Displayed as 6 hex digits, not 3.
Change-Id: I61f9b41d4bd846ff74fac24b0651c7243c9c9e51
Reviewed-on: https://code.wireshark.org/review/13235
Reviewed-by: João Valverde <j@v6e.pt>
They're not just addresses, they also include a mask length for IPv4 and
a prefix length for IPv6. Rename them appropriately.
Rename the old ipv4_addr_and_mask() and ipv6_addr_and_mask() to reflect
that 1) they fetch data from a tvbuff and 2) *don't* fetch the mask
length or prefix length, those lengths are passed as arguments to
indicate how many bytes worth of address to fetch.
Change-Id: I4cad5a186ad7bfcb60022a91dbe8bc8479e6471f
Reviewed-on: https://code.wireshark.org/review/13035
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
By analogy to ipv4.h.
Change-Id: I147565b332024b1bb88e9cd15889255773d04524
Reviewed-on: https://code.wireshark.org/review/13034
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add support for IEEE-11073 32-bit FLOAT and 16 bit SFLOAT field types.
Use them in Bluetooth ATT dissector.
Change-Id: Ife0f3843da84a9af23483b0a0d9b69cd2f511d08
Reviewed-on: https://code.wireshark.org/review/12680
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Michal Labedzki <michal.labedzki@tieto.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
That way, we have a non-const pointer to use when freeing it, and don't
have to undo the constification with a cast.
Rename "has_slash" to "slash", while we're at it, as it's not a Boolean
indicating whether the string has a slash, it's either a pointer to the
slash in question or NULL if the string has no slash.
Change-Id: Ia55b39bddb67c8ca71f7b09ee5eb82efaa3bdf0c
Reviewed-on: https://code.wireshark.org/review/12891
Reviewed-by: Guy Harris <guy@alum.mit.edu>
<MISSING> implies that the field should be there and isn't. Allow dissectors to specify when a zero-sized array for a field is perfectly valid.
Ping-Bug: 11803
Change-Id: I3fd60e3c6f832c6b4a3a8837ebc52c3e74e795ae
Reviewed-on: https://code.wireshark.org/review/12271
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: João Valverde <j@v6e.pt>
Reviewed-by: Michael Mann <mmann78@netscape.net>
by default, an empty byte array (FT_BYTES) is represented as an empty string
thus, using "Apply as Filter / Selected" on such an item creates an
invalid display filter expression, e.g. dvb-ci.mmi.char_tbl==
represent an empty byte array as "" if we're compiling a display filter
expression
Bug: 11526
Change-Id: Ie94507a24a496e0c25bcdadfab72fdf9fb35958a
Reviewed-on: https://code.wireshark.org/review/10540
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
They are, after all, really byte strings, just as MAC-48s/EUI-48s are.
Clean up some of the integer <-> byte-string trickery a bit, using
unions rather than pointer punning.
Bug: 11380
Change-Id: I0d9aa3ca7bb6b7e4c75e49a11b13d3d0e5a04473
Reviewed-on: https://code.wireshark.org/review/9727
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add FT_FRAMENUM_ACK and FT_FRAMENUM_DUP_ACK and set them for
tcp.analysis.acks_frame and tcp.analysis.duplicate_ack_frame. Draw a
single or double check mark in the packet list accordingly.
These are probably specific to TCP, but as it happens there are a lot of
TCP packets.
Change-Id: I35416506419159a79ad8cc2e35f8a14485edfb7e
Reviewed-on: https://code.wireshark.org/review/7568
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Since commit v1.99.4rc0-70-g0bec885 (Remove use of sprintf for ftype
string formatting), Wireshark aborts with "Null pointer passed to
bytes_to_hexstr_punct()". This happened with a SSL capture where the
ssl.handshake.extensions_padding_data had a zero length.
Fix it by producing a zero-length string instead (as done by the
previous implementation).
Change-Id: I711d786a9ae692eb44c5e49a30d5fea41c5af31e
Reviewed-on: https://code.wireshark.org/review/7649
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I656d6193aad740ab88bf16fb25c202e766e3092a
Reviewed-on: https://code.wireshark.org/review/7616
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add the ability to set frame number types: none, request, or response.
Use the types to draw different related packet indicators in the packet
list.
Track the conversation in PacketListRecord. Use it to draw dashed lines
for unrelated frames.
