Add col_data_changed, which checks to see if we have updated column
info. Add col_append_frame_number, which adds a frame number and sets
col_data_changed. Call col_append_frame_number instead of
col_append_fstr from some dissectors.
Add PacketListRecord::invalidateAllRecords, which invalidates any cached
record data. Add PacketListModel::invalidateAllColumnStrings which calls
invalidateAllRecords and signals that our data has changed. Call
invalidateAllColumnStrings when we have new name resolution or column
information.
Bug: 11414
Bug: 11468
Change-Id: I2671594a722f4f9436fe1df84d43489a148e0cee
Reviewed-on: https://code.wireshark.org/review/26373
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
The data for an address is *not* guaranteed to be aligned on any
particular boundary, so, for IPv4 addresses, don't assume it's aligned
on a 32-bit boundary - to get it in host byte order, fetch it with
pntoh32(), which fetches a 32-bit value that's in network byte order,
and isn't necessarily aligned on any particular boundary, and returns it
in host byte order.
Change-Id: Ic512ab4b1e0f2815d9f0af0e33714f456a08a45d
Reviewed-on: https://code.wireshark.org/review/25589
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It defines a ws_in4_addr type, which is intended to hold IPv4 addresses
in network byte order, and some macros to test for IPv4 addresses in the
local network control block and multicast IPv4 addresses.
Use those macros in places where dissectors had their own code for that
purpose.
Change-Id: I4252b410e37207157be85119a332e2a6913b332f
Reviewed-on: https://code.wireshark.org/review/24178
Reviewed-by: Guy Harris <guy@alum.mit.edu>
For the moment this mirrors the port_type enumeration (PT_XXX), but the
intent is to move away from using "port types", eliminating most (if not
all)
Added conversation_pt_to_endpoint_type() so that conversations deal with the
correct enumeration. This is for dissector that use pinfo->ptype as input
to conversation APIs. Explicit use of port types are converted to using
ENDPOINT_XXX type.
Change-Id: Ia0bf553a3943b702c921f185407e03ce93ebf0ef
Reviewed-on: https://code.wireshark.org/review/24166
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add global preference to allow for "stricter" conversation tracking
Bug: 13518
Change-Id: I166a084c402374fa76dac7bb54f941e2e9c9325a
Reviewed-on: https://code.wireshark.org/review/22842
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Sequence analysis has its own "filtering" system that required its
tap functions to look for some "filter flags". register_tap_listener()
already comes with a filter argument, so use that to simplify logic
of tap functions in dissectors.
Also have Qt GUI for Flow Graph look like other dialogs that have a
"Limit to display filter" checkbox.
Change-Id: I91d9d9599309786892f5b50c98692e52651e7174
Reviewed-on: https://code.wireshark.org/review/23659
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Functionality for ICMP was "hidden" in the frame/"any" flow.
Pull it out into its own using the new sequence analysis API.
Change-Id: I2035f1a59a9e46ea1086443ad4b4a9723dc13883
Reviewed-on: https://code.wireshark.org/review/23625
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Optimize code and open possibility for enriching IPv6 tap data.
Change-Id: I5a204d7464cde32123d5bfe664cc9b6bcf08dbe1
Reviewed-on: https://code.wireshark.org/review/23340
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Use offset in tvb, not 0 for computation.
Also add check for checksum = 0, which means checksum isn't present.
Bug: 13586
Change-Id: I18812894104c35e50ecb99aa8eca6b030c78c486
Reviewed-on: https://code.wireshark.org/review/21070
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
proto_tree_add_checksum uses expert info and shouldn't be
"NULL tree protected"
Change-Id: If8a367c2be69252e9c6613329b7f78ad7e1e34eb
Ping-Bug: 13586
Reviewed-on: https://code.wireshark.org/review/21012
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I465341919675783999f4b131a7485ef2f6b8059f
Reviewed-on: https://code.wireshark.org/review/20583
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
They already know who they are when they register themselves. Saving the
handle then to avoid finding it later.
Not sure if this will increase unnecessary register_dissector functions
(instead of using create_dissector_handle in proto_reg_handoff function)
when other dissectors copy/paste, but it should make startup time
a few microseconds better.
Change-Id: I3839be791b32b84887ac51a6a65fb5733e9f1f43
Reviewed-on: https://code.wireshark.org/review/19481
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The code was making the assumption that the ICMP data time will always
be greater than or equal to the frame time, but not earlier, but that
is not always the case and the heuristics can fail.
Bug: 13161
Change-Id: I4bc7bd8d22d717d3b1f08afdd651f8a70cb7aef2
Reviewed-on: https://code.wireshark.org/review/19157
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Mirror it after protocol dissector API.
Change-Id: I7985bcfa9e07654c7cf005efec94efc205d7a304
Reviewed-on: https://code.wireshark.org/review/18496
Reviewed-by: Michael Mann <mmann78@netscape.net>
We may want to add expert infos for IPv6 extension headers over IPv4 (TODO).
Any side-effects that don't make sense (e.g: IPv6 Routing over IPv4) are
ignored.
