ssl_print_string uses out->data_len to determine the length of the
printed data, but this was not set. Use ssl_data_set for that and add an
additional DISSECTOR_ASSERT just in case we change something here.
Reported by Alexis La Goutte, found by Clang static analyzer.
Change-Id: I630a9193ff1ece86a0a46924dd86591fedf5c595
Reviewed-on: https://code.wireshark.org/review/3261
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
I intentionally left the fields displayed alone (so they don't exactly match Wireshark GUI), because as Guy points out in bug 6310, not sure its A Bug or A Feature. But at least all types of conversations allowed are in sync with Wireshark GUI.
Bug:6310
Change-Id: I722837df510a39dadc1f9a07a99275509516698c
Reviewed-on: https://code.wireshark.org/review/3212
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I81e43fac5176fdd0805001636991efb7f588a3c0
Reviewed-on: https://code.wireshark.org/review/3252
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: Icefbaf632e888e84bcb2cc20ae3a6c4744b82fae
Reviewed-on: https://code.wireshark.org/review/3251
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
There are two cases:
1. btl2cap -> btrfcomm -> btobex
2. btl2cap -> btobex
Case 2 is rare, so according to its name and to avoid confusion
I based on it.
Bug:10316
Change-Id: Ibeabeaf2f8376425460c56bad8fb980b460dd940
Reviewed-on: https://code.wireshark.org/review/3225
Reviewed-by: Evan Huus <eapache@gmail.com>
There is still some const-incorrect usage of them but those can be ironed
out after this change has been made.
Change-Id: Iba0631c804bdab34d7c0232b49967130e3370488
Reviewed-on: https://code.wireshark.org/review/3199
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
packet as far as possible, called from both dissect_dnp3_tcp and dissect_dnp3_udp.
Bug: 10287
Change-Id: Iaa988258b3614cb1b408dec41a987fbd61c9727c
Reviewed-on: https://code.wireshark.org/review/3096
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
I thought I'd found all of these but I guess I hadn't; good thing the fuzz-bot
kept looking.
Bug:10314
Change-Id: I2cc209a6c87781d10cae28f2cb91400d759f5091
Reviewed-on: https://code.wireshark.org/review/3205
Reviewed-by: Evan Huus <eapache@gmail.com>
Refactor (non-GUI) conversation table functionality from gtk/Qt to epan. Also refactor "common GUI" conversation table functionality.
The idea is to not have to modify the GUI when a dissector adds a new "conversation type"
Change-Id: I11f08d0d7edd631218663ba4b902c4a4c849acda
Reviewed-on: https://code.wireshark.org/review/3113
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Change-Id: I6e0109bc1d1acf200fd0c1a9f8ddd3a3d98f5908
Reviewed-on: https://code.wireshark.org/review/3189
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I589a6ced098d1d224e86386f028c92fc0797164e
Reviewed-on: https://code.wireshark.org/review/3188
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: Ibeaf5ba5d104e7f9bc9291e83923f8675abf0099
Reviewed-on: https://code.wireshark.org/review/3187
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I342f283bbab3052337e00502769150cf3f4a8800
Reviewed-on: https://code.wireshark.org/review/3186
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I467bfae2db7d3a119b58505b43b3d9bb59615ee9
Reviewed-on: https://code.wireshark.org/review/3185
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
It was not clear whether the data_len member of StringInfo refers to
the allocated memory (as was done for session_ticket) or the length
of the actual data. This is clarified in a comment. To keep the
invariant "data_len refers to the length of meaningful data", some
code has been moved just in case some intermediate code fails:
- Setting session_ticket.data_len vs tvb_memcpy to session_ticket.data.
- PRF functions would expect the data length as input to a paramter
named "out". This is highly confusing, so another parameter has been
added to signify the requested length, "out_len". This also helps
holding up the invariant.
- For prf() calls, out.data_len does not need to be initialized but
passed as parameter.
Other PRF-related changes:
- Change the PRF functions to return a boolean instead of an int.
- tls_hash: return void as it cannot fail and remove related error
handling from callers. Fix a memleak of label_seed if tls_hash was
successful.
- tls_hash: add comments to clarify its functionality, whitespace.
- ssl3_generate_export_iv could not fail, so make it void. Also added
an out_len param to pass the target length.
- In prf(), replaced if-conditions for SSL version by a switch.
- In ssl_generate_keyring_material, the scope of some variable has been
tightened.
- ssl_session_init: explicitly set data_len to 0. This is strictly not
necessary as the callers have already zeroed out the memory, but that
has not been documented.
Other changes related to master_secret (ssl_save_session[_ticket]):
- Initialize master_secret.data_len to 0 in ssl_session_init as the
master_secret is unusable at that point.
- Remove the hack that tests whether master_secret.data is non-empty.
- Replace hardcoded master_secret length (48) from wmem_alloc0().
- Introduce macro for master secret length, use this in
SslDecryptSession, for parsing from keyfile and converting pre-master
secret to master secret (prf).
- Use (master_secret + 1) to refer to the part after the struct rather
than adding the size manually to a gchar-casted master_secret.
Change-Id: Ie1ea448db54e828b904568224486147a3d962522
Reviewed-on: https://code.wireshark.org/review/3030
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Changes:
- dtls: also support saving session tickets.
- Drop the length check and let proto_tree_add_item throw exceptions
on length errors.
- Use proto_tree_add_item instead of proto_tree_add_uint.
