libjsmn has also been moved from epan/ to wsutil/ to make it visible from wiretap.
Change-Id: I59abb3419acb1baa83194b38152d3651ed5c123c
Bug: 10878
Reviewed-on: https://code.wireshark.org/review/6716
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Add a missing semicolon, and export the routines with WS_DLL_PUBLIC, so
they can be used by plugins.
Change-Id: Iaf52e70ce9fbfce3cfa675c453b7d39a0341dfeb
Reviewed-on: https://code.wireshark.org/review/7184
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Some or all are used by the Infiniband, MBIM, and RSVD dissectors; put
them into a common source file, with a header for them, and just include
the header in the dissectors.
Change-Id: I724f0c2232ba751ccbd491222af6f03bafd6d63c
Reviewed-on: https://code.wireshark.org/review/7182
Reviewed-by: Guy Harris <guy@alum.mit.edu>
not work on 32-bit platforms because I assumed that pointers were 64-bit
items. I have now moved to a slightly different scheme suggested by Evan Huus.
Change-Id: I34f4dceea9952d5633603e71a8e8ae8f4b9154cc
Signed-of-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-on: https://code.wireshark.org/review/7179
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Change-Id: If3d597dd6dbf746e0f971e52073f9790b6a0ceda
Reviewed-on: https://code.wireshark.org/review/7128
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Adds support to decode beamforming report, but actual beamforming
matrices are not decoded. Requires bit level manipulation of varying lengths
of data which is not currently supported, and section spec only seems to
mention size and contents, not representation
Bug 10169
Change-Id: Icc2188b79f95b5e38b64ded348b7a0696b5504ed
Reviewed-on: https://code.wireshark.org/review/7111
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Model get_manuf_name after get_ether_name so that a string (either name resolved or colon-separated bytes) is always stored in a hash table. This will make name resolution of addresses perform a little better because it doesn't have to worry about the wmem_allocator.
Change-Id: If976fe7b0c3f9cd053225096c2ac05418f061af6
Reviewed-on: https://code.wireshark.org/review/7081
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Still have to handle response, but this points the way, I think.
Handle responses. Still have to handle sense info.
Change-Id: Ic692de15b8178fbe274791ffbc000e8f35b40653
Signed-off-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-on: https://code.wireshark.org/review/7127
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This reverts commit 876c322df8.
Wrong branch. It builds in master; it does *not* build in 1.12 or 1.10.
Change-Id: I3a2409d5a37f08965d6caac64dc97a48a1c5d1b8
Reviewed-on: https://code.wireshark.org/review/7152
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This reverts commit f5902a677e.
This is not a simple cherry-pick; backporting this fix will have to be done manually.
Change-Id: I53efc06a8e35c6b1aa793edf4e702cabee2e929b
Reviewed-on: https://code.wireshark.org/review/7151
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: Ib79831e02a9a6457ca49c21536ce46df7d4cafa0
Reviewed-on: https://code.wireshark.org/review/7133
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
If the UAT file failed a field check, then the user_data pointer may be
empty. As a result uat_save() triggers an invalid write.
(Discovered while working with a dfilter_macros file having duplicate
names for bug 10957, caught by ASAN.)
The second issue fixed in this patch is that the validity of an item is
only calculated when a new record is added. So even if the user edits
the UAT and makes the entry valid, it would not be saved. This is solved
by adding a new uat_update_record() function which got wires up into GTK
and Qt.
Some open-coded g_array_index and UAT[_USER]_INDEX_PTR are also
converted.
Even after this patch, Qt has some issues with UAT handling. In
particular, it saves new, but empty/invalid, items. It also it does not
check individual fields when saving all fields (unlike Gtk). This patch
focused on getting Gtk fixed first so ignores those existing issues.
Change-Id: Ia35cfe9d2b793c65144ae7e29a1ed706b6668d99
Reviewed-on: https://code.wireshark.org/review/7120
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Since commit 4a1bd75b60
(https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7471), the data
pointer does not match anything from the macros array.
This patch fixes a false warning by checking for duplicates before the
name is committed.
Bug: 10957
Change-Id: Id61110bf63de1de80b85524705a2df6a5e7be33a
Reviewed-on: https://code.wireshark.org/review/7119
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
That's a little cleaner, and lets us preserve the LINKTYPE_ value for
DLT_LOOP captures. ("Preserve" here doesn't mean "write files with a
link-layer header type of 12", as that's ambiguous; we write it with a
link-layer header type of LINKTYPE_LOOP, i.e. 108. If programs on
OpenBSD don't recognize that as DLT_LOOP, that's a bug in OpenBSD's
libpcap or in the program.)
