Use tvb_pbrk_guint8, tvb_find_guint8 when possible.
Change-Id: If8090d9b9b92146e9c216f139c056130d6b04e78
Reviewed-on: https://code.wireshark.org/review/2569
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Added dissection of the SIP Service-Route header.
Change-Id: Ic4523edb374ae03492af5853863dde501a0c30e0
Reviewed-on: https://code.wireshark.org/review/2721
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Profling SIP shows that gperf generated hashing code, is
3 times faster than using GHashTable & g_str_hash/_equal()
This result in about 1% improve of whole dissection (sip traffic with filter).
Change-Id: Id6bf64bacd872e2d1c30a1b6356db444b25ba326
Reviewed-on: https://code.wireshark.org/review/2116
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Don't manually fetch each character to find ',' use tvb_find_guint8()
Change-Id: I29711421469e868a86bf2edd7adf8dcc85ed26eb
Reviewed-on: https://code.wireshark.org/review/2446
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
- Combine tvb_find_guint8() for comma, semicolon into one tvb_pbrk_guint8()
- Instead of fetching each character use tvb_pbrk_guint8() to fast
forward.
- Remove not needed tvb_find_guint8() call, as the result is discarded.
Change-Id: I38d6775b187146656d47cea9b64f8e0ccad18d36
Reviewed-on: https://code.wireshark.org/review/2384
Reviewed-by: Anders Broman <a.broman58@gmail.com>
tvb_new_subset -> tvb_new_subset_remaining it appears that's what the intention is.
Change-Id: I2334bbf3f10475b3c22391392fc8b6864454de2d
Reviewed-on: https://code.wireshark.org/review/1999
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
sip dissector when filtering spends ~5% of Ir in tvb_format_text(),
avoid calling.
Change-Id: I1de8e970b300354c0536aead65178401f140f509
Reviewed-on: https://code.wireshark.org/review/1974
Reviewed-by: Anders Broman <a.broman58@gmail.com>
which can be used to call the found heuristic dissector on the next pass.
Introduce call_heur_dissector_direct() to be used to call a heuristic
dissector which accepted the frame on the first pass.
Change-Id: I524edd717b7d92b510bd60acfeea686d5f2b4582
Reviewed-on: https://code.wireshark.org/review/1697
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
There are lot of text dissectors which want just to add escaped (not filtrable) text,
add new function proto_tree_add_format_text() which just do this in optimized way.
Change-Id: Ia0e189b620cc0a5b74cfdaef1ad4571d766bb2ab
Reviewed-on: https://code.wireshark.org/review/1678
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Evan Huus <eapache@gmail.com>
We have callgrind benchmarks which shows that col_add_fstr() takes
5% of Ir count cause of formatting done in g_vsnprintf().
New col_add_lstr() can be used in few dissectors without much ugliness,
and it should be a little faster.
Change-Id: Ifddd951063dfd3a27c2a7da4dafce9b242c0472c
Reviewed-on: https://code.wireshark.org/review/1629
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
7 SIP Messages
SIP is a text-based protocol and uses the UTF-8 charset
So use ENC_UTF_8|ENC_NA.
Change-Id: I0101eca3dd7d8ff9ebf98fd733548131b862919e
Reviewed-on: https://code.wireshark.org/review/890
Reviewed-by: Anders Broman <a.broman58@gmail.com>
profiled in october Fetch cost has gone from 15,6M to 24,2M, changing
tvb_get_string() to tvb_get_string_enc() with ENC_UTF_8 where it seems
safe helps a bit and should be done any way.
Change-Id: I4d3e640bfde3304a991c09e2a30ad7dd132fc5ac
Reviewed-on: https://code.wireshark.org/review/855
Reviewed-by: Anders Broman <a.broman58@gmail.com>
There have been enough gnarly bus in sip/sdp/rtp that it needs
to have good debug printing. Using a debugger isn't good enough
because there's interaction across multiple frames and it's too
hard to follow what's going on without real printed data history.
Change-Id: Ifb5bb1fb580be81f988569ece79d238a9c030c34
Reviewed-on: https://code.wireshark.org/review/688
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The behavior for SIP/SDP handling of RTP conversation tracking
changed in v1.10, with some unintended consequences. The bugs did not
show up at the time because wireshark makes 2 passes of the packet list,
and so the problems auto-corrected themselves in most cases. Unfortunately,
a change in r53641 modified how UDP behaves, making it always create
conversations for UDP packets, and that exposed the bugs inherent in the
SIP/SDP code changes.
