yet initialized because I can't figure out where the enter() and leave() calls
should go - the obvious place in packet.c causes a lot of assertion errors.
svn path=/trunk/; revision=45879
- Now works for WebSocket packets not aligned with IP packets.
- Support subdissectors.
From me :
- Fix checkAPIs warning (about comments)
- Remove some whitespace
svn path=/trunk/; revision=45875
USBAudio dissector can reassemble SysEx commands.
MIDI SysEx dissector can (partially) dissect DigiTech protocol.
From me :
Fix a wrong encoding type found by fix-encoding-args tools
Add Modelines info
svn path=/trunk/; revision=45873
This patch will print the information if an
invalid string was entered. It would be better to have a button to click on in
the UAT dialog to show valid values, but I don't know how I could do that with
the UAT system. So I'm simply printing it now in the error dialog, which should
be good enough.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7949
svn path=/trunk/; revision=45866
According to Table 161 in ETSI 392-2 standard, the Class of MS field in
U-LOCATION UPDATE DEMAND in tetra.asn is incorrect. the type of Class of MS
field should be Type 2, not Type 1, and the length should be 24 bits, not
32bits.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7946
svn path=/trunk/; revision=45857
"application/octet-stream" default to OFF effectivly disabling the protocol as default as the use of this protocol should be limited
and false positives are seen.
svn path=/trunk/; revision=45846
Wireshark 1.8.3 does not decode the IPv6 Option Pad1 (RFC 2460 Section 4.2)
RFC say : NOTE! the format of the Pad1 option is a special case -- it does not have length and value fields.
#BACKPORT(1.8)
svn path=/trunk/; revision=45843
byte view.
Move the packet_char_enc enum from packet.h to frame_data.h. Make the
encoding flag a packet_char_enc and make it one bit.
Get rid of the "cfile" global in a few places. C++-ize some of the font
code. Clean up some variable names.
svn path=/trunk/; revision=45838
"in RSVP RESV message there incorrect
explanation of field "Flags" of Label subobject is appeared in Packet Details
section: value 0x01 of Flags field mistakenly defined as "Local Protection
Available" (I guess that this is borrowed from Flags field of IPv4 Address
subobject). Flags 0x01 in Label subobject means that particular label is global
(RFC 3209, Clause 4.4.1.3)."
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7876
svn path=/trunk/; revision=45835
"use of window's own __try {} __finally {} and __except {}
mechanism" along with "macros based on kazlib's exception code"
has problems and does not always work properly.
svn path=/trunk/; revision=45831
There are a handful of fields in the IEEE802.11 dissector that are comprised of
a 16-bit value. The hf array for these fields has the necessary masks to
correctly parse a 16-bit value, yet some of the fields were being added as 1
byte. This patch corrects these fields with a proto_tree_add_item approach
(instead of proto_tree_add_[uint|boolean]).
svn path=/trunk/; revision=45828
- Remove 'if (tree)' around an indirect call to expert...();
- Create/use extended value strings as appropriate;
- Localize some variables;
- Remove unneeded initializers;
- Reformat hf[] array entries (use a consistent format);
- Use a consistent indentation and a consistent whitespace style.
svn path=/trunk/; revision=45821
we couldn't since the name might not be on the heap, but it looks to me like
we're always careful to put it on the heap via a g_strdup if necessary.
Fixes some minor memory leaks.
svn path=/trunk/; revision=45814
works just fine and doesn't leak any memory.
Use wmem_permanent_scope() for the one string we do have to copy, to ensure
it doesn't leak either.
svn path=/trunk/; revision=45812
Fix dissection of some GSM RR IEs which include length octet
From me:
Keep displaying those IEs as TLV to keep coherency with other TLV IEs
Fix dissection of Dynamic ARFCN Mapping
svn path=/trunk/; revision=45811
Call them from epan_init() and epan_cleanup().
