This allows dissector lists to be looked up by name, so they can be
shared by multiple dissectors.
(This means that there's no "udplite" heuristic dissector list, but
there shouldn't be one - protocols can run atop UDP or UDPLite equally
well, and they share a port namespace and uint dissector table, so they
should share a heuristic dissector table as well.)
Change-Id: Ifb2d2c294938c06d348a159adea7a57db8d770a7
Reviewed-on: https://code.wireshark.org/review/5936
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Profinet I/O and DCOM CBA had completely separate uses for the profinet_type member, so it's okay to separate them with different proto ids tracking the proto_data.
Change-Id: I7b9c01b8d4f74d51fe9f9ef2f957479dff0a7157
Reviewed-on: https://code.wireshark.org/review/5852
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I5868a40b71a989a3a1522cb091064bb0aaec6daf
Reviewed-on: https://code.wireshark.org/review/5828
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Have dissectors register their desire to be part of "color" conversation filters and have the GUI use that registered list. GUI actually using API will come in a separate commit.
Change-Id: I5ffe922d97894fe7bf3182056b76ab5839a9461a
Reviewed-on: https://code.wireshark.org/review/5658
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I3b5afb8a59f6443624708b9fecfdcbe93dad59ef
Note: Some of the filters, when/if used, could have caused Wireshark crashes.
Reviewed-on: https://code.wireshark.org/review/5575
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Dissectors should pass data directly to their subdissectors through the data parameter (of new-style dissectors). This avoids unintentional "trampling" from other dissectors trying to "share" private_data member.
Change-Id: I2efef5c8dfeef64588ba3ac6e695b469238c6468
Reviewed-on: https://code.wireshark.org/review/5487
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Idd5818cbb2b1f8628bb29c2c71dfc6d41df89b5d
Reviewed-on: https://code.wireshark.org/review/5448
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Some other minor cleanup while in the neighborhood.
Change-Id: I1b0c0567488fa350c14d21c5f5e4cb9746177af1
Reviewed-on: https://code.wireshark.org/review/5447
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I3f4b3eb23b91b219df373b3012fbefa63abfa4d3
Reviewed-on: https://code.wireshark.org/review/5350
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Also some other cleanup to simplify dissector logic.
Change-Id: Ia84300b7eadafe292361014dd0e565ec250cae44
Reviewed-on: https://code.wireshark.org/review/5311
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I9606aa36b7d7b6bb2ef2e7685e6629163ca83ef7
Reviewed-on: https://code.wireshark.org/review/5312
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
Change-Id: Ib2d900833a8763307be6b1cfc8df20d7019d2706
Reviewed-on: https://code.wireshark.org/review/5313
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I5b35ad57c5c40a1393cbc174384b8a275abd763c
Reviewed-on: https://code.wireshark.org/review/4903
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
That way, we avoid locale-dependent behavior.
Change-Id: I429fde961dc7cb61013756a663d6cd511f19ca70
Reviewed-on: https://code.wireshark.org/review/4845
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: Ia017fa9535cbc7570ce6bd442972eedd2143825a
Reviewed-on: https://code.wireshark.org/review/4729
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Instead of adding the items using proto_tree_add_item, use proto_tree_add_bitmask in parseExpandedNodeId(). Also, the redundant 'NodeId ' text is removed from hf_opcua_nodeid_... items for better readability.
Change-Id: Ie68f1d280dd733fd2eede0b2b73ad8d7f28396b3
Reviewed-on: https://code.wireshark.org/review/4730
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ie02326e365ee3f620fcbe3f2e8e45dc5300d3418
Reviewed-on: https://code.wireshark.org/review/4728
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
As requested by Michael Mann, most of the occurences of proto_tree_add_text/proto_item_add_subtree are replaced with proto_tree_add_subtree(_format) or proto_tree_add_item/proto_item_append_text in the non-generated files.
Change-Id: I27cccde88780adef43c78efd26333f47af098ad6
Reviewed-on: https://code.wireshark.org/review/4726
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
As requested by Michael Mann, all occurences of proto_tree_add_text/proto_item_add_subtree are replaced with proto_tree_add_subtree(_format) in the generated files. Our generator templates have also been updated accordingly.
Change-Id: I49ddd664dffef4b3ceda77edd1b2d7e01da363f3
Reviewed-on: https://code.wireshark.org/review/4725
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
... to ensure that there are no potential issues with respect to
editors limiting the number of lines scanned at the end of the file
when checking for editor modelines.
