Add 8-bit, 16-bit, 24-bit, and 32-bit "fetch signed value" routines, and
use them rather than casting the result of the 8/16/24/32-bit "fetch
unsigned value" routines to a signed type (which, BTW, isn't sufficient
for 24-bit values, so this appears to fix a bug
in epan/dissectors/packet-zbee-zcl.c).
Use numbers rather than sizeof()s in various tvb_get_ routines.
Change-Id: I0e48a57fac9f70fe42de815c3fa915f1592548bd
Reviewed-on: https://code.wireshark.org/review/26844
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
To enable TLS/SSL payload dissection for AMQPS traffic add the
AMQP handle as SSL dissector for the actual AMQPS port.
Thus we have successfully decrypted our AMQPS traffic using
a pre-master-key file.
Change-Id: I63dec2217fb5645007da010f651846834abacdbc
Reviewed-on: https://code.wireshark.org/review/24335
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 14113
Change-Id: I73c4962597d8f8bab83f089c9821269e0b7b1568
Reviewed-on: https://code.wireshark.org/review/24109
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Magnus Henoch <magnus.henoch@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
When an capture file containing AMQP 0-9 traffic is missing the
protocol header, and the first packet contains more than one AMQP
frame, we'd fail to detect the protocol version properly, since we'd
check for the frame size being equal to the PDU size. Fix this case
by checking if the frame fits within the PDU instead.
While it's possible that 0-10 and 1.0 captures could be misdetected as
0-9, this seems highly unlikely. See details in comment in
packet-amqp.c.
Bug: 14113
Change-Id: I98978ed3919be3daf7fe9a972b87e09f27ba20e3
Reviewed-on: https://code.wireshark.org/review/24108
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Previously proto_tree_add_none_format() could be called with any type
of field type, not FT_NONE only.
Change-Id: I78976a168fc1bf606b72ad38d284bb0bd1794b03
Ping-Bug: 13780
Reviewed-on: https://code.wireshark.org/review/22243
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Previous code assumed that list decoding was successful and that some
bytes were consumed. Let's explicitly check this.
Bug: 13780
Change-Id: I3546b093f309f2b8096f01bc9987ac5ad9e029eb
Reviewed-on: https://code.wireshark.org/review/22235
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bug: 13435
Change-Id: Ib61404fc3a8c461593d2a8a60224463ef2b9c4b6
Reviewed-on: https://code.wireshark.org/review/20309
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
You can't call proto_tree_add_XXX routines on a proto_item * that hasn't
been given a subtree with proto_item_add_subtree(). Fix that.
The packet offset for a FT_UINT_STRING is a pointer to the first byte of
the *length*, not to the first byte *after* the length.
Properly pluralize "entry".
Change-Id: I7f2a55eaad850e3e52e62eb061e0444d176c593a
Reviewed-on: https://code.wireshark.org/review/20785
Reviewed-by: Guy Harris <guy@alum.mit.edu>
They already know who they are when they register themselves. Saving the
handle then to avoid finding it later.
Not sure if this will increase unnecessary register_dissector functions
(instead of using create_dissector_handle in proto_reg_handoff function)
when other dissectors copy/paste, but it should make startup time
a few microseconds better.
Change-Id: I3839be791b32b84887ac51a6a65fb5733e9f1f43
Reviewed-on: https://code.wireshark.org/review/19481
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Also fix a field type conflict noticed in provided capture
Bug: 13050
Change-Id: I3d2643299b6db2729641c72b2e1f054f170b4907
Reviewed-on: https://code.wireshark.org/review/18571
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
1. Remove AMQP_INCREMENT macro. Bounds checking mostly handled already
by proto_tree_add_xxx and tvb_get_xxx. Needed to add a few more
tvb_reported_length_remaining() calls for completeness.
2. Fill in some of the gaps of unaccounted for bytes. Still have way
too many instances where bytes aren't claimed by a field.
3. Some small reordering of functions allowed for massive removal of
formal declarations.
4. Add amqp_0_10_get_32bit_size_new to add a field, check for size and
add expert info if size > 0xFFFF
5. Remove "hf_" from list type items as they are not real hf_ fields
and could cause confusion. Also made items static.
6. Convert some FT_STRING and FT_BYTES fields to FT_UINT_STRING and
FT_UINT_BYTES. Helps account for some "missing" bytes.
Change-Id: I7ed269221d294ce89feacc0642b2070681288172
Reviewed-on: https://code.wireshark.org/review/18423
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Bug: 13037
Change-Id: I935ff68050eb085789d9bd99b5ec833609c6fdca
Reviewed-on: https://code.wireshark.org/review/18336
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This patch introduces new APIs to allow dissectors to have a preference for
a (TCP) port, but the underlying data is actually part of Decode As functionality.
For now the APIs are intentionally separate from the regular APIs that register a
dissector within a dissector table. It may be possible to eventually combine the
two so that all dissectors that register with a dissector table have an opportunity
to "automatically" have a preference to adjust the "table value" through the
preferences dialog.
