Separate the stuff that any record could have from the stuff that only
particular record types have; put the latter into a union, and put all
that into a wtap_rec structure.
Add some record-type checks as necessary.
Change-Id: Id6b3486858f826fce4b096c59231f463e44bfaa2
Reviewed-on: https://code.wireshark.org/review/25696
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Previously, dissect_cip_generic_service_req and dissect_cip_generic_service_rsp
set lengths at different levels of the packet. In some cases, this would
cause a malformed packet when the data length was zero. This fixes the
malformed error by explicitly setting the length, instead of using -1.
The length of the service data set is not the data paylod for both
cases. Previously, for requests, it attempted to highlight the whole CIP
layer, but this was already covered by the full CIP protocol layer
length.
Change-Id: I4b4a99d30b9e04872fcf7ffb127c496e6062856c
Reviewed-on: https://code.wireshark.org/review/25672
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
1. Add Decode Options for 4 Safety I/O types. Previously, you could only decode as "CIP Safety", which only showed as a generic data block (because all important things for parsing are in the FwdOpen).
2. Change some timestamp display formatting to match other related timestamp fields (now all Dec)
3. Don't create connections for Null Forward Opens.
Change-Id: Ia1031b3887739a864a453b9e566ebe6f29fa5b8b
Reviewed-on: https://code.wireshark.org/review/25664
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
They were used by the now-removed draft-07 support.
Change-Id: I4762d2a6bb81e231010f1fd4b2b51278bb3c4329
Reviewed-on: https://code.wireshark.org/review/25695
Reviewed-by: Guy Harris <guy@alum.mit.edu>
of Quick UDP Internet Connection
Change-Id: Ibe18191fca6495d817f6bc10ec4b5df552548396
Reviewed-on: https://code.wireshark.org/review/25690
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The first is deprecated, as per https://spdx.org/licenses/.
Change-Id: I8e21e1d32d09b8b94b93a2dc9fbdde5ffeba6bed
Reviewed-on: https://code.wireshark.org/review/25661
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Go back to having pcapng_read_block() and
pcapng_read_section_header_block() treating SHB read errors that might
be due to the file not being a pcapng file separately from other errors.
This keeps us from treating pcapng files with malformed SHBs as not
being pcapng files, making us dissect them using the pcapng file
dissector rather than reporting the malformation.
Change-Id: I1d92cc4ac521668b88638b2b3ed5257340451798
Ping-Bug: 14402
Reviewed-on: https://code.wireshark.org/review/25675
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Check only in the if (global) case, and note that it's necessary in that
case; in the !global case, note why we don't have to check for a null
pointer.
Change-Id: I80322204ec94eb3901f7bceabccb29351794adc8
Reviewed-on: https://code.wireshark.org/review/25674
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Don't include glib if RC_INVOKED is defined so that the Microsoft Windows
Resource Compiler doesn't generate the following complaint:
\path\to\glib/gatomic.h(87): warning RC4011: identifier truncated to '__GCC_HAVE_SYNC_COMPARE_AND_SWA'
Change-Id: I6637aee2842de4e7041b66ff4428f617478efcb4
Reviewed-on: https://code.wireshark.org/review/25670
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
When dissecting an if_tsresol option in an IDB, calculate the resolution
from the base and the offset. If the result overflows, mark it as an
overflow; otherwise, mark it with the units for more values than 1
microsecond. Store the calculated resolution, which we initialize to
the default of 1 microsecond.
When displaying time stamps in blocks, use the calculated resolution,
rather than re-calculating it. If it's 0, it means the resolution is
too high, so don't calculate it and end up dividing by zero.
Bug: 14402
Change-Id: Idc34ededb4f7250b3604b14d4468c32f6592793f
Reviewed-on: https://code.wireshark.org/review/25673
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Do not check reported length but captured length, otherwise it can
can trigger an exception when trying to fetch at offset 4.
Once the (very basic heuristic) is verified, cann the right dissection
function.
Bug: 14399
Change-Id: Ie09d80e04f2501c940693a2ea9ecbd2f84d1e22f
Reviewed-on: https://code.wireshark.org/review/25666
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Using NULL as profile name indicates the Default profile and
profile_exists() must not return FALSE for the Default profile.
This is a regression from ge0d04a75.
Change-Id: I2463a7d3e12dda794f3391d999442a303d80621c
Reviewed-on: https://code.wireshark.org/review/25659
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
This avoids an illegal pointer to free() on error.
Bug: 14397
Change-Id: Id6e535141c7a3ee7b3d1822875b571e2199a5387
Reviewed-on: https://code.wireshark.org/review/25660
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
The main benefit of this feature is that it enables users to see the
succession of HTTP requests that led to a specific request.
A sample PCAP is available here:
https://bugs.wireshark.org/bugzilla/attachment.cgi?id=16085
Change-Id: I7c521315b848fbce659fdc01e43f261d804a3a48
Reviewed-on: https://code.wireshark.org/review/25319
Reviewed-by: Moshe Kaplan <me@moshekaplan.com>
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Include the following licenses in licensecheck.pl
1. LGPL-2.0-or-later
2. Zlib
3. BSD-3-Clause
Change-Id: I65f0ca1f957ee072ed595ab56d20ec200bd7047e
Reviewed-on: https://code.wireshark.org/review/25638
Reviewed-by: Anders Broman <a.broman58@gmail.com>
They changed when the spec was updated. This seems to be the last change
needed here.
Change-Id: Id47c1de5b5890bffa0842c33ae02033ddf6c8325
Reviewed-on: https://code.wireshark.org/review/25656
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I2943c67238fb913258f0f1f15df968c17b1ea002
Reviewed-on: https://code.wireshark.org/review/25626
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I209fde24ca421b8e2dfd982408b4610bc5e63d82
Reviewed-on: https://code.wireshark.org/review/25655
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fragmented FCP may not be called on the first pass, so add a NULL
check for proto_data that may not be there.
Bug: 14374
Change-Id: Icbbee8f0eb3a33655323283dbb5a01c350d784dc
Reviewed-on: https://code.wireshark.org/review/25649
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
We explicitly allow the not to, and, for example, Simple Packet Blocks
in pcapng files don't have time stamps.
Change-Id: If1db5747c9e06faa7550162df8e04dc60b71d954
Reviewed-on: https://code.wireshark.org/review/25650
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Sgement -> Segment
Change-Id: Ibf4aa2db14fd87c854a65da0de979ad4772243d8
Reviewed-on: https://code.wireshark.org/review/25640
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reviewed-on: https://code.wireshark.org/review/25648
Reviewed-by: Gerald Combs <gerald@wireshark.org>
This will be restored after the 2.5.0 release is complete.
This reverts commit 61cc769169.
Change-Id: I0b7d2435fe010070aaced5f395c75a1cd65b3f83
Reviewed-on: https://code.wireshark.org/review/25645
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Sgement -> Segment
Change-Id: I275495fafdf76308ca36083256d6fcd2bed35203
Reviewed-on: https://code.wireshark.org/review/25640
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>