient
for 24-bit values, so this appears to fix a bug
in epan/dissectors/packet-zbee-zcl.c).
Use numbers rather than sizeof()s in various tvb_get_ routines.
Change-Id: I0e48a57fac9f70fe42de815c3fa915f1592548bd
Reviewed-on: https://code.wireshark.org/review/26844
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Have it take a format and argument list as arguments, and have the
formatting done inside the reporting code. That way, we're not relying
on any particular wmem scope working.
If WIRESHARK_ABORT_ON_DISSECTOR_BUG is set, try to add the message to
the crash information (currently only supported in macOS), and print it
to the standard error, before crashing. We won't necessarily have a
usable crash dump to analyze, so we can't rely on that to find the cause
of the crash.
Ping-Bug: 14490
Change-Id: I2b39169c45c84f2ada31efa1d413bd28c140f8f4
Reviewed-on: https://code.wireshark.org/review/26643
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
DISSECTOR_ASSERT_NOT_REACHED() doesn't say *why* the code in question
was reached; it's better to give a more explicit error message.
Change-Id: I88b930e5a90ba8692aeac6ee29fa8fda21b5067b
Reviewed-on: https://code.wireshark.org/review/26639
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Presumably the intent is to check for unsigned integer and signed
integer types, not to check twice for unsigned integer types.
Thanks and a tip of the Hatlo hat to Visual Studio Code Analyzer for
finding this.
Change-Id: Ie8e4d231af929ee8e626c5c9258c3356d5209f4f
Reviewed-on: https://code.wireshark.org/review/26187
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Handle them in free_deregistered_field() and
proto_registrar_dump_values().
Change-Id: I38c7b440adc46e32dde8bd629e58535baac9dd6d
Reviewed-on: https://code.wireshark.org/review/25916
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The first is deprecated, as per https://spdx.org/licenses/.
Change-Id: I8e21e1d32d09b8b94b93a2dc9fbdde5ffeba6bed
Reviewed-on: https://code.wireshark.org/review/25661
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We've added more fields, increment the pre-allocation amount.
Change-Id: Ia5f1aab7a2fa120049162d17a63f99bf21a3fe37
Reviewed-on: https://code.wireshark.org/review/25566
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
We've added more fields, increment the pre-allocation amount
Change-Id: If0e68697c797e8709349a59b86fbcd4397730476
Reviewed-on: https://code.wireshark.org/review/25220
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Used to support variable length in QUIC protocol
Bug: 13881
Change-Id: Ia274b1530152376c5fb4e364fc4cf5ab246be1b3
Reviewed-on: https://code.wireshark.org/review/24990
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Craig Jackson <cejackson51@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I618df2f2608adcd1be5da02262c5296e4d86cfba
Reviewed-on: https://code.wireshark.org/review/24866
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Add default type handling in proto_custom_set() to prevent crashes when
trying to use FT_IPXNET, FT_AX25 or FT_VINES items as custom columns.
This will also work as a safeguard when adding new types.
Change-Id: Iaf3b48aec72f0e5c10332b0e6d5f7221b0196e15
Reviewed-on: https://code.wireshark.org/review/24836
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Allow epan itself to be extended by plugins. Adds the following new plugin
interfaces:
void plugin_epan_init()
void plugin_epan_dissect_init(epan_dissect_t *)
void plugin_epan_dissect_cleanup(epan_dissect_t *)
void plugin_epan_cleanup()
void plugin_epan_register_all_protocols(register_cb, gointer) [OPTIONAL]
void plugin_epan_register_all_handoffs(register_cb, gointer) [OPTIONAL]
Any one of these can be an empty function but the first four must be
present.
The motivation for the change is a better way to implement a language binding
other than registering a fake protocol and stuffing everything into a single
dissector call (and maybe require an extra packet_info field) but I expect
there would be other interesting use cases.
Change-Id: I215d50750ac7561fe25fdcdcfbc6a3f351984785
Reviewed-on: https://code.wireshark.org/review/24813
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
Put different types of plugins (libwiretap, libwireshark) in different
subdirectories, give libwiretap and libwireshark init routines that
load the plugins, and have them scan the appropriate subdirectories
so that we don't even *try* to, for example, load libwireshark plugins
in programs that only use libwiretap.
Compiled plugins are stored in subfolders of the plugin folders, with
the subfolder name being the Wireshark minor version number (X.Y). There is
another hierarchical level for each Wireshark library (libwireshark, libwscodecs
and libwiretap).
The folder names are respectively plugins/X.Y/{epan,codecs,wiretap}.
Currently we only distribute "epan" (libwireshark) plugins.
Change-Id: I3438787a6f45820d64ba4ca91cbe3c8864708acb
Reviewed-on: https://code.wireshark.org/review/23983
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
This is valuable when adding a expert info field as custom column,
but will also make sense for other FT_NONE types.
Change-Id: Ib1a14c59a5450f2e713f190aecf3484586d116c4
Reviewed-on: https://code.wireshark.org/review/24787
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Change from the text "Yes" to a utf8 check mark to indicate the
precense of a protocol in custom columns.
Change-Id: I9510333fc12148bf1f61aa2ddea2c6d390a9491a
Reviewed-on: https://code.wireshark.org/review/24783
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Add the "special handling" of length = 0xFF for single byte or 0xFFFF
for uint16 value means size of field to follow is 0.
Ping-Bug: 14138
Change-Id: I0baa40f63152b9420a6569ca6cc5eba638fbc790
Reviewed-on: https://code.wireshark.org/review/24428
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Craig Jackson <cejackson51@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
While we are at it, let's use the FIELD_DISPLAY() macro everywhere.