Change-Id: Ic85cbb108bb5159d6ec4116fea11f5eebb4e44a4
Reviewed-on: https://code.wireshark.org/review/4688
Reviewed-by: Bill Meier <wmeier@newsguy.com>
The declarations from opcua_complextypeparser.h were used instead of the serviceparser ones, this is also fixed in our generator
Change-Id: I3d78d26a3b2b4995dfd4556720d29ecdd6960c4b
Reviewed-on: https://code.wireshark.org/review/4650
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
It's hyper with 8 bytes alignment it can have 1/100000 sec resolution or 1sec resolution
Bug: 10541
Change-Id: Iecc4c6d1bd1695a4c02db72e1617134254810cd9
Reviewed-on: https://code.wireshark.org/review/4606
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
plugins/*/CMakeLists.txt has a lot of repitition. We might want to
create a module or include file to simplify things.
Change-Id: Iadd453c286a4127beacd80edf6dc200aa9148852
Reviewed-on: https://code.wireshark.org/review/4582
Reviewed-by: Gerald Combs <gerald@wireshark.org>
For now, this just pacifies fuzz-testing. If real world examples have this, there needs to be a drastic overhaul to support fields that could be either 32 or 64-bit values.
Bug:9329
Change-Id: I3e28808ca0291868a5f84258b0ee1e2a922703c2
Reviewed-on: https://code.wireshark.org/review/4189
Reviewed-by: Michael Mann <mmann78@netscape.net>
If it is used, there is a modified file in git.
Fix this by only including the file if it exists.
Other changes:
- Rename the existing Custom files to CMakeListsCustom.txt.example.
- Move the plugins custom file to the top level (same level as its
including parent).
- Optionally allow a list of custom includes instead of the default one.
Change-Id: I8960eac6222f741c045055d43d1d5a2d4979caf6
Reviewed-on: https://code.wireshark.org/review/4163
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
Change-Id: I575bd2f93202837b2ce15a39b1b0bd9b5c53f5bf
Reviewed-on: https://code.wireshark.org/review/4151
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I5ca5d41edf1f56b24da6360a10f0c6e2600572d2
Reviewed-on: https://code.wireshark.org/review/4150
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I0b533edd7bad52922dd1e0aaa2c980e56dd88b78
Reviewed-on: https://code.wireshark.org/review/4149
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I78963640e32393f3ac399e59a659ddf619d15c3d
Reviewed-on: https://code.wireshark.org/review/4148
Reviewed-by: Michael Mann <mmann78@netscape.net>
It's unclear how the ports should be separated, this additional text in the tooltip clarifies it
Change-Id: I686482522d006024f920a3cc26b83cd21c19f8a5
Reviewed-on: https://code.wireshark.org/review/4147
Reviewed-by: Michael Mann <mmann78@netscape.net>
For consistency with epan/dissectors/Makefile.am. Also, remove the
"with python" parts, since that's the only option now.
Change-Id: I761e1bf7995c1cc1ebd790013181fd6116b289a1
Reviewed-on: https://code.wireshark.org/review/3925
Reviewed-by: Evan Huus <eapache@gmail.com>
Petri-Dish: Evan Huus <eapache@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Add static before function
Change-Id: Icb54ccf58e5752892e7217327380a0af7da45647
Reviewed-on: https://code.wireshark.org/review/3690
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: If9f85a6cda483c5b89f9bee3524502b888ccb1d1
Reviewed-on: https://code.wireshark.org/review/3676
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The fault is that reassembly_table_init() must be called when reloading
the file - move it to an init routine and register the init routine.
While there move the proto_register_opcua() routine to the end of the file
to be more consistent with other dissectors.
Change soft deprecated APIs
Change-Id: I2b93692be24dbf60f4ef09aa7283e55ebf3c1874
Reviewed-on: https://code.wireshark.org/review/3431
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It doesn't build on Linux but cmake looks for it (won't build without it) and
Windows users might want it.
Change-Id: I978f0de0a2895a82f4f3b8c1e9e0ecec6a93e6f4
Reviewed-on: https://code.wireshark.org/review/3325
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
In 2008, before the OpcUa specification was released, the EncodingMask was changed to include the Locale after the LocalizedText. This commit applies the changes necessary to display DiagnosticInfo correctly.
