New dissectors return an integer, not a boolean, fix that.
Change-Id: I79dea0cc4274d503d61ce8823dc783c542764f6b
Reviewed-on: https://code.wireshark.org/review/2884
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Evan Huus <eapache@gmail.com>
Change-Id: Ie10ac4f5f04a23344d183e095bbafb23c6409144
Reviewed-on: https://code.wireshark.org/review/2904
Reviewed-by: Michael Mann <mmann78@netscape.net>
The WRETH dissector showed up some garbage in the column display. Upon
further inspection, it turns out that the format string had a trailing
percent sign which caused (unsigned)-1 to be returned by
g_printf_string_upper_bound (in emem_strdup_vprintf). Then ep_alloc is
called with (unsigned)-1 + 1 = 0 memory, no wonder that garbage shows
up. ASAN could not even catch this error because EP is in charge of
this.
So, start adding G_GNUC_PRINTF annotations in each header that uses
the "fmt" or "format" paramters (grepped + awk). This revealed some
other errors. The NCP2222 dissector was missing a format string (not
a security vuln though).
Many dissectors used val_to_str with a constant (but empty) string,
these have been replaced by val_to_str_const. ASN.1 dissectors
were regenerated for this.
Minor: the mate plugin used "%X" instead of "%p" for a pointer type.
The ncp2222 dissector and wimax plugin gained modelines.
Change-Id: I7f3f6a3136116f9b251719830a39a7b21646f622
Reviewed-on: https://code.wireshark.org/review/2881
Reviewed-by: Evan Huus <eapache@gmail.com>
With autotools, CMake, and nmake, if we have a function, #define
HAVE_{function_name_in_all_caps}, otherwise don't #define it.
If we provide our own version of a function in libwsutil, make sure we
have a header that declares it, and *ONLY* include that header if
HAVE_{function_name_in_all_caps} is *NOT* defined, so that we don't have
the system declaration and our declaration colliding.
Check for inet_aton, strncasecmp, and strptime with CMake, just as we do
with autotools.
Simplify the addition of {function_name_in_all_caps}_LO to libwsutil in
autotools.
Change-Id: Id5be5c73f79f81919a3a865324e400eca7b88889
Reviewed-on: https://code.wireshark.org/review/2903
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add support for Prefix, STAP, MTAP, NI-MTAP, and PACSI packet types.
Add support for Microsoft SEI messages [MS-H264PF]
Add support for dissecting scalable profiles
SDP: Add profile-level-id decode for payload type H264-SVC
MS-H264PF: http://msdn.microsoft.com/en-us/library/hh659565.aspx
Update #1 - Fix Tabs -> Spaces, Reinsert accidentally removed entry 19
from h264_type_values
Update #2 - Changed to using expert info for exceptions and Microsoft
errata.
Update #3:
- Correct handling of truncated packets
- Use guid functions and compare techniques
- Correct ranges for expert info messages
- Change to using reported_length from captured_length
Change-Id: I520a3c9a6d85c78a976b520cf5a6a405064a48f1
Reviewed-on: https://code.wireshark.org/review/2580
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Change-Id: Id1997c3c8f6d0460da7f0faa58798a72737dd667
Reviewed-on: https://code.wireshark.org/review/2898
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I3efa2a81ab2685cde6eae0a00b24520478a545ce
Reviewed-on: https://code.wireshark.org/review/2900
Reviewed-by: Michael Mann <mmann78@netscape.net>
As suggested by Alexis reviewing change Ie76c5a810af927b, this issue was
scattered throughout the v4/v5 openflow dissectors. Hopefully I got all of them.
Original issue found in bug 10259.
Change-Id: Idf87deea34132aec5cd4e8f83264906a29b15568
Reviewed-on: https://code.wireshark.org/review/2878
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The return value of new dissectors is the number of bytes that were
successfully dissected, not a boolean. Fix that and get rid of an
unnecessary iSCSIPdusDissected variable.