Set frame number types for DNS and ICMP.
Instead of drawing a transparent QImage, alpha blend our foreground
color and draw directly in our painter. Blend more toward the foreground
color.
Add FRAMENUM_TYPE to checkAPIs.
Change-Id: I2495945bb436413e05d6ec697184a0b4fd5ad214
Reviewed-on: https://code.wireshark.org/review/7436
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Otherwise, they don't get the right suffix to tell the compiler that
they're 64-bit even on ILP32 platforms.
Change-Id: I5c52a999d21707602e0a4174a142d1d1036242be
Reviewed-on: https://code.wireshark.org/review/7297
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Fix comments typos and use safe equivalent of sprintf.
Change-Id: Icc9d69532dc35e8a58a78c0eacdb42214b679069
Reviewed-on: https://code.wireshark.org/review/7290
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Change-Id: I57354c309ecf3a0c8f0c7cff485638027f30bb19
Reviewed-on: https://code.wireshark.org/review/5813
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Found by MSVC2013 Code Analysis
Change-Id: I58063946dd558e98308c87b36eeac0ddbe1a6e79
Reviewed-on: https://code.wireshark.org/review/7045
Reviewed-by: Bill Meier <wmeier@newsguy.com>
There are a few oid functions that are only called in oids_test.c. I'll presume the APIs are used in proprietary dissectors rather than just remove them.
Change-Id: I4595e00f93bf9ab8cf2493fe0432b91960f55a3f
Reviewed-on: https://code.wireshark.org/review/6592
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I79e893f1d810a90c6a495067941d2e393e9fee72
Reviewed-on: https://code.wireshark.org/review/6501
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Have dfilter_compile() take an additional gchar ** argument, pointing to
a gchar * item that, on error, gets set to point to a g_malloc()ed error
string. That removes one bit of global state from the display filter
parser, and doesn't impose a fixed limit on the error message strings.
Have fvalue_from_string() and fvalue_from_unparsed() take a gchar **
argument, pointer to a gchar * item, rather than an error-reporting
function, and set the gchar * item to point to a g_malloc()ed error
string on an error.
Allow either gchar ** argument to be null; if the argument is null, no
error message is allocated or provided.
Change-Id: Ibd36b8aaa9bf4234aa6efa1e7fb95f7037493b4c
Reviewed-on: https://code.wireshark.org/review/6608
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: Id336dc16f97a0973754993094aa637813c0ca31c
Reviewed-on: https://code.wireshark.org/review/6604
Reviewed-by: Michael Mann <mmann78@netscape.net>
Most of the remaining ep_ uses are grouped with specific functionality.
Change-Id: I8fa64a17acc6bcdcf6891b2d28715ac0c58f1a4a
Reviewed-on: https://code.wireshark.org/review/6484
Reviewed-by: Michael Mann <mmann78@netscape.net>
There's no requirement for "display" field values to have names
beginning with BASE_; use SEP_, to indicate that they're separators.
(And, yes, we should introduce SEP_NONE, with a value of 0, and use it.)
While we're at it, fix BASE_SEMICOLON - the separator is a colon, not a
semicolon - and document SEP_SPACE in doc/README.dissector.
Change-Id: I856aafda2c60b8320dffe287f0deb06a9604a2bf
Reviewed-on: https://code.wireshark.org/review/6486
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It's just like BASE_DOT, BASE_DASH and BASE_SEMICOLON, only its a space between bytes. Since this seems pretty specific to FT_BYTES, perhaps there is a better was to represent the functionality (like FT_BOOLEAN uses numeric values for number of bits)?
Change-Id: I1a8f1ab263ece2736a8012b66fdd6a9105db7282
Reviewed-on: https://code.wireshark.org/review/6451
Reviewed-by: Michael Mann <mmann78@netscape.net>
These "bases" will put a ".", "-", or ":" respectively between hexidecimal bytes in the field in packet view and display filter. FT_BYTES with BASE_NONE will have no separator in the packet view, but continue to have the ':' as a separator in the display filter.
Converted the "string" hf_ entries that used tvb_fc_to_str as a string to use proto_tree_add_item with FT_BYTES/BASE_DOT type.
Converted applicable tvb_bytes_to_ep_str_punct() calls to use the new BASE values.
