HTTP has multiple related packets, so seeing which are the actual request/response (related to the current selected packet) is helpful.
Change-Id: I833f4f620cfe8bfe9b1d7518c4e28fbd41b64e29
Reviewed-on: https://code.wireshark.org/review/16385
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The current ceph dissector assumes that the server will always send its
initial connection negotiation first, but that's not necessarily the
case, especially with the kernel client which sends its banner as soon
as the socket is created.
So, we need a better mechanism to determine which end is client and
which is the server. The server sends its own address and then the
address of the client, but the client only sends its own address. We
can determine whether the initial negotiation message is from the client
or server by looking at the data after the first entity addr and seeing
whether it also looks like an entity addr.
This patch takes that approach. It just grabs the address family from
the second address and sees whether it's IPv4 or IPv6. If it's not one
of those, then it assumes that it's not an entity_addr_t at all and is
therefore a request from the client.
We could go farther and try to verify the port and address as well, but
that's probably overkill. The address family is at the same offset as
the host_type field in the client's Connect request, but it's big endian
and the host_type is little endian. As long as we don't end up with
host_types that are 0x200 or 0xA00, this scheme should be OK.
Change-Id: I161d02da86d978272eff95497c6df66766b02ebc
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Reviewed-on: https://code.wireshark.org/review/16043
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Newer versions of the Geneve protocol draft have defined additional
option classes. This updates the list so we can show the class name
instead of unknown.
Change-Id: I19f2024704abe2bc0692c73be783858d74323c0e
Reviewed-on: https://code.wireshark.org/review/16382
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
- return type of a function definition is always on a seperate line
- reformat single line expert items into multiline format
- no space between functionname and (
- reformat some hf_ elements that looked different from most others
- space after , where appropriate
- Fix the following warnings and errors from checkhf.pl
Unused href entry: epan/dissectors/packet-ieee80211.c: hf_ieee80211_ff_rcsi
Unused href entry: epan/dissectors/packet-ieee80211.c: hf_ieee80211_ff_rcsi_aid
Error: hf_ieee80211_ff_dsss_ofdm: FT_BOOLEAN with non-null 'convert' field missing TFS in epan/dissectors/packet-ieee80211.c
Error: non-null hf_ieee80211_ff_dsss_ofdm 'convert' field missing 'VALS|VALS64|RVALS|TFS|CF_FUNC|FRAMENUM_TYPE|&' in epan/dissectors/packet-ieee80211.c ?
Error: hf_ieee80211_operat_mode_field_channel_width is passing the address of a pointer to VALS in epan/dissectors/packet-ieee80211.c
Error: hf_ieee80211_operat_mode_field_rxnss is passing the address of a pointer to VALS in epan/dissectors/packet-ieee80211.c
Change-Id: Ide51d1871755199721e65c0f62b3f6a62ef1159e
Reviewed-on: https://code.wireshark.org/review/16381
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
and reject the packet if it is shorter
make sure that we don't throw an exception when we read the first byte
and haven't yet decided if the packet contains an iso7816 atr
Change-Id: I7b4c93cc7c55489467b46241f07a1bb5ddfd927a
Reviewed-on: https://code.wireshark.org/review/16377
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Issue reported by Garri Djavadyan
Change-Id: I6dd4bd20d82a3f2cb8aa45f740f72d33e33053da
Ping-Bug:12604
Reviewed-on: https://code.wireshark.org/review/16374
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Some UN*Xes declare an index() function, that being the name strchr()
originally had in V7 UNIX. This causes warnings from compilers if you
have a variable named "index", so rename the variable.
Change-Id: Ibb046005d1ef911ce0739ce70a0a55c13310cdf0
Reviewed-on: https://code.wireshark.org/review/16372
Reviewed-by: Guy Harris <guy@alum.mit.edu>
remove unnecessary variable initializers
remove an unnecessary if (tree) check
Change-Id: I4c5326c11efe4fe38fb606a45ca7674484e9421c
Reviewed-on: https://code.wireshark.org/review/16371
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
the latter is internal to the tvb code and not meant to
be called from a dissector
Change-Id: Iee5af3d59329aeef8156f0bbbd5c765cac4e314d
Reviewed-on: https://code.wireshark.org/review/16364
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Match each entity in the structure explicitly rather than skipping a bunch at
the end. This makes it possible to easily (and clearly) specify where we
allow white space.
Don't capture the event group and severity: we don't use them anyway.
Don't put single character matches in []: that makes it hard to read (for
me anyway).
There's no need for both the "m"(ultiline) and "s"(ingle line) options. Nor
the "o"optimize (make buggy) option.
These same changes should/will be applied to the hf regex later.
Change-Id: I3bf307dcd6432eb1a0c2b9aceea201f8403e08c0
Reviewed-on: https://code.wireshark.org/review/16313
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Update main filter after follow stream dialog is closed - Use:
previous_filter if new 'Back' button (passed in follow() method)
filter_out_filter_ if 'Filter Out This Stream' button (built by appending !current_stream to previous_filter)
leave filter alone if window closed using Close button or window close. (current stream)
Change-Id: Ic02edeaffdc65ff0f33cac4cb9afb8cde28963c7
Reviewed-on: https://code.wireshark.org/review/16277
Reviewed-by: Jim Young <jim.young.ws@gmail.com>
Petri-Dish: Jim Young <jim.young.ws@gmail.com>
Tested-by: Jim Young <jim.young.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In my previous patches (8454f2a20e and ea16a84ef5) I've tried
to make the pkg-config file more robust. But what I had
completely forgot about is that the file was never installed by
our Makefile rather than we relied on distribution maintainers to
be smart and make the package install the file instead. I've
realized this as soon as I've tried to update wireshark in my
system.