This commit reverts the behavior of SIP/SDP to its pre-1.10 model, but
creates a new preference setting for "Delay SDP changes for tracking media",
which if enabled, will turn on the new (but buggy) model introduced in 1.10.
This preference is *disabled* by default, since for a majority of cases the
new behavior is worse than the previous behavior.
The preference, and this commit's fix, is not intended to last long. I intend
to re-write the SIP/SDP/RTP interaction model for release 1.11 - I think it's
too big a change for 1.10, however, which is why I submitted this commit.
Change-Id: Ic5601749d6c2344e952ced8206dd9296bfdc4b90
Reviewed-on: https://code.wireshark.org/review/543
Reviewed-by: Evan Huus <eapache@gmail.com>
The status line of the 200 OK during a deregistration is (1 bindings), but it
should be (0 bindings). Wireshark should check the "expires=0" in the contact
header not just count the number of the contact lines. But since it's not
truly valid to have expires=o contacts in responses, this commit adds expert
info warning of such.
Also, the REGISTER request itself already says "(remove all bindings)"
in the Info column currently if the Contact was a '*', but it didn't
say something similar if only de-registering one or more explicit
contacts. This has been fixed as well.
Lastly, this fixes three other bugs I found while reading the code and testing:
(1) comma-separated Contact headers will be displayed as a single one if
the first one(s) don't have header params but a subsequent one does; and
(2) the last Contact header param is displayed with the trailing '\r\n'
header separator; and (3) the SIP REGISTER response code displayed contact
binding info for responses other than 2xx, which isn't logical.
Since all of these are in the same area and not critical, I'm lumping these
all together.
A test capture file used for testing is attached to the bug.
As an aside, the SIP header parsing code needs to be refactored. Most SIP
headers follow a common ABNF pattern, and should be parsed using a common
function(s) so these issues don't crop up for specific headers.
Change-Id: I16c531fcb244dc121fc0e8046908e475b41489f9
Reviewed-on: https://code.wireshark.org/review/612
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
When a single media line is rejected in an SDP answer, for example a second
'm=video' line, wireshark disables ALL media sessions, instead of just that
one. But per the RFCs, all it should do is disable just the one RTP media
session the m= line represents. This commit fixes that, so that a disabled
media session (one with a m= port of 0) in the SDP answer only disables its
associated/paired media stream in the offer.
Change-Id: I9bd0d3fc88b8eaa55207c9bf3f3e37da7746fd14
Reviewed-on: https://code.wireshark.org/review/526
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In malformed sip-sec header fields, missing spi-c/spi-s values will
cause thie 'value' pointer to remain NULL, leading to bad things.
This fix checks for that and adds an expert warning about malformed
sip-sec mechanism.
Change-Id: Ia7d1741fc8d829dd14e5c68f21fa99282eddbeab
Reviewed-on: https://code.wireshark.org/review/299
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
From Anders Broman: parse security mechanism as specified in RFC 3329
Change-Id: I37300aa45740a11679149550943b3a1614ac8423
Reviewed-on: https://code.wireshark.org/review/138
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Tested-by: Anders Broman <a.broman58@gmail.com>
I'm not sold on the name or module the proto_data functions live in, but I believe the function arguments are solid and gives us the most flexibility for the future. And search/replace of a function name is easy enough to do.
The big driving force for getting this in sooner rather than later is the saved memory on ethernet packets (and IP packets soon), that used to have file_scope() proto data when all it needed was packet_scope() data (technically packet_info->pool scoped), strictly for Decode As.
All dissectors that use p_add_proto_data() only for Decode As functionality have been converted to using packet_scope(). All other dissectors were converted to using file_scope() which was the original scope for "proto" data.
svn path=/trunk/; revision=53520
There seem to be several cases of proto_tree_add_string_format where a "string" value/filter doesn't really make sense because it's always empty, and is just being used as a "filterable subtree header (placeholder)". They appear to be more for "presense" than "value" and should probably be FT_NONE, although I'd almost argue for removing the filter in favor of proto_tree_add_text.
svn path=/trunk/; revision=52296