That way, the code that constructs the runtime version string doesn't
itself have to call libpcap and libz, and could be usable in programs
that don't call them.
While we're at it, add "with" to the run-time version information for
GnuTLS and libgcrypt, to match the compile-time version information, and
add the version information from libwireshark to TShark.
Change-Id: I3726a027d032270b032292da9314c1cec535dcd2
Reviewed-on: https://code.wireshark.org/review/2587
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add a dissector table indexed by the file type, and, for the
file-type-specific records, have the frame dissector skip the usual
pseudo-header processing, as the pseudo-header has a file-type-specific
record subtype in it, and call the dissector for that file type's
records.
Change-Id: Ibe97cf6340ffb0dabc08f355891bc346391b91f9
Reviewed-on: https://code.wireshark.org/review/1782
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add a "record type" field to "struct wtap_pkthdr"; currently, it can be
REC_TYPE_PACKET, for a record containing a packet, or
REC_TYPE_FILE_TYPE_SPECIFIC, for records containing file-type-specific
data.
Modify code that reads packets to be able to handle non-packet records,
even if that just means ignoring them.
Rename some routines to indicate that they handle more than just
packets.
We don't yet have any libwiretap code that supplies records other than
REC_TYPE_PACKET or that supporting writing records other than
REC_TYPE_PACKET, or any code to support plugins for handling
REC_TYPE_FILE_TYPE_SPECIFIC records; this is just the first step for bug
8590.
Change-Id: Idb40b78f17c2c3aea72031bcd252abf9bc11c813
Reviewed-on: https://code.wireshark.org/review/1773
Reviewed-by: Guy Harris <guy@alum.mit.edu>
For packet-scope allocation, there's no need to support realloc(), free()
cause memory will be garbage collected after packet dissection.
(and this allocator is much faster than full block allocator).
Change-Id: I73fdf708c3077f48f55bdcc71f4fa859e4ac2335
Reviewed-on: https://code.wireshark.org/review/1428
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Otherwise a library reinitialization leaks at least one large 8MB chunk.
Change-Id: I5336fef5925eb54e88a72f1a16fc0ddf77ae6c10
Reviewed-on: https://code.wireshark.org/review/945
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This patch causes Wireshark/tshark to segfault if the file is reread(open a file and press reload).
The test suite also fails on
2.1.1 Step: Exit status for existing file: "/home/wireshark/builders/trunk/sol10sparc/build/test/captures/dhcp.pcap" must be 0/home/wireshark/builders/trunk/sol10sparc/build/test/suite-clopts.sh: line 149: 6646 Segmentation Fault (core dumped) $TSHARK -r "${CAPTURE_DIR}dhcp.pcap" > ./testout.txt 2>&1
OSX build bot chokes on
pcapng.c: In function 'pcapng_destroy_option_value':
pcapng.c:377: warning: implicit declaration of function 'g_byte_array_unref'
pcapng.c:379: warning: implicit declaration of function 'g_array_unref'
pcapng.c: In function 'pcapng_collect_block_option':
pcapng.c:419: warning: implicit declaration of function 'g_byte_array_new_take'
pcapng.c:419: warning: initialization makes pointer from integer without a cast
these functions are glib 2.22
This reverts commit 7b13a3b0f6.
Change-Id: Ia82fdb2d08287bc2cd2841e1e941ae68cbc2e009
Reviewed-on: https://code.wireshark.org/review/749
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Interface options[1], and more generally pcapng options[2], are useful
information that can provide improved dissector output.
Prior to this change, only certain pcapng interface options were interpreted
and made available to dissectors, e.g. the interface name or description.
This change augments the situation by providing epan_get_interface_option( ),
which returns an array of byte arrays if the option code exists
(otherwise NULL). Each element of the array is a byte buffer containing
the raw data of the option. An array-of-buffers is used because pcapng
allows for multiple instances of the same option to be present in the file.
All interface options found in a pcapng file are thus made available to the
dissector.
The implementation also provides infrastructure to collect options from
other pcapng blocks such as the section header. Currently these options
are discarded, but could be retained in the future to support more features.
[1] http://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html#sectionidb
[2] http://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html#sectionopt
Change-Id: I944b6f0f03dde9b8e7d1348b76acde6f9d312f37
Reviewed-on: https://code.wireshark.org/review/331
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The current API for Lua provides a global function
"all_field_infos()" which returns all the populated field_info nodes
in the current proto_tree.
By default all_field_infos() "works", in the literal sense: it returns
exactly the fields the previous dissectors of the packet have
populated at that instant of time. But of course dissectors don't
populate all the applicable fields most of the time, because of the
TRY_TO_FAKE_THIS_ITEM optimization where they don't fill in things
that aren't needed at the time by a display, color, or tap's dfilter.
So this commit offers a way to force the dissectors to populate
all the applicable field_infos in the tree, by setting the proto_tree
to be visible. Obviously that is going to impact performance, since
it basically bypasses the TRY_TO_FAKE_THIS_ITEM optimization; so the
patch only does this if the Lua script author told it to explicitly,
by adding an argument to Listener.new() and register_postdissector().
Change-Id: I11d3559fbe8c14fbadf1b51415a3701dc1200b7b
Reviewed-on: https://code.wireshark.org/review/286
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This is a VERY PRELIMINARY version of tfshark. It's an attempt to jumpstart FileShark and its architecture. Right now it's mostly just a very stripped down version of tshark with all of the necessary build modifications (including now building filetap library since tfshark depends on it)
This code has helped me identify what I believe to be all of the necessary layers for a complete fileshark architecture. And those layers will slowly be added in time (patches always welcome!).
svn path=/trunk/; revision=54646
the code to scan for them uses those routines.