The IPv6 Next Header decode as is replaced by IP Proto decode as. It
didn't fit a conceptual model well and it also was not working very well
in practice (for multiple extension headers).
We now support decoding any IP Protocol number as an extension header.
Bug: 12673
Change-Id: Icbde019aba8990cc556ef2bd832f64cba76c24b6
Reviewed-on: https://code.wireshark.org/review/16681
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Fill in the "gaps" so that all dissectors that verify checksums have both a
status and expert info field.
Also address comments from original proto_tree_add_checksum patch that didn't make it.
Ping-Bug: 8859
Change-Id: I2e6640108fd6bb218cb959fe9e4ba98a13e43a2f
Reviewed-on: https://code.wireshark.org/review/16590
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
That's cleaner than reporting it as 0.
Change-Id: I862130c98131ba83f9689201d852e2f1aab34770
Reviewed-on: https://code.wireshark.org/review/16619
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This is an attempt to standardize display/handling of checksum fields for all dissectors.
The main target is for dissectors that do validation, but dissectors that just report the
checksum were also included just to make them easier to find in the future.
Bug: 10620
Bug: 12058
Ping-Bug: 8859
Change-Id: Ia8abd86e42eaf8ed50de6b173409e914b17993bf
Reviewed-on: https://code.wireshark.org/review/16380
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Ping-Bug: 12581
Change-Id: I6943d275de988e9de66bc01e2b421901947a5b95
Reviewed-on: https://code.wireshark.org/review/16252
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Indicate whether they take a signed time delta or an unsigned time
delta.
Export unsigned_time_secs_to_str() while we're at it.
Change-Id: I0fbe87f1825efa886364caa61a3358b79d285947
Reviewed-on: https://code.wireshark.org/review/15324
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This saves many dissectors the need to find the data dissector and store a handle to it.
There were also some that were finding it, but not using it.
For others this was the only reason for their handoff function, so it could be eliminated.
Change-Id: I5d3f951ee1daa3d30c060d21bd12bbc881a8027b
Reviewed-on: https://code.wireshark.org/review/14530
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Started by grepping call_dissector_with_data, call_dissector_only and call_dissector and traced the handles passed into them to a find_dissector within the dissector. Then replaced find_dissector with find_dissector_add_dependency and added the protocol id from the dissector.
"data" dissector was not considered to be a dependency.
Change-Id: I15d0d77301306587ef8e7af5876e74231816890d
Reviewed-on: https://code.wireshark.org/review/14509
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
'ieee17221.clock_source_id' exists multiple times with NOT compatible types: FT_UINT16 and FT_UINT64
'ieee17221.stream_format' exists multiple times with NOT compatible types: FT_NONE and FT_UINT64
'afp.unknown' exists multiple times with NOT compatible types: FT_UINT16 and FT_BYTES
'afp.toc_offset' exists multiple times with NOT compatible types: FT_NONE and FT_UINT64
'bootp.client_id.iaid' exists multiple times with NOT compatible types: FT_UINT32 and FT_STRING
'bthfp.chld.mode' exists multiple times with NOT compatible types: FT_STRING and FT_UINT8
'canopen.pdo.data' exists multiple times with NOT compatible types: FT_STRINGZ and FT_BYTES
'canopen.sdo.data' exists multiple times with NOT compatible types: FT_UINT32 and FT_BYTES
'ceph.msg.' exists multiple times with NOT compatible types: FT_UINT32 and FT_UINT64
'ceph.version' exists multiple times with NOT compatible types: FT_UINT16 and FT_UINT64
'cip.linkaddress' exists multiple times with NOT compatible types: FT_STRING and FT_UINT8
'dnp3.al.ana' exists multiple times with NOT compatible types: FT_FLOAT and FT_INT32
'dnp3.al.anaout' exists multiple times with NOT compatible types: FT_FLOAT and FT_INT32
'dtls.handshake.cert_url.url_hash_len' exists multiple times with NOT compatible types: FT_STRING and FT_UINT16
'ssl.handshake.cert_url.url_hash_len' exists multiple times with NOT compatible types: FT_STRING and FT_UINT16
'dvb-s2_gse.label' exists multiple times with NOT compatible types: FT_UINT24 and FT_ETHER
'fcdns.rply.fc4type' exists multiple times with NOT compatible types: FT_NONE and FT_UINT8
'fcdns.req.fc4type' exists multiple times with NOT compatible types: FT_NONE and FT_UINT8
'icmp.int_info.name' exists multiple times with NOT compatible types: FT_STRING and FT_BOOLEAN
'icmpv6.ilnp.nb_locs' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT8
'icmpv6.ilnp.nb_locs' exists multiple times with NOT compatible types: FT_UINT32 and FT_UINT64
'mausb.clear_transfers.status' exists multiple times with NOT compatible types: FT_BOOLEAN and FT_NONE
'mikey.v' exists multiple times with NOT compatible types: FT_BOOLEAN and FT_NONE
'mswsp.rangeboundry.ultype' exists multiple times with NOT compatible types: FT_STRING and FT_UINT32
'mswsp.arrayvector.address64' exists multiple times with NOT compatible types: FT_UINT32 and FT_UINT64
'nlm.lock.l_offset' exists multiple times with NOT compatible types: FT_UINT32 and FT_UINT64
'nlm.lock.l_len' exists multiple times with NOT compatible types: FT_UINT32 and FT_UINT64
'pflog.saddr' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
'pflog.daddr' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
'pflog.saddr' exists multiple times with NOT compatible types: FT_BYTES and FT_IPv6
'pflog.daddr' exists multiple times with NOT compatible types: FT_BYTES and FT_IPv6
'pgm.spm.path' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
'pgm.nak.src' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
'pgm.nak.grp' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
'pgm.poll.path' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
'pgm.opts.ccdata.acker' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
'pgm.opts.ccdata.acker' exists multiple times with NOT compatible types: FT_IPv4 and FT_IPv6
'pgm.opts.ccdata.acker' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
'pgm.opts.redirect.dlr' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
Change-Id: Iaf694699d108a12db172da8dd9fbab211adb329d
Reviewed-on: https://code.wireshark.org/review/14070
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
It's not tied to the frame_data structure any more, so it belongs by
itself.