Bug: 14169
Change-Id: I685cb7eb4b9c52f836762c92baeb636570a6d12f
Reviewed-on: https://code.wireshark.org/review/24285
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Not used. Remove also weird pre-hash hash optimization in proto.c.
Change-Id: Ibebc12dbe90ac1d05fb1ba601d32fe98797fbd56
Reviewed-on: https://code.wireshark.org/review/24254
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: João Valverde <j@v6e.pt>
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
FT_IPv6 doesn't expose the prefix, which is used only for values in
filter expressions, not values in protocol fields; do the same for
FT_IPv4, hiding the netmask, and using fvalue_get_integer() to get the
value, having it return a network-byte-order value for the address.
(This also makes it opaque whether the address and netmask are stored in
host or network byte order.)
Change-Id: I4285a87f6ccef2c0ccec040490ddcd15d787326e
Reviewed-on: https://code.wireshark.org/review/24177
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Just directly use the addr field, converting from host to network byte
order if necessary.
Change-Id: Ie1cd9ea5527b7824014dc315225ad2a6adb61c38
Reviewed-on: https://code.wireshark.org/review/24176
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Do what the errors in the master buildbots say to do.
Change-Id: I2b926bd9a75a1490390c42b8080f29e48096a3b4
Reviewed-on: https://code.wireshark.org/review/24143
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That allows a parallel typedef of ws_in4_addr for guint32.
Change-Id: I03b230247065e0e3840eb87635315a8e523ef562
Reviewed-on: https://code.wireshark.org/review/24073
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Modeled after BASE_PT_XXX, this will format a FT_UINT24 to look a OUI, in the form of:
XX:XX:XX (Manufacturer Name) for display.
For display filtering, it will treat the value as hexadecimal.
It requires that FT_UINT24 be the field type.
Change-Id: I8716ae4dfcd4e854764a2425e2ff13c50f571d52
Reviewed-on: https://code.wireshark.org/review/23869
Reviewed-by: Richard Sharpe
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
ptvcursor_add_ret_uint
ptvcursor_add_ret_int
ptvcursor_add_ret_string
ptvcursor_add_ret_boolean
Change-Id: I41fa91b1ab805778d34a61215830b12a1331e864
Reviewed-on: https://code.wireshark.org/review/23895
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
That produces better error messages, giving the name of the offending
field.
Change-Id: I155ac29c68ecd7811cc9752980db9cdc37fea72e
Reviewed-on: https://code.wireshark.org/review/23685
Reviewed-by: Guy Harris <guy@alum.mit.edu>
IS_FT_UINT includes both 32 and 64 bit unsigned integers, but fvalue_get_uinteger
only allows 32-bit values, so add IS_FT_UINT32 macro for distinguishing between
using fvalue_get_uinteger and fvalue_get_uinteger64.
All other cases that use fvalue_get_uinteger vs fvalue_get_uinteger64 are done
first with switch statements and don't rely on IS_FT_UINT to distinguish
between 32 and 64 bit values
Bug: 14063
Change-Id: I9d1400259e7c2661c2b5ebf96aaa0e9d773651fe
Reviewed-on: https://code.wireshark.org/review/23528
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
When using a length of -1, use the tvb remaining length instead of 0.
Change-Id: I569e9c9f57531914a3b613c3a6a9bff076fba362
Reviewed-on: https://code.wireshark.org/review/22931
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I02b6ff7f57f81f0ac6b54806a9325ebb16b40476
Reviewed-on: https://code.wireshark.org/review/22553
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
proto.c’s proto_custom_set() was missing a test for
BASE_UNIT_STRING under the 64 bit based integer case. Any
custom columns sourced from a field stored in a 64 bit integer
and having the BASE_UNIT_STRING attribute would only display the
units but not the actual number.
With this patch 64 bit based integer fields having the
BASE_UNIT_STRING attribute will now properly display both
their value and units when added to the packet list as a
custom column.
Change-Id: Icb9532771eb2f4098891dedd82886fd6223ce7a6
Reviewed-on: https://code.wireshark.org/review/21771
Petri-Dish: Jim Young <jim.young.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
v2.3.0rc0-3618-gd962e7ae71 tried to simplify logic, but missed
use of TRY_TO_FAKE_THIS_REPR. Create a "friendlier" version
TRY_TO_FAKE_THIS_REPR_NESTED which allows for the "base"
proto_tree_add_xxx to be called in proto_tree_add_xxx_format[_value]
functions.
Bug: 13736
Change-Id: I98883ad4581d2327edb8da5efd8ef8a89b55e3d0
Reviewed-on: https://code.wireshark.org/review/21764
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Call proto_tree_add_bytes first so it can do all of the basic
field checks that were being duplicated.
Change-Id: Idc9a3cbf9498aa612a39cc80e3381eba52ce9fa4
Reviewed-on: https://code.wireshark.org/review/21750
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bug: 13705
Change-Id: I6bd006f216440d071e5c1eeb6b1f996b4a364c62
Reviewed-on: https://code.wireshark.org/review/21629
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It should be allowed to have an FT_UINT_BYTES hf entry with
BASE_NONE|BASE_ALLOW_ZERO. At the moment, this triggers an assert:
Err Field 'Data block' (image-gif.data_block) is an FT_UINT_BYTES
but is being displayed as (Bit count: 2048) instead of BASE_NONE
For FT_UINT_BYTES entries, we should make the same checks as for
FT_BYTES. Don't fall through to the default case.
