It ends up dragging in libwireshark headers, which programs not linking
with libwireshark shouldn't do. In particular, including
<epan/address.h> causes some functions that refer to libwireshark
functions to be defined if the compiler doesn't handle "static inline"
the way GCC does, and you end up requiring libwireshark even though you
shouldn't require it.
Move plurality() to wsutil/str_util.h, so that non-libwireshark code can
get it without include epan/packet.h. Fix includes as necessary.
Change-Id: Ie4819719da4c2b349f61445112aa419e99b977d3
Reviewed-on: https://code.wireshark.org/review/11545
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Replace CMP_ADDRESS, COPY_ADDRESS, et al with their lower-case
equivalents in the asn1 and epan directories.
Change-Id: I4043b0931d4353d60cffbd829e30269eb8d08cf4
Reviewed-on: https://code.wireshark.org/review/11200
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This patch moves g_hash_table_destroy calls from the init routine to
the cleanup routine. Besides that, the conditional check for the hash
table has been removed, assuming that init is always paired with a
cleanup call.
If reassembly_table_init is found, a reassembly_table_destroy call is
prepended to the cleanup function as well.
Comments have been removed from the init function as well as these did
not seem to have additional value ("destroy hash table" is clear from
the context).
The changes were automatically generated using
https://git.lekensteyn.nl/peter/wireshark-notes/diff/one-off/cleanup-rewrite.py?id=4d11f07180d9c115eb14bd860e9a47d82d3d1dcd
Manually edited files (for assignment auditing): dvbci, ositp, sccp,
tcp.
Other files that needed special attention due to the use of
register_postseq_cleanup_routine:
- ipx: keep call, do not add another cleanup routine.
- ncp: remove empty mncp_postseq_cleanup. mncp_hash_lookup is used
even if a frame is visited before (see dissect_ncp_common), hence
the hash table cannot be destroyed here. Do it in cleanup instead.
- ndps: add cleanup routine to kill reassembly table, but do not
destroy the hash table as it is already done in ndps_postseq_cleanup.
Change-Id: I95a72b3df2978b2c13fefff6bd6821442193d0ed
Reviewed-on: https://code.wireshark.org/review/9223
Reviewed-by: Michael Mann <mmann78@netscape.net>
Have them return TRUE on success and FALSE on failure. Check the return
value rather than whether the error string pointer is null or not.
Change-Id: I800a03bcd70a6bbb7b217cf7c4800e9cdcf2189c
Reviewed-on: https://code.wireshark.org/review/7222
Reviewed-by: Guy Harris <guy@alum.mit.edu>
UAT error strings are usually allocated by g_strdup() or
g_strdup_printf(), and must ultimately be freed by the caller.
Make the pointer-to-error-string-pointer arguments to various functions
be "char **", not "const char **".
Fix cases that finds where a raw string was being used, as that won't
work if you try to free it; g_strdup() it instead.
Add a missing free of an error string.
Remove some no-longer-necessary casts.
Remove some unnecessary g_strdup()s (the string being handed to it was
already g_malloc()ated).
Change some variable declarations to match.
Put in XXX comments for some cases where the error string is just freed,
without being shown to the user.
Change-Id: I40297746a2ef729c56763baeddbb0842386fa0d0
Reviewed-on: https://code.wireshark.org/review/6525
Reviewed-by: Guy Harris <guy@alum.mit.edu>
If sccp.set_addresses is enabled, always SET_ADDRESS to the GT
if the GT is present, not just if ROUTE_ON_GT. This fixes TCAP
session handling in some situations.
Change-Id: Ic088a4de408303a34c17c42820602ed6bf113840
Reviewed-on: https://code.wireshark.org/review/6053
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Fifth batch (packet-rtp.c -> end).
Will look at cleaning up and committing script afterwards.
Change-Id: I8ed61dc941d98d3f7259a9d1f74e214eb7b4bfa2
Reviewed-on: https://code.wireshark.org/review/6052
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Specifically:
- Set packet.h to be the first wireshark #include after
config.h and "system" #includes.
packet.h added as an #include in some cases when missing.
- Remove some #includes included (directly/indirectly) in
packet.h. E.g., glib.h.
(Done only for those files including packet.h).
- As needed, move "system" #includes to be after config.h and
before wireshark #includes.
- Rework various #include file specifications for consistency.
- Misc.
Change-Id: Ifaa1a14b50b69fbad38ea4838a49dfe595c54c95
Reviewed-on: https://code.wireshark.org/review/5923
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Bill Meier <wmeier@newsguy.com>
This allows dissector lists to be looked up by name, so they can be
shared by multiple dissectors.
(This means that there's no "udplite" heuristic dissector list, but
there shouldn't be one - protocols can run atop UDP or UDPLite equally
well, and they share a port namespace and uint dissector table, so they
should share a heuristic dissector table as well.)
Change-Id: Ifb2d2c294938c06d348a159adea7a57db8d770a7
Reviewed-on: https://code.wireshark.org/review/5936
Reviewed-by: Guy Harris <guy@alum.mit.edu>
sccp_msg_info_t* is now passed from SCCP dissector to its subdissectors through dissector data parameter.
Change-Id: Iab4aae58f8995e844f72e02e9f2de36e83589fc0
Reviewed-on: https://code.wireshark.org/review/5442
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Convert a handful of global variables into function parameters that get passed through the dissector, so we shouldn't be dependent on pinfo->sccp_info anymore. Removal of pinfo->sccp_info will be done in a separate patch (when the dissectors that use it can be updated).
packet-sua.c may need similar treatment.
