knowledge of particular types of plugins. Instead, let particular types
of plugins register with the common plugin code, giving a name and a
routine to recognize that type of plugin.
In particular applications, only process the relevant plugin types.
Add a Makefile.common to the codecs directory.
svn path=/trunk/; revision=53710
We presumably want "decode as" behavior to be consistent across UIs so
call load_decode_as_entries() from read_prefs().
svn path=/trunk/; revision=53498
protocol IDs. This is substantially more efficient, which means we can build it
all the time rather than only if tree (in my benchmarks the extra time taken is
not large enough to be statistically significant even over tens of thousands of
packets).
This fixes what was probably a bug in btobex that relied on layer_names for
non-tree dissection. It also enables a much simpler fix for
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9303
svn path=/trunk/; revision=53089
string (and pass g_free to g_hash_table_new_full to free it).
This means callers don't have to worry about the scope of the memory they pass
in, and fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9296
svn path=/trunk/; revision=52977
It'd be actually good idea to seperate packet_info data (packet.c) from epan_dissect_t (epan.c),
but this rule is already violated.
Strict seperation could allow for example allow multiple dissection on the same epan_dissect_t
(I think it was idea behind it), but it's not working.
svn path=/trunk/; revision=52705
a typedef of a *pointer* to the struct, not the struct itself, which are
different sizes.
This doesn't show up under valgrind because the length isn't checked in that
case, everything gets subsumed in valgrind's malloc/free hooks.
Fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9264
svn path=/trunk/; revision=52560
should be freed when it is destroyed. This requires splitting packet_init in
two: the hash table which must be created before protocol registration, and the
caching of common protocol handles, which must happen after registration.
svn path=/trunk/; revision=51329
the various name resolvers; put those two routines next to each other.
Add generic addr_resolv_init() and addr_resolv_cleanup() routines which call
all of those internal routines.
Call the generic init/cleanup routine from epan_init() and epan_cleanup().
Create the hash tables for each name resolver in those initialization routines
in order to avoid having to repeatedly check if the table is already created
or not (and to avoid glib warnings if we neglected to perform that check):
http://www.wireshark.org/lists/wireshark-dev/201308/msg00012.html
Don't clean up hostnames in init_dissection(): it's done already in cleanup_dissection().
Don't initialize hostnames in cleanup_dissection(): it's done already in init_dissection().
svn path=/trunk/; revision=51191
Original (read from file) comments can be accessed by pkthdr->opt_comment
Keep user comments in seperated BST, add new method for epan session to get it.
svn path=/trunk/; revision=51090
Remove ->prev_cap, for testing purpose also replace ->prev_dis with number of previously displayed frame number.
This patch reduce size of frame_data by 8B (amd64)
This is what (I think) was suggested by Guy in comment 13 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5821#c13)
svn path=/trunk/; revision=50765
Expert info "fields" can now be registered/addressed by name. Right now, the basic framework allows expert info fields to become "display filters". However more could be done, like user preferences overriding default severity level, speeding up expert info dialog load time by not needing to redissect a file, etc.
Long term goal is to have all expert_info filterable and have the functionality of expert_add_info_format() include the "registered index". expert_add_info_format_text() is the workaround until all current calls to expert_add_info_format() have been updated with either expert_add_info() or expert_add_info_format_text(). Then the remaining expert_add_info_format_text() will be renamed to expert_add_info_format().
svn path=/trunk/; revision=49559
first fragment of a non-reassembled packet, and we know the length the
packet would have if it were reassembled, this field holds the length of
the fragment, and the "reported length" field shows the length the
packet would have if it were reassembled, so going past the end of the
fragment but staying within the length of the reassembled packet can be
reported as "dissection would have worked if the packet had been
reassembled" rather than "the packet is too short, so it was probably
malformed".
Add a FragmentBoundsError exception, thrown in the "dissection would
have worked if the packet had been reassembled" case.
Add a new tvb_new_subset_length_fragment() routine to create a new
subset tvb with specified fragment and reported lengths. Use it in the
CLNP dissector.
Add some more sanity checks in the CLNP dissector.
svn path=/trunk/; revision=48917
epan/show_exception.c, as it's used outside
epan/dissectors/packet-frame.c. Update their callers to include
<epan/show_exception.h> to get their declaration.