Change-Id: I48a2e04aed41c013823ffb5c588d2a8e8b376e15
Reviewed-on: https://code.wireshark.org/review/7143
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I1b68151f0cb09afd6a6aeba2a71a15624c2fbc97
Reviewed-on: https://code.wireshark.org/review/7129
Reviewed-by: Michael Mann <mmann78@netscape.net>
Both clang and gcc define __GNUC__. Make sure we account for that when
defining diagnostic macros.
Use DIAG_OFF + DIAG_ON to suppress gcc -pedantic warnings about
frame_data.
Get rid of packet_char_enc casts.
Change-Id: Idbcc61bcdb35c1d20f185461c69451dcdf73bae9
Reviewed-on: https://code.wireshark.org/review/7106
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The first packet is an IPv6 packet with Local Mobility Anchor Address mobility option with Option-Code=1. Wireshark parses its address as IPv4 address.
The second packet is an IPv6 packet with Local Mobility Anchor Address mobility option with Option-Code=2. Wireshark parses its address as IPv6 address.
According to RFC 5949 (https://tools.ietf.org/html/rfc5949#section-6.2.2), Option-Code=1 means IPv6 and Option-Code=2 means IPv4, exactly the opposite to what Wireshark does.
Bug: 10961
Change-Id: I03b76dda8beae211e67e6c9e1f40d122e851b1b5
Reviewed-on: https://code.wireshark.org/review/7113
Reviewed-by: Michael Mann <mmann78@netscape.net>
The authentication data in the AUTH option in attached IPv6 packet contains one byte too much. This byte is read beyond the option data.
In Wireshark, clicking on the AUTH shows that the option ends at 0xCE while clicking on the Authentication Data shows that it ends at 0xCF.
Reported by Boaz
Bug:10626
Change-Id: I0bcfd6331bc1de30f25d16590487c0e3bf5c002f
Reviewed-on: https://code.wireshark.org/review/7112
Reviewed-by: Michael Mann <mmann78@netscape.net>
One use in a GUI function isn't really enough to justify making the structure public.
Change-Id: Ic7dee275ba0a2bd4e19c06702a867417c5624c27
Reviewed-on: https://code.wireshark.org/review/7080
Reviewed-by: Michael Mann <mmann78@netscape.net>
1988 called, they want their lack of a C standard back. We don't need
to check whether we have stdarg.h, stddef.h, stdlib.h, or string.h, as
they're specified by C89 and I don't think there are any platforms we
care about that don't have a C89 environment in which we could be built.
Change-Id: I447551181284fab7722354b62774625ed8ee94bc
Reviewed-on: https://code.wireshark.org/review/7110
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: If7a6f2697be732ae4f94ed8b845fd293c32510f7
Also: tabs-stops should be 8
Reviewed-on: https://code.wireshark.org/review/7100
Reviewed-by: Bill Meier <wmeier@newsguy.com>
There is still a little more work to do here, especially we should call the
SCSI dissector for handling SCSI CDBs etc ...
This is a potential fix for bug 10913.
Ping-Bug: 10913.
Change-Id: Ia8ff1a8207bb5b1cd18079086ff8c472ae3f8736
Signed-off-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-on: https://code.wireshark.org/review/7022
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Allow persistence across files. Preserve the use of "window" even
though we're really a dialog.
Update ByteViewTab and ProtoTree to support multiple instances.
Remove the need for a cast in frame_data.
Add more forward declarations.
Change-Id: I50d3d9d1455b8ecc158a37218f9e41fe696d5ae2
Reviewed-on: https://code.wireshark.org/review/7086
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
There is no guarantee that a g_malloc'ed memory block will be aligned on a 128 bits boundary
Instead use a static variable definition (at the cost of exposing the HAVE_SSE4_2 compilation flag in ws_mempbrk.h)
Change-Id: I661bf479a9d458d64c96bafc940c519d29a4780b
Reviewed-on: https://code.wireshark.org/review/7070
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
This squelches a compiler warning on some platforms.