- Drop "TLS" from header field descriptions, the RFC does not name it
as such and DTLS can also use it (a draft is in progress that extends
DTLS with Session Tickets,
draft-hummen-dtls-extended-session-resumption-01).
Change-Id: I11195217368b7200821d11289b1c5870a1ffe637
Reviewed-on: https://code.wireshark.org/review/3029
Reviewed-by: Evan Huus <eapache@gmail.com>
Client/Server hello and Hello extensions are now dissected inside
ssl-utils, no need to export them for the SSL or DTLS dissectors.
Change-Id: I8f2405199f21616743fe74959f07cfa839565527
Reviewed-on: https://code.wireshark.org/review/3022
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Evan Huus <eapache@gmail.com>
Changes to ClientHello dissection:
- Move ssl_find_private_key (and its pre-req, ssl_set_server) outside
ssl_dissect_hnd_cli_hello. It has not really something to do with
dissection, but state tracking and decoder param feeding.
- dtls: add expert info for bad cipher suites len.
- ssl: remove bad cipher suites len text label which is also
available as expert info. Attach expert info to a the length proto
item (which is converted to use add_item instead of add_uint).
- Remove `if (tree || ssl)` since expert info seems not to apply
otherwise (this also needs changes in common and handshake
dissection).
- ssl: remove tvb_ensure_bytes_exist so we can dissect more
compression methods and cipher suites.
- Since DTLS has an additional Cookie field which TLS does not have,
pass these additional header fields through a struct whose type is
defined in ssl-utils.
Change-Id: I41bef04c1c3353e582e30f561d1d246a744e1d60
Reviewed-on: https://code.wireshark.org/review/3021
Reviewed-by: Evan Huus <eapache@gmail.com>
Changes to ServerHello:
- Get rid of session parameter as the SslDecryptSession already
provides a reference to SslSession. Done for the new
ssl_dissect_hnd_srv_hello and ssl_dissect_hnd_hello_ext functions.
- No need to generate the keyring here, decryption is only needed after
ChangeCipherSpec and the keyring will be generated there provided
that there are enough params (cipher, version, master-secret, etc.)
- Get rid of labels and goto in favor of if/else.
- DTLS: SSL_HAVE_SESSION_KEY is implicitly set when
ssl_generate_keyring_material succeeds, no need to set it. Remove it.
- Remove `if (tree || ssl)` since expert info seems not to apply
otherwise (this also needs changes in common and handshake
dissection). (Expert info from the TLS extensions, not the
ServerHello itself.)
Other changes:
- ClientHello: renamed some fields shared with ServerHello.
Change-Id: I466b905d990489e03250bac97bf9d862ff82ce6c
Reviewed-on: https://code.wireshark.org/review/3020
Reviewed-by: Evan Huus <eapache@gmail.com>
Change-Id: I887000ac2bb273a0cc0c41709e346e1cf52140d9
Reviewed-on: https://code.wireshark.org/review/3149
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I50c1ef94aff4d1067b6561c5a06a397216e49ee2
Reviewed-on: https://code.wireshark.org/review/3148
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I862203c9be0cd10c72599609631629bf976a7a22
Reviewed-on: https://code.wireshark.org/review/3137
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I7642295721e886eef4682c602ad96b61bc85b3b6
Reviewed-on: https://code.wireshark.org/review/3128
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I83aef5ebc92a7218f59bd77338058d98ffa2ed6b
Reviewed-on: https://code.wireshark.org/review/3127
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I15742ce73d3445ec47369d35dd0da6715b7079cf
Reviewed-on: https://code.wireshark.org/review/3126
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
reformat
Change-Id: Idce9d34c41ce2bcbc4d5efa4699decd7f3068199
Reviewed-on: https://code.wireshark.org/review/3125
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: Ie6a9c033d2de3231f810a33b032ab06fee3f68a0
Reviewed-on: https://code.wireshark.org/review/3124
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
object and package containers may have multiple entries
Change-Id: I032e78057aadbbe67925d07881da9f1182a24058
Reviewed-on: https://code.wireshark.org/review/3121
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I74b082b7644f36efc3dc220ff92f1bfff524c408
Reviewed-on: https://code.wireshark.org/review/3119
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I0791ca2fc9a7a87dafbdf15f51d9f1a9d12aa89e
Reviewed-on: https://code.wireshark.org/review/3118
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: Ice0c68541604c5566cc807c17faf534cd6628262
Reviewed-on: https://code.wireshark.org/review/3117
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: Ic8e17f949f245ad6fe26fb8078e0545fe5b35daa
Reviewed-on: https://code.wireshark.org/review/3116
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
listeners easier access to the tap data. Also correct the conditions (in packet-lbmc.c) under which a subdissector would be
called, if present.
Change-Id: I5244cfbd17314058f7d3b9f42d647e0e6c375e14
Reviewed-on: https://code.wireshark.org/review/3007
Reviewed-by: Evan Huus <eapache@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This patch escapes some characters like \n when showing text
contained in a packet by appending it to a protocol item.
Change-Id: Ice0040040ec7ab573dd9a412f8c0c197a566a031
Reviewed-on: https://code.wireshark.org/review/3095
Petri-Dish: Michael Tüxen <tuexen@wireshark.org>
Reviewed-by: Michael Tüxen <tuexen@wireshark.org>
accepting a packet as DNP3.