Change-Id: I986a9b779d130919d17595f08b3b63306b3956f2
Reviewed-on: https://code.wireshark.org/review/21606
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
It does what it says on the label. You get back TRUE or FALSE in a
gboolean.
While we're at it, remove a copied-and-pasted comment that doesn't
apply, and update another comment.
Change-Id: I117391d2ffe44124a614a7f64dad1b389c1ebc6a
Reviewed-on: https://code.wireshark.org/review/21394
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Just like proto_tree_add_item_ret_uint, but with 64-bit support
Change-Id: Ie0cbfda9e63bf21e85df2d674e391a6c0abe92f7
Reviewed-on: https://code.wireshark.org/review/21355
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
It makes it a bit clearer what its purpose is - to allow a value_string
to be used for numeric rather than enumerated fields, giving certain
values of the field a special meaning.
Change the explanation in the documentation to match as well.
Change-Id: Id07b22eee996b79ea5f3473928d29adcabe09bf3
Reviewed-on: https://code.wireshark.org/review/21209
Reviewed-by: Guy Harris <guy@alum.mit.edu>
XXX_prime_with_YYY makes it a bit clearer than does XXX_prime_YYY that
we're not priming YYY, we're priming XXX *using* YYY.
Change-Id: I1686b8b5469bc0f0bd6db8551fb6301776a1b133
Reviewed-on: https://code.wireshark.org/review/21031
Reviewed-by: Guy Harris <guy@alum.mit.edu>
BASE_VALS_NO_UNKNOWN is a special value_string value for only a single
(maybe 2) numerical value(s). If a field has the numerical value
that doesn't match anything in the value_string, just the number
is supplied for the field (no "Unknown")
Dissectors that had this use case have been converted in the patch.
Change-Id: Ie63a36cceec2fe4436938ec7e3d7f9e690d2b8d9
Reviewed-on: https://code.wireshark.org/review/20736
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add a "report a warning message" routine to the "report_err" code in
libwsutil, and rename files and routines appropriately, as they don't
only handle errors any more.
Have a routine read_enabled_and_disabled_protos() that reads all the
files that enable or disable protocols or heuristic dissectors, enables
and disables them based on the contents of those files, and reports
errors itself (as warnings) using the new "report a warning message"
routine. Fix that error reporting to report separately on the disabled
protocols, enabled protocols, and heuristic dissectors files.
Have a routine to set up the enabled and disabled protocols and
heuristic dissectors from the command-line arguments, so it's done the
same way in all programs.
If we try to enable or disable an unknown heuristic dissector via a
command-line argument, report an error.
Update a bunch of comments.
Update the name of disabled_protos_cleanup(), as it cleans up
information for disabled *and* enabled protocols and for heuristic
dissectors.
Support the command-line flags to enable and disable protocols and
heuristic dissectors in tfshark.
Change-Id: I9b8bd29947cccdf6dc34a0540b5509ef941391df
Reviewed-on: https://code.wireshark.org/review/20966
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Don't force display of BASE_DEC
Change-Id: Id6f115c074f0d4b1bd277dcbf6c523ffaa295edb
Reviewed-on: https://code.wireshark.org/review/20918
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Don't just report an assertion failure with a line in proto.c; give the
name of the field with the wrong type, and a list of the types that are
valid for the routine in question.
Change-Id: Id3ed7c376fdc72bf6cff69c647833946cfa99ee6
Reviewed-on: https://code.wireshark.org/review/20824
Reviewed-by: Guy Harris <guy@alum.mit.edu>
While at it fix expert info a typo and an calculation.
Change-Id: I071a36edb7eed5f58708b98aebcb24bc6c34f2a8
Reviewed-on: https://code.wireshark.org/review/20766
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add some new encodings for absolute time stamps, and use them as
appropriate; this fixes some cases where the time stamps in question
were being dissected incorrectly.
For the encodings with seconds and 1/2^32s of a second, don't
arbitrarily give only microsecond resolution; 2^32 is greater than 1
million, and, in fact, at least some NTP RFCs explicitly talk about time
resolution greater than 1 microsecond.
Update references in the RELOAD dissector to reflect the documents in
question having been updated and published as RFCs.
Change-Id: Icbe0b696d65eb622978eb71e99ddf699b84e4fca
Reviewed-on: https://code.wireshark.org/review/20759
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It's some weird hybrid of UN*X time and NTP time stamps, using UN*X's
epoch and NTP's seconds/fractions split. I'm sure they had their
reasons for not using something like struct timespec or regular NTP
time, and instead inventing something that's halfway in between them.
Change-Id: I1f39ec1368af52b82adfa2a22677dfa6e9341309
Reviewed-on: https://code.wireshark.org/review/20711
Reviewed-by: Guy Harris <guy@alum.mit.edu>
From a look at the libosmocom code, time stamps in
GSMTAP_TYPE_OSMOCORE_LOG messages appear to be UN*X struct timevals with
a 4-byte tv_sec, not anything NTP-like with the fraction-of-a-second
part in units of 1/2^32s of a second.
Add ENC_TIME_TIMEVAL to handle time stamps like that, and use it rather
than ENC_TIME_NTP_BASE_ZERO.
Change-Id: Ia1511527ee292fb7725b2a64c0af16d23ff10a6d
Reviewed-on: https://code.wireshark.org/review/20710
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I30b44cb0145f76c3929cac92337756a4164df1d2
Reviewed-on: https://code.wireshark.org/review/20609
Reviewed-by: Juan Jose Martin Carrascosa <juanjo@rti.com>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
In proto_get_first_protocol_field() we must check for an empty
protocol->fields because Lua scripts may have protocols without
fields and g_ptr_array_index() does not perform bounds checking
on the given index.