Change-Id: I2442185bb314d04a3ff2ba57883652ecd738b5f9
Reviewed-on: https://code.wireshark.org/review/6098
Reviewed-by: Michael Mann <mmann78@netscape.net>
Also, convert the "string" hf_ entries that used tvb_fcwwn_to_str as a string to use proto_tree_add_item with FT_FCWWN type.
Change-Id: I4ca77870499fd8239584a70874998b5d194a7167
Reviewed-on: https://code.wireshark.org/review/6036
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
They're locale-dependent (although those *particular* ones might not
be).
Remove no-longer necessary (or not-even-necessary-before-this-change)
includes of <ctype.h>
Change-Id: I1384e3ae4ccba6af9220a08773abcde7ea320573
Reviewed-on: https://code.wireshark.org/review/4755
Reviewed-by: Guy Harris <guy@alum.mit.edu>
An unsigned 8-bit integer is always <= 0xFF; that was the cause of the
warning.
To see whether a byte, when represented as hex, has letters for its
upper and lower nibbles, just check whether both nibbles are >= 0xA.
Cast the extracted nibbles to make sure there's no sign-extension.
Change-Id: If4c7717a5d2fe341c02e9309ee6b89973a6ac292
Reviewed-on: https://code.wireshark.org/review/4739
Reviewed-by: Guy Harris <guy@alum.mit.edu>
I'm not 100% certain the comparisons were right even with signed char;
make the comparisons unsigned vs. unsigned, regardless of whether char
is signed or not. (No, C doesn't require it to be signed; that's why
there's a "signed" keyword.)
Change-Id: Icbbd1019a2f7d4ebb40d821255834f825cd7c5a7
Reviewed-on: https://code.wireshark.org/review/4731
Reviewed-by: Guy Harris <guy@alum.mit.edu>
There are protocols out there that have 64-bit wide bit mask fields, so
make the internal representation and bitfield decoders 64-bit aware.
For this, the ws_ctz() fallback and bits_count_ones() have to be tweaked
slightly.
Change-Id: I19237b954a69c9e6c55864f281993c1e8731a233
Reviewed-on: https://code.wireshark.org/review/4158
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This regression was introduced by the commit e5353bf119 done for bug 10081
Bug: 10213
Change-Id: I3925a47ef13055f10f49fa9fefd022731746fbb8
Reviewed-on: https://code.wireshark.org/review/2572
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
With autotools, CMake, and nmake, if we have a function, #define
HAVE_{function_name_in_all_caps}, otherwise don't #define it.
If we provide our own version of a function in libwsutil, make sure we
have a header that declares it, and *ONLY* include that header if
HAVE_{function_name_in_all_caps} is *NOT* defined, so that we don't have
the system declaration and our declaration colliding.
Check for inet_aton, strncasecmp, and strptime with CMake, just as we do
with autotools.
Simplify the addition of {function_name_in_all_caps}_LO to libwsutil in
autotools.
Change-Id: Id5be5c73f79f81919a3a865324e400eca7b88889
Reviewed-on: https://code.wireshark.org/review/2903
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I24fe3cc4a3589dadc4528a77fe7ff13d06b1a983
Reviewed-on: https://code.wireshark.org/review/2245
Reviewed-by: Michael Mann <mmann78@netscape.net>
Always call $(top_srcdir)/tools/checkAPIs.pl with -sourcedir=$(srcdir)
from Makefile.am to allow out-of-source 'make checkapi'.
Change-Id: I60d7e0079984a8ededdacf4517a0738486fa7973
Reviewed-on: https://code.wireshark.org/review/1294
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add an FT_STRINGZPAD type, for null-padded strings (typically
fixed-length fields, where the string can be up to the length of the
field, and is null-padded if it's shorter than that), and use it. Use
IS_FT_STRING() in more cases, so that less code needs to know what types
are string types.
Add a tvb_get_stringzpad() routine, which gets null-padded strings.
Currently, it does the same thing that tvb_get_string_enc() does, but
that might change if we don't store string values as null-terminated
strings.
Change-Id: I46f56e130de8f419a19b56ded914e24cc7518a66
Reviewed-on: https://code.wireshark.org/review/1082
Reviewed-by: Guy Harris <guy@alum.mit.edu>
So get rid of the commented-out FT_UCS2_LE; that would be handled as an
FT_STRING, FT_UINT_STRING, or FT_STRINGZ with an encoding of
ENC_UCS_2|ENC_LITTLE_ENDIAN.
