There are no longer any "old" dissectors, so "new_" is redundant.
Change-Id: I5fee51228c2a8562166f5991e1f30c2c697e45c8
Reviewed-on: https://code.wireshark.org/review/13273
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Don't use the pseudo-header pointed to by pinfo->pseudo_header; have the
argument either point to a struct atm_phdr or to a pwatm_private_data_t.
Don't *overwrite* the pseudo-header pointed to by pinfo->pseudo_header
if you need to construct an ATM pseudo-header for a dissector; have your
own struct atm_phdr structure, fill it in, and pass a pointer to *that*
to the sub-dissector.
Cleans things up a bit.
Change-Id: I4464924def4de41c625002b2d273592bd529e46e
Reviewed-on: https://code.wireshark.org/review/13270
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Call resizeColumnToContents when we fill, clear, expand, or contract
items. This make sure the horizontal scrollbar shows up instead of
eliding items.
A commonly suggested solution is to call
header()->setSectionResizeMode(QHeaderView::ResizeToContents) followed
by header()->setStretchLastSection(false). This makes the scroll bar
show up when the tree is wider than the window, but when the column is
narrower than the window we end up with unused white space on the right.
Change-Id: I5896f6048385bed27858f0ac676b29a1bf1255cd
Reviewed-on: https://code.wireshark.org/review/13265
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Change-Id: I218b1c412c5b8e41025c6a9434caef38653a36df
Reviewed-on: https://code.wireshark.org/review/13262
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
MA USB packets with USB payload are now passed into the USB dissector.
This allows the payload to be dissected by the USB sub-dissectors.
1. Refactor dissect_usb_common() and put the code needed for finding USB subdissectors
into a seperate helper function.
2. Add dissect_usb_payload() call
3. Add dissect_mausb_pkt_common() helper function
4. Put code for dissecting all types of MA USB packets into helper
function dissect_mausb_pkt().
5. Add dissect_mausb_pkt_data() helper function
6. Put code for dissecting MA USB datapacket-specific fields into helper
function dissect_mausb_pkt().
7. Use proto_tree_add_bitmask() call for MA USB bitfields.
8. Create packet-mausb.h to expose MA definitions to USB dissector
9. Dissect MA USB payload with USB subdissectors
10. Undeclare USB calls no longer used by MA USB dissector
Change-Id: I456714572cd8dfc9982b087670ca73c17e25a26c
Signed-off-by: Sean O. Stalley <sean.stalley@intel.com>
Reviewed-on: https://code.wireshark.org/review/13187
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I5be0ce9168e987e8fd5ba404338111c8b8706c9f
Reviewed-on: https://code.wireshark.org/review/13243
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Assign result of `register_dissector(..., func, proto)` to FOO_handle
and remove `FOO_handle = create_dissector_handle(func, proto)`.
Found by looking for files named packet-FOO.c having the above
create_dissector_handle pattern. Some files (with different dissect
routines for the two functions) remain unchanged.
Change-Id: Ifbed8202c6dbc63a1dae9acc03313980ffbbbb90
Reviewed-on: https://code.wireshark.org/review/13247
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
I guess the ability to define a structure inside another structure is a
C-ism discarded by C++, so it causes warnings if you disallow stuff that
can't be handled by a C++ compiler, as we do.
Change-Id: I8cf52af0424708eb663ab6dbfecbf317fe3bccdb
Reviewed-on: https://code.wireshark.org/review/13257
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The data before the Ethernet packet isn't a 16-bit little-endian
integer, it's two bytes, one byte of offset and one byte of padding.
Change-Id: I327b88f058dda184b79d3c2c6cf0dea52c0d28b1
Reviewed-on: https://code.wireshark.org/review/13254
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Introduce a frame_data flag "need_colorize" to indicate that coloring
rules need to be evaluated and set it for the GUI (not tshark). This
restores the original performance characteristics.
It additionally fixes a regression where the color filter name and
filter is not shown anymore in the tree (I guess it is related to the
edt->tree being NULL when re-selected, resulting in empty color_filter).
Remaining problems:
- Display filter cannot contain frame.coloring_rule.* fields. Code is
present to enable this, but then a method is needed to avoid an
expensive second calculation (which is why it is disabled).
- The columns are still not updated after coloring rule change.
- The two frame.coloring_rule fields in the tree are not updated when
the coloring rule is changed (e.g. Ctrl-1).
The last two issues were supposed to be fixed by the previous patch, but
there is probably some missing code... Tested with GTK and Qt.
Bug: 11980
Change-Id: I3ef7713b28db242e178d20f6a5f333374718b52e
Reviewed-on: https://code.wireshark.org/review/13170
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When using UPPER_PDU to wrap logcat text data it was not possible
to dump underlying data to logcat textfiles.
Add ability to write it down properly.