The tcp.port dissector table was used as the guinea pig. This will eventually be
expanded to other dissector tables as well (most notably UDP ports). Some
dissectors that "shared" a TCP/UDP port preference were also converted. It also
removed the need for some preference callback functions (mostly when the callback
function was the proto_reg_handoff function) so there is cleanup around that.
Dissectors that has a port preference whose default was 0 were switched to using
the dissector_add_for_decode_as_with_preference API rather than dissector_add_uint_with_preference
Also added comments for TCP ports used that aren't IANA registered.
Change-Id: I99604f95d426ad345f4b494598d94178b886eb67
Reviewed-on: https://code.wireshark.org/review/17724
Reviewed-by: Michael Mann <mmann78@netscape.net>
Those are the only ones meaningful. Let's convert the buggy dissectors
and add an assert to avoid the misuse of the pool parameter in the future
Change-Id: I65f470b757f163f11a25cd352ffe168d1f8a86d3
Reviewed-on: https://code.wireshark.org/review/17748
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Also some other tricks to remove unnecessary tvb_get_string_enc calls.
Change-Id: I2f40d9175b6c0bb0b1364b4089bfaa287edf0914
Reviewed-on: https://code.wireshark.org/review/16158
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
ERROR: NO ARRAY: epan/dissectors/packet-amqp.c, ei_amqp_amqp_1_0_frame_length_exceeds_65K
Missing a space after { (need fix check ?)
Change-Id: Idce3b270c53feb7fc12e8c82fb87932faa1e468d
Reviewed-on: https://code.wireshark.org/review/15728
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I30f1b92ee438361c3bd58743f7d1ae8d5ffc96f0
Reviewed-on: https://code.wireshark.org/review/15718
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I68b7fa0b5d7fae86289807d7ef01a2141dcb8ff6
Reviewed-on: https://code.wireshark.org/review/14059
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
It's not tied to the frame_data structure any more, so it belongs by
itself.
Clean up some #includes while we're at it; in particular, frame_data.h
doesn't use anything related to tvbuffs, so don't have it gratuitiously
include tvbuff.h.
Change-Id: Ic32922d4a3840bac47007c5d4c546b8842245e0c
Reviewed-on: https://code.wireshark.org/review/13518
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That removes most of the uses of the frame number field in the
frame_data structure.
Change-Id: Ie22e4533e87f8360d7c0a61ca6ffb796cc233f22
Reviewed-on: https://code.wireshark.org/review/13509
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I8512cfa1d424f82a873a0e0e1d22c7b075fdd7f3
Reviewed-on: https://code.wireshark.org/review/13069
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ie39ef054a4a942687bd079f3a4d8c2cc55d5f22c
Reviewed-on: https://code.wireshark.org/review/12485
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Since ssl_dissector_[add|delete] only take TCP dissectors, remove the parameter and just use it within the "internal" ssl_association_add call.
Change-Id: I0fdf941389934c20cbacf910250e17520614e706
Reviewed-on: https://code.wireshark.org/review/11591
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The p_(add|get)_proto_data() functions are used to store data related
to an AMQP frame. The stored information gets overwritten if there are
multiple small AMQP frames in one TCP/IP packet.
As suggested by Pascal and https://code.wireshark.org/review/#/c/10579/,
we should use tvb_raw_offset as key for p_(add|get)_proto_data().
Change-Id: I860df8af51a6fbbef495985747313ae96402cc5c
Reviewed-on: https://code.wireshark.org/review/10836
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
The AMQP channel number is 16-bit only.
packet-amqp.c: In function 'dissect_amqp_0_9_method_channel_close':
packet-amqp.c:8481: warning: cast to pointer from integer of different size
packet-amqp.c: In function 'get_conversation_channel':
packet-amqp.c:10512: warning: cast to pointer from integer of different size
packet-amqp.c:10518: warning: cast to pointer from integer of different size
Change-Id: I398ecfb19ecb7e741c2ed0675c1c625bf6a894f9
Reviewed-on: https://code.wireshark.org/review/10793
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
This patch adds cross-references between publish/delivery and
ack/nack frames. This improves user comfort when inspecting the traffic.
Change-Id: I819b19474a3f0351eb769eadf3d32042cb5f5256
Reviewed-on: https://code.wireshark.org/review/10745
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
A little usability improvement: Warn user on connection and channel
errors and when a message is undeliverable.
Change-Id: I6106a63472b1fb5cbbabcf82a90af0f489030458
Reviewed-on: https://code.wireshark.org/review/10573
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1 millisecond = 1000000 nanoseconds, not 1000 nanoseconds, and
nstime->nsecs is nanoseconds, not microseconds.