Change-Id: Idb60157a51ea1dd0afd6cfac695bfa5760485241
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-on: https://code.wireshark.org/review/16279
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
randpkt_parse_type() can (and most likely will) be called before
randpkt_example_init(), therefore g_rand_int_range is called with a NULL
GRand argument. This produces non-random output.
Change-Id: Id420edc15a5f9dec427c5f1a1dd9a1f18a225319
Reviewed-on: https://code.wireshark.org/review/16367
Reviewed-by: João Valverde <j@v6e.pt>
WS_INET6_ADDRSTRLEN should be used instead of INET6_ADDRSTRLEN.
Change-Id: Id937ca72361f4f1b3cad2c18b1067c3fddc527a9
Reviewed-on: https://code.wireshark.org/review/16359
Reviewed-by: João Valverde <j@v6e.pt>
Bug: 12594
Change-Id: Id86d1e5f2db12871bc1b345721e79e57192f01e1
Reviewed-on: https://code.wireshark.org/review/16355
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
That way, people don't get confused by an "Unrecognized libpcap format"
error - it's *not* libpcap format!
Also, improve *that* message to say "...or not libpcap data", and put a
period at the end of the error messages.
Change-Id: I175f9399fe99ce424f1d83596b7330e1fa5c0625
Reviewed-on: https://code.wireshark.org/review/16349
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Don't declare destructor as taking a const argument.
Change-Id: I9badfe400718bef41a0e0a00d4b3d1b0bb2879d1
Reviewed-on: https://code.wireshark.org/review/16342
Reviewed-by: João Valverde <j@v6e.pt>
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Replace CamelCase and remove unnecessary casts too.
Change-Id: Iacf56912448c0e0dc0fe21477d6b71ba9caba69a
Reviewed-on: https://code.wireshark.org/review/16344
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Change-Id: I67ea5df962266c1476d1d1b6234e831018138422
Reviewed-on: https://code.wireshark.org/review/16341
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Generating LUA documentation source for the developer guide says that
it's generating XML, which it did before the switch to AsciiDoc. Fix
this statement.
Change-Id: Ib8625af84c74b5f6dc31c1e9e5ded80d9d7940ff
Reviewed-on: https://code.wireshark.org/review/16320
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ie1e3b071388b3527bba1088af69d76dcb8d6981a
Reviewed-on: https://code.wireshark.org/review/16333
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
There's no need to create global structures with pointers to the (global) hf's
to pass into the dissection functions. Just reference the global variables
directly.
Remove other global variables passed as arguments while we're at it.
Remove boilerplate comments.
Change-Id: I7ce6b356172aa25983f4cc6a007a0158cb7f26c9
Reviewed-on: https://code.wireshark.org/review/16331
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Try to make the names self-explanatory (without relying on blurbs).
Change-Id: Icfb4797282987b42ac68709b431d8b7248a0a633
Reviewed-on: https://code.wireshark.org/review/16330
Reviewed-by: Michael Mann <mmann78@netscape.net>
Update scrollbars when changing display format between hex and
bits view because the height of the phane will change.
Change-Id: I81556c8dbdfb0a34f6c97e76834646a40aed62bb
Reviewed-on: https://code.wireshark.org/review/16336
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
This is for completeness.
Change-Id: Id89f649aa836dd011f0967cdbdc905916b4d2182
Reviewed-on: https://code.wireshark.org/review/16334
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Search the extcap binaries for shared libraries they require.
Treat libssh specially - for some reason, when built by macosx-setup.sh
(which just does a standard cmake build of libssh), libssh's shared
library has just libssh.4.dylib, not {installation
directory}/libssh.4.dylib, as its shared library ID, so we don't find
its binary using otool -L.
Bug: 12471
Change-Id: I3e5632d7520f1bbeca1a8faae3a012938ef9dee7
Reviewed-on: https://code.wireshark.org/review/16329
Reviewed-by: Guy Harris <guy@alum.mit.edu>
- Get rid of FF_FIELD macro. Use resoved strings instead.
- Reorder add_ff_ functions so we don't need forward declarations
- Replace add_fixed_field call by call to resolved function
- Remove add_fixed_field and all structs and enums exclusive to it.
- #if 0 out unused function add_ff_relay_capable_sta_info
Change-Id: I9955febb317f3e7c1b9ae28a5ee9c6a6472f7e9c
Reviewed-on: https://code.wireshark.org/review/16328
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
There's been a comment here since 2012 about them being unregistered. Put in
some registrations based on a feeble understanding of the specification (these
are all strings, add them as such); that should be close enough and is much
better than the (dissector) assertion we'd get otherwise.
Don't bother putting those hf's in a global structure and passing around the
structure: the hf's are global anyway--just reference them directly.
Add a link to the specification while we're here.
Change-Id: Ia7b17e92a996a1a8eb4a4489eff9fca042190a32
Reviewed-on: https://code.wireshark.org/review/16318
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
D. Ulis