suggest using our version of pidl, given that its Wireshark
parser generator has changes to support the current internal
Wireshark APIs for dissectors;
suggest using "--includedir ." to make IDL files in
subdirectories of epan/dissectors/pidl work;
update the list of IDL files with issues;
reformat to 80x66 (if it's good enough for Herman Hollerith,
it's good enough for me!).
svn path=/trunk/; revision=53533
again (and some various other improvements):
Rebuild the dissector with the latest xcbproto and mesa.
Subject: [PATCH 01/11] X11 dissector: Support CARD64 and INT64 types
These types are used by the new Present extension.
Subject: [PATCH 02/11] X11 dissector: Un-blacklist a few structures
The xinput structs are used by the latest xcb/proto, and the xkb
struct has been removed.
Subject: [PATCH 03/11] X11 dissector: Add hack for xinput:ChangeProperty
xinput:ChangeProperty should use switch/case, but only switch/bitcase
is supported at the moment. Add (hopefully temporary) hack.
Subject: [PATCH 04/11] X11 dissector: Use namespace for types
In particular, the name of the xsync struct 'INT64' collides with a
basic type of the same name.
Subject: [PATCH 05/11] X11 dissector: Add support for "Generic" events
All new extensions are using the new "Generic" events instead of
traditional events, because there aren't enough traditional event
numbers.
Denoted by <event xge="true"> in xcb/proto.
Subject: [PATCH 06/11] X11 dissector: Blacklist unused structures
Subject: [PATCH 07/11] X11 dissector: Support multiple enumref in a bitcase
XKB is weird.
Subject: [PATCH 08/11] X11 dissector: Support sumof
Subject: [PATCH 09/11] X11 dissector: Stop generating unused-but-set variables
(This patch also reverts r53298/r53299.)
svn path=/trunk/; revision=53532
again (and some various other improvements):
Rebuild the dissector with the latest xcbproto and mesa.
Subject: [PATCH 01/11] X11 dissector: Support CARD64 and INT64 types
These types are used by the new Present extension.
Subject: [PATCH 02/11] X11 dissector: Un-blacklist a few structures
The xinput structs are used by the latest xcb/proto, and the xkb
struct has been removed.
Subject: [PATCH 03/11] X11 dissector: Add hack for xinput:ChangeProperty
xinput:ChangeProperty should use switch/case, but only switch/bitcase
is supported at the moment. Add (hopefully temporary) hack.
Subject: [PATCH 04/11] X11 dissector: Use namespace for types
In particular, the name of the xsync struct 'INT64' collides with a
basic type of the same name.
Subject: [PATCH 05/11] X11 dissector: Add support for "Generic" events
All new extensions are using the new "Generic" events instead of
traditional events, because there aren't enough traditional event
numbers.
Denoted by <event xge="true"> in xcb/proto.
Subject: [PATCH 06/11] X11 dissector: Blacklist unused structures
Subject: [PATCH 07/11] X11 dissector: Support multiple enumref in a bitcase
XKB is weird.
Subject: [PATCH 08/11] X11 dissector: Support sumof
Subject: [PATCH 09/11] X11 dissector: Stop generating unused-but-set variables
(This patch also reverts r53298/r53299.)
svn path=/trunk/; revision=53531
Part of the fix includes having the IPv6 dissector populate as much of a ws_ip structure as possible to pass to subdissectors of the "ip.proto" table, so the ttl value can be picked up.
svn path=/trunk/; revision=53522
I'm not sold on the name or module the proto_data functions live in, but I believe the function arguments are solid and gives us the most flexibility for the future. And search/replace of a function name is easy enough to do.
The big driving force for getting this in sooner rather than later is the saved memory on ethernet packets (and IP packets soon), that used to have file_scope() proto data when all it needed was packet_scope() data (technically packet_info->pool scoped), strictly for Decode As.