Expose a permanent wmem scope for allocations that should only be freed when
epan is done (which is *not* necessarily when the program finishes).
svn path=/trunk/; revision=45805
potential bugs:
- calling the wrong destroy function on an allocator
- a pool allocator forgetting to call free_all on itself in the destructor
Also, fix potential typedef redefinition warning in wmem_allocator_glib.h
svn path=/trunk/; revision=45804
- rename variables to fix all "shadowed variable" warnings;
- remove certain 'if(tree)' statements;
(A new-style dissector) should return the same
'bytes processed' whether or not 'tree == NULL');
- simplify code in numerous places (including removing
redundant/repeated code);
- fix remaining uses of FALSE as 'encoding' arg;
- use consistent indentation and formatting.
ToDo: Changes to fix apparent cases of incorrect
dissection.
svn path=/trunk/; revision=45802
This is a portion of the patch supplied in bug 7902 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7902). Breaking the functionality up into smaller chunks.
This definitively breaks the Modbus dissection into 3 dissectors:
Modbus - real protocol PDU
Modbus/TCP - Encapsulation of Modbus over TCP (with a small header before PDU)
Modbus RTU - Originally an encapsulation of Modbus over serial (with smaller header + CRC), but can also be sent over TCP.
General cleanup/refactoring (including display filter names) based on the 3 dissectors.
Also included:
1. Enhanced dissection to include preferences for register data to be dissected as UINT16, UINT32 or FLOAT
2. Dynamic port registration
3. Additional fields now filterable
svn path=/trunk/; revision=45793
chapter 3 has redefined to mean years *after* 2036) were being represented as
times prior to 1968.
This has been broken since r35840 (apparently not many people see NTP
timestamps beyond 2036 :-)): apparently I over-optimized packet-ntp's code
while copying it into proto.c: that temporary variable is necessary for the
unsigned math to happen correctly before assigning the result to the (signed)
time_t.
Leave a comment in the code indicating why the temporary variable is needed.
Copy that comment to packet-ntp.c.
Fix the same problem in ntp_to_nstime(): it also did not use the temporary variable.
svn path=/trunk/; revision=45790
Allow dissection of ESM messages with integrity protection and EEA0 ciphering
From me:
Tighten heuristic to check for allowed EPS bearer identity values
svn path=/trunk/; revision=45789
parse EPSV response
from me
- no expert info under if(tree)
- use hf_ftp_epsv_port instead of hf_ftp_pasv_port
- don't use isdigit(), this is C99
- use temporary variable for IPv4 address
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7729
svn path=/trunk/; revision=45778
tvb_length_remaining -> tvb_reported_length_remaining.
Check return value of tvb_reported_length_remaining > 0.
Use tvb_reported_length to skip past all the bytes in the tvb.
svn path=/trunk/; revision=45776
structure definition of struct _wmem_allocator_t; have wmem_allocator.h
give the complete structure definition. That avoids complaints about
the typedef being redefined.
svn path=/trunk/; revision=45750
during fuzz testing or randpkt testing; somebody might be putting bad
packets on the wire to try to, for example, crash or break into your
protocol implementation.
svn path=/trunk/; revision=45749
Note that, if you want EUI-64's to resolve the OUI in the display,
hacking individual dissectors to do it themselves and use AT_STRINGZ is
*not* the right way to do it.
svn path=/trunk/; revision=45743
Add a dissector for the America Online protocol (not the AIM protocol).
From me: always use ENC_NA for FT_UINT8 types.
svn path=/trunk/; revision=45731
- Ethereal --> Wireshark;
- gerald@ethereal.com --> gerald@wireshark.org;
- update FSF address;
- remove unneeded #includes;
- Fix ENC args for proto_tree_add_item() & etc;
- simplify/remove proto_reg_handoff...() as appropriate;
- remove some boilerplate comments;
- move proto_register...() and proto_reg_handoff...() to
the end of the file as per convention;
- remove some unneeded initializers.
