Add a drop-down combobox for UATs, including User DLTs, that
have a choice of dissectors. Make the combobox editable, which
will provide suggestions, and pass things through to the existing
UAT validation for dissectors. (It's a very long list, especially
with 1717 entries, including 530 just from various BT GATT UUIDs,
so being able to still type it in seems useful.)
Dissectors are not protocols. Rename the UAT field from PROTO to
DISSECTOR where used. Update the column names and long descriptions
to use dissector instead of protocol in dissectors that used this.
There may at some point be UATs that want protocols instead of
dissectors, but that's not what the current behavior does and
none of the current dissectors that use the existing types want.
Update the documentation to use "dissector" instead of "protocol."
Put the names of the actual current three Ethernet dissectors.
Clarify that the "ip" dissector actually tries IPv4 and IPv6,
instead of just IPv4.
UAT entries are backwards and forwards compatible with versions
without this change.
Fix#18836.
Add the name, type, and values of field tables and arrays as
fields under the FT_NONE header. This makes them filterable
and show up in JSON export.
Fix#18385
Remove callback function from pref registrations for dissectors that
don't need a callback. In other dissectors, move registration that
only needs to be done once inside the check for initialization,
avoiding some console messages when preferences are changed
("Duplicate dissectors (anonymous) and (anonymous) for protocol...")
and the like.
Add a couple auto preferences for dissectors missed in previous waves.
Ping #14319
Correct spelling of from Queueing to Queueing.
This fixes issue #17943.
Note that other instances of "Queueing" are
kept because it's technically a correct spelling,
but here it's the name of the protocol.
A few of them just needed scratch memory, so allocate and free it
manually after doing any exception-raising checks.
A few others were returning memory, and needed conversion to accept a
wmem scope argument.
AMQP calls a subdissector table before tcp_dissect_pdus() is used to
desegment PDUs (see commit 27c10ed72e),
so pinfo->can_desegment needs to be restored before it is decremented
a second time. Fixes#14217.
These were detected by running check_typed_item_calls.py
with --consecutive, which flags items that have different
labels but the same filter string. Usually this is because
of copy/paste.
Quite a few similar bugs still exist, will address in a future commit.
"int * const a[]" means "array of const pointers to (non-const) int". so
the array elements are all const; "const int *a[]" means "array of
(non-const) pointrs to const int".
Make some more static data itmes const while we're at it.
Change-Id: I0bc10cce22b57d9f405f97a7facc1231aa53e668
Reviewed-on: https://code.wireshark.org/review/37700
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Change all wireshark.org URLs to use https.
Fix some broken links while we're at it.
Change-Id: I161bf8eeca43b8027605acea666032da86f5ea1c
Reviewed-on: https://code.wireshark.org/review/34089
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The title of a decode_as_t was used by the GTK UI. It's no
longer required for Qt.
Change-Id: Ibd9d4acbe9cad2c1af520340d04e550326a97ebe
Reviewed-on: https://code.wireshark.org/review/33557
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Try to find dissector for Content-Body based on Content-Type
Change-Id: I2d4b4bd2de92e7e0d1282afdae1976ce00b962a6
Reviewed-on: https://code.wireshark.org/review/31807
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
gcd95e197ca renamed a bunch of "<proto>.ssl.port" preferences to
"<proto>.tls.port" but neglected to add obsolete entries for the old
preferences. Do so here.
Rename couchbase.tls_port to couchbase.tls.port to be in line with the
other TLS port preferences.
Change-Id: Ie23d6be0a5cb3616f37e41dbfbf13ad1b7206473
Reviewed-on: https://code.wireshark.org/review/29829
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Rename packet-ssl{,-utils}.[ch] to packet-tls{,-utils}.[ch].
Change-Id: I4732162ec131ddf0734b3dd191ccc9e48a76ce06
Reviewed-on: https://code.wireshark.org/review/29659
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Rename the "ssl" protocol to "tls" and add an "ssl" alias. Prefer "TLS"
over "SSL" in user interface text and in the documentation.
Fix the test_tls_master_secret test while we're here.
Bug: 14922
Change-Id: Iab6ba2c7c4c0f8f6dd0f6d5d90fac5e9486612f8
Reviewed-on: https://code.wireshark.org/review/29649
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Add 8-bit, 16-bit, 24-bit, and 32-bit "fetch signed value" routines, and
use them rather than casting the result of the 8/16/24/32-bit "fetch
unsigned value" routines to a signed type (which, BTW, isn't sufficient
for 24-bit values, so this appears to fix a bug
in epan/dissectors/packet-zbee-zcl.c).
Use numbers rather than sizeof()s in various tvb_get_ routines.
Change-Id: I0e48a57fac9f70fe42de815c3fa915f1592548bd
Reviewed-on: https://code.wireshark.org/review/26844
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
To enable TLS/SSL payload dissection for AMQPS traffic add the
AMQP handle as SSL dissector for the actual AMQPS port.
Thus we have successfully decrypted our AMQPS traffic using
a pre-master-key file.
Change-Id: I63dec2217fb5645007da010f651846834abacdbc
Reviewed-on: https://code.wireshark.org/review/24335
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 14113
Change-Id: I73c4962597d8f8bab83f089c9821269e0b7b1568
Reviewed-on: https://code.wireshark.org/review/24109
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Magnus Henoch <magnus.henoch@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
When an capture file containing AMQP 0-9 traffic is missing the
protocol header, and the first packet contains more than one AMQP
frame, we'd fail to detect the protocol version properly, since we'd
check for the frame size being equal to the PDU size. Fix this case
by checking if the frame fits within the PDU instead.