All dissectors that use p_add_proto_data() only for Decode As functionality have been converted to using packet_scope(). All other dissectors were converted to using file_scope() which was the original scope for "proto" data.
svn path=/trunk/; revision=53520
We presumably want "decode as" behavior to be consistent across UIs so
call load_decode_as_entries() from read_prefs().
svn path=/trunk/; revision=53498
Fix 2 minor bugs wherein an incorrect (NULL) tree was always used;
Remove some unneeded initializers;
Localize some variables;
Use consistent indentation & whitespace formatting
Add editor modelines.
svn path=/trunk/; revision=53497
improve relative offset calculations for Kyoto-Tycoon protocol
from me:
use col_append_sep_str()
set the correct length in dissect_kt()
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9418
svn path=/trunk/; revision=53495
Create/use value_string_ext_free();
Display certain numbers also as hex in the
"forced to fall back to linear search: ..." value-string warning msg
Add editor-modelines to some files;
Do some whitespace changes.
svn path=/trunk/; revision=53484
Use FT_BOOLEAN instead of FT_UINT16 with 'ptp_bool_vals' value_string array;
Add editor modelines;
Do some whitespace & formatting changes.
svn path=/trunk/; revision=53477
Based on attachment #12139 (diff for adding the table) by rtsking117,
but keep original formatting and encoding (ASCII).
svn path=/trunk/; revision=53457
Specifically, proto_tree_add_expert() must take an actual tree node (for example
from proto_item_add_subtree()) and cannot take just any old item node. The
original intent (before the conversion) appeared to be just to put it on the
tree, so do that.
Another assertion gone from
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9406
svn path=/trunk/; revision=53456
The basic idea behind this design is to have dissectors register with a "decode as list" with their name and dissector table. When "Decode As" dialog is launched, any "registered" dissector found in the packet will cause a tab to be created in the dialog. Any GUI (GTK+/Qt/tshark) can just hook into the "decode as list" to see what can be provided.
This patch includes the GUI portion of the functionality (including packet-dcerpc.[ch] because it had some GUI dependencies that are now removed).
Other notes:
1. Some "GUI text" (UTF8_LEFTWARDS_ARROW and similar) made their way into the dissector code. Not sure how necessary it is and if reformatting the strings to avoid the macros is desired (TCP/UDP use it, SCTP doesn't).
2. I converted the SCTP functionality to have 2 tabs (instead of radio button), currently both are labeled "Transport" which could be confusing to users. Naming suggestions welcome (as well as for naming of tabs from other dissectors).
3. BER and DCERPC have more opportunity to use Decode As now that they are selected based on dissector presense, not packet_info values.
4. Catapult DCT2000 populates pinfo->ipproto, yet under new design will not show up to do Decode As. Should a "decode as item" be created for it?
5. BER dissector doesn't have Clear/Show Current functionality working (never did)
6. Bluetooth (in old design) could have been used "capture wide" instead of single packet (creating tabs of values not present in current packet), which goes against what I believe to be in the intent of Decode As, but I'm willing to hear counter-arguments.
svn path=/trunk/; revision=53446
The basic idea behind this design is to have dissectors register with a "decode as list" with their name and dissector table. When "Decode As" dialog is launched, any "registered" dissector found in the packet will cause a tab to be created in the dialog.
This patch includes just the dissector portion of the functionality (minus packet-dcerpc.[ch] because it has hooks to the current GUI)
svn path=/trunk/; revision=53445
The main driving force for this was my new Decode As functionality (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9450) that wants a dissector/subdissector table relationship for all dissectors wanting to use Decode As functionality. The ethertype() function provides the value to the "ethertype" subdissector table, so I think it should be matched to a dissector. Only odd side effect is the display filter of "ethertype" returns no packets because there is no "item" associated with the dissector.
svn path=/trunk/; revision=53443
Add support for new PostgreSQL (9.3) error/notice message fields
Improves the PostgreSQL protocol dissector by adding support for the new error and notice fields which are new in PG 9.3:
http://www.postgresql.org/docs/9.3/interactive/protocol-error-fields.html
In particular, it adds support for the 'p', 'q', 's', 't', 'c', 'd', and 'n' field codes.