- simplify some code;
- replace "" in hf[] blurb by NULL.
svn path=/trunk/; revision=45728
wireshark/svn/trunk/epan/dissectors/packet-bthci_cmd.c:2611:13: error: format ‘%g’ expects argument of type ‘double’, but argument 3 has type ‘int’ [-Werror=format]
wireshark/svn/trunk/epan/dissectors/packet-bthci_cmd.c:2617:13: error: format ‘%g’ expects argument of type ‘double’, but argument 3 has type ‘int’ [-Werror=format]
svn path=/trunk/; revision=45711
../../../epan/dissectors/packet-btatt.c:299:25: error: too many arguments for format [-Werror=format-extra-args]
../../../epan/dissectors/packet-btatt.c:254:12: error: unused variable 'col_info' [-Werror=unused-variable]
svn path=/trunk/; revision=45710
Add support for HCI 3.0+HS and v4.0, Bluetooth Low Energy. This includes
dissection of additional HCI commands and events, Attribute Protocol and
Security Manager Protocol.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7872
svn path=/trunk/; revision=45709
- initialize edt once in few places, and later reset it after dissecting
(add_packet_to_packet_list),
- revert r45667, probably no longer needed.
svn path=/trunk/; revision=45669
2) Use proto_item_append_text instead of proto_item_set_text, since this is
called within a loop.
3) Increment the offset correctly using blocklen-4 instead of
tvb_length_remaining, which makes no sense.
svn path=/trunk/; revision=45657
- revert incorrect replacement of FALSE by ENC_BIG_ENDIAN
done a while back;
[The incorrect use of ENC_BIG_ENDIAN was benign since
ENC_BIG_ENDIAN is currently defined as 0x0000000];
svn path=/trunk/; revision=45651
Implement DICOM, HTTP, and SMB object exports. Rename the GTK+ export
files. C++-ize epan/tap.h. Fix an apparent memory leak in
eo_save_all_clicked_cb.
The Qt dialog has an indeterminate progress bar. I tried adding
something similar to the GTK+ dialog but event processing led down a
rabbit hole.
svn path=/trunk/; revision=45647
increment offset to point to the first byte after the options
(the code used to set an absolute position, if that was 0, we were stuck
in an endless loop)
svn path=/trunk/; revision=45646
- revert incorrect replacement of FALSE by ENC_BIG_ENDIAN
done a while back (9 instances);
[The incorrect use of ENC_BIG_ENDIAN was benign since
ENC_BIG_ENDIAN is currently defined as 0x0000000];
- remove some unneeded initializers;
- unsigned --> guint;
- remove unneeded #includes.
- whitespace changes.
svn path=/trunk/; revision=45642
- revert incorrect replacement of FALSE by ENC_BIG_ENDIAN
done a while back (10 instances);
[The incorrect use of ENC_BIG_ENDIAN was benign since
ENC_BIG_ENDIAN is currently defined as 0x0000000];
- Remove unneeded #includes;
- whitespace (e.g., use consistent indentation).
svn path=/trunk/; revision=45641
- Fix incorrect use of ENC_BIG_ENDIAN instead
of FALSE (3 instances);
[The incorrect use of ENC_BIG_ENDIAN was benign since
ENC_BIG_ENDIAN is currently defined as 0x0000000];
- use proper ENC arg for a proto_tree_add_item();
- whitespace.
svn path=/trunk/; revision=45640
- revert incorrect replacement of FALSE by ENC_BIG_ENDIAN
done a while back (10 instances);
[The incorrect use of ENC_BIG_ENDIAN was benign since
ENC_BIG_ENDIAN is currently defined ad 0x0000000];
- create/use extended value strings as appropriate;
- remove unneeded initializers;
- reformat hf[] entries;
- whitespace.
svn path=/trunk/; revision=45638
- revert incorrect replacement of FALSE by ENC_BIG_ENDIAN
done a while back (3 cases);
[The incorrect use of ENC_BIG_ENDIAN was benign since
ENC_BIG_ENDIAN is currently defined ad 0x0000000];
- Remove 'if(tree)' around calls to subdissector;
- whitespace & formatting.