Change-Id: I828fc1ed49843a503ec70e6adaf6dadd256df407
Reviewed-on: https://code.wireshark.org/review/996
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(Using sed : sed -i '/^\# \$Id\$/,+1 d') (start with dash)
Change-Id: Ia4b5a6c2302f6a531f6a86c1ec3a2f8205c8c2dd
Reviewed-on: https://code.wireshark.org/review/881
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
As discussed in bug 3513 and 9709, one can register more than one new ProtoFields for
the same field name. Of course C-code can do that too, and does a LOT apparently, but
if they're not similar ftypes then things can get scrweed up in display filters.
So this change prevents duplicate field registration of dissimilar ftypes. The
similarity is based on the discussion on the mailing list, and the listing in
README.developer has been updated to refelect that as well.
Also, this change adds a testscript for Proto/ProtoFields.
Change-Id: I43bd323f785245941a21289647332a19adec2a9d
Reviewed-on: https://code.wireshark.org/review/285
Reviewed-by: Evan Huus <eapache@gmail.com>
appropriate for particular FT_ types. This lets us do some more type
checking and lets us use const pointers when appropriate.
Constify a bunch of stuff, and don't cast away constness.
svn path=/trunk/; revision=54811
the ftenum_t for the fvalue's ftype, rather than a pointer to the ftype
(which isn't all that useful except as a handle, unless you import the
internal header).
Have fvalue_to_string_repr() return NULL, rather than failing, if the
fvalue's ftype has no val_to_string_repr method.
This lets us not include the ftypes internal header in
ui/cli/tap-diameter-avp.c.
svn path=/trunk/; revision=53290
human-readable representing an AX.25 subaddress (e.g. "KA9Q-01") into
the binary form of an AX.25 address, because what it does is translate
the binary form of an AX.25 address to the human-readable form!
We currently have no routine that does the right thing and, even if we
did, given that some bits in the AX.25 subaddress format are used for
purposes other than representing the call sign and substation ID, so the
matching routines for AX.25 addresses need to ignore certain bits.
For now, we just remove the call to get_ax25_name() (which squelches the
pointer-signedness warning that made me look at this code, and find the
problem, in the first place) and replace it with a comment discussing
the problem and a failure.
The other pointer-signedness warning brought up a question of what to do
with G_REGEX_RAW in the g_regex_match_full() call; it didn't bring up an
immediately obvious *answer*, so we throw a cast at the warning and add
another comment. (We fix up alignment while we're at it.)
svn path=/trunk/; revision=50106
glib memory slices.
- We weren't doing anything with the emem slab that couldn't be done with glib
slices.
- Removes a fair bit of code as well as one debugging environment variable.
- Glib slices are much cache-friendlier and are multi-threading friendly (if
we ever go there).
- Allows glib to actually return slices to the OS on occasion. The emem slab
would hold onto its memory forever which resulted in a great deal of wasted
memory after closing a large file.
svn path=/trunk/; revision=48218
and use that to fix a -Wclobbered error that bleeding-edge GCC throws
on tvbuff types.
Also remove a variable that looked like it was being used to hide the error
before GCC got clever.
svn path=/trunk/; revision=47153
Cast away some implicit 64-bit-to-32-bit conversion errors due to use of
sizeof.
Cast away some implicit 64-bit-to-32-bit conversion errors due to use of
strtol() and strtoul().
Change some data types to avoid those implicit conversion warnings.
When assigning a constant to a float, make sure the constant isn't a
double, by appending "f" to the constant.
Constify a bunch of variables, parameters, and return values to
eliminate warnings due to strings being given const qualifiers. Cast
away those warnings in some cases where an API we don't control forces
us to do so.
Enable a bunch of additional warnings by default. Note why at least
some of the other warnings aren't enabled.
randpkt.c and text2pcap.c are used to build programs, so they don't need
to be in EXTRA_DIST.
If the user specifies --enable-warnings-as-errors, add -Werror *even if
the user specified --enable-extra-gcc-flags; assume they know what
they're doing and are willing to have the compile fail due to the extra
GCC warnings being treated as errors.
svn path=/trunk/; revision=46748
from makefiles (and thus from the buildbot).