Change-Id: Iad35ff0557eac62a259a63505ebce3e637095136
Reviewed-on: https://code.wireshark.org/review/3259
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Added a few filterable fields in the process of trying to figure out the macros. Much more can be done to add many more filterable fields (and remove proto_tree_add_text calls hidden in the macros), but that'll be done some other time.
bug:10281
Change-Id: I9788f176c0e721ff4f243d4ecb79d7d0114fffc0
Reviewed-on: https://code.wireshark.org/review/3262
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
lseek returns an off_t type which is system-dependent. Use ws_lseek64 in
favor of lseek as that supports 64-bit quanities.
Use ws_fstat64 instead of stat to support 64-bit file sizes on Windows.
For the majority of the changes, this makes no difference as they do not
apply to Windows ("ifndef _WIN32"; availability of st_blksize).
There are no other users of "struct stat" besides the portability code
in wsutil. Forbid the use of fstat and lseek in checkAPIs.
Change-Id: I17b930ab9543f21a9d3100f3795d250c9b9ae459
Reviewed-on: https://code.wireshark.org/review/3198
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I13924c5a2f056688a42cdee25654d82c056b5f97
Reviewed-on: https://code.wireshark.org/review/2974
Reviewed-by: Michael Mann <mmann78@netscape.net>
This reverts commit 28719a4e4e.
Most of the change to remove "lib" seems to work, but the list of libraries to sign appears not to be in the source repository, so I can't make that step work.
Change-Id: I32e400593e8a39f582cc702df34eea7f6e9e722a
Reviewed-on: https://code.wireshark.org/review/2972
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The WRETH dissector showed up some garbage in the column display. Upon
further inspection, it turns out that the format string had a trailing
percent sign which caused (unsigned)-1 to be returned by
g_printf_string_upper_bound (in emem_strdup_vprintf). Then ep_alloc is
called with (unsigned)-1 + 1 = 0 memory, no wonder that garbage shows
up. ASAN could not even catch this error because EP is in charge of
this.
So, start adding G_GNUC_PRINTF annotations in each header that uses
the "fmt" or "format" paramters (grepped + awk). This revealed some
other errors. The NCP2222 dissector was missing a format string (not
a security vuln though).
Many dissectors used val_to_str with a constant (but empty) string,
these have been replaced by val_to_str_const. ASN.1 dissectors
were regenerated for this.
Minor: the mate plugin used "%X" instead of "%p" for a pointer type.
The ncp2222 dissector and wimax plugin gained modelines.
Change-Id: I7f3f6a3136116f9b251719830a39a7b21646f622
Reviewed-on: https://code.wireshark.org/review/2881
Reviewed-by: Evan Huus <eapache@gmail.com>
Instead of calling the grep/sed pipelines for each file, build the
list of files in the beginning and call each pipeline only once,
passing the list to the first grep.
This results in a massive speedup in Cygwin; in my test, the time
it takes to run make-dissector-reg . dissectors packet-*.c in dissectors/epan
is reduced from ~116 to ~3 seconds. I also tried it on NetBSD, where
the time do to the same goes from ~6 to ~0.5 seconds.
Amend makefile comments to elide mentions of invoking multiple processes
per file.
Change-Id: Iad441e7d2b6cc3669dada57646e2f8f6b987fd34
Reviewed-on: https://code.wireshark.org/review/2826
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The catapult dissector tripped on this random file I had. A quick look
at other dissectors which use a construct like "-1] *= '*\\[rn]" showed
packet-irda too, so fix that as well.
Change-Id: I4b5fadcacd0b09d0fb29bdefc3dd1f28aef9b593
Reviewed-on: https://code.wireshark.org/review/2802
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Hopefully that name makes it clear what the routiner's purpose is, and
will encourage people to use it rather than using dissector_add_uint()
with a bogus integer value.
Change-Id: Ic5be456d0ad40b176aab01712ab7b13aed5de2a8
Reviewed-on: https://code.wireshark.org/review/2483
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Currently for all arrays, the generic ett_opcua_array is used, instead we want to be more selective for storing the expanded state of subtrees. This commit adds subtree identifiers for all array types.
Change-Id: Idcec51a200d1109cdb557d3366021d3b066b453d
Reviewed-on: https://code.wireshark.org/review/2176
Reviewed-by: Anders Broman <a.broman58@gmail.com>
- Display 'Array of <fieldname>' instead of 'Array of Simple Type'
- Display array indexes for simple types
- Display data type in simple type arrays
Change-Id: Id2cc746898f97ce329c6afb9cc49f1907a9f18e4
Reviewed-on: https://code.wireshark.org/review/2161
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Also make repetition_coding_indications[] standard terminated.
