No need for the GTK dependency on dissectors/packet-ipv6.h.
Add the stream_addr typedef in follow.h to make some code simpler.
Change-Id: I1cf906f58734a90263141362f2da33a140f93533
Reviewed-on: https://code.wireshark.org/review/13063
Reviewed-by: João Valverde <j@v6e.pt>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Most probably this issue was introduced as a copy paste from RNG-REQ packet when INIT-RNG-REQ packet was first created.
Change-Id: I5eb0ac666c76b48d70b3383312f0598b6110cc03
Reviewed-on: https://code.wireshark.org/review/13085
Reviewed-by: Michael Mann <mmann78@netscape.net>
Have subdissectors do the bit math checking for particular flag bits.
Change-Id: Ie6350e316f79af879be9fc512ce215f24449a7e5
Reviewed-on: https://code.wireshark.org/review/13071
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
See I651e76c6d53b0
Change-Id: I8082f22da0d16655104ad8699f08abdaf916a941
Reviewed-on: https://code.wireshark.org/review/13078
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change the tokenizer to two regular expressions, which
make the parsing of the sentence strings a lot safer and faster.
Change-Id: I444adb8db10b689dd387c0caa951981ba28be917
Reviewed-on: https://code.wireshark.org/review/13040
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
This is the correct fix commit 0e7b7dc883.
(As committed, deleting these two lines makes the dissector return the wrong
number of bytes processed.)
Change-Id: I2e88bbc6942f6af40199d5b03a71e182c1896871
Reviewed-on: https://code.wireshark.org/review/13074
Reviewed-by: Anders Broman <a.broman58@gmail.com>
* rename 'system' variable to 'system_msg'.
* change 'system' variable type to gboolean.
Fixes compile error on OSX.
Change-Id: I772b3126e6f7ebdab0797eaac223787956e02aef
Reviewed-on: https://code.wireshark.org/review/13075
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
[KISS - Keep It Simple, Stupid]
Convert the Follow TCP functionality to use a tap from the TCP dissector that passes the tvb of the payload. This makes things A LOT simpler, but relies on the TCP dissector to make all decisions.
The "tap" logic passes tvb data
1. Before calls to process_tcp_payload
2. Before hf_tcp_segment_data fields (that aren't retransmissions or otherwise handled)
Follow up patches will be necessary to clean up all of the supporting "follow" functionality that is now useless.
Bug: 6925
Bug: 9780
Change-Id: I4e7f5d453519be839de39a109bafa899b9987139
Reviewed-on: https://code.wireshark.org/review/13038
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fix:
* Byte 0 of OSC MIDI argument denotes a 'port', not a 'channel'.
* Byte 1 is either
* 'system' message (0xf0 - 0xff) and handled byte-wise or
* 'non-system' message and handled nibble-wise
* Left nibble denotes 'status'
* Right nibble denotes 'channel'
Tidy up:
* Simplify/shorted format strings for whole MIDI message.
* Add 'port' value.
* Mask 'status' and 'channel' as twin nibbles.
* Change data bytes (Bytes 2, 3) to be reported as decimals by default.
* Mask data bytes (Bytes 2, 3) with 0x7f.
* Add note names for 'noteOn', 'noteOff', 'notePressure' messages.
* Add velocity value for 'noteOn', 'noteOff' messages.
* Add pressure value for 'notePressure', 'channelPressure' messages.
* Add 14-bit (7bit LSB, 7bit MSB) value for 'pitchBend' messages.
Change-Id: I651e76c6d53b01225c3245f10fc555310c7e8c8a
Reviewed-on: https://code.wireshark.org/review/13060
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Have the TCP dissector pass FIN bit to subdissectors (HTTP only one currently using it) so subdissector can use information to determine that no more segments are coming.
Bug: 9848
Change-Id: I4aebb5141f41d99598e4776bf25e74101016f5d1
Reviewed-on: https://code.wireshark.org/review/12984
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
We don't check HAVE_LIBPCAP elsewhere, and we do use GLib functions, but
don't use the GLib dynamic-loading APIs ourselves, and don't appear to
use anything from libpcap or libwiretap, so include only <glib.h> and
include it unconditionally.
Change-Id: I97f06f56b7d87c671c0aaea1a0e60f2df7adfbd1
Reviewed-on: https://code.wireshark.org/review/13067
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Extention -> Extension
Change-Id: I1624721b2e7725ec6129b3ad06327e25c0a6291d
Reviewed-on: https://code.wireshark.org/review/13053
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
VS2010 didn't like the extra ; in the variable declarations (C99 issue?)
Change-Id: Ic0fcd8342cdd3669172985a2d8023eb7b375c0b9
Reviewed-on: https://code.wireshark.org/review/13068
Reviewed-by: Michael Mann <mmann78@netscape.net>
That makes it clearer that they're libwiretap headers.
Change-Id: Ia78a3496913b901073ee59e62bfb72c1677450fa
Reviewed-on: https://code.wireshark.org/review/13064
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I4d54b851e3bd316e10edea29d1d7e311be338c71
Reviewed-on: https://code.wireshark.org/review/13054
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
If we're dissecting heuristically, and we don't have the full fragment,
but it looks like the beginning of an RPC call or reply, ask for more
data rather than rejecting it.
That way, we can recognize handle large calls and replies, such as large
NFS writes, when transported over TCP.
Clean up conversation handling while we're at it.
