Change-Id: Ie39ef054a4a942687bd079f3a4d8c2cc55d5f22c
Reviewed-on: https://code.wireshark.org/review/12485
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Some of the ASN.1 dissectors still generate a new_create_dissector_handle from the tool itself, so leave those for now.
Change-Id: Ic6e5803b1444d7ac24070949f5fd557909a5641f
Reviewed-on: https://code.wireshark.org/review/12484
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
If we encounter the wrong ftype, print its name.
Change-Id: I7405ccdd3e099f533c6a8aaf81b60faf4093741a
Reviewed-on: https://code.wireshark.org/review/11790
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The target here is the Decode As dialog where protocols have multiple registrations into a dissector table and that shows up as multiple entries in the Decode As dialog list with the same name so users are unsure which "dissector" they are choosing.
The "default" behavior (done in this commit) is to not allow duplicates for a dissector table, whether its part of Decode As or not. It's just ENFORCED for Decode As.
Bug: 3949
Change-Id: Ibe14fa61aaeca0881f9cc39b78799e314b5e8127
Reviewed-on: https://code.wireshark.org/review/11405
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
vendor ID.
Otherwise the value is simply not shown to the user.
Adding support for a vendor ID's Experimental Result Codes isn't as easy as
modifying the XML so don't add an expert info about it.
Change-Id: I65f2cb13853cc7141fb242fa03c6e474a6c02cb9
Reviewed-on: https://code.wireshark.org/review/11294
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Replace CMP_ADDRESS, COPY_ADDRESS, et al with their lower-case
equivalents in the asn1 and epan directories.
Change-Id: I4043b0931d4353d60cffbd829e30269eb8d08cf4
Reviewed-on: https://code.wireshark.org/review/11200
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
tvb_get_ipv6() takes a struct e_in6_addr *, use that here too.
Change-Id: Id8b368daa05c151a61d4bc01dc88c00da13e9c88
Reviewed-on: https://code.wireshark.org/review/10953
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Balint Reczey <balint@balintreczey.hu>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
up in the Expert Infos dialog.
Push the if(tree) check down into the basic type dissectors since we can't
generate/fill the label (which won't be used anyway) when we're not building
the tree (since the proto_item will be faked/NULL).
Change-Id: Ie4f1f6856cfad0dabc7c58cdee2c16c8fc032c6d
Reviewed-on: https://code.wireshark.org/review/10001
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This reverts commit 59017a22be.
As indicated by Michael on the original change, this breaks
diameter rather badly for some reason I haven't been able to
determine. Reverting until I can track down the root cause.
Change-Id: Iedfab546a726395c546a88138cd45b6667913a11
Reviewed-on: https://code.wireshark.org/review/9531
Reviewed-by: Evan Huus <eapache@gmail.com>
Fixes ~30KB of memory leak on startup and a handful of "reachable" memory as
well.
Change-Id: Ia1c633b65fa282c7bbe9d3772dae58643ef15c0e
Reviewed-on: https://code.wireshark.org/review/9495
Reviewed-by: Evan Huus <eapache@gmail.com>
If we can't read the dictionary containing all our definitions, free necessary
memory before returning.
Change-Id: I814962d920852b9a82acb3bb2e7bc41addd835f7
Reviewed-on: https://code.wireshark.org/review/9131
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Create "common" SRT tap data collection intended for all GUIs. Refactor/merge functionality of existing dissectors that have SRT support (AFP, DCERPC, Diameter, FC, GTP, LDAP, NCP, RPC, SCIS, SMB, and SMB2) for both TShark and GTK.
SMB and DCERPC "tap packet filtering" were different between TShark and GTK, so I went with GTK filter logic.
CAMEL "tap packet filtering" was different between TShark and GTK, so GTK filtering logic was pushed to the dissector and the TShark tap was left alone.
Change-Id: I7d6eaad0673fe628ef337f9165d7ed94f4a5e1cc
Reviewed-on: https://code.wireshark.org/review/8894
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Since Diameter does heuristic checks before calling tcp_dissect_pdus() we
have to "manually" ask for more data if the tvb is too short for our
heuristics.
Bug: 11183
Change-Id: I14c36042306b532b53df80cc3971866b76094084
Reviewed-on: https://code.wireshark.org/review/8405
Reviewed-by: Evan Huus <eapache@gmail.com>
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Specifically we put Experimental-Result-Codes specified by 3GPP in the XML file
and let other vendors' codes be handled through a dissector table.
Change-Id: I2c3977fb959ad84faa5cb90aeb3d191c8b465ede
Reviewed-on: https://code.wireshark.org/review/8319
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
one (and only one) Application ID list.
This means we don't have to list all the Application IDs several times in the
XML file. Collapse those lists into one (much more complete, now) list while
also fixing URIs for several of the specifications (and making it clear for
others that we don't have access to the specification--by declaring their
URI to be "none").
Add a bunch more entries to the list of application IDs.
Change-Id: Ia5c96b1f6f1fe3a9521b3d70142889e3881fae5e
Reviewed-on: https://code.wireshark.org/review/8147
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ic4a3750a55523a5cf8ea72002055ffea1f081dd1
Reviewed-on: https://code.wireshark.org/review/7565
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
I4cd9bd7f7219e4d9ff1bb8a71fab32439a8a9a35).
(The nameless application was causing known applications to be reported as
unknown.)
Add code to the Diameter dissector to report such problems at startup (similar
code exists for other entities).