Change-Id: Ia20142cc340f34d80de93e213084cf1df83099d6
Reviewed-on: https://code.wireshark.org/review/13230
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Valgrind report memleaks like these when using the wireless
toolbar to create a monitor interface and/or changing channel:
4,168 (72 direct, 4,096 indirect) bytes in 1 blocks are definitely lost in loss record 31 of 32
at 0x4C2CC70: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x5BD0742: ??? (in /lib/x86_64-linux-gnu/libnl-3.so.200.16.1)
by 0x116308: ws80211_create_on_demand_interface (ws80211_utils.c:699)
by 0x116308: ws80211_set_freq (ws80211_utils.c:729)
by 0x10D70E: set_80211_channel (dumpcap.c:4262)
by 0x10D70E: main (dumpcap.c:4935)
4,168 (72 direct, 4,096 indirect) bytes in 1 blocks are definitely lost in loss record 32 of 32
at 0x4C2CC70: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x5BD0742: ??? (in /lib/x86_64-linux-gnu/libnl-3.so.200.16.1)
by 0x116400: ws80211_set_freq (ws80211_utils.c:733)
by 0x10D70E: set_80211_channel (dumpcap.c:4262)
by 0x10D70E: main (dumpcap.c:4935)
Change-Id: Ia1de630859d96653310fbb3efebdc439ebf107b8
Reviewed-on: https://code.wireshark.org/review/13237
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
As the QKeySequence documentation says,
"On Mac OS X, references to "Ctrl", Qt::CTRL, Qt::Control and
Qt::ControlModifier correspond to the Command keys on the Macintosh
keyboard, and references to "Meta", Qt::META, Qt::Meta and
Qt::MetaModifier correspond to the Control keys. Developers on Mac OS
X can use the same shortcut descriptions across all platforms, and
their applications will automatically work as expected on Mac OS X."
This also applies to Qt Creator on OS X. If you assign a shortcut to an
action that contains the Control key, it will draw the ^ symbol in the
UI but will save "Meta" in the .ui file instead of "Ctrl", in the manner
of a well-meaning-but-not-helpful comedy sidekick.
This happened for the actions listed below. Replace "Meta" in their
shortcuts with "Ctrl".
- Unmark all (Ctrl+Alt+M)
- Next marked packet (Ctrl+Shift+N)
- Previous marked packet (Ctrl+Shift+B)
- Show packet times... (Ctrl+Alt+1 - Ctrl+Alt+8)
This matches the GTK+ UI on Windows and Linux, and uses the Command key
on OS X. If we really want to use the Control key everywhere we can
override the action sequences in main_window.cpp. We might want to do
this for the "mark" actions since Command+M is the standard key for
"Minimize this window".
Change-Id: I1537cee5bc27a32b505bace01c1de3703a18dd6a
Reviewed-on: https://code.wireshark.org/review/13238
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
That's how they're extracted in the libwiretap module, and that's how
they're shown in the ERF spec.
This gets rid of some compiler warnings about type-punning.
Merge some reserved bit fields to match what's in the ERF spec.
Renumber others.
Process the AAL2 and MC headers differently; yes, they're both
big-endian 32-bit values, but that makes the code a bit clearer, and,
heck, the optimizer may well combine the two sequences of code.
Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7
Reviewed-on: https://code.wireshark.org/review/13251
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Fix indentation.
Just directly assign values to elements in the packet buffer; no need to
convert them to numbers and note the value as a comment.
Give more detail in the comment for null-terminating buffers. Terminate
packet_buf[] once we're finished reading into it, to make it a bit
clearer what's being done.
Make the magic number buffer 513 bytes, so we have 512 bytes plus a
terminating null.
Change-Id: Ie182d93393cc55835b24075e908393c386c85c24
Reviewed-on: https://code.wireshark.org/review/13250
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Bug: 11982
Change-Id: Ib704d9128ab6427751edbf3a33f4b8fd14902562
Reviewed-on: https://code.wireshark.org/review/13233
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Enable decryption of Protected Management Frames by:
- Authorizing decryption for robust management frame (i.e. management
frame that may be encrypted): deauth, disassoc and action
(Note: Assume all action frames are robust even if it is not the case)
- Updating initialization of Additional Authentication Data (AAD)
(don't filter-out subtype) and construct nonce (set mgmt flag) for
management frames
Bug: 11995
Change-Id: I7c34a021e4c49111b85d217c9272d24d0e29ecb2
Reviewed-on: https://code.wireshark.org/review/13232
Reviewed-by: Michael Mann <mmann78@netscape.net>
Stuff in an ERF file is big-endian, except for timestamps, so we want to
convert from big-endian to host format. (The two functions do the same
thing; this just makes it clearer what we're doing.)
Change-Id: I28e27857dcf299085e8a55747ffd45ad8313789b
Reviewed-on: https://code.wireshark.org/review/13248
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add a comment indicating what choices are offered here; note that going
back to FT_BYTES without changing the way it's put into the protocol
tree is *not* a choice that's available.