Bug: 10287
Change-Id: I222ec885186447c8a72eaf11cebacff8b9b79fad
Reviewed-on: https://code.wireshark.org/review/3092
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
bug: 10271
Change-Id: Id2de856104d7506583e94893501cff23de3ec212
Reviewed-on: https://code.wireshark.org/review/2976
Reviewed-by: Michael Mann <mmann78@netscape.net>
Not all compilers we use support __func__.
Change-Id: I61194e1073c87e67f821e14698ea21b73d63983c
Reviewed-on: https://code.wireshark.org/review/3071
Reviewed-by: Guy Harris <guy@alum.mit.edu>
My previous change removed master-key retrieval in the Server Hello.
This broke decryption when ClientKeyExchange is missing. That was done
because decryption is only needed after ChangeCipherSpec.
This patch moves the remaining initialization in ClientKeyExchange to
ChangeCipherSpec. In theory this could fix decryption of DTLS traffic
when an abbreviated handshake is used (and thus keyring material is
never generated in ClientKeyExchange since it is not called).
It also avoids saving a session ticket with an empty key which can
happen when no RSA key is present, but the NewSessionTicket message
is received. This could lead to garbage decryption.
Change-Id: If0f475232c270b1d7b006c1f9af0e8d8098c6b65
Reviewed-on: https://code.wireshark.org/review/3019
Reviewed-by: Hauke Mehrtens <hauke@hauke-m.de>
Reviewed-by: Evan Huus <eapache@gmail.com>
Based on DTLS code with changes merged from SSL. Changes:
- Ignore large Session IDs, this was not harmful though since the
backing storage was 256 bytes in size.
- {ssl,dtls}.handshake.random: fixed description, it is not used like
a SSLv2 random challenge.
- dtls: also debug print client/server for random
- SSL: the common dissector now returns an offset rather than dissected
length.
- dtls: display actual Session ID bytes in the UI rather than the text
"Session ID (32 bytes)". The length field is already visible in the
preceding field.
Also changed is the handling of key material generation. The SSL
dissector previously generated key material based on the Session ID,
Session Ticket or a key logfile. (DTLS did not have this functionality.)
As decryption is needed only after ChangeCipherSpec, I have removed it
from the ServerHello handling. This will break decryption when a
ClientKeyExchange message is missing, but it will be restored proper in
a next patch.
(By the way, there was an inverted if-condition bug in DTLS that could
break decryption by not restoring the master key matching a SID. This
is gone in the refactoring because the faulty code is removed.)
Change-Id: Ida3de88adefe3f7691f85936c496977426c4d96e
Reviewed-on: https://code.wireshark.org/review/3018
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Hauke Mehrtens <hauke@hauke-m.de>
Reviewed-by: Evan Huus <eapache@gmail.com>
The MAUSB dissector can now dissect transfer responses for control
endpoints.
Change-Id: Ic488ccb308365d072bbbf0eaf128b198caf74eca
Reviewed-on: https://code.wireshark.org/review/2960
Reviewed-by: Evan Huus <eapache@gmail.com>
USB Setup Responses are now dissected in their own function.
Before they were dissected inline in the usb_dissect_common()
function.
(just copied code).
Also replaced proto_tree_add_text() with proto_tree_add_item()
for generic setup response data.
Change-Id: Ia3943334cccc0a1813e0c906196307f99561ad21
Reviewed-on: https://code.wireshark.org/review/2959
Reviewed-by: Evan Huus <eapache@gmail.com>
The original formatting, besides looking silly, also prevents the function
from being picked up by make-dissector-reg.
Change-Id: I06e37b0e862064275b07976295eca8f0288a0974
Reviewed-on: https://code.wireshark.org/review/3025
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This could lead to problems for fragmented DTLS packets.
Change-Id: I602c7e181ea3799a4a2e7bcfed05bfbb129f7df4
Reviewed-on: https://code.wireshark.org/review/3017
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Evan Huus <eapache@gmail.com>
There is no need to check block constraints as min length already guarantees this, this also fixes false positives for missing TOS metric blocks
Change-Id: Icbe3067d2506fad1c7dbcb175d932a5f242fa5cd
Signed-off-by: Anish Bhatt <anish@chelsio.com>
Reviewed-on: https://code.wireshark.org/review/2995
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Except for field/expert_info names, a redundant subtree assignment,
a different !tree check, a type confusion in DTLS (proto_tree *ti),
a check against a different DTLS/TLS version and a (void) retval cast,
the functions are exactly the same. Extract them to ssl-utils.
Change-Id: I2ca7089fe2cd23212ef78656506cb53768f55927
Reviewed-on: https://code.wireshark.org/review/2986
Reviewed-by: Anders Broman <a.broman58@gmail.com>
There are no dissection differences between DTLS and SSL, so move to
ssl-utils. While at it, skip dissection when the tree is NULL, remove
the plural from certificates length (the length is always larger than
ome), fix type of "ti" for dtls, get rid of "failsafe" subtree
assignment in ssl, get rid of tvb_ensure_bytes_exist in ssl.
Unrelated changes: fix param (tvb vs sub_tvb) for DTLS KeyExchange
handshake messages.
Change-Id: Iecaa45a7a601e55a52aa16180cf219a122fbe95a
Reviewed-on: https://code.wireshark.org/review/2985
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The DTLS dissector duplicated a handshake types check, this has been
eliminated. Convert HandshakeType and ContentType to enums to get the
benefit of compiler-checked switch cases. Move these checks to
ssl-utils.
Two default cases could never be reached since the dissector returns
immediately on an invalid ContentType.
