I've just finished to write a ncacn_http dissector for Wireshark which
provides the ability to dissect Outlook anywhere packets properly (as
specified by [MS-RPCH].pdf documentation.
svn path=/trunk/; revision=35259
keys to have _uint in their names, to match the routines that handle
dissector tables with string keys. (Using _port can confuse people into
thinking they're intended solely for use with TCP/UDP/etc. ports when,
in fact, they work better for things such as Ethernet types, where the
binding of particular values to particular protocols are a lot
stronger.)
svn path=/trunk/; revision=35224
Attached patch:
1. Adds port 5985 as a HTTP traffic port (used by MS Powershell remoting over
HTTP)
2. Adds dissection of Kerberos authentication to HTTP.
svn path=/trunk/; revision=34641
We parse host & request page from headers, so we easily can construct full http
uri.
I was thinking about making it as field, so we could filter, print in column
info, or do other fancy stuff, but for now this is imho enough.
From me: add it as a (filterable) item. Clean up spacing and indentation in a
few places.
svn path=/trunk/; revision=34162
I don't want to change get_token_len() to not skip multiple spaces,
because I don't know if other protocols depends on this behaviour.
We should maybe check this...
This fixes bug 5181.
svn path=/trunk/; revision=34063
The HTTP dissector uses strtoll() to convert the Content-Length string into a
64bit variable. But that string can contain a number larger (or less) than
64bit, which lets the strtoll() return INT_MAX (or INT_MIN). strtoll() then
indicates this with errno==ERANGE.
The attachted patch checks if errno is set this way and then treats that HTTP
Content-Length as unspecified, since we don't know the real size.
I haven't checked other occurences of strtoll() in the HTTP dissector if they
could benefit from the errno check, or if other dissectors could use it.
svn path=/trunk/; revision=32772
1) This indicates that the string has ephemeral lifetime
2) More consistent with its existing seasonal counterpart, se_address_to_str().
svn path=/trunk/; revision=29747
packet-daap requests registration on that port via http_dissector_add
and thus packet-http does not need to do a default registration on that port.
Also: fix a typo in a comment.
svn path=/trunk/; revision=29265
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
a protocol tree;
the column values.
This includes stats-tree listeners.
Have the routines to build the packet list, and to retap packets, honor
those requirements. This means that cf_retap_packets() no longer needs
an argument to specify whether to construct the column values or not, so
get rid of that argument.
This also means that there's no need for a tap to have a fake filter
to ensure that the protocol tree will be built, so don't set up a fake
"frame" filter.
While we're at it, clean up some cases where "no filter" was represented
as a null string rather than a null pointer.
Have a routine to return an indication of the number of tap listeners
with filters; use that rather than the global num_tap_filters.
Clean up some indentation and some gboolean vs. gint items.
svn path=/trunk/; revision=28645
Add a UAT for custom HTTP header fields.
From me:
Use se_alloc0 to initialize a struct. Use g_strdup(...) instead of
g_strdup_printf("%s"...). Add a missing UAT_END_FIELDS.
svn path=/trunk/; revision=28406
- Change ugly GLIB version checking statements to GLIB_CHECK_VERSION
- Remove ws_strsplit files because we no longer need to borrow GLIB2's
g_strsplit code for the no longer supported GLIB1 builds
svn path=/trunk/; revision=24829
est. Use g_ascii_strcasecmp() and g_ascii_strncasecmp(), and supply our
own versions if they're missing from GLib (as is the case with GLib
1.x).
In the code to build the list of named fields for Diameter, don't use
g_strdown(); do our own g_ascii_-style upper-case to lower-case mapping
in the hash function and use g_ascii_strcasecmp() in the compare
function.
We do this because there is no guarantee that toupper(), tolower(), and
functions that use them will, for example, map between "I" and "i" in
all locales; in Turkish locales, for example, there are, in both
upper case and lower case, versions of "i" with and without a dot, and
the upper-case version of "i" is "I"-with-a-dot and the lower-case
version of "I" is "i"-without-a-dot. This causes strings that should
match not to match.
This finishes fixing bug 2010 - an earlier checkin prevented the crash
(as there are other ways to produce the same crash, e.g. a bogus
dictionary.xml file), but didn't fix the case-insensitive string matching.
svn path=/trunk/; revision=23623
for the same tvb. This keeps us from freeing the same memory twice and
crashing on some systems.
This might be the same bug Brian Vandenberg was looking for in
http://www.wireshark.org/lists/wireshark-dev/200705/msg00406.html .
svn path=/trunk/; revision=23415
- s/ntohl/g_ntohl
- s/free/g_free
- Change some tvb_get_string()+g_free()'s into tvb_get_ephemeral_string()
- Change some tvb_fake_unicode()+g_free()'s into tvb_get_ephemeral_faked_unicode()
- Change some tvb_get_string() calls that were clearly memory leaks (like
atoi(tvb_get_string(...))) into tvb_get_ephemeral_string()
svn path=/trunk/; revision=22515
Gerald Combs