This will make it easier to determine protocol dependencies.
Some LLC OUI dissector tables didn't have an associated protocol, so they were left without one (-1 used)
Change-Id: I6339f16476510ef3f393d6fb5d8946419bfb4b7d
Reviewed-on: https://code.wireshark.org/review/14446
Reviewed-by: Michael Mann <mmann78@netscape.net>
That removes most of the uses of the frame number field in the
frame_data structure.
Change-Id: Ie22e4533e87f8360d7c0a61ca6ffb796cc233f22
Reviewed-on: https://code.wireshark.org/review/13509
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I8512cfa1d424f82a873a0e0e1d22c7b075fdd7f3
Reviewed-on: https://code.wireshark.org/review/13069
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ie39ef054a4a942687bd079f3a4d8c2cc55d5f22c
Reviewed-on: https://code.wireshark.org/review/12485
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Either remove them completely, or put them inside an #ifdef.
Change-Id: Iceff4909e250c17812f38d94e067f7c37ab72e1b
Reviewed-on: https://code.wireshark.org/review/11630
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Remove the need for the registration of a dedicated SIII dissector,
as this might interfere with "Decode As" handling, as well as being
redundant and no longer needed.
The udpdata dissector can handle both and gate to the correct
sub-dissector if necessary.
Change-Id: I756cd845e7e8d64848d9928ad9ff04d571434835
Reviewed-on: https://code.wireshark.org/review/11421
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I8cfd1c223c70c7e03728af8b2f7cbf9354d7ad86
Ping-Bug: 3949
Reviewed-on: https://code.wireshark.org/review/10865
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Cosmetic change, to better distinguish if multiple
SPDO packages have been detected.
This should also be back-ported to 1.12 and 2.0
Change-Id: I3d0b26ecb6e0cc60b3cdc9861920c5ccaeb70cbd
Reviewed-on: https://code.wireshark.org/review/10829
Reviewed-by: Roland Knall <rknall@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
SPDOs code the 0x04 bit differently, as it is not part
of the message type, but rather a flag for connection validation
I do not want to introduce a second message type, as this would break
compatibility with existing stored filters, also adding the bitmask
to the hf field, would alter the byte value, as it would shift
the value to the right.
Change-Id: I6b70bec29a55dfb556652d9dc940a896b864943b
Reviewed-on: https://code.wireshark.org/review/10595
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
These aren't "true" shadow issues, but the script doesn't completely understand C syntax (for things like struct member names "time" and "index"). But fixing them creates less noise.
Change-Id: I5a2db1549095824530428529e86cab453c031a04
Reviewed-on: https://code.wireshark.org/review/10368
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If multiple packets of openSAFETY are present in a single network
packet, searching for the packet needed is complicated. This patch
increases the information along the same lines as the eth and frame
subdissectors
Change-Id: Id3d237135cfadb35c839208749aeeb1652b29830
Reviewed-on: https://code.wireshark.org/review/9871
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
- Bugfix for the SCM UDID, where the expert info was generated
even if not necessary, and a SCM UDID consisting of zeroes was
considered to be valid
- Using the new method for enabling/disabling heuristic dissectors,
this patch reworks the SIII dissection to perform exactly the
same as the EPL dissection (which is the expected behavior)
Change-Id: Ide559c3e104b77818cef642b34e0076a7c5bd13d
Reviewed-on: https://code.wireshark.org/review/9735
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The preferences are still supported for backwards compatibility, but the heuristic_protos file has final say on the "preference" to enable/disable a heuristic dissector.
Also add parameter to heur_dissector_add() for the "default" enable/disable of a heuristic dissector. With this parameter, a few more (presumably weak) heuristic dissectors have been "registered" but of course default to being disabled.
Change-Id: I51bebb2146ef3fbb8418d4f5c7f2cb2b58003a22
Reviewed-on: https://code.wireshark.org/review/9610
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This allows better presentation of heuristic dissectors to the end user.
Change-Id: I2ff3985ab914e83c2989880cc0c7b9904045b3f6
Reviewed-on: https://code.wireshark.org/review/9602
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This patch is partially automatically generated, but are modified
manually. In particular, assignments and function calls have been
audited.
Some debugging comments and ifdef'd prints have been removed. The
lookup tables of the dcm and sip dissectors are now cleared. It is only
called on reopening files anyway.
The isakmp dissector is modified to use g_hash_table_new_full for
destruction of its keys and values.
Fix a memleak in ipsec dissector when libgcrypt is not enabled.
