and also use the name of spec for field (Header BLock Fragment
Change-Id: I5a3884186258dac1f243f991a3392c875403eb97
Reviewed-on: https://code.wireshark.org/review/17310
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
for used on another dissector...
Change-Id: I7c27517ee26ee9f9384e22a83e547550863093d8
Reviewed-on: https://code.wireshark.org/review/17133
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I66e24f5a28ed44dc466614b09e33b85c6a957df5
Reviewed-on: https://code.wireshark.org/review/14987
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This saves many dissectors the need to find the data dissector and store a handle to it.
There were also some that were finding it, but not using it.
For others this was the only reason for their handoff function, so it could be eliminated.
Change-Id: I5d3f951ee1daa3d30c060d21bd12bbc881a8027b
Reviewed-on: https://code.wireshark.org/review/14530
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Cache decoded header fields in order to conserve memory.
If we try to decompress more than 256 KB or find 200 or more headers
stop decompressing and add an expert item. Note that we might want to
make the maximum values configurable via preferences.
Bug:12077
Change-Id: Idf7cb1046c96cf87e1b53af6c56e19b4abad1dfb
Reviewed-on: https://code.wireshark.org/review/13746
Reviewed-by: Gerald Combs <gerald@wireshark.org>
It's not tied to the frame_data structure any more, so it belongs by
itself.
Clean up some #includes while we're at it; in particular, frame_data.h
doesn't use anything related to tvbuffs, so don't have it gratuitiously
include tvbuff.h.
Change-Id: Ic32922d4a3840bac47007c5d4c546b8842245e0c
Reviewed-on: https://code.wireshark.org/review/13518
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Do not call heuristics dissectors when the SSL application data protocol
is known (via STARTTLS or via an earlier packet in session).
When the protocol is *not* known, first try heuristics on the initial
payload. If a match is found, it can then override the protocol that
would otherwise be used due to a port number match.
The HTTP2 dissector is adjusted to take advantage of that such that
HTTP2 on non-standard ports still get detected as HTTP2. Also save
dissector registration to avoid the http2 dissector from showing up
as "(null)". Now HTTP2 is really shown as "http2" and not "http" in
the "Application Data Protocol"!
The CredSSP dissector is untested and not modified as I don't know if
the whole stream will be SSL.
Tested with fix-ssl.pcap and a http2 capture (from bug 11331) wrapped
in SSL (without ALPN).
Change-Id: I134e2d4ac22287bc0a5aeadb1e38cb4059fa108b
Reviewed-on: https://code.wireshark.org/review/13179
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I9d0ba8eb1ce5a3e3f867266f3fbad0727984fca2
Reviewed-on: https://code.wireshark.org/review/12873
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ie39ef054a4a942687bd079f3a4d8c2cc55d5f22c
Reviewed-on: https://code.wireshark.org/review/12485
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Some of the ASN.1 dissectors still generate a new_create_dissector_handle from the tool itself, so leave those for now.
Change-Id: Ic6e5803b1444d7ac24070949f5fd557909a5641f
Reviewed-on: https://code.wireshark.org/review/12484
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Either remove them completely, or put them inside an #ifdef.
Change-Id: Iceff4909e250c17812f38d94e067f7c37ab72e1b
Reviewed-on: https://code.wireshark.org/review/11630
Reviewed-by: Guy Harris <guy@alum.mit.edu>
These aren't "true" shadow issues, but the script doesn't completely understand C syntax (for things like struct member names "time" and "index"). But fixing them creates less noise.
Change-Id: I5a2db1549095824530428529e86cab453c031a04
Reviewed-on: https://code.wireshark.org/review/10368
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It is so fragile that it triggers too many false positives and it was not
activated by default prior to g21e5a95.
If required, a user can still use 'Decode As' functionality.
Change-Id: I0236609665c57c6f3961cb9596c47b54da777641
Reviewed-on: https://code.wireshark.org/review/9842
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
The preferences are still supported for backwards compatibility, but the heuristic_protos file has final say on the "preference" to enable/disable a heuristic dissector.