Change-Id: I6925ff80f6443015f83ca00bad2a347d10eadd7c
Reviewed-on: https://code.wireshark.org/review/10060
Reviewed-by: Guy Harris <guy@alum.mit.edu>
packet-amqp.c:10660: warning: implicit conversion shortens 64-bit value into a 32-bit value
packet-amqp.c:10661: warning: implicit conversion shortens 64-bit value into a 32-bit value
Change-Id: Ic1c19edf10432dccb5fc4f3ea07defd45b9eef17
Reviewed-on: https://code.wireshark.org/review/10054
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Timestamps are currently dissected as integer numbers; two aspects need to
be recatored to correctly dissect timestamps:
- the add_1_0_proto_item() function
- protocol fields (hf_xxx) and the get_amqp_1_0_value_formatter()
(1)
The AMQP 1.0 dissector rely on the proto_tree_add_item. There is only one
invocation common for all datatypes (in add_1_0_proto_item), which cannot
pass any type-specific ENC_xxx specifiers and it cannot handle custom
datatypes like AMQP timestamp.
I propose to replace the add_1_0_proto_item() by type-specific dissectors that
will correctly set the ENC_xxx specifiers and handle exceptional cases like
the AMQP timestamp or the zero-length true/false datatypes.
(2)
The get_amqp_1_0_value_formatter implements a table-driven magic to select
alternate hf_xxx field based on the actual datatype. This however
- defines alternate fields where the standard permits only one datatype
- does not support fields that can contain any datatype ("*")
- does not support FT_TIMESTAMP
I propose to make this mechanism less table-driven (more explicit and more
flexible) and allow all alternates permitted by the standard.
Change-Id: Ib2cbda632d4c81ec3e6b81f539fe77bb913afc1c
Reviewed-on: https://code.wireshark.org/review/9528
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Set a correct data length: 16-bytes, not 1-byte. And use the
standard function to print the uuid.
Change-Id: Ic4cc8d8de3f469e43664fbd7f6eb89083dc83be6
Reviewed-on: https://code.wireshark.org/review/8905
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Packets with a decimal datatype should be correctly dissected.
Yet, we still cannot display the decimal floating-point numbers as
there is no support in printf and glib.
Change-Id: I48a6dafd1e12ab55f660fad37a759dd16a9cf4b1
Reviewed-on: https://code.wireshark.org/review/8902
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
The standard says that (unless otherwise specified) AMQP uses
network byte order for all numeric values.
Change-Id: I3ca154a6fb882d9194a9af891f92f760aae776eb
Reviewed-on: https://code.wireshark.org/review/8889
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Modified dissect_amqp to the new-style dissector.
Added amqp.ssl.port to protocol preferences.
Registered the AMQP dissector with SSL.
Fixed an error in dissect_amqp that appeared when the first segment was smaller
than the minimum header size required to determine the protocol version (8b).
...plus enhanced the AMQP 0-9-1 to display also the protocol id,
so the packets list shows "0-9-1" instead "9-1".
Change-Id: Ia44e0791b6ee78ad594de342c4f2401bad9beb4e
Reviewed-on: https://code.wireshark.org/review/7044
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Petr Gotthard <petr.gotthard@centrum.cz>
Tested-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Since 'values' is always 'length/4', we can have it as 'gint' and avoid
the Clang warning concerning the while cycle.
>> cannot optimize loop, the loop counter may overflow [-Wunsafe-loop-optimizations]
Change-Id: I4342f9e3fcd5df7779f41414ab6f789fe402e3af
Reviewed-on: https://code.wireshark.org/review/6979
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Change-Id: Ie55dd06b6c4d6f77012e8e13079279ded2997907
Reviewed-on: https://code.wireshark.org/review/6920
Reviewed-by: Michael Mann <mmann78@netscape.net>
St*** Mac OS X buildbot...
Part 2 (Oups...)
Change-Id: I082d73d4581365d7152aca764e4dfe599ce12c64
Reviewed-on: https://code.wireshark.org/review/6923
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
St*** Mac OS X buildbot...
Change-Id: I5efff34ce818f52fb6414191c58b5cabb388ba26
Reviewed-on: https://code.wireshark.org/review/6922
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This patch resolves review comments I received from the AMQP 0-9-1 community.
Some field types were not implemented, other field types (introduced by my
earlier patch) were incorrectly parsed.
https://groups.google.com/forum/#!topic/rabbitmq-users/PR7P1bgonwo
I had to split the dissect_amqp_0_9_field_table() function into two parts
and put the field value dissectors in a separate function:
dissect_amqp_0_9_field_value().
Change-Id: I9aa7d73e426a790830ad260ca6892a7650791e6c
Reviewed-on: https://code.wireshark.org/review/6882
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Use G_GINT64_MODIFIER as the format modifier to indicate that the value
being printed is 64-bit; there is no guarantee that long is 64-bit (it's
not 64-bit on ILP32 platforms such as 32-bit Windows and 32-bit UN*X, or
even on LLP64 platforms such as 64-bit Windows).
Change-Id: I0444f7f396969824f1040c06a67753718c32881b
Reviewed-on: https://code.wireshark.org/review/6838
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: Ie39cb40dca3d9f778ef2c04cbef24c968a91ec6c
Reviewed-on: https://code.wireshark.org/review/6791
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Guy Harris