Add a CATCH_NONFATAL_ERRORS macro that catches all exceptions that, if
there's more stuff in the packet to dissect after the dissector call
that threw the exception, doesn't mean you shouldn't go ahead and
dissect that stuff. Use it in all those cases, including ones where
BoundsError was inappropriately being caught (you want those passed up
to the top level, so that the packet is reported as having been cut
short in the capture process).
Add a CATCH_BOUNDS_ERRORS macro that catches all exceptions that
correspond to running past the end of the data for a tvbuff; use it
rather than explicitly catching those exceptions individually, and
rather than just catching all exceptions (the only place that
DissectorError should be caught, for example, is at the top level, so
dissector bugs show up in the protocol tree).
Don't catch and then immediately rethrow exceptions without doing
anything else; just let the exceptions go up to the final catcher.
Use show_exception() to report non-fatal errors, rather than doing it
yourself.
If a dissector is called from Lua, catch all non-fatal errors and use
show_exception() to report them rather than catching only
ReportedBoundsError and adding a proto_malformed item.
Don't catch exceptions when constructing a trailer tvbuff in
packet-ieee8023.c - just construct it after the payload has been
dissected, and let whatever exceptions that throws be handled at the top
level.
Avoid some TRY/CATCH/ENDTRY cases by using checks such as
tvb_bytes_exist() before even looking in the tvbuff.
svn path=/trunk/; revision=47924
resolution information between capture files so that we don't leak host
entries from one file to another (e.g. embarassing-host-name.example.com
from file1.pcapng into a name resolution block in file2.pcapng).
host_name_lookup_cleanup and host_name_lookup_init must now be called
after each call to se_free_all. As a result we now end up reading our
various name resolution files much more than we should.
svn path=/trunk/; revision=45511
registration tables, and use g_free as the value_destroy_func. This saves us
from manually freeing the value when we remove an item, and prevents us from
leaking memory when we accidentally overwrite an existing item.
svn path=/trunk/; revision=44814
Remove * from gconstpointers, they are already pointer types.
Add modelines to packet.c and clean up indentation a bit.
svn path=/trunk/; revision=44698
make Save-As/Displayed/All-Packets save not only the displayed packets but
also any other packets needed (e.g., for reassembly) to fully dissect the
displayed packets.
This works only for the "All packets" case; choosing only the Selected packet,
the Marked packets, or a range of packets would require actually storing which
packets depend on which (too much memory) or going through the packet list many
times (too slow). Also, this behavior is always the case: you can't save the
displayed packets without their dependencies (I don't see why this would be
desirable).
So far this is done for SCTP and things using the reassembly routines (TCP has
been tested).
The Win32 dialog was modified but hasn't been tested yet.
One confusing aspect of the UI is that the Displayed count in the Save-As
dialog does not match the number of displayed packets. (I tried renaming the
button "Displayed + Dependencies" but it looked too big.) The tooltip tries
to explain this and the fact that this works only in the All-Packets case;
suggestions for improvement are welcome.
Implementation details:
Dissectors (or the reassembly code) can list frames which were needed to
build the current frame's tree. If the current frame passes the display
filter then each listed frame is marked as "depended upon" (this takes up the
last free frame_data flag).
When performing a Save-As/Displayed/All-Packets then choose packets which
passed the dfilter _or_ are depended upon.
svn path=/trunk/; revision=41216
has been called.
In the conversation cleanup routine, free the GSlist for any proto_data which
may have been hanging off the (se_allocated) conversation.
svn path=/trunk/; revision=39484
in README.devloper. Remove g_gnuc.h since it's no longer needed. Remove
tvbuff_init(), tvbuff_cleanup(), reassemble_init(), and
reassemble_cleanup() since they were only used for older GLib versions
which didn't support GSlices. Assume we always support the "matches"
operator.
svn path=/trunk/; revision=37978
keys to have _uint in their names, to match the routines that handle
dissector tables with string keys. (Using _port can confuse people into
thinking they're intended solely for use with TCP/UDP/etc. ports when,
in fact, they work better for things such as Ethernet types, where the
binding of particular values to particular protocols are a lot
stronger.)
svn path=/trunk/; revision=35224
the data source does not need to be allocated if (!tree).
Rev 30158 took the if (!tree) check out indicating that the check was invalid.