Tweak the parser debug slightly.
Change-Id: I6b28cda8660e6eb96648c7b3697d7fd85151ac96
Reviewed-on: https://code.wireshark.org/review/6927
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Provide a way for Lua-based dissectors to invoke tcp_dissect_pdus()
to make TCP-based dissection easier.
Bug: 9851
Change-Id: I91630ebf1f1fc1964118b6750cc34238e18a8ad3
Reviewed-on: https://code.wireshark.org/review/6778
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Hadriel Kaplan <hadrielk@yahoo.com>
Change-Id: I1d258923a7a63539ec8456d3e306bca5016a1e4b
Reviewed-on: https://code.wireshark.org/review/6060
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
- Use report_...failure() (in most cases).
- Also: Do some misc fixes in certain disectors
- re-arrange order of #includes
- Fixup preferences help text
Change-Id: I385f6f97257f365f53ce611df02f57f9257dc5f9
Reviewed-on: https://code.wireshark.org/review/6039
Petri-Dish: Bill Meier <wmeier@newsguy.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Specifically:
- Set packet.h to be the first wireshark #include after
config.h and "system" #includes.
packet.h added as an #include in some cases when missing.
- Remove some #includes included (directly/indirectly) in
packet.h. E.g., glib.h.
(Done only for those files including packet.h).
- As needed, move "system" #includes to be after config.h and
before wireshark #includes.
- Rework various #include file specifications for consistency.
- Misc.
Change-Id: Ifaa1a14b50b69fbad38ea4838a49dfe595c54c95
Reviewed-on: https://code.wireshark.org/review/5923
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Bill Meier <wmeier@newsguy.com>
They don't handle values outside the range -1 to 127, and their behavior
is locale-dependent. Use g_ascii_isXXX() and g_ascii_toXXX() instead of
isXXX() and toXXX().
If you're checking for printable ASCII, don't use isascii() and don't
use iscntrl(), use g_ascii_isprint(). If you're checking for graphical
ASCII, i.e. printable ASCII except for a space, use g_ascii_isgraph().
Use ws_xton() to convert a hex digit character to the corresponding
numeric value.
Change-Id: Id3039bc586fbf66d8736c2df248c790c0d7a2330
Reviewed-on: https://code.wireshark.org/review/4851
Reviewed-by: Guy Harris <guy@alum.mit.edu>
- Only calculate tvb length once.
- Use tvb_reported_length() instead of tvb_reported_length_remaining() as
this is a subtvb offset is always 0.
Change-Id: I03bd7a95061488d4576fa93f26e6b31d55f88738
Reviewed-on: https://code.wireshark.org/review/4060
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Rename dissect_e164_utf8_number() to dissect_e164_msisdn() and give it an
'encoding' argument.
Change-Id: I49cf5d2b24b44a0e69427ceae331f378024391c5
Reviewed-on: https://code.wireshark.org/review/3796
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Also move the application ID macros into the diameter header file.
Change-Id: Iaca5707c8476d81f50ecdb3aab76be293b5ccfe7
Reviewed-on: https://code.wireshark.org/review/3786
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
in the Diameter dissector.
This new API adds a filter for the MSISDN as well as a subtree and filter for
the Country Code.
Change-Id: Ibcbf4b5f72178b7e4af63efa7496188d608a9de7
Reviewed-on: https://code.wireshark.org/review/3760
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Move decode of the User-Name AVP out of the 3GPP-specific file.
Add a couple of macros for 3GPP AppIDs (rather than using the number directly)
in both files.
Change-Id: I496b4ae86b05264462167b6e41ce1451392de11b
Reviewed-on: https://code.wireshark.org/review/3753
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Also fix up some whitespace.
Change-Id: I7cd78740199ce7b2682902a5687c4f05c2c963b2
Reviewed-on: https://code.wireshark.org/review/3716
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
This improves the detection of Diameter messages within a TCP bytestream (i.e.,
when the Diameter PDUs don't neatly align with frames).
Bug: 10362
Change-Id: I49a6e8cf076a6ab8a14761493aab9f3b11e4756e
Reviewed-on: https://code.wireshark.org/review/3557
Petri-Dish: Evan Huus <eapache@gmail.com>
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
Other minor cleanup while in the area.
Change-Id: Id8d957d3d68a2e3dd5089f490bd59d773e1be967
Reviewed-on: https://code.wireshark.org/review/3427
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
There is still some const-incorrect usage of them but those can be ironed
out after this change has been made.
Change-Id: Iba0631c804bdab34d7c0232b49967130e3370488
Reviewed-on: https://code.wireshark.org/review/3199
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
tvb_new_subset -> tvb_new_subset_remaining it appears that's what the intention is.
Change-Id: I2334bbf3f10475b3c22391392fc8b6864454de2d
Reviewed-on: https://code.wireshark.org/review/1999
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Increase the max Diameter message size to 65534 and reject messages whose
flags have both the E- and R-bits set.
Change-Id: Ib11701a47d23ff042a346d59c56f9f0f4410e6b7
Reviewed-on: https://code.wireshark.org/review/990
Reviewed-by: Anders Broman <a.broman58@gmail.com>
precedence filling in the avp_item string. Use that in a couple of places.
Change-Id: I1af7a1ca4c14fb56ddeaab336202e6c2a18e556b
Reviewed-on: https://code.wireshark.org/review/699
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Michael Mann