Bug: 13223
Change-Id: Ib2f6286d0799541243450348dcf345a965b2825c
Reviewed-on: https://code.wireshark.org/review/20455
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
A user reported that the TNS dissector would show "Malformed Packet" in
the Info column in Qt. The actual packet details and Expert Info dialog
however had no trace of the issue.
It turns out that proto_tree_add_item_new_ret_length did not correctly
set the length. Test case (based on pcap from SampleCaptures wiki):
tshark -r TNS_Oracle1.pcap -w 19.pcap -Y frame.number==19
tshark -r 19.pcap -Y tcp
Change-Id: I82cb1ccbc7c3b33d2bcdb22f89a1754c1a4575e7
Fixes: v2.1.0rc0-1394-gc67c6e8f30 ("Add routines to add an item and return the item's real length.")
Reviewed-on: https://code.wireshark.org/review/20098
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
Reviewed-by: Michael Mann <mmann78@netscape.net>
proto.c:667:6: error: ‘dissector_plugins’ undeclared (first use in this function)
tap.c:773:20: error: ‘tap_plugins’ undeclared (first use in this function)
Change-Id: I8feaec4219dc97202bdb79d72399c5fd1d383e27
Reviewed-on: https://code.wireshark.org/review/20081
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jakub Zawadzki <darkjames-ws@darkjames.pl>
All cases of the "original" format_text have been handled to add the
proper wmem allocator scope. Remove the "original" format_text
and replace it with one that has a wmem allocator as a parameter.
Change-Id: I278b93bcb4a17ff396413b75cd332f5fc2666719
Reviewed-on: https://code.wireshark.org/review/19884
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Use NULL scope to be safe.
Change-Id: I1967737cf6a1c90cc2e0476d3f2ace63aa0c9153
Reviewed-on: https://code.wireshark.org/review/19857
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
format_text_wsp is fed into by tvb_format_text_wsp and tvb_format_stringzpad_wsp
so those functions need to add a wmem allocated parameter as well.
Most of the changes came from tvb_format_text_wsp and tvb_format_stringzpad_wsp
being changed more so than format_text_wsp.
Change-Id: I52214ca107016f0e96371a9a8430aa89336f91d7
Reviewed-on: https://code.wireshark.org/review/19851
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This is for dissectors that need distinguishing names either for registering
multiple dissection functions in a single dissector table or for "internal"
dissectors whose just need a name associated with the dissection function.
Features like enable/disable are handled by the "parent" protocol.
This avoids clutter in the "official" protocol list.
Change-Id: I69e7d27d332ae85286f254e95e8d79920da7a9e2
Reviewed-on: https://code.wireshark.org/review/19464
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
There are times when byte arrays don't want to show their value
in the packet tree or there is a field that is the "header" of
a subtree where showing the field value distracts from the tree
display. For these cases, BASE_NO_DISPLAY_VALUE can be used
to not display the value.
Change-Id: I8c9f1f57cd2e663dbee07e2289e7f5e1f22d1e32
Reviewed-on: https://code.wireshark.org/review/19479
Reviewed-by: Michael Mann <mmann78@netscape.net>
We save a list of dissectors that are disabled through the Enabled Protocols
dialog. This is because we assume dissectors are enabled by default.
For dissectors that are disabled by default, we have no way to keep them
enabled through the Enabled Protocols dialog. A dissector that defaults
to being disabled has to be reset to enabled each time Wireshark is launched.
Add a list similar to the disabled list for enabling dissectors that are
disabled by default.
This mostly applies to post-dissectors.
Change-Id: I31a8d97a9fdbc472fe2a8666384e0f8786bb8e9f
Reviewed-on: https://code.wireshark.org/review/19405
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
proto_tree_add_bitmask_value_with_flags() eventually calls
proto_tree_add_XXX() for the main hf and for the field elements.
These functions work for tvb==NULL if the length is also set to 0.
Otherwise, we'll end up in proto_tree_add_pi(), get_hfi_length() and
run into the DISSECTOR_ASSERT() there.
proto_tree_add_bitmask_value...() are meant for cases where the data is
passed directly and not read from a tvb. If tvb==NULL, set our length to
0 instead of using the field length from the main hf.
Change-Id: Ia55b068e9842ba4a1ae8be8692320a8e93ea8631
Reviewed-on: https://code.wireshark.org/review/19394
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This was inspired by the https://www.wireshark.org/lists/wireshark-dev/201505/msg00029.html thread.
Used TCP and NTP dissectors as the guinea pig with sample use.
Documentation updates includes some unrelated cleanup just because it was noticed.
Change-Id: I59b26e1ca3b95e3473e4757f1759d7ad82976965
Reviewed-on: https://code.wireshark.org/review/19211
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I55f9303624471d09b446c10939e5c22bf8e21511
Reviewed-on: https://code.wireshark.org/review/18894
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Currently, when passing a -1 length to proto_tree_add_item_ret_string_and_length() or
proto_tree_add_item_ret_string(), the -1 length will be passed directly
to the field info. The calculated length should be used instead.
Bug: 13159
Change-Id: I980d18fb9bde3c452e64a8735e62d4830ce53b64
Reviewed-on: https://code.wireshark.org/review/18904
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Allows to use negative values (FT_INT) in a bitmask field.