Generated using
https://git.lekensteyn.nl/peter/wireshark-notes/diff/one-off/cleanup-rewrite.py?id=3c6128ee266024d164650955f93c7740484abd68
(with AUDIT = True).
Change-Id: I3fd910bdee663842ac0196334fe0189b67e251b0
Reviewed-on: https://code.wireshark.org/review/9225
Reviewed-by: Michael Mann <mmann78@netscape.net>
- Add b16 counter to SPDO Time Request/Response
- Mark generated time fields as generated
- Fix +1 addition for frameOffset
- Fix CRC2 calculation for subframes with just 5 bytes datalength
Change-Id: I59ef7bf445de47c2bd165ae0f94d64d9f11d636b
Reviewed-on: https://code.wireshark.org/review/8875
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
- The starting offset for a consecutive frame search was off by 1
Change-Id: Ife77f9823e7e6d9a6601dba9c4cca74984e4ed40
Reviewed-on: https://code.wireshark.org/review/8741
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Implementing a tap interface as well as a packet structure
which contains all necessary information from a single
openSAFETY frame.
This structure is located in a separate packet-opensafety.h so
that plugins and other programs, which want to utilize the tap
interface, may benefit from the same defines
The 40bit calculation was implemented in a wrong fashion,
so that it never calculated the correct UDID
Change-Id: I62895f91d0a255a5489b9bf397a40d824a27383f
Reviewed-on: https://code.wireshark.org/review/7275
Reviewed-by: Roland Knall <rknall@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
To allow future tap interfaces as well as analysis plugins
to use the same definitions the dissector used, all defines
are being separated into a header file
Change-Id: Iec38e361ded46aab6684c2713ba9a047193a6694
Reviewed-on: https://code.wireshark.org/review/7468
Reviewed-by: Roland Knall <rknall@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ie566ae541d0d6cf5ac17150006de4f4498e790d6
Reviewed-on: https://code.wireshark.org/review/7493
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
openSAFETY 1.5 will be the next version of the openSAFETY
protocol. This will include all renditions necessary for
future versions of the IEC 61784-3 specifications.
- SNMT service for CT preseeding
- 40 bit counter value flag support
- Adapt CRC calculation for 40bit counter
- Display 40bit counter value
Change-Id: Ia9f8e11de813d27bc14437d32ee3d0486810c634
Reviewed-on: https://code.wireshark.org/review/5728
Reviewed-by: Roland Knall <rknall@gmail.com>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Removing the macros for packet sender/receiver as it makes
the code hard to read and maintain. the more generic routine
opensafety_packet_node is also used for displaying the time
request sender and recipient.
Also clearing up the message id field, as it is the wrong size
and making the detection for the value an hf_field with an
array value.
Change-Id: I31cf0f944fe803fb503f4c5d29e106dfae0f6938
Reviewed-on: https://code.wireshark.org/review/7344
Reviewed-by: Roland Knall <rknall@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Both values mean the same thing and should be found using
the same hf_field, as this eases debugging scenarios.
Change-Id: I23f675e22623b5e66354708319a41dcf34143e30
Reviewed-on: https://code.wireshark.org/review/7257
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Also change bytestring_to_str to match bytes_to_ep_str_punct functionality (limiting byte string size)
Change-Id: Idb958c7f0c203d103629469302b81fa922714f7e
Reviewed-on: https://code.wireshark.org/review/6369
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fourth batch (packet-mac-lte.c -> packet-rtp.c).
Will look at cleaning up and committing script afterwards.
Change-Id: Id921f07f4b274f0cfb77ce81abe4a285fdb8b644
Reviewed-on: https://code.wireshark.org/review/6023
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Specifically:
- Set packet.h to be the first wireshark #include after
config.h and "system" #includes.
packet.h added as an #include in some cases when missing.
- Remove some #includes included (directly/indirectly) in
packet.h. E.g., glib.h.
(Done only for those files including packet.h).
- As needed, move "system" #includes to be after config.h and
before wireshark #includes.
- Rework various #include file specifications for consistency.
- Misc.
Change-Id: Ifaa1a14b50b69fbad38ea4838a49dfe595c54c95
Reviewed-on: https://code.wireshark.org/review/5923
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Bill Meier <wmeier@newsguy.com>
All situations can be handled with "shimmed" dissector functions.