Also fixed misleading debugging messages.
Change-Id: I07a2062564e073004dcc0401cd82538e5659fa0c
Reviewed-on: https://code.wireshark.org/review/2978
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Every occurrence of tvb_length* has been converted to
tvb_reported_length* except some dtls lines.
Change-Id: I0faac315cdf5d17c0af18be177aacd076ff86cff
Reviewed-on: https://code.wireshark.org/review/2977
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Some Microsoft errata were caused by bad decoding and were not actually
problems. Remove the unneeded tests and expert information.
Add PRID ranges values to Layer Presence bytes.
Change-Id: I0b2b555bc448f0b4ee142b2920ae4e37d54ccab4
Reviewed-on: https://code.wireshark.org/review/2958
Reviewed-by: Anders Broman <a.broman58@gmail.com>
wIndex often contains different fields in it's upper & lower byte.
Printing in hex makes these seperate fields easier to read.
Change-Id: I69fb7e14b4f5b5a1ecd61bcae34f6d100f1a94b6
Reviewed-on: https://code.wireshark.org/review/2961
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I8d66b1bc7dbdfee3d4bf6fd3b3c21c6323b66f44
Reviewed-on: https://code.wireshark.org/review/2946
Reviewed-by: Michael Mann <mmann78@netscape.net>
Without this patch, pinfo->ptype is PT_UNKNOWN
Change-Id: Ia15b5115f874d0c9ff69be11ed7ee3dac1fadbd5
Signed-off-by: Yan Burman <yanb@mellanox.com>
Reviewed-on: https://code.wireshark.org/review/2941
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Without it, dual-band DF-3C feature does not work
Change-Id: I95d4a7320b77c6093f5d51efdbb2b21af0deab11
Reviewed-on: https://code.wireshark.org/review/2942
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Previously we just call HPACK decompressor when dessecting packets.
This is fine for the first linear scan. But later same packet may be
dissected more than once and their header block data will be fed into
decompressor again. This makes header compression context out-of-sync
because HPACK decompressor only works when data is fed linearly. This
change fixes this issue by caching decompressed headers in the first
linear scan. On random packet dissecting, they are just looked up.
This change adds support of changing header table size by inspecting
SETTINGS frame and tracking its SETTINGS ACK.
Change-Id: I9c75c67f8677063e443f9b131740f3ee94ff8a63
Reviewed-on: https://code.wireshark.org/review/2616
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Summary of changes since draft-12:
* Pad High and Pad Low wereare replaced with single Pad Length field.
* Padding was removed from CONTINUATION frame.
* ALTSVC and BLOCKED frames were removed.
* Per-frame compression and its associated SETTINGS flag were removed.
* HPACK Huffman code table and static header table were updated.
Change-Id: I9c4f05f8cd937bfadbb1b912f2b9ffb31e9c18d5
Reviewed-on: https://code.wireshark.org/review/2615
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Modelled after ccf7ed00b6 which detects
the header digest field, this patch adds auto-detection for the Data
Digest field which comes after the data segment.
Since the digest is now automatically detected, drop the three related
preferences.
Verified against scsi-osd-example-001.pcap (from SampleCaptures).
Change-Id: Icd89f1be58889c7ab70aca9dff7d3f99c8fe04d6
Reviewed-on: https://code.wireshark.org/review/2882
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Encountered with the following attachments from bugs:
6575-test-dlmapc-wmx
6577-test-dlmapc-wmx
6579-test-dlmapc-wmx
Also added modelines.
Change-Id: I3859bed618830ad359bd0b2b1fdfc3c5fc13269e
Reviewed-on: https://code.wireshark.org/review/2920
Reviewed-by: Evan Huus <eapache@gmail.com>
target type
Change-Id: If7efc629247480fbfb231b965a358803b67e1504
Reviewed-on: https://code.wireshark.org/review/2919
Reviewed-by: Anders Broman <a.broman58@gmail.com>
New dissectors return an integer, not a boolean, fix that.
Change-Id: I79dea0cc4274d503d61ce8823dc783c542764f6b
Reviewed-on: https://code.wireshark.org/review/2884
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Evan Huus <eapache@gmail.com>
Change-Id: Ie10ac4f5f04a23344d183e095bbafb23c6409144
Reviewed-on: https://code.wireshark.org/review/2904
Reviewed-by: Michael Mann <mmann78@netscape.net>
The WRETH dissector showed up some garbage in the column display. Upon
further inspection, it turns out that the format string had a trailing
percent sign which caused (unsigned)-1 to be returned by
g_printf_string_upper_bound (in emem_strdup_vprintf). Then ep_alloc is
called with (unsigned)-1 + 1 = 0 memory, no wonder that garbage shows
up. ASAN could not even catch this error because EP is in charge of
this.
So, start adding G_GNUC_PRINTF annotations in each header that uses
the "fmt" or "format" paramters (grepped + awk). This revealed some
other errors. The NCP2222 dissector was missing a format string (not
a security vuln though).
Many dissectors used val_to_str with a constant (but empty) string,
these have been replaced by val_to_str_const. ASN.1 dissectors
were regenerated for this.
Minor: the mate plugin used "%X" instead of "%p" for a pointer type.
The ncp2222 dissector and wimax plugin gained modelines.