Change-Id: Ibee5c2fe07fc58e22a860b4c4467a501c2b8a979
Reviewed-on: https://code.wireshark.org/review/7079
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change name from proto_tree_add_new_bytes to
proto_tree_add_bytes_with_length and other tweaks
pointed by Peter Wu.
Change-Id: I6058c28a74a154e2882e4eb04558bedcede6f508
Reviewed-on: https://code.wireshark.org/review/7039
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Model get_manuf_name after get_ether_name so that a string (either name resolved or colon-separated bytes) is always stored in a hash table. This will make name resolution of addresses perform a little better because it doesn't have to work about the wmem_allocator.
Change-Id: I80f465ae0845290255a659ab63310ac3cc35506e
Reviewed-on: https://code.wireshark.org/review/7075
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
One use in a GUI function isn't really enough to justify making the structure public.
Change-Id: I6d70b9bacbc0fa1898150f59c0c69779a6cd5d51
Reviewed-on: https://code.wireshark.org/review/7074
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change I6abc157368a78e1abfde672728b88a36ba6e76cc adds break in "switch case" but there was missing break deliberately. Code modified to let break on his place - copied code from the following condition.
Change-Id: Id008955fbc122c0f8cfe06af2b96f0b643e9417f
Reviewed-on: https://code.wireshark.org/review/7066
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: If5a819b74112e92636d036509cb30ea15b2d5e3d
Reviewed-on: https://code.wireshark.org/review/7067
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This combines the SSE4.2 instructions usage, with pre-compiled
pattern searching usage, for a faster pbrk search method.
Testing against large files of HTTP and SIP, there is about
a 5% performance improvement by using pre-"compiled" patterns
for guint8_pbrk() instead of passing it the search string and
having it build the match array every time.
Similar to regular expressions, "compiling" the pattern match array
in advance only once and using the "compiled" patterns for
the searches is faster than compiling it every time.
Change-Id: Ifcbc14a6c93f32d15663a10d974bacdca5119a8e
Ping-Bug: 10798
Reviewed-on: https://code.wireshark.org/review/6990
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Also ensure that USB COM dissection is done with the parent tree and not setup one
Change-Id: Iae9f933ff29b3854879375df320a23e623ea785f
Reviewed-on: https://code.wireshark.org/review/7051
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
if captured length < reported length, this will trigger an infinite loop
Change-Id: I6557b455e7bbff12658a934e5bb13a42c023e133
Reviewed-on: https://code.wireshark.org/review/7053
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
This function can only search in captured length buffer
This fixes an ASAN failure reported by Alexis
Change-Id: Ib936f918e057423d63ff34a5fc79fed602e56dfc
Reviewed-on: https://code.wireshark.org/review/7052
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Found by MSVC2013 Code Analysis
Change-Id: I58063946dd558e98308c87b36eeac0ddbe1a6e79
Reviewed-on: https://code.wireshark.org/review/7045
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Change-Id: I09b2cc3739628b5de706659731e37fa345804254
Reviewed-on: https://code.wireshark.org/review/7043
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
RFC 2830 describes the Start TLS operation as follows:
1. ExtendedRequest is sent by client with the requestName OID set to
"1.3.6.1.4.1.1466.20037".
2. Server responds with an ExtendedResponse having a resultCode and
optionally a responseName (OID).
The text mentions that the field *must* be set but the definition allows
it to be optional. The previous code then made assumption that once (1)
was seen, then any ExtendedResponse signals an acknowledgement.
That is not entirely correct, a server could reject the request. This
patch corrects that by checking the ExtendedResponse_resultCode for
success, and then uses the new ssl_starttls_ack() helper to kick off
SSL. This simplifies the code a bit.
Tested against ldap-ssl.pcapng (which has no responseName) from
http://wiki.wireshark.org/SampleCaptures#SSL_with_decryption_keys
The result is the same as before, except that "Protocols in frame"
changed from "...:ldap:ssl:ldap" to "...:ssl:ldap".
Change-Id: Id7e40c5a50a217c4d3d46f08241d704f19d195dd
Reviewed-on: https://code.wireshark.org/review/6982
Reviewed-by: Michael Mann <mmann78@netscape.net>
This patch lets a dissector hand over control to the SSL dissector which
simplifies dissector code ("TCP | App | SSL | App" becomes
"TCP | SSL | App").
After this patch, all of the affected dissectors will now be dissected
as SSL with its Application Data being treated as the protocol before
STARTTLS. This was previously not the case because the port was not
registered for dissection via ssl_dissector_add.