Also add parameter to heur_dissector_add() for the "default" enable/disable of a heuristic dissector. With this parameter, a few more (presumably weak) heuristic dissectors have been "registered" but of course default to being disabled.
Change-Id: I51bebb2146ef3fbb8418d4f5c7f2cb2b58003a22
Reviewed-on: https://code.wireshark.org/review/9610
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This allows better presentation of heuristic dissectors to the end user.
Change-Id: I2ff3985ab914e83c2989880cc0c7b9904045b3f6
Reviewed-on: https://code.wireshark.org/review/9602
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I0b19d4576b652dc9dd94346c75945e0bdc554a0e
RFC7540: Hypertext Transfer Protocol Version 2 (HTTP/2)
RFC7541: HPACK: Header Compression for HTTP/2
Reviewed-on: https://code.wireshark.org/review/8478
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Previously, the http2 heuristics dissector sets a conversation dissector
which overrides the SSL dissector, breaking SSL decryption before http2.
This patch fixes that by checking for an active http2 session in the
http2 heuristics dissector.
Change-Id: Ibacbcde3e29bbb746ad2e394f1c10ca571b07bf5
Reviewed-on: https://code.wireshark.org/review/7782
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Enable the reliable Magic Hello heuristics by default and dissect
further packets as HTTP2 as well. The weak frame heuristics is still
disabled by default.
Change-Id: I783d036fb6c6d867daedf251a5264fdf3b475447
Reviewed-on: https://code.wireshark.org/review/7615
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ib13d9391b64dad19321a4399c95b95d7fb791284
Reviewed-on: https://code.wireshark.org/review/6421
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Provide a way for Lua-based dissectors to invoke tcp_dissect_pdus()
to make TCP-based dissection easier.
Bug: 9851
Change-Id: I91630ebf1f1fc1964118b6750cc34238e18a8ad3
Reviewed-on: https://code.wireshark.org/review/6778
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Hadriel Kaplan <hadrielk@yahoo.com>
Do not make any assumption on the endianness: not all hosts running Wireshark are little endian
Change-Id: I8792904f7000b4f2b9e44ffe41f350ba8b4932d4
Reviewed-on: https://code.wireshark.org/review/6693
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Second batch (packet-eth.c -> packet-icmpv6.d).
Will look at cleaning up and committing script afterwards.
Change-Id: I14295758b81a59115d8c88899f166cc3d5d17594
Reviewed-on: https://code.wireshark.org/review/6013
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Specifically:
- Set packet.h to be the first wireshark #include after
config.h and "system" #includes.
packet.h added as an #include in some cases when missing.
- Remove some #includes included (directly/indirectly) in
packet.h. E.g., glib.h.
(Done only for those files including packet.h).
- As needed, move "system" #includes to be after config.h and
before wireshark #includes.
- Rework various #include file specifications for consistency.
- Misc.
Change-Id: Ifaa1a14b50b69fbad38ea4838a49dfe595c54c95
Reviewed-on: https://code.wireshark.org/review/5923
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Also update HTTP Header Compression (to draft-10)
No framing change on HTTP2 draft-16
Change-Id: I7f8ffd7ab37bc22fd6fbe156b0bf52543025e3a8
Reviewed-on: https://code.wireshark.org/review/5782
Reviewed-by: Michael Mann <mmann78@netscape.net>
(for some dissectors which fetch all other integral fields using
ENC_BIG_ENDIAN).
Change-Id: Ic18e3172aad76af12b12d6732c88497be22aed56
Reviewed-on: https://code.wireshark.org/review/5748
Reviewed-by: Bill Meier <wmeier@newsguy.com>
* Add new error code (HTTP_1_1_REQUIRED)
* Use hexa value for error code (like the spec)
* Add reference to Alt-SVC spec
Change-Id: Ifbcb32e97168440cb34f59740871b6c896e90461
Reviewed-on: https://code.wireshark.org/review/4992
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Reviewed-by: Michael Mann <mmann78@netscape.net>
For:
- FT_BYTES: Always use just ENC_NA
- integral/floating (other than FT_[U]INT8): Do ENC_NA --> ENC_BIG_ENDIAN
Change-Id: I0885f7d110014cb8a7eba1c1892ed8d0852d076a
Reviewed-on: https://code.wireshark.org/review/4187
Reviewed-by: Bill Meier <wmeier@newsguy.com>
- incorrect fetch/display of hf_http2_push_promise_r field
Change-Id: Iddf2db4807713017519b5abcbff3ba824b3624c6
Reviewed-on: https://code.wireshark.org/review/4186
Reviewed-by: Bill Meier <wmeier@newsguy.com>
This patch adds additional header decoding information, such as header
encoding representation, including header table size update (HPACK
draft-09, section 7).