Change-Id: I7f3f6a3136116f9b251719830a39a7b21646f622
Reviewed-on: https://code.wireshark.org/review/2881
Reviewed-by: Evan Huus <eapache@gmail.com>
With autotools, CMake, and nmake, if we have a function, #define
HAVE_{function_name_in_all_caps}, otherwise don't #define it.
If we provide our own version of a function in libwsutil, make sure we
have a header that declares it, and *ONLY* include that header if
HAVE_{function_name_in_all_caps} is *NOT* defined, so that we don't have
the system declaration and our declaration colliding.
Check for inet_aton, strncasecmp, and strptime with CMake, just as we do
with autotools.
Simplify the addition of {function_name_in_all_caps}_LO to libwsutil in
autotools.
Change-Id: Id5be5c73f79f81919a3a865324e400eca7b88889
Reviewed-on: https://code.wireshark.org/review/2903
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add support for Prefix, STAP, MTAP, NI-MTAP, and PACSI packet types.
Add support for Microsoft SEI messages [MS-H264PF]
Add support for dissecting scalable profiles
SDP: Add profile-level-id decode for payload type H264-SVC
MS-H264PF: http://msdn.microsoft.com/en-us/library/hh659565.aspx
Update #1 - Fix Tabs -> Spaces, Reinsert accidentally removed entry 19
from h264_type_values
Update #2 - Changed to using expert info for exceptions and Microsoft
errata.
Update #3:
- Correct handling of truncated packets
- Use guid functions and compare techniques
- Correct ranges for expert info messages
- Change to using reported_length from captured_length
Change-Id: I520a3c9a6d85c78a976b520cf5a6a405064a48f1
Reviewed-on: https://code.wireshark.org/review/2580
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Change-Id: Id1997c3c8f6d0460da7f0faa58798a72737dd667
Reviewed-on: https://code.wireshark.org/review/2898
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I3efa2a81ab2685cde6eae0a00b24520478a545ce
Reviewed-on: https://code.wireshark.org/review/2900
Reviewed-by: Michael Mann <mmann78@netscape.net>
As suggested by Alexis reviewing change Ie76c5a810af927b, this issue was
scattered throughout the v4/v5 openflow dissectors. Hopefully I got all of them.
Original issue found in bug 10259.
Change-Id: Idf87deea34132aec5cd4e8f83264906a29b15568
Reviewed-on: https://code.wireshark.org/review/2878
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The return value of new dissectors is the number of bytes that were
successfully dissected, not a boolean. Fix that and get rid of an
unnecessary iSCSIPdusDissected variable.
Change-Id: Ie31df393a1eb44f185d320a4c2d35f5e8b7d7bd9
Reviewed-on: https://code.wireshark.org/review/2889
Reviewed-by: Evan Huus <eapache@gmail.com>
new dissectors return an int, not a boolean...
Change-Id: I88e19f7c0dc14da3649d1522ffe936538a867753
Reviewed-on: https://code.wireshark.org/review/2888
Reviewed-by: Evan Huus <eapache@gmail.com>
Return value "-1" means that more data is requested. The dissector
actually doesn't have any idea what to do with the data, so just return
the data dissected so far.
tcp stream 3182 from c05-http-reply-r1.pcap (SampleCaptures) was
incorrectly detected as MIKEY, it was actually HTTP...
Change-Id: Idca3d3e2f85e821df70436a675699b5834236f89
Reviewed-on: https://code.wireshark.org/review/2887
Reviewed-by: Evan Huus <eapache@gmail.com>
uint16 & 0xFF00 will always equal 0. Use tvb_get_guint8 instead. Convert
from tvb_length to tvb_captured_length.
Fix the return value of dissectors, 0 means reject but that cannot be
combined with reassembly requests.
Change-Id: I5fca66e2e809699392237aff5813eecdfb15857f
Reviewed-on: https://code.wireshark.org/review/2885
Reviewed-by: Evan Huus <eapache@gmail.com>
Fixes a good 80-90KB of leaks in certain cases.
Bug: 10261
Change-Id: I81d57ac67219e730b03649b9fdfc2306807bdb97
Reviewed-on: https://code.wireshark.org/review/2879
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ia2567695ffed30c990eda3740b08bfab101cea96
Reviewed-on: https://code.wireshark.org/review/2883
Reviewed-by: Michael Mann <mmann78@netscape.net>
The pStr argument to dissect_mq_charv() isn't modified (and always
points to a character string), so make it a "const char *", and
eliminate the casts to "guint8 *" in calls to it.
Change-Id: I21dad38c41324528be297a8ddc1854beff2276db
Reviewed-on: https://code.wireshark.org/review/2877
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Instead of calling the grep/sed pipelines for each file, build the
list of files in the beginning and call each pipeline only once,
passing the list to the first grep.
This results in a massive speedup in Cygwin; in my test, the time
it takes to run make-dissector-reg . dissectors packet-*.c in dissectors/epan
is reduced from ~116 to ~3 seconds. I also tried it on NetBSD, where
the time do to the same goes from ~6 to ~0.5 seconds.
Amend makefile comments to elide mentions of invoking multiple processes
per file.
Change-Id: Iad441e7d2b6cc3669dada57646e2f8f6b987fd34
Reviewed-on: https://code.wireshark.org/review/2826
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I66f0bffb987568c3d4c14a06bdc90465c877b27f
Reviewed-on: https://code.wireshark.org/review/2867
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fix version detection (detect against full string instead of prefix),
properly dissect Tcreate extension field (9p2000.u only), dissect
Tunlinkat flags (9p2000.L).