Bug: 11999
Change-Id: I9831c7e9e522d3c7cea2e92c2a989050772019e4
Reviewed-on: https://code.wireshark.org/review/13244
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It first appeared in GLib 2.28, and we support - and use, in the 32-bit
OS X buildbot - earlier versions.
Change-Id: I941a0206507e532c31cb13a918e3eb4d081e6ea3
Reviewed-on: https://code.wireshark.org/review/13240
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Displayed as 6 hex digits, not 3.
Change-Id: I61f9b41d4bd846ff74fac24b0651c7243c9c9e51
Reviewed-on: https://code.wireshark.org/review/13235
Reviewed-by: João Valverde <j@v6e.pt>
Flow label has never been one word.
Change-Id: I61863cb1d7aca0ee7b48e64c4abad700555e57f2
Reviewed-on: https://code.wireshark.org/review/13236
Reviewed-by: João Valverde <j@v6e.pt>
Create a "registration" system for Follow functionality so most of the work can be abstracted into a dissector and GUI can just be responsible for "display".
This also removes the global variables in follow.c to open up multithreading possibilities.
TCP, UDP and HTTP all have the same "tap interface" for Follow functionality (passing a tvb with byte data to "follow"). SSL still has it's own behavior, so Follow structures have to take that into account.
TShark through the Follow registration now has support for HTTP.
The only thing possibly missing is dynamic menu generation to further reduce explicit knowledge of Follow "type" (and rely on registration)
Bug: 11988
Change-Id: I559d9ee1312406ad0986d4dce9fa67ea2103b339
Reviewed-on: https://code.wireshark.org/review/13161
Reviewed-by: Michael Mann <mmann78@netscape.net>
Traffic class values from IPHC headers were shown correctly in the IPHC
dissection, but not correctly inserted into the expanded IPv6 packet.
Problem was only visible on little-endian systems - the previous
code did work if big-endian.
Error was not present in HC1 decompression, but both IPHC and HC1
IPv6 construction code clarified by avoiding writing overlapping union
members.
Bug: 11971
Change-Id: I3515f18c892f1fc28ef7f8a0830a79d134e81f48
Reviewed-on: https://code.wireshark.org/review/13109
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
in the functions that dissect specific messages, we can just return 0
add a return value to aeron_frame_stream_analysis_setup() and
pass it on to the callers to allow for a clean exit
Change-Id: Iab4dee38112e32ca36822abc49d27dfe9e4c9ef7
Reviewed-on: https://code.wireshark.org/review/13147
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The interface list is not sorted at all, leading to
a very chaotic list. This sorts it alphabetically, as
well as correct a type in extcap_init_interfaces.
Bug: 11998
Change-Id: Ib5381a1761e8f07f9ba7996b3e6276da063b3932
Reviewed-on: https://code.wireshark.org/review/13220
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Remove the file dependency on the xml file as this causes
build failures due to parallel building.
There is still an issue with the build of *.hhp if the corresponding
*.xml file is rebuilt.
Change-Id: I738c687be50daebcf93576be8a43dbb6475f4fc8
Reviewed-on: https://code.wireshark.org/review/13217
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Due to integer overflow (unsigned -1 + 1 = 0), a call to
dissector_add_uint_range would be stuck in an infinite loop, eventually
crashing due to out of memory.
Found when setting radius.alternate_port:-1, but could happen with any
dissector using similar ports_range constructs.
Change-Id: Ia234e94516446250e959e0f51d552bef704cddff
Reviewed-on: https://code.wireshark.org/review/13153
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
OSC-1.1 requires OSC packets to be double SLIP encoded on a TCP stream
for framing, whereas OSC-1.0 frames packets via a int32 size prefix.
As only either OSC-1.0 or OSC-1.1 will ever be used on the same
connection, the tcp part of the OSC dissector should handle both.
'dissect_osc_tcp' now merely acts as a fork into one of both versions.
Changes:
* Reassembly for OSC-1.0 TCP is left untouched.
* Reassembly for OSC-1.1 TCP is implemented in second reassembly mode.
* OSC is no protocol per se, it's merely an encoding, renamed accordingly.
* Fix logical vs binary OR typo in MIDI pitch bend calculation.
Capture file:
* Mixed framing (OSC-1.0, OSC-1.1) OSC TCP pcap: Bug 11976
Change-Id: I5d26db023ef3ee659ae5a668b1665abef40b54c3
Reviewed-on: https://code.wireshark.org/review/13112
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This removes duplicates (including one incorrect duplicate), and also
means we have only one chunk_type_values[] value_string.
Change-Id: I4c3035b1cfb5c86cc7a5bf79feb9a5b0204b6dcc
Reviewed-on: https://code.wireshark.org/review/13212
Reviewed-by: Guy Harris <guy@alum.mit.edu>