Change-Id: If0001638d666afc07e04b02aa32ef31d6223a5de
Reviewed-on: https://code.wireshark.org/review/5343
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: Ide14bcac0b1563bee4260ac9c1a280ba99e97e71
Reviewed-on: https://code.wireshark.org/review/5261
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
in the Diameter dissector.
This new API adds a filter for the MSISDN as well as a subtree and filter for
the Country Code.
Change-Id: Ibcbf4b5f72178b7e4af63efa7496188d608a9de7
Reviewed-on: https://code.wireshark.org/review/3760
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Change-Id: I8d66b1bc7dbdfee3d4bf6fd3b3c21c6323b66f44
Reviewed-on: https://code.wireshark.org/review/2946
Reviewed-by: Michael Mann <mmann78@netscape.net>
tvb_new_subset -> tvb_new_subset_remaining it appears that's what the intention is.
Change-Id: I2334bbf3f10475b3c22391392fc8b6864454de2d
Reviewed-on: https://code.wireshark.org/review/1999
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
which can be used to call the found heuristic dissector on the next pass.
Introduce call_heur_dissector_direct() to be used to call a heuristic
dissector which accepted the frame on the first pass.
Change-Id: I524edd717b7d92b510bd60acfeea686d5f2b4582
Reviewed-on: https://code.wireshark.org/review/1697
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I7489e2fb3a1f2630ca17b0a5fe1aa873992f1061
Reviewed-on: https://code.wireshark.org/review/975
Reviewed-by: Michael Mann <mmann78@netscape.net>
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The majority of the fixes are for calls to uat_new(). Instead of
having each caller cast its private data to (void**), we use void*
in the uat_new() API itself. Inside uat_new(), we cast the void*
to void**.
Some dissectors use val64_string arrays, so a VALS64() macro was
added for those, to avoid using VALS(), which is useful only for
value_string arrays.
packet-mq.c was changed because dissect_nt_sid() requires
a char**, not a guint**. All other callers of dissect_nt_sid() use
char*'s (and take the address of it) for their local storage. So,
this was changed to follow the other practices.
A confusion between gint and absolute_time_display_e in packet-time.c
was cleared up.
The ugliest fix is the addition of ip6_guint8_to_str(), for exactly
one caller. The caller uses one type of ip6 address byte array,
while ip6_to_str() expects another. This new function is in place
until the various address implementations can be consolidated.
Add VALS64() to the developer documentation.
Change-Id: If93ff5c6c8c7cc3c9510d7fb78fa9108e4552805
Reviewed-on: https://code.wireshark.org/review/48
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
and also DT1s. Update the preference text to reflect that.
(Don't change the actual preference name to avoid breaking backward
compatibility.)
svn path=/trunk/; revision=53576
convert all existing UAT update callbacks to use glib memory instead of
ephemeral memory for that string.
UAT code paths are entirely distinct from packet dissection, so using ephemeral
memory was the wrong choice, because there was no guarantees about when it would
be freed.
The move away from emem still needs to be propogated deeper into the UAT code
itself at some point.
Net effect: remove another bunch of emem calls from dissectors, where replacing
with wmem would have caused assertions.
svn path=/trunk/; revision=52854
was done using textual search+replace, not anything syntax-aware, so presumably
it got most comments as well (except where there were typos).
Use a consistent coding style, and make proper use of the WS_DLL_* defines.
Group the functions appropriately in the header.
I ended up getting rid of most of the explanatory comments since many of them
duplicated what was in the value_string.c file (and were out of sync with the
recent updates I made to those in r48633). Presumably most of the comments
should be in the .h file not the .c file, but there's enough churn ahead that
it's not worth fixing yet.
Part of https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8467
svn path=/trunk/; revision=48634
be done on flows from one address to another; reassembly for protocols
running atop TCP should be done on flows from one TCP endpoint to
another.
We do this by:
adding "reassembly table" as a data structure;
associating hash tables for both in-progress reassemblies and
completed reassemblies with that data structure (currently, not
all reassemblies use the latter; they might keep completed
reassemblies in the first table);
having functions to create and destroy keys in that table;
offering standard routines for doing address-based and
address-and-port-based flow processing, so that dissectors not
needing their own specialized flow processing can just use them.
This fixes some mis-reassemblies of NIS YPSERV YPALL responses (where
the second YPALL response is processed as if it were a continuation of
a previous response between different endpoints, even though said
response is already reassembled), and also allows the DCE RPC-specific
stuff to be moved out of epan/reassembly.c into the DCE RPC dissector.
svn path=/trunk/; revision=48491
The reassembled fragments tree in the Packet Details view is awesome, but it
lacks one thing: a field that exposes the reassembled data.
tcp.data already exists for exposing a single TCP segment's payload as a byte
array. It would be handy to have something similar for a single application
layer PDU when TCP segment reassembly is involved. I propose
tcp.reassembled.data, named and placed after the already existing field
tcp.reassembled.length.
My primary use case for this feature is outputting tcp.reassembled.data with
tshark for further processing with a script.
The attached patch implements this very feature. Because the reassembled
fragment tree code is general purpose, i.e. not specific to just TCP, any
dissector that relies upon it can add a similar field very cheaply. In that
vein I've also implemented ip.reassembled.data and ipv6.reassembled.data, which
expose reassembled fragment data as a single byte stream for IPv4 and IPv6,
respectively. All other protocols that use the reassembly code have been left
alone, other than inserting NULL into their initializer lists for the newly
introduced struct field reassemble.h:fragment_items.hf_reassembled_data.
svn path=/trunk/; revision=44802
Guy Harris