So: (since packet_add_new_data_source() now only calls add_new_data_source()),
remove packet_add_new_data_source().
svn path=/trunk/; revision=34717
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4422
From me: Fix a number of instances where the function prototype or
the function definition wasn't changed so there was a mismatch
thus causing Windows (but not gcc) compilation errors.
svn path=/trunk/; revision=32365
* Disable the TRY_TO_FAKE_THIS_ITEM optimization
* Use GString to store the protocols
We should only do this if the 'hf_frame_protocols' is referenced (unlikely)
svn path=/trunk/; revision=29733
1) The tvb + name (aka. data_source) is only used when the protocol tree is visible
The current implementation of add_new_data_source() doesn't take this into account and simply allocates a data_source regardless. This is what packet_add_new_data_source() tries to rectify.
A couple of dissectors have already been switched over to the new packet_add_new_data_source(). Many are still missing. Help appreciated!
svn path=/trunk/; revision=29427
This patch optimizes the data source name processing in add_new_data_source()
by delaying it. We now simply store the constant string and lazily compute the
name when needed. This gives a performance boost because we only need the name
if we have multiple data sources.
svn path=/trunk/; revision=29066
if compiled in and the env var WIRESHARK_DEBUG_EP_CANARY is set:
will check for canary integrity at every call to EP_CHECK_CANARY()
if corruption is found it exits pronting the prior location and the location in which corruption was found.
Hopefully it stops running while the corruptor is still in the stack.
see EP_CHECK_CANARY() calls in packet.c as an example.
svn path=/trunk/; revision=25927
Attached is a patch for:
- PW Associated Channel Header dissection as per RFC 4385
- PW MPLS Control Word dissection as per RFC 4385
- mpls subdissector table indexed by label value
- enhanced "what's past last mpls label?" heuristic
- Ethernet PW (w/o CW) support as per RFC 4448
svn path=/trunk/; revision=25730
move the case where pinfo->in_error_pkt is true in its own function:
- it's not the common case.
- it needs a TRY block. ==> slow volatile and big stack footprint.
- call_dissector_work is called a lot and recursively.
svn path=/trunk/; revision=23413
Adds a heur_dissector_delete() function to allow heuristic dissectors to be
dynamically disabled based upon, for example, preference settings.
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1697
svn path=/trunk/; revision=22463
Fix compilation failures when building wireshark-0.99.6-SVN-21916 on an
x86_64-unknown-linux-gnu target with gcc version 4.1.2 20070403 (Red Hat
4.1.2-8).
The failures fall into two categories:
(1) Casts between pointers and 32-bit integers without an intermediary cast
via 'long' or 'unsigned long'. This results in a compiler warning complaining
about casts between a pointer and an integer of a different size.
(2) Passing values to "%lld" or similar printf-style format options that the
compiler thinks are a different size. Such values need to be cast to 'long
long' or 'unsigned long long'.
svn path=/trunk/; revision=21975
--enable-extra-gcc-checks set.
If we turn on -pedantic, try turning on -Wno-long-long as well, so that
it's not *so* pedantic that it rejects the 64-bit integral data types
that we explicitly require.
Constify a bunch of stuff, and make some other changes, to get rid of
warnings.
Clean up some indentation.
svn path=/trunk/; revision=21526
- asn dissectors : libasndissectors.la
- pidl dissectors : libpidldissectors.la
- normal dissectors : libdissectors.la *and* libcleandissectors.la. I
separated it in two libraries temporarily. The source files used to build
libcleandissectors.la do not generate warning anymore and the -Werror is used
to compile them. If we patch a dissector and it doesn't generate warning
anymore, we have to move the filename dissector from DISSECTOR_SRC to
CLEAN_DISSECTOR_SRC in epan/dissectors/Makefile.common.
If you want to define specific cflags for one library type, let's say pidl, you
may define libpidldissectors_la_CFLAGS.
svn path=/trunk/; revision=21324
add sccp_info to struct _packet_info (Sorry but the way private_data works and the fact that TCAP uses it and BSSAP/RANAP can be tunnelled on GSMMAP over TCAP makes it impossible to avoid)
SCCP
- Have SCCP to have a TAP,
- Fix associations so that every message belongs to the association.