Change-Id: Ic85483b32d99d3270b193c9f6b29574d8fad46a8
Reviewed-on: https://code.wireshark.org/review/5327
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Comment out the #define since it's not actually used. :)
Change-Id: Ia34200d3eb705a74a33cbcf18175a7f780f2d2e2
Reviewed-on: https://code.wireshark.org/review/5128
Reviewed-by: Bill Meier <wmeier@newsguy.com>
- There are cases, where the heuristic detection tries
to access bytes, after a correct openSAFETY frame has
been detected, leading to "Packet truncated" messages
in the correct and complete detected packet
Change-Id: Ie389edf82144283ad2c15f0bf975066de01e3409
Reviewed-on: https://code.wireshark.org/review/4237
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
- Actually register dissector on default UDP ports upon startup.
- expert_...() shouldn't be called under 'if (tree)'
Also: cleanup proto_reg_handoff...() and apply_prefs() code.
Change-Id: I6390d9bf311c9a62fbc43647d9bb19f90156baec
Reviewed-on: https://code.wireshark.org/review/4063
Reviewed-by: Bill Meier <wmeier@newsguy.com>
- Block Up-/Download will be removed from the protocol
It has never been implemented => no impact
- Preload will be added in future versions of the
openSAFETY specification
- Better definition of SSDO ACMD sets to ensure correct
protocol dissection
- Use TFS.h t/f strings where applicable, remaining
strings are referenced directly from specification
Change-Id: I9c809098938333c914e1f8ba67d100b994fd33f4
Reviewed-on: https://code.wireshark.org/review/2647
Reviewed-by: Roland Knall <rknall@gmail.com>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
- There are rare false-positives, where the entire
frame consists of 0 except the addr and id field,
which will lead to a correct crc#1 calculation,
but still to a false-positive detection. This
patch fixes that
- Two undefinite-loop errors are corrected as well
Change-Id: Ibe5e56e0172ad3a3046bdc024da3711987116e8e
Reviewed-on: https://code.wireshark.org/review/3918
Reviewed-by: Roland Knall <rknall@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
We have epan/ipproto.h to define various IP protocol numbers; use that.
Change-Id: I1ec72028182125f7e11dc159791753ee26d35f12
Reviewed-on: https://code.wireshark.org/review/1027
Reviewed-by: Guy Harris <guy@alum.mit.edu>
- Adding a typedefinition which can be deactivated, so
that certain types of frames are only detected in their
respective transport protocols
- Rename bytes array as it is a key-word for some IDEs and
hinders syntax checking
- Add node info to the time request from/by fields
- EPL: add message type to heuristic dissection call
Change-Id: Ia572bb68fc1d24d70e72b77867f0dad323b055b9
Reviewed-on: https://code.wireshark.org/review/750
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This is a permanent solution for bug #9786. guint overflows
are now prevented, and the remaining length is queried from
tvb and taken into consideration.
As a side-effect, the fix brought up two bugs in the openSAFETY
dissector, which where fixed as well.
Upd: Remove stdio.h and fix one encoding error found by
fix-encoding-args.pl
Change-Id: Ic2d478a8ea15b0bcfd2536a074c217daf610fe08
Reviewed-on: https://code.wireshark.org/review/291
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Up until now, openSAFETY hooked into a heuristic filter for epl
and dissected the whole package, handing back some epl header
information by calling epl again. This was time-consuming and
on a busy network led to an increase in dropped packages and
memory usage, as well as unresponsivness.
This patch only takes the payload data of epl frames, and
therefore greatly reduces the dissection overhead of openSAFETY.
On a second note, intergap data between safety frames is now
being displayed as Data, but only if the option for doing so
is specifically enabled in the openSAFETY preferences, as it
changes the behaviour of the dissector output.
Upd: Because of the gap handling, some frames where marked
as being truncated, although they were not, or did not contain
openSAFETY frames at all. In the course of the fix for this,
the byte copying for the byte swap with MBTCP has been moved
to only occur when needed, and is additionaly guarded.
Upd2: Identation and comment fixes
Upd3: Change memcpy to memdup and move find_dissector ( "data" )
to proto_reg_handoff
PLK: Store data dissector pointer
Move the if-clause to proto_reg_handoff as documented
in comment of Change-id: 191
Change-Id: I3038ed465900a2b5e63b3a0967abd62a4c66f318
Reviewed-on: https://code.wireshark.org/review/191
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
- SNMT messages where presented in a way, where the value of the
field was not pointing to the correct bytes where it came from
- Sender / Receiver where renamed to be better understandable
- SN send to (Receiver) now comes first as it does in the byte
stream
Change-Id: I364cb248bed9489c0cf9c7bf9fbd37b0225dbd78
obvious that the returned string is ephemeral, and opens up the original names
in the API for versions that take a wmem pool (and thus can work in any scope).
svn path=/trunk/; revision=54249
Michael Mann