While it's possible that 0-10 and 1.0 captures could be misdetected as
0-9, this seems highly unlikely. See details in comment in
packet-amqp.c.
Bug: 14113
Change-Id: I98978ed3919be3daf7fe9a972b87e09f27ba20e3
Reviewed-on: https://code.wireshark.org/review/24108
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Previously proto_tree_add_none_format() could be called with any type
of field type, not FT_NONE only.
Change-Id: I78976a168fc1bf606b72ad38d284bb0bd1794b03
Ping-Bug: 13780
Reviewed-on: https://code.wireshark.org/review/22243
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Previous code assumed that list decoding was successful and that some
bytes were consumed. Let's explicitly check this.
Bug: 13780
Change-Id: I3546b093f309f2b8096f01bc9987ac5ad9e029eb
Reviewed-on: https://code.wireshark.org/review/22235
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bug: 13435
Change-Id: Ib61404fc3a8c461593d2a8a60224463ef2b9c4b6
Reviewed-on: https://code.wireshark.org/review/20309
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
You can't call proto_tree_add_XXX routines on a proto_item * that hasn't
been given a subtree with proto_item_add_subtree(). Fix that.
The packet offset for a FT_UINT_STRING is a pointer to the first byte of
the *length*, not to the first byte *after* the length.
Properly pluralize "entry".
Change-Id: I7f2a55eaad850e3e52e62eb061e0444d176c593a
Reviewed-on: https://code.wireshark.org/review/20785
Reviewed-by: Guy Harris <guy@alum.mit.edu>
They already know who they are when they register themselves. Saving the
handle then to avoid finding it later.
Not sure if this will increase unnecessary register_dissector functions
(instead of using create_dissector_handle in proto_reg_handoff function)
when other dissectors copy/paste, but it should make startup time
a few microseconds better.
Change-Id: I3839be791b32b84887ac51a6a65fb5733e9f1f43
Reviewed-on: https://code.wireshark.org/review/19481
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Also fix a field type conflict noticed in provided capture
Bug: 13050
Change-Id: I3d2643299b6db2729641c72b2e1f054f170b4907
Reviewed-on: https://code.wireshark.org/review/18571
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
1. Remove AMQP_INCREMENT macro. Bounds checking mostly handled already
by proto_tree_add_xxx and tvb_get_xxx. Needed to add a few more
tvb_reported_length_remaining() calls for completeness.
2. Fill in some of the gaps of unaccounted for bytes. Still have way
too many instances where bytes aren't claimed by a field.
3. Some small reordering of functions allowed for massive removal of
formal declarations.
4. Add amqp_0_10_get_32bit_size_new to add a field, check for size and
add expert info if size > 0xFFFF
5. Remove "hf_" from list type items as they are not real hf_ fields
and could cause confusion. Also made items static.
6. Convert some FT_STRING and FT_BYTES fields to FT_UINT_STRING and
FT_UINT_BYTES. Helps account for some "missing" bytes.
Change-Id: I7ed269221d294ce89feacc0642b2070681288172
Reviewed-on: https://code.wireshark.org/review/18423
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Bug: 13037
Change-Id: I935ff68050eb085789d9bd99b5ec833609c6fdca
Reviewed-on: https://code.wireshark.org/review/18336
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This patch introduces new APIs to allow dissectors to have a preference for
a (TCP) port, but the underlying data is actually part of Decode As functionality.
For now the APIs are intentionally separate from the regular APIs that register a
dissector within a dissector table. It may be possible to eventually combine the
two so that all dissectors that register with a dissector table have an opportunity
to "automatically" have a preference to adjust the "table value" through the
preferences dialog.
The tcp.port dissector table was used as the guinea pig. This will eventually be
expanded to other dissector tables as well (most notably UDP ports). Some
dissectors that "shared" a TCP/UDP port preference were also converted. It also
removed the need for some preference callback functions (mostly when the callback
function was the proto_reg_handoff function) so there is cleanup around that.
Dissectors that has a port preference whose default was 0 were switched to using
the dissector_add_for_decode_as_with_preference API rather than dissector_add_uint_with_preference
Also added comments for TCP ports used that aren't IANA registered.
Change-Id: I99604f95d426ad345f4b494598d94178b886eb67
Reviewed-on: https://code.wireshark.org/review/17724
Reviewed-by: Michael Mann <mmann78@netscape.net>
Those are the only ones meaningful. Let's convert the buggy dissectors
and add an assert to avoid the misuse of the pool parameter in the future
Change-Id: I65f470b757f163f11a25cd352ffe168d1f8a86d3
Reviewed-on: https://code.wireshark.org/review/17748
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Also some other tricks to remove unnecessary tvb_get_string_enc calls.
Change-Id: I2f40d9175b6c0bb0b1364b4089bfaa287edf0914
Reviewed-on: https://code.wireshark.org/review/16158
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
ERROR: NO ARRAY: epan/dissectors/packet-amqp.c, ei_amqp_amqp_1_0_frame_length_exceeds_65K
Missing a space after { (need fix check ?)
Change-Id: Idce3b270c53feb7fc12e8c82fb87932faa1e468d
Reviewed-on: https://code.wireshark.org/review/15728
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I30f1b92ee438361c3bd58743f7d1ae8d5ffc96f0
Reviewed-on: https://code.wireshark.org/review/15718
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I68b7fa0b5d7fae86289807d7ef01a2141dcb8ff6
Reviewed-on: https://code.wireshark.org/review/14059
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>