The intention is to be able to tell when a human is running the tool so we
can provide more code-review guidance.
As a starter, enable the "too many proto_tree_add_text() calls" check when
a human is running the tool.
svn path=/trunk/; revision=41943
descriptions. Captitalize and fix up the descriptions. Use its output to
create the field type list in the wireshark-filter man page.
svn path=/trunk/; revision=40306
in README.devloper. Remove g_gnuc.h since it's no longer needed. Remove
tvbuff_init(), tvbuff_cleanup(), reassemble_init(), and
reassemble_cleanup() since they were only used for older GLib versions
which didn't support GSlices. Assume we always support the "matches"
operator.
svn path=/trunk/; revision=37978
make FT_STRING and FT_UINT_STRING handle string encodings.
Get rid of FT_EBCDIC in favor of FT_STRING with ENC_EBCDIC.
Add some URLs for DRDA.
Clean up some stuff in TN3270 and TN5250, including using ENC_ values
for proto_tree_add_item().
svn path=/trunk/; revision=37909
* Remove proto_tree_add_eui64 function from 802.15.4 Dissector
* Replace print_eui64/print_eui64 by eui64_to_str/get_eui64_name
* Update Documentation (README.dev)
* Add new function in libwireshark.def
* Support of encoding for tvb_eui64_to_str
* Use FT_EUI64 for ICMPv6, CAPWAP, Zbee ... dissector
svn path=/trunk/; revision=37015
- Define macros for certain CFLAGS in config.nmake iso of having defs in each makefile;
a. -DHAVE_CONFIG_H and -D_U_="" are now part of a macro named STANDARD_CFLAGS;
b. -WX has been replaced by WARNINGS_ARE_ERRORS (defined as -WX in config.nmake)
(This allows disabling "Warnings as Errors" by just changing config.nmake)
c. CVARSDLL definitions (not usage) have been removed from the various makefiles.
XXX: It appears the usage of CVARSDLL can also be removed (not yet done) since:
-DWIN32 and -DNULL=0 do not appear to be needed (any more);
-D_MT and _D_DLL are not needed since /MP causes these definitions.
d. Define a macro WARNINGS_CFLAGS with additional specific compiler (level4) warnings to be enabled.
E.G., 4295: array is too small to include a terminating null character
- config.nmake: reformat some long lines for readability;
- plugins\Makefile.nmake: clean-deps does nothing: remove it (and usage in top-level makefile);
- dissectors/Makefile.nmake: test to enable packet-rrc.obj target needs to include MSVC2010 ...
svn path=/trunk/; revision=35747
argument indicating whether to include the time zone in the string. If
we're constructing a display filter, don't include the time zone,
otherwise do. Fixes bug 4756.
svn path=/trunk/; revision=32913
The change put in with rev 11382 meant that, on 64-bit systems, we could not
parse negative numbers into integers (since -1 taken as an unsigned 64-bit
number is (significantly) larger than G_MAX_UINT32).
To fix this, split the val_from_unparsed() routine for integers into two
routines: one for signed and one for unsigned; each routine can then do the
appropriate "is this bigger than what fits in a *32?" test.
svn path=/trunk/; revision=32616
date as YYYY/DDD, where DDD is a 1-origin day of year. Move the formats
to a "time_fmt.h" file, included by the headers that use it. Have
abs_time_to_str() and abs_time_secs_to_str() take the date format value,
rather than a Boolean "show this as UTC" flag, as an argument. Document
the ABSOLUTE_TIME_ formats a bit better. Use that format in the CCSDS
and VCDU dissectors, rather than having those dissectors do the
formatting themselves.
svn path=/trunk/; revision=32034
indicating whether the time should be shown as local time or UTC. For
now, always pass FALSE, meaning "show as local time".
Clean up some stuff in the SNMP dissector, use abs_time_secs_to_str()
for times with one-second resolution, and update a comment in various
macros in the WSP dissector, while we're at it.
svn path=/trunk/; revision=31227
struct _GString
{
gchar *str;
gsize len;
gsize allocated_len;
};
And:
struct _GArray
{
gchar *data;
guint len;
};
We only accessed the first two fields of the GString struct.
svn path=/trunk/; revision=29841