Refactor pattern to dissect string[s] types for DRY.
Convert to use tcp_dissect_pdus. I have not seen a fragmented case, but
maybe that may happen in the future.
The main motivation for touching 9p was that it returns bogus values
for some types. This has been fixed by properly increasing offset, and
always return the captured length.
Change-Id: If2184204ae9c853b94aca8ade3763d7fe523fa86
Reviewed-on: https://code.wireshark.org/review/2836
Reviewed-by: Christopher Maynard <Christopher.Maynard@gtech.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Change-Id: I8df48b25de784a48a25f0e48aac1e1545ed92c35
Reviewed-on: https://code.wireshark.org/review/2865
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I621f2e2cad9403449cb78f45302388f0c874d3bc
Reviewed-on: https://code.wireshark.org/review/2852
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Idd1b20ab32c0960ea52c6f3bc5346462c37c5684
Reviewed-on: https://code.wireshark.org/review/2853
Reviewed-by: Michael Mann <mmann78@netscape.net>
USB Addresses are now in the format of: bus_id.device_address.endpoint
This makes it much easier to read traces that captured traffic on
more than one bus.
Change-Id: I264db2ceea712d94632d5d08d05d3af22a4a03fe
Reviewed-on: https://code.wireshark.org/review/2833
Reviewed-by: Evan Huus <eapache@gmail.com>
These changes were originally done in g971ffd6
Change-Id: I9de28ba7089f99e8058207f3b6d34de931decf76
Reviewed-on: https://code.wireshark.org/review/2835
Reviewed-by: Bill Meier <wmeier@newsguy.com>
- Properly dissect multiple VNC PDUs in one (or more) TCP segment(s).
- Dissect additional message types ('Fence' and 'Enable Continuous Updates').
- Handle "num_rects" field = 0xFFFF (TightVNC).
- Add some more info as to sources of information about the VNC protocol.
- Add an XXX note as to the (incorrect) reassembly method being used.
- Add some notes as to possible ToDo's.
Change-Id: Id4942c50b3d1373bd2e72c0131614835dc39ba90
Reviewed-on: https://code.wireshark.org/review/2834
Reviewed-by: Bill Meier <wmeier@newsguy.com>
NDPS dissector is also the poster child for not being considered "that naughty" by checkAPIs because most of its proto_tree_add_text calls don't have printf-style arguments (which is what checkAPIs really keys off of)
Fixed both cases and removed about 370 proto_tree_add_text calls from the dissector.
Change-Id: I721678c39d4a0544e5e7212e622c0c2eebfd04f7
Reviewed-on: https://code.wireshark.org/review/2775
Reviewed-by: Evan Huus <eapache@gmail.com>
Fetch header value, only when we need to parse it.
Change-Id: I3c170ef8ab03985c8111a1b84ac1afc87bc8b5ca
Reviewed-on: https://code.wireshark.org/review/2767
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
As Anders correctly pointed out in I7d8f84b2e, constantly resetting state will
turn init_dissection into a bit of a hot path. Especially as we will already
bear the overhead of switching files, we don't want to fall any further behind
than we have to.
This change includes three unrelated optimizations that reduce the cost of
init_dissection by about 40% as measured by callgrind:
- only initialize ares/ADNS if that preference is enabled (this of course only
applies if you specify -n to tshark or otherwise disable the preference)
- use memcpy instead of a loop in sigcomp UDVM init
- use memcpy instead of a loop in bootp dissector
The only remaining obvious hot spot in this path is reassembly_table_init since
it is called by so many dissectors. Suggestions (perhaps to get rid of the
GPtrArray) welcome.
Oh, and one other change to use g_strerror instead of strerror as insisted
upon by the API pre-commit hook.
Change-Id: I18a74f2b64b25498116079bd4e7fc2b335c7703a
Reviewed-on: https://code.wireshark.org/review/2738
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use tvb_pbrk_guint8, tvb_find_guint8 when possible.
Change-Id: If8090d9b9b92146e9c216f139c056130d6b04e78
Reviewed-on: https://code.wireshark.org/review/2569
Reviewed-by: Anders Broman <a.broman58@gmail.com>
At the suggestion of Toralf Förster. This includes an expert info, as well as
making SSL a new-style dissector and rejecting traffic that looks like
unencrypted text.
Change-Id: Ib09ea0d97952330f092590ff3fc6488807cdbb81
Reviewed-on: https://code.wireshark.org/review/2693
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Evan Huus <eapache@gmail.com>
Added dissection of the SIP Service-Route header.
Change-Id: Ic4523edb374ae03492af5853863dde501a0c30e0
Reviewed-on: https://code.wireshark.org/review/2721
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Id00f456479415adf0a219af6c9a2108d4b3642d0
Reviewed-on: https://code.wireshark.org/review/2702
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I7e016f10fcfdc0523bf2fe8c11295c0334f7c332
Reviewed-on: https://code.wireshark.org/review/2694
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: If110de1e0555637264f86f1508858d569871a9c7
Reviewed-on: https://code.wireshark.org/review/2675
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ia7014003a3cff5181295172978d6c613c3b83b0b
Reviewed-on: https://code.wireshark.org/review/2676
Tested-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Also, note that we need to determine how to handle Application Layer
Feedback messages based on the SDP setup traffic for the session; recent
changes disabled dissection of REMB Application Layer Feedback messages
in favor of MS-RTP Application Layer Feedback messages. (This is why we
shouldn't remove dissect_rtcp_psfb_remb() unless REMB isn't being used
any more.)