Clean up some #includes while we're at it; in particular, frame_data.h
doesn't use anything related to tvbuffs, so don't have it gratuitiously
include tvbuff.h.
Change-Id: Ic32922d4a3840bac47007c5d4c546b8842245e0c
Reviewed-on: https://code.wireshark.org/review/13518
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That removes most of the uses of the frame number field in the
frame_data structure.
Change-Id: Ie22e4533e87f8360d7c0a61ca6ffb796cc233f22
Reviewed-on: https://code.wireshark.org/review/13509
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add fields for the absolute time stamp (and another field for a presence
flag for the absolute time stamp) and the packet encapsulation for the
packet.
This lets us remove the field for the packet encapsulation in the
frame_data structure; do so.
Change-Id: Ifb910a9a192414e2a53086f3f7b97f39ed36aa39
Reviewed-on: https://code.wireshark.org/review/13499
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Kept backwards compatibility with GTK+ capture info dialog by keeping the protocols tracked hardcoded, but Qt should have more freedom.
Change-Id: I497be71ec761d53f312e14858daa7152d01b8c72
Reviewed-on: https://code.wireshark.org/review/12724
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
While it currently only contains packet_counts, it will hopefully stabilize the capture function signature if more fields are added.
Change-Id: I003552c58043c7c2d67aec458187b12b233057e2
Reviewed-on: https://code.wireshark.org/review/12690
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
These were created from capture dissector functions that had switch statements determine "next" protocol/dissector. The registration decreases the need for function declarations in header files.
Added new capture dissection tables for IP, IPv6, TCP and UDP as that seems like the next logical place to expand
Change-Id: I1ec0cd54eecda4f400669ee5b026bf6e2b46545a
Reviewed-on: https://code.wireshark.org/review/12634
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ie39ef054a4a942687bd079f3a4d8c2cc55d5f22c
Reviewed-on: https://code.wireshark.org/review/12485
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Either remove them completely, or put them inside an #ifdef.
Change-Id: Iceff4909e250c17812f38d94e067f7c37ab72e1b
Reviewed-on: https://code.wireshark.org/review/11630
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Do not retrieve type and code base on the info column content.
Instead store type and code in pinfo structure and retrieve them in sequence analysis tap.
Change-Id: I71cd505d7faf713c2372731495d47b45928a41f8
Reviewed-on: https://code.wireshark.org/review/10280
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Pascal Artho <pascalartho@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Fixes these warnings reported by Undefined Behavior Sanitizer (UBSan)
while running the test suite:
icmp: left shift of 55099 by 16 places cannot be represented in type 'int'
wimax: left shift of 1 by 31 places cannot be represented in type 'int'
Change-Id: I72913a901b61033098750da9c8f1617b055999a1
Reviewed-on: https://code.wireshark.org/review/8913
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Mistake when remove proto_tree_add_text calls
Change-Id: I820264b7a90a2563f846b6e6472416cd3e3278a4
Reviewed-on: https://code.wireshark.org/review/8368
Reviewed-by: Michael Mann <mmann78@netscape.net>
Part 2
Change-Id: I4fa4a48fe047b7231f1cf084d8c798ada15372c5
Reviewed-on: https://code.wireshark.org/review/7607
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add the ability to set frame number types: none, request, or response.
Use the types to draw different related packet indicators in the packet
list.
Track the conversation in PacketListRecord. Use it to draw dashed lines
for unrelated frames.
Set frame number types for DNS and ICMP.
Instead of drawing a transparent QImage, alpha blend our foreground
color and draw directly in our painter. Blend more toward the foreground
color.
Add FRAMENUM_TYPE to checkAPIs.
Change-Id: I2495945bb436413e05d6ec697184a0b4fd5ad214
Reviewed-on: https://code.wireshark.org/review/7436
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Gerald Combs