If a field type greater or equal (FT_(U)INT40) is used then also
a 64 bit value string and 64 bit format function must be used.
Change-Id: Ib86d45bee73a71a784068ab717d35810c6f48017
Reviewed-on: https://code.wireshark.org/review/18601
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Apply mask and bit shift on the returned value.
Change-Id: I00aebc854756f01a25199a259d6d5252abea4349
Reviewed-on: https://code.wireshark.org/review/17958
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Some sub protocols do not register fields
Follow-up of gf4a521e
Change-Id: Iec3165d6204cc6acc0ec31a7266f860012463cd0
Reviewed-on: https://code.wireshark.org/review/17868
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
to allocate the arry to hold them. This should be more efficient.
Change-Id: I84b1095b6eb110fdcc1b2630949c76b51f3a47b6
Reviewed-on: https://code.wireshark.org/review/17866
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add an FT_CHAR type, which is like FT_UINT8 except that the value is
displayed as a C-style character constant.
Allow use of C-style character constants in filter expressions; they can
be used in comparisons with all integral types, and in "contains"
operators.
Use that type for some fields that appear (based on the way they're
displayed, or on the use of C-style character constants in their
value_string tables) to be 1-byte characters rather than 8-bit numbers.
Change-Id: I39a9f0dda0bd7f4fa02a9ca8373216206f4d7135
Reviewed-on: https://code.wireshark.org/review/17787
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Remove the debugging printouts.
The changes that were committed between the last build that didn't crash
and the first build that did were:
commit 961f743d69
Author: Peter Wu <peter@lekensteyn.nl>
Date: Mon Aug 29 01:34:22 2016 +0200
xml: fix some memleaks
No more memleaks reported for the attachment in bug 12790 :-)
Change-Id: I8472e442143b332edfacdf9ef3b8b893f1ec4386
Ping-Bug: 12790
Reviewed-on: https://code.wireshark.org/review/17365
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
commit a04b6fcb3d
Author: Peter Wu <peter@lekensteyn.nl>
Date: Sun Aug 28 22:19:29 2016 +0200
diameter: fix 400kb leaked memory on exit
Before:
SUMMARY: AddressSanitizer: 399684 byte(s) leaked in 17208 allocation(s).
After addressing to-do by calling ddict_free:
SUMMARY: AddressSanitizer: 3024 byte(s) leaked in 256 allocation(s).
After fixing all remaining leaks cases in the flex file for diameter:
SUMMARY: AddressSanitizer: 735 byte(s) leaked in 58 allocation(s).
Not bad huh :-)
Ping-Bug: 12790
Change-Id: I0c730ad77ae15c69390bc6cf0a3a985395a64771
Reviewed-on: https://code.wireshark.org/review/17364
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
commit 14312835c6
Author: Peter Wu <peter@lekensteyn.nl>
Date: Sun Aug 28 19:20:59 2016 +0200
pcapng: do not leak blocks
pcapng_open and pcapng_read have 'wblock' allocated on the stack, so if
they return, they do not have to set wblock.block to NULL.
pcapng_read_block always sets wblock->block to NULL and may initialize
it for SHB, IDB, NRB and ISB. Be sure to release the memory for IDB and
ISB. It is better to have more wtap_block_free calls on a NULL value
than missing them as this would be a memleak (on the other hand, do not
release memory that is stored elsewhere such as SHB and NRB).
Ping-Bug: 12790
Change-Id: I081f841addb36f16e3671095a919d357f4bc16c5
Reviewed-on: https://code.wireshark.org/review/17362
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
*If* one of those is the cause, my guess is that it's the Diameter one,
as the crash happens before any file is read (so it's probably not the
pcapng one) and thus before any dissection is done (so it's probably not
the XML dissector one).
Change-Id: I816c1bbd6078eab251efd02ebb7c3195f6dd1483
Reviewed-on: https://code.wireshark.org/review/17411
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: Iea69b5ef533b9b524a624b96bf82e178fd428ce9
Reviewed-on: https://code.wireshark.org/review/16934
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fill in the "gaps" so that all dissectors that verify checksums have both a
status and expert info field.
Also address comments from original proto_tree_add_checksum patch that didn't make it.
Ping-Bug: 8859
Change-Id: I2e6640108fd6bb218cb959fe9e4ba98a13e43a2f
Reviewed-on: https://code.wireshark.org/review/16590
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. Create ws_g_warning for legitimate uses of g_warning
2. Use proto_tree_add_debug_text
3. Comment some out
Change-Id: Ida044bf40286b955fdd529c4f9907c8e09b3d7c5
Reviewed-on: https://code.wireshark.org/review/16678
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Many of the complaints from checkAPI.pl for use of printf are when its embedded
in an #ifdef and checkAPI isn't smart enough to figure that out.
The other (non-ifdef) use is dumping internal structures (which is a type of
debug functionality)
Add a "ws_debug_printf" macro for printf to pacify the warnings.
Change-Id: I63610e1adbbaf2feffb4ec9d4f817247d833f7fd
Reviewed-on: https://code.wireshark.org/review/16623
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This is an attempt to standardize display/handling of checksum fields for all dissectors.
The main target is for dissectors that do validation, but dissectors that just report the
checksum were also included just to make them easier to find in the future.
Bug: 10620
Bug: 12058
Ping-Bug: 8859
Change-Id: Ia8abd86e42eaf8ed50de6b173409e914b17993bf
Reviewed-on: https://code.wireshark.org/review/16380
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This mostly reverts SVN rev 43412 (3fa645481f)
with the addition of documenting that FT_*INT*'s with BASE_NONE and a
FIELDCONVERT tells the Wireshark core that the field's numeric value is
meaningless and should not be shown to the user.