This means epan_init() no longer takes those routines as arguments -
which is just as well, given that the mechanism in question is no longer
part of libwireshark, but is part of libwsutil.
This should fix bug 9508.
svn path=/trunk/; revision=53796
knowledge of particular types of plugins. Instead, let particular types
of plugins register with the common plugin code, giving a name and a
routine to recognize that type of plugin.
In particular applications, only process the relevant plugin types.
Add a Makefile.common to the codecs directory.
svn path=/trunk/; revision=53710
I'm not sold on the name or module the proto_data functions live in, but I believe the function arguments are solid and gives us the most flexibility for the future. And search/replace of a function name is easy enough to do.
The big driving force for getting this in sooner rather than later is the saved memory on ethernet packets (and IP packets soon), that used to have file_scope() proto data when all it needed was packet_scope() data (technically packet_info->pool scoped), strictly for Decode As.
All dissectors that use p_add_proto_data() only for Decode As functionality have been converted to using packet_scope(). All other dissectors were converted to using file_scope() which was the original scope for "proto" data.
svn path=/trunk/; revision=53520
pinfo memory pool, they have exactly the same scope. Simplification and minor
performance win (one GHashTable we longer have to create/destroy on every
packet).
svn path=/trunk/; revision=53076
After recent changes it's possible that epan_dissect_cleanup() can be called if there were
no dissection run on it (epan_dissect_run()) In such case ->tvb will have random value,
just initialize it to NULL in _init() and see if it's working.
Thanks goes to Evan for backtrace.
svn path=/trunk/; revision=52722
This time it makes more sense, cause for each dissection we need two wmem allocators.
Reseting wmem allocator is much faster than destroy & create.
svn path=/trunk/; revision=52706
It'd be actually good idea to seperate packet_info data (packet.c) from epan_dissect_t (epan.c),
but this rule is already violated.
Strict seperation could allow for example allow multiple dissection on the same epan_dissect_t
(I think it was idea behind it), but it's not working.
svn path=/trunk/; revision=52705
Make epan_free a no-op if the pointer is NULL. This fixes 99% of the cases
causing problems for wmem_leave_file_scope() - remove that XXX comment and add
back the assertion.
Remove the cleanup_dissection call from epan_cleanup, it doesn't make sense
there. init_dissection is only called from epan_new, so cleanup_dissection
should only be called from epan_free.
Add one missing epan_free call to tshark revealed by the above changes.
svn path=/trunk/; revision=51342
should be freed when it is destroyed. This requires splitting packet_init in
two: the hash table which must be created before protocol registration, and the
caching of common protocol handles, which must happen after registration.
svn path=/trunk/; revision=51329
the various name resolvers; put those two routines next to each other.
Add generic addr_resolv_init() and addr_resolv_cleanup() routines which call
all of those internal routines.
Call the generic init/cleanup routine from epan_init() and epan_cleanup().
Create the hash tables for each name resolver in those initialization routines
in order to avoid having to repeatedly check if the table is already created
or not (and to avoid glib warnings if we neglected to perform that check):
http://www.wireshark.org/lists/wireshark-dev/201308/msg00012.html
Don't clean up hostnames in init_dissection(): it's done already in cleanup_dissection().
Don't initialize hostnames in cleanup_dissection(): it's done already in init_dissection().
svn path=/trunk/; revision=51191
Original (read from file) comments can be accessed by pkthdr->opt_comment
Keep user comments in seperated BST, add new method for epan session to get it.
svn path=/trunk/; revision=51090
Remove ->prev_cap, for testing purpose also replace ->prev_dis with number of previously displayed frame number.
This patch reduce size of frame_data by 8B (amd64)
This is what (I think) was suggested by Guy in comment 13 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5821#c13)
svn path=/trunk/; revision=50765
Expert info "fields" can now be registered/addressed by name. Right now, the basic framework allows expert info fields to become "display filters". However more could be done, like user preferences overriding default severity level, speeding up expert info dialog load time by not needing to redissect a file, etc.
Long term goal is to have all expert_info filterable and have the functionality of expert_add_info_format() include the "registered index". expert_add_info_format_text() is the workaround until all current calls to expert_add_info_format() have been updated with either expert_add_info() or expert_add_info_format_text(). Then the remaining expert_add_info_format_text() will be renamed to expert_add_info_format().
svn path=/trunk/; revision=49559
is in this epan_dissect_t contain the field whose name is passed as an
argument" routine in libwireshark, and use it where we used
packet_is_ssl(). (We should check to see if anything *else* could use
it.)
svn path=/trunk/; revision=49530
determine the desired type. This has two advantages over the old way:
- just one environment variable for valgrind to override in order to guarantee
that ALL allocators use memory it can track, and just one place to check that
variable
- allocator owners no longer have to include headers specific to their
allocator, allowing them to change allocators without adjusting all their
#includes
svn path=/trunk/; revision=46604
where the edt is on the stack, in which case epan_dissect_free never gets
called and we were leaking the pool (although not any of the memory in it).
svn path=/trunk/; revision=46333
yet initialized because I can't figure out where the enter() and leave() calls
should go - the obvious place in packet.c causes a lot of assertion errors.
svn path=/trunk/; revision=45879
Call them from epan_init() and epan_cleanup().
Expose a permanent wmem scope for allocations that should only be freed when
epan is done (which is *not* necessarily when the program finishes).
svn path=/trunk/; revision=45805
- initialize edt once in few places, and later reset it after dissecting
(add_packet_to_packet_list),
- revert r45667, probably no longer needed.
svn path=/trunk/; revision=45669
Guy Harris