The desegmentation issue within the MySQL dissector is now also gone.
Convert some tvb_length[_remaining] users in pop and smtp as well.
Tested against mysql-ssl.pcapng and mysql-ssl-larger.pcapng(*1),
Tested against pop-ssl.pcapng (note: only first stream is decrypted,
either the key after negotiation is wrong or there is a bug),
Tested against smtp-ssl.pcapng and smtp2525-ssl.pcapng (with Decode As)
and smtp-ssl.pcapng with filter "tcp.len>0",
Tested against xmpp-ssl.pcapng,
http://wiki.wireshark.org/SampleCaptures#SSL_with_decryption_keys
*1) mysql-ssl-larger has MySQL dissector errors for the fragmented
SSL packet, but reassembly seems to work. Needs further
investigation.
Bug: 9515
Change-Id: I408ef8ff30d9edc8954dab9b3615900666dfa932
Reviewed-on: https://code.wireshark.org/review/6981
Reviewed-by: Michael Mann <mmann78@netscape.net>
All STARTTLS-like dissectors (protocols which can switch to SSL/TLS
after a protocol command) currently fail to get called after decryption.
The reason for this is that the port is not registered for SSL
dissection via ssl_dissector_add. Besides this, the MySQL dissector
breaks in the event of multiple segments because it does not properly
set desegmentation.
The call path TCP | App | SSL | App is a bad, error-prone pattern which
requires duplication of required functionality in dissectors. This patch
enables to bypass the App (TCP | SSL | App) by registering a SSL as
conversation dissector after a STARTTLS switch.
Logical overview of changes:
- Move srv_addr, srv_ptype and srv_port to SslSession and adjust the
users. This allows passing SslSession around which will never be null
unlike SslDecryptSession. This is needed for looking up the packet
direction (server or client) before calling a subdissector.
- Add app_handle to store the dissector and last_nontls_frame the
frame that initiated STARTTLS.
- The same app_handle is now used to store the dissector handle from
a ssl association.
- Moved conversation data (SslDecryptSession) to ssl-utils to avoid
code duplication. Merge ssl_session_init into it. The new
ssl_session_get() is needed for STARTTLS frame/handle storage.
- Introduce new "ssl_starttls_ack" function to signal the last non-TLS
packet.
- Ensure that match_uint is set before calling the conversation
dissector. This ensures that dissectors using match_uint to check
the direction of a packet (client vs. server) see the TCP port
instead of the IP proto. At least the MySQL and SMTP dissectors
require such special treatment.
- Move epan/conversation.h outside HAVE_LIBGNUTLS, remove from dtls
(as it is already included by ssl-utils).
- Various comment/debug string updates. Remove outdated comment before
SSL association lookup.
Besides setting match_uint and caching the app_handle, existing
dissectors should not be affected by this patch. Follow-up patches
will update existing dissectors to use the new ssl_starttls_ack
interface.
Bug: 9515
Change-Id: I795d16b6a901e672a5d89e922adc7e5bbcda0333
Reviewed-on: https://code.wireshark.org/review/6872
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This patch improves detection of a SPDY/3.1 in SSL capture. While at it,
add other protocols from the RFC/drafts.
spdy was tested against a private capture from spdy/3.1 communication
between Chromium 40 and ssl.gstatic.com.
http2 was tested against http2-16-ssl.pcapng from
http://wiki.wireshark.org/SampleCaptures#SSL_with_decryption_keys
Change-Id: I111efae34d614b7d8e37eaaa686b391d332753dd
Reviewed-on: https://code.wireshark.org/review/7000
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
On the wire P_DATA_V2 is same as P_DATA-V1 plus 3 bytes "peer-id" value
after opcode. Client-side support has been added since OpenVPN 2.3.6,
server side is in master branch and will appear in 2.4.
Peer-id is especially useful for mobile clients (they often float
between 3G/Wi-Fi) and in general for Wi-Fi clients (solves UDP NAT
timeout issue).
Change-Id: Ic5d2e05e62c27bed18c2368a1bbc5c7bf4d358f1
Reviewed-on: https://code.wireshark.org/review/7023
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This allows for even more cleanup with respect to how address types are handled, including removing address_to_str.c. Most of the functionality was folded into address_types.c, but the remainder was just dispersed because it didn't make sense to keep the file.