Use BASE_NONE again with the expert info group and severity fields. This
(finally) resolves the complaint from:
https://www.wireshark.org/lists/wireshark-dev/201206/msg00188.html
(yes, this mail's been sitting in my "todo" pile since then! <sigh>)
Change-Id: I1c6dd2864e7a2e959c97c409f277853af74a8d93
Reviewed-on: https://code.wireshark.org/review/16518
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I5669e2442582f899643fae4a9f86ab6d505dde07
Reviewed-on: https://code.wireshark.org/review/16505
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Found by VS Code Analysis
Change-Id: I76ea860cd86b41ef33c47dcc8f6b1c122f8bb668
Reviewed-on: https://code.wireshark.org/review/16424
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
As indicated in the comment, we allow FT_PROTOCOL, FT_NONE, FT_BYTES, FT_STRING
and FT_STRINGZPAD to be zero-length.
But in that case do not call tvb_ensure_captured_length_remaining() that ensures
that at least 1 byte is present.
Bug: 12561
Change-Id: I881754368c24d334b88f0dda1d59a68e08219227
Reviewed-on: https://code.wireshark.org/review/16167
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Allow a dissector to mark its protocol as "disabled by default", which
means that the "enable all protocols" routine won't enable it. This is
necessary in order to allow the disabling of protocols not to be
unintentionally changed due to profile changes; see bug 9826.
Change-Id: I3947f794c21350b70a8de06899cfc7715b77f90f
Ping-Bug: 9826
Reviewed-on: https://code.wireshark.org/review/16109
Reviewed-by: Guy Harris <guy@alum.mit.edu>
proto.c still has to deal with FT_VINES, but maybe that
can be refactored to the dissector too.
Change-Id: Iee04eed3b75f91cb62bb7b625dd44baeeb9aebb3
Reviewed-on: https://code.wireshark.org/review/16069
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This is required for the flags from packet-frame.c
Bug: 12536
Change-Id: I60bfe671687bcd3a9b5c997ba62bed563e890548
Reviewed-on: https://code.wireshark.org/review/15945
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Ran across enough situations that proto_tree_add_bitmask_list couldn't
solve that it seemed necessary.
Change-Id: I6a540ac6efca76cae7c4571a84bb400538652784
Reviewed-on: https://code.wireshark.org/review/15880
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix a bug in proto_tree_set_uint64() which caused fields to be sign extended.
(This only showed up when a non-zero bitmask was present.)
Change-Id: Ibcc986e3d42f97348966ea66c2ae9fca73b09992
Reviewed-on: https://code.wireshark.org/review/15764
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
It requires some "extra work" to get it to work properly. Despite
documenting it, some previous use cases didn't do the extra work.
Let's just see how we get by without it.
Change-Id: I31dba1d5038d793085f6c9e4b4a6eda574e86872
Reviewed-on: https://code.wireshark.org/review/15610
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
packet-wsp.c hasn't used proto_tree_append_string() since
Ic5467289aae7d54e78c1fd65f93358387d6139aa. Use packet-frame as the example
instead.
Change-Id: I69fb10679ec1685a61aac182414e596b345153fd
Reviewed-on: https://code.wireshark.org/review/15563
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Previous patches converted all fvalue_to_string_repr calls to expect
an allocated buffer (and not a passed in one). Now changing signature
to force an allocated buffer. Added wmem in case that can be taken
advantage of within epan (and since the function signature was changing
anyway).
Change-Id: Ica1ac4a9a182ce0e73303856329e198d9d525b7b
Reviewed-on: https://code.wireshark.org/review/15343
Reviewed-by: Michael Mann <mmann78@netscape.net>
rawshark shouldn't be converting FT_ and BASE_ values into strings on its own, there's a function for that.
Change-Id: Ib4ce1651ee130a03644b5de3ab471333444e19a9
Reviewed-on: https://code.wireshark.org/review/15341
Reviewed-by: Michael Mann <mmann78@netscape.net>
Most uses of fvalue_to_string_repr() don't provide a buffer to write to, so memory is allocated dynamically inside the function. Trying to move to where ALL cases don't provide a buffer to simplify fvalue_to_string_repr handling and the underlying functionality of the ftypes.
Change-Id: Iac03e4eb63b5e38311a6472fbe488009ed55206c
Reviewed-on: https://code.wireshark.org/review/15331
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Don't just treate the strings as piles of ASCII characters.
Add a proto_tree_add_item_ret_string_and_length() routine to help do
this. Clean up some of the documentation of the proto_tree_add_item_ret
routines while we're at it.
Change-Id: Ib4c52bd8a8331eac97312583326f5be9175889d9
Reviewed-on: https://code.wireshark.org/review/15291
Reviewed-by: Guy Harris <guy@alum.mit.edu>
As noted in https://www.wireshark.org/lists/wireshark-dev/201604/msg00103.html
a protocol field isn't really a tv_buff, so allow for the possibility
of a NULL tv_buff in a "protocol type". If the tvb is NULL, use the
string of the protocol field for comparison
Bug: 12335
Change-Id: Ie12a5f7b31c7293c61006b0f70135d100a97c4e0
Reviewed-on: https://code.wireshark.org/review/15261
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Use CHECK_FOR_NULL_TREE() while we're at it, to make it more like other
routines.