Change-Id: Ib320bdf4a64263fdef29fc4ea2583eaae1cc4bee
Reviewed-on: https://code.wireshark.org/review/2684
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Support for Profile Specific Extensions from MS-RTP
Support for RTCP Feedback Messages
Support for Application Layer Feedback Messages.
MS-RTP: Real-time Transport Protocol (RTP) Extensions
http://msdn.microsoft.com/en-us/library/office/cc431492.aspx
Change-Id: I1f1e6e60b5f9d09b1dffd7e308426c0b67914441
Reviewed-on: https://code.wireshark.org/review/2586
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. The only indication we get of an out-of-order value string is a message on
STDERR, so check that and fail the test if STDERR wasn't empty.
2. This exposes an out-of-order value string in packet-stun.c; fix it.
3. This triggered the pre-commit hook on packet-stun.c, which noticed an API
error (ENC_ASCII -> ENC_ASCII|ENC_NA); fix that too.
Change-Id: I36f87a2a87b40537119562f22a7e3012716ff239
Lesson: automated testing/tooling is both wonderful and scary.
Reviewed-on: https://code.wireshark.org/review/2682
Reviewed-by: Evan Huus <eapache@gmail.com>
Change-Id: I9339869defa47a862b6174d8821cdd8e6186f5c5
Reviewed-on: https://code.wireshark.org/review/2678
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: Iac6a259a1081b907149c49023614a5053440e560
Reviewed-on: https://code.wireshark.org/review/2677
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I525ac2aae2bdbfd5f3a2f3b35f1bf10dde053f66
Reviewed-on: https://code.wireshark.org/review/2667
Tested-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Interactive Connectivity Establishment ICE Extensions 2.0
http://msdn.microsoft.com/en-us/library/office/cc431504.aspx
Change from review:
1) Change encoding for foundation to ASCII
2) Move case for MS_IMPLEMENTATION_VER.
Change-Id: Ic524a2fe811695478aba81af9cbb3dbd031bbce3
Reviewed-on: https://code.wireshark.org/review/2579
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: I2ea1892b5963cc5578cbdd2b03029ca8424f2267
Reviewed-on: https://code.wireshark.org/review/2640
Tested-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I5f573dffabb8685a8e5a334ff2bfb24d9838daa6
Reviewed-on: https://code.wireshark.org/review/2601
Tested-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
- Respect the length field when dissecting message sets
- Don't "wrap around" in capture when doing request/response matches
Also convert one instance to proto_tree_add_subtree, as an experiment.
Change-Id: Id161687865afa7ca83e6943a643bc54582f65554
Reviewed-on: https://code.wireshark.org/review/2624
Reviewed-by: Evan Huus <eapache@gmail.com>
see mon_bin_event() in the linux kernel where the setup_flag is set only
for control urbs
clean up various things related to this assertion:
remove type_2 parameter
show the iso descriptors in any case
calculate the end offset correctly, the end offset is the byte after the
iso data
Change-Id: Iebfbe6443c224a958a1697563aa8fb853d7aa8c2
Reviewed-on: https://code.wireshark.org/review/2541
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: Id06bd486114a80fb899f8dc148d48928e99e775e
Reviewed-on: https://code.wireshark.org/review/2602
Reviewed-by: Michael Mann <mmann78@netscape.net>
Since DTLS and TLS do not differ in handling ClientKeyExchange and
ServerKeyExchange, its dissection got moved to ssl-utils. The code is
based on the SSL dissector, with header field names adjusted to the
DTLS ones (those got capitalized). Besides a version difference (for
signatures), the header field and function names, the DTLS and SSL code
are equal (this is verified).
This patch refactors the dissectors for DHE_RSA and ECDHE to make use of
a common function to dissect the signed_params field. All offset
tracking is also removed in favor of exception handling by the
proto_tree_add_item function. Occurrences of proto_tree_add_uint are
also replaced by proto_tree_add_item for simplicity.
After those changes, the SKE dissector for DH key exchanges is updated
to handle the mandatory signature field in TLSv1.2, using the newly
added function. (bug 9208)
Another bug occurred after the length check removal, pre-TLS and
OpenSSL's old DTLS implemenation do not include a vector length in
the CKE. This is now also fixed. (bug 10222)
Other minor changes: comments added/corrected, renamed
keyex_dh -> keyex_dhe (includes DHE_RSA and DHE_DSS).
Bug: 9208
Bug: 10222
Change-Id: I76e835d56a65c91facce46840d79c1c48ce8d5dd
Reviewed-on: https://code.wireshark.org/review/2542
Reviewed-by: Evan Huus <eapache@gmail.com>
Remove no longer needed system includes
Change-Id: Id9ffffaa7da5185041db63fa7611d348a1cc4b68
Reviewed-on: https://code.wireshark.org/review/2577
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
Profling SIP shows that gperf generated hashing code, is
3 times faster than using GHashTable & g_str_hash/_equal()
This result in about 1% improve of whole dissection (sip traffic with filter).
Change-Id: Id6bf64bacd872e2d1c30a1b6356db444b25ba326
Reviewed-on: https://code.wireshark.org/review/2116
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When dissecting with columns TCP dissector spends
around 1/4 time in col_append_fstr(), add col_append_lstr()
and do formatting by ourselves.
Change-Id: If90bc26242761884b4991e8db0db62c8f9e32690
Reviewed-on: https://code.wireshark.org/review/2527
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Presumably that was the intent.