Change-Id: Id4e9391f0c3c26eff8c27b362e4f7a1970d718b4
Reviewed-on: https://code.wireshark.org/review/7038
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Using the new address type registration, dissectors can create their own address types with their own (column) filters attached to them, eliminating the need for an address to keep track of a hf_ field.
Change-Id: I2bbec256a056f403a7ac9880d5d76a0b2a21b221
Ping-Bug: 7728
Reviewed-on: https://code.wireshark.org/review/7037
Reviewed-by: Michael Mann <mmann78@netscape.net>
Information about dissector (filter) fields should be kept in a dissector as much as possible. Supporting "column filter string" also allows other dissectors to create their own "address types" with different column filters (because AT_ETHER isn't always an "Ethernet" address).
This feature also allowed a few "dissector specific" address types to be moved to their own dissector.
Change-Id: Ie9024af4db62bc2ee4f8c9d28a1d807f706f45bf
Ping-Bug:7728
Reviewed-on: https://code.wireshark.org/review/7029
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Now address types are setup just like field types and must be registered with a structure that provides its string representation (and more things in the future). Address types that are limited to a single dissector are registered by the dissector. More "common" ones are globally registered. There are still a few that really belong in a dissector, but have other dependencies currently not accounted for in the address type support.
Many of the "address to string" conversions that involved g_sprintf have be changed to use more "performance friendly" methods (some at the cost of needing to_str-int.h)
Leaving all comments regarding this "solution" in address_to_str.c in until all have been implemented
Change-Id: I494f413e016b22859c44675def11135f228796e0
Reviewed-on: https://code.wireshark.org/review/7019
Reviewed-by: Michael Mann <mmann78@netscape.net>
The DNS packet's 3rd additional RR is a LOC RR.
In the LOC RR, Wireshark marks the Size field with meters unit.
However, the Horizontal and Vertical Precision fields have no units
Issue reported by Boaz
Bug:10940
Change-Id: If177757d2bba6ea012a320aceaea2f8d8e50155c
Reviewed-on: https://code.wireshark.org/review/7014
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ied0428324c14f248bf6857fd288b4fb5d4591230
Reviewed-on: https://code.wireshark.org/review/7033
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Icb7fec658f895e91069e51bab50d57a0a93f5cba
Reviewed-on: https://code.wireshark.org/review/7031
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ic8f93913396de3d97cdba4473e6837056c8250a6
Reviewed-on: https://code.wireshark.org/review/7030
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Mostly: Rename a number of macros to be RIEMANN_...
Change-Id: I2b8beb5f9241a0a2a380b8a38222ef07beb1703c
Reviewed-on: https://code.wireshark.org/review/7028
Reviewed-by: Bill Meier <wmeier@newsguy.com>
The following doesn't quite do what it might seem to be doing:
*value |= (byte & 0x7F) << shift; //guint64 *value // guint8 byte
The warning from MSVC2013:
Arithmetic overflow: 32-bit value is shifted, then cast to 64-bit
value. Results might not be an expected value
Change-Id: I06e196559ec0e84da77d8866355ae7f86ba43f73
Reviewed-on: https://code.wireshark.org/review/7020
Reviewed-by: Bill Meier <wmeier@newsguy.com>
uuid_t is a data type provided by a number of environments, thanks to
the Open Software Fuundation; calling the Bluetooth code's data type,
which includes an actual OSF-style UUID as a member, "uuid_t" can lead
to confusion and *does* lead to compile errors on platforms where, for
better or worse, system headers such as <unistd.h> define uuid_t (and
are included by, for example, Qt headers).
Just rename it "bluetooth_uuid_t".
