Replace:
g_snprintf() -> snprintf()
g_vsnprintf() -> vsnprintf()
g_strdup_printf() -> ws_strdup_printf()
g_strdup_vprintf() -> ws_strdup_vprintf()
This is more portable, user-friendly and faster on platforms
where GLib does not like the native I/O.
Adjust the format string to use macros from intypes.h.
When the dissector was added, BASE_HEX_DEC was used by default for many
fields. This is often not the most appropriate display format. The
biggest change is that all fields referring to sizes in bytes now
consistently use BASE_DEC_HEX.
This part of the DRBD protocol requires some state to correctly decode.
So we use a conversation to associate the packets. This conversation
stores a map of the two-phase commit data required for decoding later
packets.
Packets such as P_DATA do not have a dedicated field containing the size
of the data. It is simply the amount of extra data in the packet. It is
useful to be able to show or filter by this value, so add it as a
separate field.
Also combine the "blksize" and "size" fields, since they have the same
meaning.
Finally, remove some duplicates of the function decode_payload_data.
These values are opaque handles as far as the protocol is concerned.
They are sent from some node A to B, and then back from B to A. For node
B they have no meaning other than as a handle. However, on node A they
do have meaning, so it is useful to be able to interpret them. In
practice, they are usually little-endian encoded, so decode them
accordingly.
Dissector names allow extension items to be given standard text names.
This also uses a protocol-in-name-only to avoid the frame.protocols field from containing ":tcpcl:tcpcl:tcpcl:..." for each extension dissection.
The type ssize_t is not available on Windows. Because this is
used in the public API we must provide a definition for it.
To avoid having to add a header to fix this use a size_t in
the API instead, and assign SIZE_MAX to represent a null
terminated string.
Mainly:
* added 3 new procexit event params
* avoid sigsegv when sysdig event has
a number of params that is
greater of the wireshark one.
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
epan/dissectors/packet-netlink-netfilter.c: FT_UINT32: proto_tree_add_item(tree, hf_nfq_hwaddr_addr, tvb, offset, addrlen, [[ENC_BIG_ENDIAN]-->[ENC_NA]]);
(These messages are wrong, this field is FT_ETHER, not FT_UINT32).
epan/dissectors/packet-netlink-psample.c (15 (of 15) fields)
netlink.psample.cmd doesn't match PROTOABBREV of netlink-psample
netlink.psample.attr_type doesn't match PROTOABBREV of netlink-psample
netlink.psample.iifindex doesn't match PROTOABBREV of netlink-psample
netlink.psample.oifindex doesn't match PROTOABBREV of netlink-psample
netlink.psample.origsize doesn't match PROTOABBREV of netlink-psample
netlink.psample.sample_group doesn't match PROTOABBREV of netlink-psample
netlink.psample.group_seq_num doesn't match PROTOABBREV of netlink-psample
netlink.psample.sample_rate doesn't match PROTOABBREV of netlink-psample
netlink.psample.tunnel doesn't match PROTOABBREV of netlink-psample
netlink.psample.group_refcount doesn't match PROTOABBREV of netlink-psample
netlink.psample.out_tc doesn't match PROTOABBREV of netlink-psample
netlink.psample.out_tc_occ doesn't match PROTOABBREV of netlink-psample
netlink.psample.latency doesn't match PROTOABBREV of netlink-psample
netlink.psample.timestamp doesn't match PROTOABBREV of netlink-psample
netlink.psample.proto doesn't match PROTOABBREV of netlink-psample
Exif does not define the order of elements in the Exif data, so if there's
empty space in front of IFD #0, it might be used for other IFDs or standalone
values.
As such, don't create a dummy tree item covering that space.