From me :
Fix wrong hf name...
svn path=/trunk/; revision=53431
Add RFC6066 CertificateUrl TLS extension
This is not supported by OpenSSL or NSS, the extension itself seems
unsafe, but some implementations seem to support it[1].
Untested, no capture available.
[1]: http://www.ietf.org/mail-archive/web/tls/current/msg02535.html
svn path=/trunk/; revision=53417
Add status_request_v2 TLS extension dissection (RFC6961)
Besides adding status_request_v2 support, this patch moves the
Certificate Status Type from the OCSP Status subtree to its parent
(the extension tree). This is needed because this type applies to all
OCSPResponse fields.
The check for "tree != NULL" seems unnecessary here, it was not
clarified in the original patch so I removed it.
From me
Fix typo
Remove unneeded tvb_ensure_bytes_exist
Use proto_tree_add_item
svn path=/trunk/; revision=53416
Add TLS StatusRequest (RFC6066) ClientHello extension recognition
Only empty Responder ID lists and empty Request Extensions are
implemented. I could not really find existing clients or servers that
populate these.
This status_request extension has a different signature for a
ClientHello and ServerHello, in the latter the extension_data field
must be empty. Therefore an additional parameter is added to
dissect_ssl3_hnd_hello_ext.
From me :
Fix typo
svn path=/trunk/; revision=53415
dissector for Kyoto Tycoon binary protocol
from me:
make port range preference work
highlight the correct bytes for records
remove trailing commas
correct(?) 64->32 cast
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9418
svn path=/trunk/; revision=53383
'localize' some variables;
Remove some unneeded initializers;
Move proto_reg_handoff_...() to the end of the file as per convention;
Add forward declarations for proto_register_...() & proto_reg_hand_off_...();
Reformat some long lines;
Tweak some whitespace;
Add editor modelines.
svn path=/trunk/; revision=53358
'#if 0' variable 'set but never used' & related code;
'localize' some variables;
Remove some unneeded initializers;
Tweak some whitespace;
Add editor modelines.
svn path=/trunk/; revision=53357
Collect packet numbers when following streams so that we can correlate
text positions with packets. Add a FollowStreamText class so that we can
track mouse events. Add a hint label that shows the packet under the
cursor along with packet counts and the number of "turns".
Add the packet number to the C array dump. Note that dumping to YAML
might be useful for Scapy users.
svn path=/trunk/; revision=53314
help from Matthieu Patou.
If the DCE-RPC heuristic failed to identify a TVB, *but* we've already decoded
a DCE-RPC layer in this packet *and* the heuristic failed because we didn't have
enough data, make the reasonable assumption that it actually is another DCE-RPC
packet, and ask TCP to desegment more data for us and try again.
svn path=/trunk/; revision=53310
dissector_try_uint to dissector_try_uint_new: protocols called due to TCP port
matching were not getting added to the list of protocols in the frame. The
"add_proto_name" parameter should be TRUE except in unusual circumstances.
svn path=/trunk/; revision=53308
x11-extensions-implementation.h .
This change was manually applied to the .h file as I can't currently rebuild
the X11 dissector.
svn path=/trunk/; revision=53298
All dissectors that call tcp_dissect_pdus() have the same relative tree position, so it doesn't need to be specifically saved in the packet_info.
svn path=/trunk/; revision=53253
This was acheived by adding a void* data parameter to the dissect_function_t typedef in packet-rpc.h (r53213). After converting the pinfo->private_data, I'm not sure if it would be better to change the void* data pointer to be a rpc_call_info_value* explicitly. Not all "dissector functions" use it, but it would certainly save a lot of casting...
svn path=/trunk/; revision=53232
I didn't realize how expansive this change would be, so committing it now before replacing the pinfo->private_data, so if something needs to be reverted, all of this is not lost.
svn path=/trunk/; revision=53213
Now that "bytes consumed" can be determined, should tcp_dissect_pdus() take advantage of that?