Change-Id: Ic742723913ba4105cd3269dd24fc821147285176
Reviewed-on: https://code.wireshark.org/review/7017
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The following doesn't quite do what it might seem to be doing:
guint64 num;
guint8 b;
num |= ((b & 0x7f) << shift);
The warning from MSVC2013:
Arithmetic overflow: 32-bit value is shifted, then cast to 64-bit
value. Results might not be an expected value
Change-Id: Ic8c939355b54317f0b459c60342f3cb5dfa29624
Reviewed-on: https://code.wireshark.org/review/7015
Reviewed-by: Bill Meier <wmeier@newsguy.com>
if they're dealing with HID descriptors
Change-Id: Ia529fe373653ddf18e05e8ad148a2f5b5686fa95
Reviewed-on: https://code.wireshark.org/review/7010
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I19544eeccd5206de88fe480f9b02bc57fcc278bd
Reviewed-on: https://code.wireshark.org/review/7009
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: Iaf339310c3b606885e945d10cffc1956ce24578a
Reviewed-on: https://code.wireshark.org/review/7008
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
treat those two messages as class-specific control messages, handle them
inside the USB HID dissector
Change-Id: I42d201df4a8fdb94c947b6118c0b50945c306423
Reviewed-on: https://code.wireshark.org/review/7006
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
pass the data only to one subsequent dissection function
either we have a standard request or a non-standard request that can be
handled by a class dissector (we used to do both at the same time,
this makes the output difficult to read)
Change-Id: Ia46239b2b9e121c9ca165cc56d0b271345d7962e
Reviewed-on: https://code.wireshark.org/review/7005
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
top-most tree on which it operates
this gives callers more control over where things are displayed
Change-Id: I8cdc07b4f3569bca728781fb709e2a2bb37c433b
Reviewed-on: https://code.wireshark.org/review/7004
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
standard setup request
it's not sufficient to look at the type bits in the request type field
use the new function where we checked the type bits before
Change-Id: I65b901dca91607a4dad4e4296b3f3a877aebf346
Reviewed-on: https://code.wireshark.org/review/7003
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Version to add as generated field, without tvb offset, length.
Change-Id: If4c7aebcbf1b47faa483bcbd40995eff3ccb99f0
Reviewed-on: https://code.wireshark.org/review/6906
Tested-by: Michal Labedzki <michal.labedzki@tieto.com>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Introduced in gca3fe28;
Found by MSVC2013 Code Analysis
Change-Id: I4c754dfacca492b53debdaf82557e4fe91698460
Reviewed-on: https://code.wireshark.org/review/6991
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
It is a GUI+QT feature that introduce Bluetooth menu and
"ATT Server Attributes" that present all handle+UUID pairs
as table. User may copy cell value, row, selected rows or whole
table within header. On activate user will go to packet that
introduce UUID for specified handle.
Change-Id: If17e53aff5feb89ededc740a595ba5882b90be5e
Reviewed-on: https://code.wireshark.org/review/6911
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
"Break" is not missing, "error opcode" is part of opcode "Error Response"
that is needed to fetch request data.
Change-Id: I35432b22fae492a93332a8787213dd8fcf796e3b
Reviewed-on: https://code.wireshark.org/review/7001
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
- Remove some boilerplate comments;
- Use a consistent indent style (gnu);
- Use a consistent format for hf[] entries;
- Whitespace;
- Long lines;
- Rename a generic macro;
Change-Id: Ic2edcf8a8c0151d63a0d0ad901ddea9d7443ad19
Reviewed-on: https://code.wireshark.org/review/6994
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Found by MSVC2013 Code Analysis
Change-Id: If8138ff3eab7daa1da728781314f8024e36545be
Reviewed-on: https://code.wireshark.org/review/6992
Reviewed-by: Bill Meier <wmeier@newsguy.com>
can be considered TOS 0.
Use similar logic in LSA-Summary processing.
Ping-Bug: 6302
Change-Id: I0a74b95f6c4413ebce240e6e1b46c7e88311713a
Reviewed-on: https://code.wireshark.org/review/6951
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Since 'values' is always 'length/4', we can have it as 'gint' and avoid
the Clang warning concerning the while cycle.
>> cannot optimize loop, the loop counter may overflow [-Wunsafe-loop-optimizations]
Change-Id: I4342f9e3fcd5df7779f41414ab6f789fe402e3af
Reviewed-on: https://code.wireshark.org/review/6979
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Remove emem's 8-byte-memory-alignment configure check as well as references
to all the environment variables emem used.
Change-Id: I897aec9e9c68e064454561e7a9f066b18892ec66
Reviewed-on: https://code.wireshark.org/review/6950
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
They've been deprecated for a very long time. Replace them with
getaddrinfo. Note that we might not want to do synchronous name
resolution at all.
Add HAVE_GETADDRINFO to the KfW win-mac.h collision list.
Change-Id: If59ce8a038776eadd6cd1794ed0e2dad8bf8a22c
Reviewed-on: https://code.wireshark.org/review/6958
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(This error was missed by me when confirming recent changes to the RTAC
serial dissector and fixes decoding of RTAC serial Modbus captures.)