Change-Id: Ice20e1f27f5ab4d111f893608a230b83899efc9f
Reviewed-on: https://code.wireshark.org/review/2288
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
- make ett_opcua_transport static, is only used locally
- format code grouping extern ett variables
- add subtree variables for encodingmasks of simple types
Change-Id: Ia044ca6ca0ff19e940a03d21610db67fe3679b01
Reviewed-on: https://code.wireshark.org/review/2157
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Checks if a StatusCode has any of the additional info bits set and displays them accordingly.
Change-Id: Ic584233083174d3fd30c6ec6684f308e0e5ae22e
Reviewed-on: https://code.wireshark.org/review/2127
Reviewed-by: Evan Huus <eapache@gmail.com>
Adds a table containing all known StatusCodes and displays them if found.
The list of StatusCodes is in a separate file for easy generating of the list if necessary.
Change-Id: Iab74b22b7fc4fb53d8f072c4e3a4cea4ae18196c
Reviewed-on: https://code.wireshark.org/review/2126
Reviewed-by: Evan Huus <eapache@gmail.com>
The NoOf... fields are not used at all in the dissector.
Change-Id: I1f20a9992eab5d47c7e0ad34dabeaed07efa4a80
Reviewed-on: https://code.wireshark.org/review/2130
Reviewed-by: Anders Broman <a.broman58@gmail.com>
- Return the ServiceId of the service calls for displaying if it's a request or response
- Add the missing parsing code for CloseSecureChannel, some fields were missing
Change-Id: Id9b1e1986e222a77ad979fb615adc6ac62a4ced8
Reviewed-on: https://code.wireshark.org/review/2125
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
ServiceFaults are always sent as a service response and never as value, this moves the parsing code to the correct location.
Change-Id: Ida9cb561aa40fcbfc3c0429aed732d108b295138
Reviewed-on: https://code.wireshark.org/review/2124
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Adds hf_register_info for all possible NodeId identifier types for unified displaying.
Change-Id: Ic7a8077a32f435d5acfb1a956117d21a0b51b43b
Reviewed-on: https://code.wireshark.org/review/2123
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
There are no 'URI' NodeIds, removed this option and changed GUID/Opaque to their correct values as stated in the UA specification.
Change-Id: Ibf9afdbd72f8ad336f5eb83ece5adbcce51e8365
Reviewed-on: https://code.wireshark.org/review/2122
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
- Rename Uri to NamespaceUri for clarity
- Correct NsId to NsIndex
- ByteString NodeIds are called 'Opaque'
Change-Id: I622d408ef9e19a2a899906b4127bae497735d402
Reviewed-on: https://code.wireshark.org/review/2121
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Only the bits 0-3 are significant for the type of the NodeId contained in the ExpandedNodeId.
The other bits are a mask telling if a NamespaceUri and/or a ServerIndex is set.
Change-Id: I17948524f8a1bf6cb9dffc5f66ec5cddee580bcd
Reviewed-on: https://code.wireshark.org/review/2120
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
tvb_new_subset -> tvb_new_subset_remaining it appears that's what the intention is.
Change-Id: I2334bbf3f10475b3c22391392fc8b6864454de2d
Reviewed-on: https://code.wireshark.org/review/1999
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Issue found while playing with MSVC /GL option
Change-Id: I1f734eb4054349c706b529d8080036b00e66397a
Reviewed-on: https://code.wireshark.org/review/1998
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
which can be used to call the found heuristic dissector on the next pass.
Introduce call_heur_dissector_direct() to be used to call a heuristic
dissector which accepted the frame on the first pass.
Change-Id: I524edd717b7d92b510bd60acfeea686d5f2b4582
Reviewed-on: https://code.wireshark.org/review/1697
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Always call $(top_srcdir)/tools/checkAPIs.pl with -sourcedir=$(srcdir)
from Makefile.am to allow out-of-source 'make checkapi'.
Change-Id: I60d7e0079984a8ededdacf4517a0738486fa7973
Reviewed-on: https://code.wireshark.org/review/1294
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(Using sed : sed -i '/^\*\* \$Id\$/,+1 d') (2 star and space)
Change-Id: I48505ffb8bfa103cd7db0117e18cdb1925a7034d
Reviewed-on: https://code.wireshark.org/review/884
Reviewed-by: Anders Broman <a.broman58@gmail.com>