Previously when user clicks the decoded header info, it highlights
wrong byte sequence in compressed pane. This patch fixes this and now
clicking header will highlight the byte sequence it was decoded from.
Change-Id: I611a34edef31640c59a1f8bbc26db1c42eb16ce2
Reviewed-on: https://code.wireshark.org/review/3407
Petri-Dish: Evan Huus <eapache@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
Previously we just call HPACK decompressor when dessecting packets.
This is fine for the first linear scan. But later same packet may be
dissected more than once and their header block data will be fed into
decompressor again. This makes header compression context out-of-sync
because HPACK decompressor only works when data is fed linearly. This
change fixes this issue by caching decompressed headers in the first
linear scan. On random packet dissecting, they are just looked up.
This change adds support of changing header table size by inspecting
SETTINGS frame and tracking its SETTINGS ACK.
Change-Id: I9c75c67f8677063e443f9b131740f3ee94ff8a63
Reviewed-on: https://code.wireshark.org/review/2616
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Summary of changes since draft-12:
* Pad High and Pad Low wereare replaced with single Pad Length field.
* Padding was removed from CONTINUATION frame.
* ALTSVC and BLOCKED frames were removed.
* Per-frame compression and its associated SETTINGS flag were removed.
* HPACK Huffman code table and static header table were updated.
Change-Id: I9c4f05f8cd937bfadbb1b912f2b9ffb31e9c18d5
Reviewed-on: https://code.wireshark.org/review/2615
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Hopefully that name makes it clear what the routiner's purpose is, and
will encourage people to use it rather than using dissector_add_uint()
with a bogus integer value.
Change-Id: Ic5be456d0ad40b176aab01712ab7b13aed5de2a8
Reviewed-on: https://code.wireshark.org/review/2483
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I8de7b63ca90803f8fc6333bbe43aeb94459e6363
Reviewed-on: https://code.wireshark.org/review/1918
Reviewed-by: Michael Mann <mmann78@netscape.net>
Decode the HTTP/2 header block using nghttp2 HPACK decoder
In this patch, We use nghttp2 HPACK decoder to decompress HTTP/2 header
block. To make HPACK decompressor work, we need to track down HTTP/2
connection from the beginning. If we see the HTTP/2 magic (connection
preface), we initialize HPACK decompressor objects. We actually use 2
HPACK decompressor for both client and server. HPACK decompressor
objects are stored in hash tables using TCP stream index as a key.
Most code by: Tatsuhiro Tsujikawa
Signed-off-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Signed-off-by: Pascal Quantin <pascal.quantin@gmail.com>
Change-Id: Idb4dd4b0a200924820cb0b34db664cc37518168d
Reviewed-on: https://code.wireshark.org/review/1527
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
* Add bitmask and fix length for exclusive flag
* Add missing bitmask for stream dependency
* Add fielder with calcultated weight value (weight+1, see spec for more information)
Change-Id: I7a6e97be068a80caa7355f593d9497c431c681ed
Reviewed-on: https://code.wireshark.org/review/1625
Reviewed-by: Anders Broman <a.broman58@gmail.com>
not size_t, which was giving 64/32 conversion errors on some platforms
Change-Id: Idf81dc98f8921a92840731d742d6e46a40e1387f
Reviewed-on: https://code.wireshark.org/review/1405
Reviewed-by: Evan Huus <eapache@gmail.com>
From Alexis La Goutte
Fix warning found by pre-commit
Partial-Bug: 10054
Change-Id: I976884a240a55bb2287a802d72668a2c845179c0
Reviewed-on: https://code.wireshark.org/review/1295
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>