Change-Id: I2df609f88263e90ae4815722ff76b6a0b988a01e
Reviewed-on: https://code.wireshark.org/review/6973
Reviewed-by: Michael Mann <mmann78@netscape.net>
Warn Dissector bug, protocol CAPWAP-CONTROL, in packet 1: proto.c:7802: field capwap.control.message_element.wtp_frame_tunnel_mode is not of an FT_{U}INTn type
Warn Dissector bug, protocol CAPWAP-CONTROL, in packet 2: proto.c:7802: field capwap.control.message_element.ac_descriptor.security is not of an FT_{U}INTn type
...
Change-Id: I03f70ca664d99771ad27457052e6df11f9d5ad9e
Reviewed-on: https://code.wireshark.org/review/6964
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Resolve mixed space/tab issue in the RTSE and BER dissectors and included modelines in both templates.
Change-Id: I4b75bad94ed111d0faee205e026b2322b7dafbd1
Reviewed-on: https://code.wireshark.org/review/6932
Reviewed-by: Michael Mann <mmann78@netscape.net>
/Users/buildslave/Documents/wireshark/osx105x86/build/epan/dissectors/packet-qnet6.c:1502: warning: 'hf_index' may be used uninitialized in this function
/Users/buildslave/Documents/wireshark/osx105x86/build/epan/dissectors/packet-qnet6.c:1502: note: 'hf_index' was declared here
/Users/buildslave/Documents/wireshark/osx105x86/build/epan/dissectors/packet-qnet6.c:1502: warning: 'hf_index_off' may be used uninitialized in this function
/Users/buildslave/Documents/wireshark/osx105x86/build/epan/dissectors/packet-qnet6.c:1502: note: 'hf_index_off' was declared here
/Users/buildslave/Documents/wireshark/osx105x86/build/epan/dissectors/packet-qnet6.c:1500: warning: 'sstree' may be used uninitialized in this function
/Users/buildslave/Documents/wireshark/osx105x86/build/epan/dissectors/packet-qnet6.c:1500: note: 'sstree' was declared here
/Users/buildslave/Documents/wireshark/osx105x86/build/epan/dissectors/packet-qnet6.c:1502: warning: 'hf_index_len' may be used uninitialized in this function
/Users/buildslave/Documents/wireshark/osx105x86/build/epan/dissectors/packet-qnet6.c:1502: note: 'hf_index_len' was declared here
Remove not needed includes.
Change-Id: Iac91954b3d6c8f9799c6fe816af93376419d1b21
Reviewed-on: https://code.wireshark.org/review/6945
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The numerical values are platform-specific, so call them QNX_PC_; that
also avoids collision with the values on the platform on which we're
building Wireshark (such a collision broke the Solaris build).
Change-Id: I04291eccb818a290eb44eadb17a56ed684285a70
Reviewed-on: https://code.wireshark.org/review/6944
Reviewed-by: Guy Harris <guy@alum.mit.edu>
no ethertype 0x8203-0x8205 support in trunk.
0x8204 is QNX OS VER 6's qnet ethernet protocol number.
Bug:3934
Change-Id: I52555b568c3a304f1512fe25f949330b46f49a93
Reviewed-on: https://code.wireshark.org/review/6363
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: Ib13d9391b64dad19321a4399c95b95d7fb791284
Reviewed-on: https://code.wireshark.org/review/6421
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
aren't present. Only warn if no forwarding blocks are present.
Simplify the code a bit while also removing a proto_tree_add_text(). (There
are a number of similar proto_tree_add_texts()s here.)
Hang the "no forwarding blocks" expert info off the LSA item rather than off
the Metric. The warning is about how much data is in the LSA--it has
nothing to do with the Metric.