Change-Id: Icf8529a23a9a36e7f12e446d67f3867771b221d8
Reviewed-on: https://code.wireshark.org/review/2566
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I753ca95e2e1b38bad2c09955317e648c525e40ef
Reviewed-on: https://code.wireshark.org/review/2509
Tested-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
bug: 6071
Change-Id: If7b544a762df10ffc13aeaf8886cf74a1757c37c
Reviewed-on: https://code.wireshark.org/review/2512
Tested-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ib60ca75b7da8cfa21cfe2999c9b9448a02c332df
Reviewed-on: https://code.wireshark.org/review/2560
Tested-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Some binary logcat packets has more then one line, show them in
a convenient form.
Change-Id: I008aac6fe5589f2b10db51f7221853f9d79bbc7a
Reviewed-on: https://code.wireshark.org/review/2549
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Fix invalid structure casting by using defaults values,
this also fix DecodeAs for A2DP.
Do the same for VDP.
Change-Id: I360787af648ed65205eb54732ab6d88f8532cf15
Reviewed-on: https://code.wireshark.org/review/2551
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Some interfaces support multiple Bluetooth adapters with events like
add/remove. We must support that to distinquish adapters streams
in case that new adapter has the same id that old one.
Next one is create session for "Connection Handle", so
next layer will now when it is connected and disconnected.
This is also used to distinguish streams.
Change-Id: I9e062c8e4cc9c033b75f1a596e8351a215169843
Reviewed-on: https://code.wireshark.org/review/2548
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Hopefully, this will fix the warnings from the buildbot that entry_item
was used without being set.
Change-Id: Ibfd921bfbbad68cd8eafd1e3ad3d178cfca03d6e
Reviewed-on: https://code.wireshark.org/review/2547
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: Ieaa0fa5cdbe8dc8f50cf5b9ee432c786a8f9fc9a
Reviewed-on: https://code.wireshark.org/review/2540
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: Ia32c2f24df9392d1102fa1121ac93b1071bae7ca
Reviewed-on: https://code.wireshark.org/review/2538
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I6cbc5047b8d58ecbe41bf5392d31dc0adc81d5d5
Reviewed-on: https://code.wireshark.org/review/2537
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: Iec3bdfcb3cb14e97045789aec1e11288357d379d
Reviewed-on: https://code.wireshark.org/review/2536
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I4e60295208c2ac35a452f5fb3dffd090cc151473
Reviewed-on: https://code.wireshark.org/review/2535
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
(just copied the existing code)
Change-Id: Ia6dd9be9b39c3c16408e22181225c18d56ac6016
Reviewed-on: https://code.wireshark.org/review/2534
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
This fix does change the format printed for values using bitmasks
(because the bit values are printed first) and is not always wanted
in this dissectors (because of readability).
We should have a better way of doing what I want in this dissectors,
so I'll have a look at this later.
Change-Id: I2477aa6b1d0c42a7ad5848bba3cb74dce3bba1f0
Reviewed-on: https://code.wireshark.org/review/2485
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Hopefully that name makes it clear what the routiner's purpose is, and
will encourage people to use it rather than using dissector_add_uint()
with a bogus integer value.
Change-Id: Ic5be456d0ad40b176aab01712ab7b13aed5de2a8
Reviewed-on: https://code.wireshark.org/review/2483
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I6653b733dfd2c587909371e50fd0c2efc4649dcd
Reviewed-on: https://code.wireshark.org/review/2482
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I5762fb30f57d0f9bc3e5fc786577ed1cc49b64d7
Reviewed-on: https://code.wireshark.org/review/2481
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Hidden fields are deprecated, and we were hiding them inconsistently anyways.
Bug:10211
Change-Id: Iaf1576ae7bc04c0c0bd896c096b117f1b8af2e9e
Reviewed-on: https://code.wireshark.org/review/2474
Reviewed-by: Evan Huus <eapache@gmail.com>
Also ensured some files have their correct names at the top so they are more easily grepped
Change-Id: Ib0f5ddf14eb1616a93dee496107dc0eb09048825
Reviewed-on: https://code.wireshark.org/review/2452
Reviewed-by: Michael Mann <mmann78@netscape.net>
Essentially:
When more data is needed to continue dissecting a PDU, use
DESEGMENT_ONE_MORE_SEGMENT instead of repeatedly requesting
additional bytes (for one or a few more fields).
- Improves the efficiency of the dissection;
- Prevents 'one-pass' tshark dissection from redissecting
the PDU repeatedly many, many times with each time dissecting
the PDU with one or a few more additional fields.
This generated *lots* of (repeated) output since a reassembled
VNC PDU can contain many fields (each of short length).
- (A comment in packet-tcp.c states, in effect, that repeatedly
requesting a specific amount of more bytes to dissect a PDU
will "break reassembly" although I note that the reassembly did
seem to work (in-efficiently)).
Note: Although this patch improves the handling of reassembly, the
dissector has significant issues. For example. see Bug #5366.
I expect this fixes the Bug #10134 issue: "Cannot allocate memory";
Before the fix, 'tshark -nVxr' for the input file generated trees with
multiple hundreds of thousands of entries and generated reassembled
PDUs consisting of many, many small fragments.
Change-Id: I970037c346fbaa4bffa5726fd5bee5f69396eabf
Reviewed-on: https://code.wireshark.org/review/2471
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Guy Harris