Change-Id: I2cbdf9f043583fd0c9858e94ae1134173a68c875
Reviewed-on: https://code.wireshark.org/review/15116
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Otherwise, we run the risk of getting caught in a loop that runs past
the end of the packet.
Shows up in, for example, the capture in bug 12370; if you read it with
tshark -V, it reports malformed packets, but if you try to read it with
tshark without -V, it spins.
Bug: 12370
Change-Id: Ic3e7be2ddbaaf52b58c4f73348a0f093979af1cc
Reviewed-on: https://code.wireshark.org/review/15115
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Limit the the protocol tree to 500 levels. This keeps us from running
out of stack space in proto_tree_traverse_{pre,post}_order.
Bug: 12268
Change-Id: I60f6b4487bf51a4d43da0429819a8a20fbdb313a
Reviewed-on: https://code.wireshark.org/review/14887
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Make full use of our proper implementation of this macro by
giving it the pointer as is.
Change-Id: I0bbe73d19cc3f578b94ea2d4d904d6fa87b20b48
Reviewed-on: https://code.wireshark.org/review/14391
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Set ENABLE_CHECK_FILTER to 1 for get list of display filter with conflict...
Ping-Bug:2402
Change-Id: I8d56b1573120d1a29d437aae1088be242e15e9a3
Reviewed-on: https://code.wireshark.org/review/13644
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
'const gpointer' is the same as 'void *const'. Replace with gconstpointer
where straightforward (assuming that was the intent) and use gpointer everywhere
else for clarity (that does not change *API* constness contract; it just means
a variable is not declared immutable inside the called funtion).
Change-Id: Iad2ef13205bfb4ff0056b2bce056353b58942267
Reviewed-on: https://code.wireshark.org/review/13945
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It adds string-type fields to the protocol tree and returns the value of
the string.
Add the new bitmask-adding routines to the Debian symbol list while
we're at it.
Change-Id: Idaeec44c9cd373588cadce85010f3eaf1f3febb5
Reviewed-on: https://code.wireshark.org/review/13657
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add tables for heuristic dissectors, and add dissectors for the stuff
Microsoft puts there for RDP; they're violating the COTP spec, but I
guess they're stuck because they're using TP0, which doesn't support
user data.
While we're at it, add variants of proto_tree_add_bitmask() and
proto_tree_add_bitmask_flags() that return the bitmask, for use by
callers.
A side-effect of the change is that the proto_tree_add_bitmask routines
no longer treat the encoding as a Boolean, so we have to pass
ENC_LITTLE_ENDIAN or ENC_BIG_ENDIAN, not just some non-zero or zero
value. Do so.
Rename ositp_decode_CC() to ositp_decode_CR_CC(), to note that it
decodes both CR and CC PDUs.
Bug: 2626
Change-Id: If5fa2a6dfecd9eb99c1cb8104f2ebceccf1e57c2
Reviewed-on: https://code.wireshark.org/review/13648
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Output from BASE_HEX et al has always been zero-padded to according to
the field type - 8 digits for FT_UINT32, etc.
When the field has a bitmask, this is definitely not appropriate - the
field type is used to indicate the size of the bitfield container, and
tells us nothing about the size of this field.
Instead, determine the actual size of the field by inspecting the
bitmask, and output the corresponding number of hex digits.
Change-Id: I10ec4e93e1e40e8b1354d5368cc8945cf671a617
Reviewed-on: https://code.wireshark.org/review/13225
Reviewed-by: João Valverde <j@v6e.pt>
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
No need to use FI_SET_FLAG() in proto_tree_add_item_ret_{u}int() - by
the time we call it, we already know that new_fi is non-null, so we
don't need a wrapper that checks for it being null.
Change-Id: Id00418e73c2ede97388a01eb12c8c94743291853
Reviewed-on: https://code.wireshark.org/review/13460
Reviewed-by: Guy Harris <guy@alum.mit.edu>
proto_item_get_len() is *not* guaranteed to return a correct value.
Even if there's a non-null tree item, it might be pointing to a "faked"
item; it really shouldn't be used.
So add proto_tree_add_item_ret_length() and
proto_tree_add_item_new_ret_length(), which calculate the real length
themselves and return it through a pointer.
Fix as many places as we straightforwardly can to use them rather than
to use proto_item_get_len(). (There's a Lua API for
proto_item_get_len(), so we keep it around, but we should add Lua APIs
for the new routines, and deprecate the old API.)
Fix ptvcursor_add() to do the same thing that
proto_tree_add_item_ret_length() and
proto_tree_add_item_new_ret_length() do.
Split the TRY_TO_FAKE_THIS_ITEM macros into a macro to check for the
tree being null and to try to fake the item. We don't always use the
former macro, as we might need to do more than just return NULL if the
incoming tree is null (for example, calculating the item's real length
and using it...).
new_field_info() never returns NULL; remove checks for it. The check
for a null tree is done before the calls to new_field_info().
Change-Id: I002a218d1f810c73e0de837e0ac6ebcde21bacec
Reviewed-on: https://code.wireshark.org/review/13139
Reviewed-by: Guy Harris <guy@alum.mit.edu>
They're not just addresses, they also include a mask length for IPv4 and
a prefix length for IPv6. Rename them appropriately.
Rename the old ipv4_addr_and_mask() and ipv6_addr_and_mask() to reflect
that 1) they fetch data from a tvbuff and 2) *don't* fetch the mask
length or prefix length, those lengths are passed as arguments to
indicate how many bytes worth of address to fetch.