Ping-Bug: 6302
Change-Id: I1903ba5ad78101ec4fa2602a1f21e8192f1d8d53
Reviewed-on: https://code.wireshark.org/review/6943
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I39ff2e15b91981111f8de091e6e5dfb7586b4599
Reviewed-on: https://code.wireshark.org/review/6937
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Iddd1200e62bf3200cb1a68408378dd9d47120b77
Reviewed-on: https://code.wireshark.org/review/6939
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Evan Huus <eapache@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This is mostly for GUI usage, but a few dissectors needed some "non-packet scope" conversions.
val_to_str officially now uses wmem_packet_scope()
Change-Id: Ic9413eeb3406d7a7683222b86709f3675d628d81
Reviewed-on: https://code.wireshark.org/review/6933
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Ping-Bug: 10346
Change-Id: I1b2bd3e9b1dc01118c48c6e159c9a06d4daa061b
Reviewed-on: https://code.wireshark.org/review/6936
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Merge also mysql_dissect_caps_client and mysql_dissect_caps_server
and rename mysql_dissect_extcaps_client to mysql_dissect_extacps (it will be reused soon)
Ping-Bug: 10346
Change-Id: I6543363a337d7bbfddba6dd699697a257a2cbb49
Reviewed-on: https://code.wireshark.org/review/6935
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
- Clean up naming conventions & variables
- 'SEL Protocol' is the entire protocol suite
- 'Fast SER' is a function code of 'Fast Message' sub-type
'selfm' will remain the protocol name in Wireshark so no major architecture naming changes are anticipated
Change-Id: Idc5117dcede0b61c61c0c64d5cd20199535ed471
Reviewed-on: https://code.wireshark.org/review/6919
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
First, it appears some packagers actually ship a pkg-config file for Lua.
Try to use it. (Unfortunately the package name varies so we have to try
several package names.)
If that fails, try to find Lua directly, accounting for the various naming
conventions we've seen.
Bug: 10475
Bug: 10572
Change-Id: I82e789c466a488dc12431cdd90c49b4c1052414a
Reviewed-on: https://code.wireshark.org/review/6756
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
val_to_str_ext now officially uses wmem_packet_scope().
Removed const from val_to_str[_ext]_wmem return value since it's not really constant.
Created utility functions in qt_ui_utils.h to help with the new memory management for its GUI.
Change-Id: Idf2ce4a4ce78d628b2269ad23a3a48fbfc9c077c
Reviewed-on: https://code.wireshark.org/review/6926
Reviewed-by: Michael Mann <mmann78@netscape.net>
Then call it as new dissectors from bthid and btatt.
In future they will be used in usbhid, because they are part of HID.
Change-Id: I9cb545f3079c27945b17bf8791ba4e3736c29e7c
Reviewed-on: https://code.wireshark.org/review/6912
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Add possibility to dissect attributes by UUID assigned to handle.
Change-Id: I0e510bf902492f87e0eaee339d82609c37e12741
Reviewed-on: https://code.wireshark.org/review/6905
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
ATT dissector is now able to decode GATT level fields.
This is results of added request-response tracking/share information.
Change-Id: I41ac622a38916a7a20f625fa30ac72d7812446c6
Reviewed-on: https://code.wireshark.org/review/6904
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
I4cd9bd7f7219e4d9ff1bb8a71fab32439a8a9a35).
(The nameless application was causing known applications to be reported as
unknown.)
Add code to the Diameter dissector to report such problems at startup (similar
code exists for other entities).
Tweak the parser debug slightly.
Change-Id: I6b28cda8660e6eb96648c7b3697d7fd85151ac96
Reviewed-on: https://code.wireshark.org/review/6927
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I58debb32cc7a4aa476961eda342f1cd90884c800
Reviewed-on: https://code.wireshark.org/review/6921
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ie55dd06b6c4d6f77012e8e13079279ded2997907
Reviewed-on: https://code.wireshark.org/review/6920
Reviewed-by: Michael Mann <mmann78@netscape.net>
St*** Mac OS X buildbot...
Part 2 (Oups...)
Change-Id: I082d73d4581365d7152aca764e4dfe599ce12c64
Reviewed-on: https://code.wireshark.org/review/6923
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
St*** Mac OS X buildbot...
Change-Id: I5efff34ce818f52fb6414191c58b5cabb388ba26
Reviewed-on: https://code.wireshark.org/review/6922
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This patch resolves review comments I received from the AMQP 0-9-1 community.
Some field types were not implemented, other field types (introduced by my
earlier patch) were incorrectly parsed.
https://groups.google.com/forum/#!topic/rabbitmq-users/PR7P1bgonwo
I had to split the dissect_amqp_0_9_field_table() function into two parts
and put the field value dissectors in a separate function:
dissect_amqp_0_9_field_value().
Change-Id: I9aa7d73e426a790830ad260ca6892a7650791e6c
Reviewed-on: https://code.wireshark.org/review/6882
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>