- Export message type values so that they can be used by a tap listener
RANAP
- Have RANAP information attached to the sccp_info
BSSAP + GSM_A
- Have DTAP, BSSMAP and BSSAP info attached to the sccp_info
svn path=/trunk/; revision=21076
use this field in the policy handle helper to indicate not only which frames the handle was opened/close in but also the name of the function that opened it.
eventually, when other pidl support infrastructure is developed it would be nice if this could be expanded to also contain the name of the object/handle opened.
svn path=/trunk/; revision=20895
I've just had a bug in one of our private dissectors which meant
that the handle passed to call_dissector was null. This seemed to give
varying behavior - on some Windows installations it hit wireshark's
in-built exception handling, and displayed that the dissector had an
error (correct), but on some installations it just crashed wireshark
(not helpful). I _think_ the difference was whether MSVC was installed
or not, but on a sample of only 3 machines.
Should call_dissector include explicit null handle checks, and if so,
should it:-
a) g_assert - the simple patch attached
b) fallback to doing a data decode (as disabled protocols do)
c) try to invoke the wireshark exception handling for the packet
Or is the correct answer none of the above - the exception handler
should already cope ?
svn path=/trunk/; revision=18869
Dissectors registered with register_postdissector() will be called after all other dissectors have been called.
Use it to register mate.
svn path=/trunk/; revision=17089
04-stream.diff
A simplified packet reassembly API built on top of fragment_add_seq_next for
reassembling fragments that are delivered in-order, where fragments are
identified by a framenum and an offset into that frame. Streams are attached
to a conversation or a circuit and are unidirectional.
svn path=/trunk/; revision=16082
and that extract IPv6 addresses into a "struct e_in6_addr", with
tvb_get_ipv4() and tvb_get_ipv6() calls - except for some that we
remove, by using proto_tree_add_item(), rather than replacing.
Have epan/tvbuff.h include epan/ipv6-utils.h, to define "struct
e_in6_addr" (not necessary to declare the tvbuff routines, but including
it there means "struct e_in6_addr" is guaranteed to be defined before
those declarations, so we don't get compiler complaints if we define it
*after* those declarations).
svn path=/trunk/; revision=15758
so instead for g-alloc and g_free data
just use ep_alloc() that is automatically freed instead.
this also gets rid of one more GMemChunk
svn path=/trunk/; revision=15346
(presumably-)harmless-but-otherwise-unremovable const-to-nonconst
warnings.
In the TACACS dissector, clean up the variables used in option parsing
to avoid some const-to-nonconst warnings.
Clean up some white space.
svn path=/trunk/; revision=15043
This is very naughty and will cause problems when we have assigned a dissector to a dynamic port using conversation_set_dissector().
To make ethereal handle this case I have changed the try_conversation_dissector() to allow it to fail and return 0, meaning yes there is indeed a protocol registered for this conversation but that protocol rejected this packet.
(which only happens for "new" style dissectors, "old" style dissectors will never reject a packet that way)
When this happens the decode_udp_port() helper will still allow other dissectors to be tried, in the hope that the conversation is now used for some other protocol and thus someone else might be able to decode the packet.
Update SNMP and TFTP dissectors to check that even if there already is a conversation but that conversation does NOT have snmp/tftp registered as the dissector for it, then create a new conversation anyway and attach the proper dissector.
Since ethereal keeps track of which frame number a conversation started in, this actually works really well.
svn path=/trunk/; revision=14345
indicating the direction, narrowband/broadband, and interface number.
- Add support to display the direction and interface number.
- Add support to packet-mtp2.c to use the broadband/narrowband indication.
svn path=/trunk/; revision=14265
structures allocated by a dissection. Currently, it's the same as
"init_dissection()", but they should be split with "init_dissection()"
allocating the initial data structures and "cleanup_dissection()"
freeing them and *not* reallocating the initial data structures.
Use "cleanup_dissection()" in "cf_close()" to make it easier to find leaks.
svn path=/trunk/; revision=13881
filter/selector/protocol associations for each dissector. This will be
used to improve our automated tests, but someone with time on their
hands could probably use it to generate a protocol poster using Graphviz.
svn path=/trunk/; revision=13721
in the frame. The filter "frame.protocols contains ip:icmp:ip" could
be used to find any ICMP packets containing IP headers.
Clean up whitespace.
svn path=/trunk/; revision=13118
Guy Harris