svn path=/trunk/; revision=45635
- revert incorrect replacement of FALSE by ENC_BIG_ENDIAN
done a while back (2 cases);
[The incorrect use of ENC_BIG_ENDIAN was benign since
ENC_BIG_ENDIAN is currently defined ad 0x0000000];
- use proto_tree_add_item() instead of proto_tree_add_uint() when appropriate;
- move proto_register...() to just before proto_reg_handoff..()
as per convention;
- proto_reg_handoff...() doesn't need 'if (!initialized)'
- remove unneeded #includes;
- remove some "boilerplate" comments;
- remove unneeded forward declaration;
- whitespace.
svn path=/trunk/; revision=45631
indentation, whitespace, long-lines, etc.
Also;
- replace two usages of fprintf(stderr,...) by g_warning();
- revert incorrect replacement of FALSE by ENC_BIG_ENDIAN
done a while back (2 cases);
[The incorrect use of ENC_BIG_ENDIAN was benign since
ENC_BIG_ENDIAN is currently defined ad 0x0000000]
svn path=/trunk/; revision=45625
should be shared by TShark and Wireshark, so the preference directory
path should be independent of the program name. Program-specific or
GUI-toolkit-specific preferences should be kept in separate files, or
ignored but preserved by programs to which they don't apply.
svn path=/trunk/; revision=45618
- Revmove 'if (tree...)'; col_...() shouldn't be called under same;
- Add an XXX comment;
- Remove not req'd #include <epan/prefs.h>;
- Address cppcheck msg: "Clarify calculation precedence for >> and ?";
- Localize certain variables & remove unneeded initializers;
- Do some whitespace changes.
svn path=/trunk/; revision=45617
and it apparently either has the value 0x00000044 or 0x00000041. If
those bytes aren't the magic number for an AVS header and aren't one of
those "message code" values, assume there's no Prism header, just an
802.11 frame - that fixes at least one capture where some packets have
AVS radio headers and other packets have no radio header.
Note that this might also let us handle big-endian Prism headers (see
which byte order the message code is in, and assume everything else is
in the same byte order).
Display the message code in hex, not decimal.
svn path=/trunk/; revision=45609
- Calls to expert...() and col_...() should not be under 'if (tree)'
- Move proto_reg_handoff...() to the end of the file as per convention;
- Localize a few variables
- Fix some whitespace (e.g., convert what appear to be '4 space tabs' to spaces)
svn path=/trunk/; revision=45591
tvb_length_remaining() may return -1
if that happens in dissect_rdp_fields(), return an error
the caller that calls dissect_rdp_fields() from a for loop detects the error
and exits (others should handle the error as well, this is missing for now)
svn path=/trunk/; revision=45566
http://home.martin.cc/linux/prism
there's a set of DID type values different from the ones we were using,
and there are captures out there that use values from both sets.
Support both sets.
That page also says that a "status" value of 0 means "supplied"; treat
zero as meaning "supplied", and, if it's not zero for a field, don't
include it.
The "Mac Time" is, according to that page, the lower 32 bits of the MAC
timestamp; report it as such.
Fix some field names that were copied-and-pasted but not changed.
The RSSI and signal quality values are numbers, so show them in decimal.
The "signal" and "noise" values appear to be signed numbers, so make
them signed rather than unsigned and show them in decimal.
Show the data rate in the same style as it's shown in the radiotap
dissector.
Show the frame length in decimal; we probably have relatively few users
with 16 fingers.
svn path=/trunk/; revision=45545
extensions were incorrectly made ephemeral, rather than seasonal, in
r44662. They need to be seasonal, as they're used for dissecting all
packets in the X session.
Redo a couple of loops as for loops to make it a little clearer what
they're doing.
svn path=/trunk/; revision=45539