Bug: 11955
Change-Id: I0237255165a277a051d355810f1500cf4228d7c8
Reviewed-on: https://code.wireshark.org/review/13061
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Regular expressions follow the Qt Regex syntax, which is
formulated after the Perl Regex syntax. A more detailed
overview of the possible rules can be found at:
http://doc.qt.io/qt-4.8/qregexp.html
If a required option is present, even the double-click on
the interface will first start the options dialog (Qt only)
Required fields are marked bold and put first in the dialog.
Additionally if validation failes (which it will if a required
field is kept empty, but also if a non-required textfield is
violating the defined regex), the label of the field is marked
with red.
Change-Id: If04a1146d0dfa778332ab2a39122c7a6ee1e93d2
Reviewed-on: https://code.wireshark.org/review/12914
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Change some Netscaler ICA fields to display absolute time and
not epoch timestamp seconds.
Change Process ID field to display decimal number
Change-Id: I57eb8883f4699072df90c0ea351e4bce3313dc0e
Reviewed-on: https://code.wireshark.org/review/13049
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This makes it possible to use a capture filter on an interface
with user DLTs (147-162).
Bug: 11656
Ping-Bug: 11668
Change-Id: Ie9931b27e8dc8ea239e7e04e26d0ae1cacba50c9
Reviewed-on: https://code.wireshark.org/review/12996
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Add support for Generic Framing Procedure. Generic Framing Procedure (GFP)
is used to map octet-aligned variable length payloads (e.g. Ethernet, MPLS,
octet-aligned PPP, IP) into octet-synchronous signals such as SONET/SDH
(ITU-T G.707) and OTN (ITU-T G.709). GFP is a telecommunications industry
standard defined in ITU-T G.7041/Y.1303.
(https://www.itu.int/rec/T-REC-G.7041/)
Bug: 11961
Change-Id: Idf5b311e82b051b1ee65bde5149b3de405537b02
Reviewed-on: https://code.wireshark.org/review/13043
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If we ever need to look at the value of any field in the packet, we
should do it the way we do in the RTP analysis code, rather than walking
the entire protocol tree.
Get rid of an unnecessary extra level of indirection for the filter
string.
Change-Id: Ie95c0171da79e7f24019a3f67396f6a533959881
Reviewed-on: https://code.wireshark.org/review/13046
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Instead, prime the epan_dissect_t's tree to look for rtp.ssrc, and
extract that value with proto_get_finfo_ptr_array().
Also, have the filter used to check whether the packet is a candidate
for RTP analysis to check for RTPv2 (and add a check for IPv4 or IPv6
back to the Qt version), and get rid of an unnecessary extra level of
indirection for that string.
In the Qt version, if findStreams() set the error string, don't
overwrite it with a "No streams found." indication, and fix error
handling for the "filter didn't compile" case.
Change-Id: I09d0ea37ccd4806d99e3b6394f2a8a376e974705
Reviewed-on: https://code.wireshark.org/review/13045
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Also protect against any badly registered protocol
Bug: 11958
Change-Id: I0c03f50c2c5478a9524ad06e669510ffb5739b21
Reviewed-on: https://code.wireshark.org/review/13041
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The message system includes mode-transition and alarm events by PLC
programmed blocks. The IDs in the mode-transition events are the same as
used in a SZL response, so I used the same decoding function.
Change-Id: If00990c21190ba0bed7933d6c8cfb590c6d8eab2
Reviewed-on: https://code.wireshark.org/review/13032
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Firstly, when building with autogen.sh and configure script, the
wireshark.pc is not generated at all. Then, due to not matching
names some variables are not being replaced as they should be.
Bug: 11069
Change-Id: Iefa7a9b536f3fee7f9ad78803aaacc5bb64a9c8d
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-on: https://code.wireshark.org/review/13005
Reviewed-by: João Valverde <j@v6e.pt>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I23806012fc4f7f3a791e380de0c364b5825f8951
Reviewed-on: https://code.wireshark.org/review/13037
Reviewed-by: David Morsberger <dave@morsberger.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
1. Populate packet number on follow HTTP handler.
2. Remove stream navigation (until its a little less buggy). This follows the convention of SSL which runs on top of a stream protocol (TCP), it's not a stream itself, which seems to be why its buggy.
Change-Id: Idf21be2a00a8fde0fbf16f40ca8c36a2a44b8993
Reviewed-on: https://code.wireshark.org/review/13027
Reviewed-by: David Morsberger <dave@morsberger.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
(Probably inserted by a script.)
Change-Id: Ibf4e4d84c0c036841971df8dad54a916502d6909
Reviewed-on: https://code.wireshark.org/review/13036
Reviewed-by: Guy Harris <guy@alum.mit.edu>
They're not just addresses, they also include a mask length for IPv4 and
a prefix length for IPv6. Rename them appropriately.
Rename the old ipv4_addr_and_mask() and ipv6_addr_and_mask() to reflect
that 1) they fetch data from a tvbuff and 2) *don't* fetch the mask
length or prefix length, those lengths are passed as arguments to
indicate how many bytes worth of address to fetch.
Change-Id: I4cad5a186ad7bfcb60022a91dbe8bc8479e6471f
Reviewed-on: https://code.wireshark.org/review/13035
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
By analogy to ipv4.h.
Change-Id: I147565b332024b1bb88e9cd15889255773d04524
Reviewed-on: https://code.wireshark.org/review/13034
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I3817d12e473b67e26159e1562a08169e91f51d46
Reviewed-on: https://code.wireshark.org/review/13019
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Adding Follow HTTP Stream justified some refactoring and code removal.
Change-Id: I9b7ace83f8517e880e78193bb97ac32e3fc91114
Reviewed-on: https://code.wireshark.org/review/13015
Reviewed-by: Michael Mann <mmann78@netscape.net>