Change-Id: I4cad5a186ad7bfcb60022a91dbe8bc8479e6471f
Reviewed-on: https://code.wireshark.org/review/13035
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add support for IEEE-11073 32-bit FLOAT and 16 bit SFLOAT field types.
Use them in Bluetooth ATT dissector.
Change-Id: Ife0f3843da84a9af23483b0a0d9b69cd2f511d08
Reviewed-on: https://code.wireshark.org/review/12680
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Michal Labedzki <michal.labedzki@tieto.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Support reloading Lua plugins with expert infos.
Use the same delayed deregister logic as for fields.
Change-Id: I36efa0820050b3a7afed4de7a8b0fa16805e8dfa
Reviewed-on: https://code.wireshark.org/review/12498
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
<MISSING> implies that the field should be there and isn't. Allow dissectors to specify when a zero-sized array for a field is perfectly valid.
Ping-Bug: 11803
Change-Id: I3fd60e3c6f832c6b4a3a8837ebc52c3e74e795ae
Reviewed-on: https://code.wireshark.org/review/12271
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: João Valverde <j@v6e.pt>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Check if description (protocol name) and short_name are used before
registering the protocol. This because proto_register_protocol() makes
sure there's not already a protocol with any of the names registered
and duplicates will be reported with a g_error() which terminates the
Wireshark unexpectedly.
Also check if short_name contains valid characters.
Give appropriate error messages.
Bug: 11739
Change-Id: Ib9776a2a3406ae5278ce744defd61864ebed0282
Reviewed-on: https://code.wireshark.org/review/11995
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
RTPS uses NTP encoding with a BASETIME equal to 0.
Also, changed "magic" by "Magic"
Change-Id: I2512176f2018396edaa6b2a1478facd26118cb13
Reviewed-on: https://code.wireshark.org/review/11184
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Replace CMP_ADDRESS, COPY_ADDRESS, et al with their lower-case
equivalents in the asn1 and epan directories.
Change-Id: I4043b0931d4353d60cffbd829e30269eb8d08cf4
Reviewed-on: https://code.wireshark.org/review/11200
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: If5897e8137f729503edf2cafb49b2ebeab4716ad
Reviewed-on: https://code.wireshark.org/review/10997
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
tvb_get_ipv6() takes a struct e_in6_addr *, use that here too.
Change-Id: Id8b368daa05c151a61d4bc01dc88c00da13e9c88
Reviewed-on: https://code.wireshark.org/review/10953
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Balint Reczey <balint@balintreczey.hu>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: Ic6b3d71c3c9a14688b55d98f402d359f69524394
Reviewed-on: https://code.wireshark.org/review/10939
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I1a2a988a737c6821db6ac3a2b9ee9ff48add28c2
Reviewed-on: https://code.wireshark.org/review/10935
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Avoid displaying duplicate port numbers with transport name resolution disabled and
make some dissector code simpler.
Introduces port_with_resolution_to_str_buf() function and amends UDP/TCP/DCCP/SCTP to
use the new field display type.
Change-Id: Ifb97810b9c669ccbb1a310a2c0ffd6e2b63af210
Reviewed-on: https://code.wireshark.org/review/10625
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
While IPv4 subnet masks are obviously related and similar to IPv4
addresses, they are distinct enough that they need to be treated
seperately in some aspects. For instance, there is no value in
attempting to resolve a subnet mask.
This change creates a new display type: BASE_NETMASK, which allows distinction from FT_IPv4
(and possible name resolution) where appropriate.
Change-Id: I99e19c9a58eb613f8e58d481af84c30e2e5e14d7
Reviewed-on: https://code.wireshark.org/review/10438
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
are registered.
Change-Id: I06f10d96916640cb9a782cae87898a5dd6c9c6e3
Reviewed-on: https://code.wireshark.org/review/10601
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
169756 header fields are currently registered. Including the 5k expert info
field pre-allocation this gives us about 5k unused entries (until we should
increase this number again).
Change-Id: Id8ea979cbe9e80756c12b5b73e816bbe3e9856ad
Reviewed-on: https://code.wireshark.org/review/10599
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Its time has finally come.
Technically I just renamed it to proto_tree_add_text_internal and removed the WS_DLL_PUBLIC (so it shouldn't link outside of epan). It's still (legitimately) used by expert.c otherwise I would have made it static within proto.c (and the rename wouldn't have been necessary).
Change-Id: I9bdf888d5e92bc7b70a3f5461b9297a66d994b80
Reviewed-on: https://code.wireshark.org/review/10594
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
This is further encouragement to not try to manually create a bitstring while formatting a field.
Change-Id: I4efbeb39a210cf1fd26203cd8560859276b333b0
Reviewed-on: https://code.wireshark.org/review/10494
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The GTK+ UI sequentially dissects and caches column strings for all rows
before sorting a column. Do the same in the Qt UI, which can improve
performance considerably.
Don't colorize packets when sorting in the Qt UI unless it's necessary.
When sorting in the Qt UI, let the user cancel the initial packet
dissection. Note that we'll need to replace std::sort in order to
cancel out of sorting.
Use a pre-allocated and pre-compiled GRexex when we prime columns. Note
that we probably shouldn't parse a regular expression there.
Cache the last result of proto_registrar_get_byname.
Note performance hot spots elsewhere in the code.
To do:
GeoIP in packet-ip.c is pretty slow.
Bug: 11467
Change-Id: Ib34038fee08ef0319261faeffc4eca01e52f4bd3
Reviewed-on: https://code.wireshark.org/review/10275
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>