Should tcp_dissect_pdus return length (bytes consumed)? There are many dissectors that just call tcp_dissect_pdus() then return tvb_length(tvb). Seems like that could all be rolled into one.
svn path=/trunk/; revision=53198
/home/jmayer/work/wireshark/svn/trunk/epan/dissectors/packet-mint.c:205:26: error: ‘hfi_mint_control_0x0c_unknown4’ defined but not used [-Werror=unused-variable]
static header_field_info hfi_mint_control_0x0c_unknown4 MINT_HF_INIT =
^
svn path=/trunk/; revision=53154
This work was done in bug 7615 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7615), but the tie in to use the RlcMacPrivateData_t structure (passed by the GSMTAP dissector) was never completed. Whenever that picks up again, the data parameter of the dissector should be used instead of pinfo->private_data.
svn path=/trunk/; revision=53128
Note: I hope the following is not indicative of something wrong with the code.
(I've just marked di as _U_).
packet-dcerpc-netlogon.c: In function 'dissect_secchan_nl_auth_message':
packet-dcerpc-netlogon.c:7582:75: error: unused parameter 'di' [-Werror=unused-parameter]
proto_tree *tree, dcerpc_info *di, guint8 *drep)
svn path=/trunk/; revision=53104
All "generated" source was manually modified (with the power of search/replace), but I believe the "source input" files have been adjusted (checked into revs 53098 and 53099) to reflect the necessary changes (with possible whitespace formatting differences).
The Microsoft compiler doesn't flag "unused function parameters", so I apologize in advance if I may have missed a few. The "dcerpc_info* di" parameter is used in almost every function.
svn path=/trunk/; revision=53100
This is the "Wireshark DCERPC" input file changes necessary to support removing pinfo->private_data from the DCERPC dissectors in favor of passing it through function parameters. I didn't regenerate the dissector source, so this is just a "good faith" effort to mimic the manual changes.
svn path=/trunk/; revision=53099
This is the PIDL input file changes necessary to support removing pinfo->private_data from the DCERPC dissectors in favor of passing it through function parameters. I didn't regenerate the dissector source, so this is just a "good faith" effort to mimic the manual changes.
svn path=/trunk/; revision=53098
protocol IDs. This is substantially more efficient, which means we can build it
all the time rather than only if tree (in my benchmarks the extra time taken is
not large enough to be statistically significant even over tens of thousands of
packets).
This fixes what was probably a bug in btobex that relied on layer_names for
non-tree dissection. It also enables a much simpler fix for
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9303
svn path=/trunk/; revision=53089
Add more detail for SPI Open LPOO Structure
Add more int_to_vals for INQ_Q_MGR reply
Add more display detail for encoding value
Some fix and display correction
Note: The patch used was the *original* patch submitted (plus some fixes by me).
That is: (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=11962)
plus my fixes
See: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9367 and comments for
details.
From me:
- Fix bug which resulted in a macro expansion fail on GCC
- Fix a -Wshadow error in packet-mq-pcf.c
svn path=/trunk/; revision=53078
ieee80211: Decode Radio Measurements (Action Frames)
The length of the fixed fields are dependent on the radio measurement
action. Before this patch, fields following the action code were
ignored, leading to wrong decoding results. This patch adds recognition
for the Radio Measurement action management frames as specified in
IEEE Std 802.11-2012.
From me:
* Rename some hf (Add ff_ in name)
* Link Margin and Transmit Power are signed
* Use always proto_tree_add_item (replace proto_tree_add_text)
svn path=/trunk/; revision=53074
0010-frsrpc-Regenerate-frsrpc-due-to-changes-in-the-pidl-.patch
0016-Regenerate-the-dnserver.patch
are now integrated, but modified to compile on Windows. I suspect the PIDL generators may need to be updated to support this, otherwise regeneration will break the build on Windows again.
svn path=/trunk/; revision=53067
1. AVDTP: Fix double decoded stream
2. AVDTP: Use items for logical block objects
3. HCI_USB use handoffed dissector handles instead of find_dissector()
From Michal Labedzki
svn path=/trunk/; revision=53052