Change-Id: Ie31df393a1eb44f185d320a4c2d35f5e8b7d7bd9
Reviewed-on: https://code.wireshark.org/review/2889
Reviewed-by: Evan Huus <eapache@gmail.com>
new dissectors return an int, not a boolean...
Change-Id: I88e19f7c0dc14da3649d1522ffe936538a867753
Reviewed-on: https://code.wireshark.org/review/2888
Reviewed-by: Evan Huus <eapache@gmail.com>
Return value "-1" means that more data is requested. The dissector
actually doesn't have any idea what to do with the data, so just return
the data dissected so far.
tcp stream 3182 from c05-http-reply-r1.pcap (SampleCaptures) was
incorrectly detected as MIKEY, it was actually HTTP...
Change-Id: Idca3d3e2f85e821df70436a675699b5834236f89
Reviewed-on: https://code.wireshark.org/review/2887
Reviewed-by: Evan Huus <eapache@gmail.com>
uint16 & 0xFF00 will always equal 0. Use tvb_get_guint8 instead. Convert
from tvb_length to tvb_captured_length.
Fix the return value of dissectors, 0 means reject but that cannot be
combined with reassembly requests.
Change-Id: I5fca66e2e809699392237aff5813eecdfb15857f
Reviewed-on: https://code.wireshark.org/review/2885
Reviewed-by: Evan Huus <eapache@gmail.com>
Fixes a good 80-90KB of leaks in certain cases.
Bug: 10261
Change-Id: I81d57ac67219e730b03649b9fdfc2306807bdb97
Reviewed-on: https://code.wireshark.org/review/2879
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ia2567695ffed30c990eda3740b08bfab101cea96
Reviewed-on: https://code.wireshark.org/review/2883
Reviewed-by: Michael Mann <mmann78@netscape.net>
The pStr argument to dissect_mq_charv() isn't modified (and always
points to a character string), so make it a "const char *", and
eliminate the casts to "guint8 *" in calls to it.
Change-Id: I21dad38c41324528be297a8ddc1854beff2276db
Reviewed-on: https://code.wireshark.org/review/2877
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Instead of calling the grep/sed pipelines for each file, build the
list of files in the beginning and call each pipeline only once,
passing the list to the first grep.
This results in a massive speedup in Cygwin; in my test, the time
it takes to run make-dissector-reg . dissectors packet-*.c in dissectors/epan
is reduced from ~116 to ~3 seconds. I also tried it on NetBSD, where
the time do to the same goes from ~6 to ~0.5 seconds.
Amend makefile comments to elide mentions of invoking multiple processes
per file.
Change-Id: Iad441e7d2b6cc3669dada57646e2f8f6b987fd34
Reviewed-on: https://code.wireshark.org/review/2826
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I66f0bffb987568c3d4c14a06bdc90465c877b27f
Reviewed-on: https://code.wireshark.org/review/2867
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fix version detection (detect against full string instead of prefix),
properly dissect Tcreate extension field (9p2000.u only), dissect
Tunlinkat flags (9p2000.L).
Refactor pattern to dissect string[s] types for DRY.
Convert to use tcp_dissect_pdus. I have not seen a fragmented case, but
maybe that may happen in the future.
The main motivation for touching 9p was that it returns bogus values
for some types. This has been fixed by properly increasing offset, and
always return the captured length.
Change-Id: If2184204ae9c853b94aca8ade3763d7fe523fa86
Reviewed-on: https://code.wireshark.org/review/2836
Reviewed-by: Christopher Maynard <Christopher.Maynard@gtech.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Change-Id: I8df48b25de784a48a25f0e48aac1e1545ed92c35
Reviewed-on: https://code.wireshark.org/review/2865
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I621f2e2cad9403449cb78f45302388f0c874d3bc
Reviewed-on: https://code.wireshark.org/review/2852
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Idd1b20ab32c0960ea52c6f3bc5346462c37c5684
Reviewed-on: https://code.wireshark.org/review/2853
Reviewed-by: Michael Mann <mmann78@netscape.net>
USB Addresses are now in the format of: bus_id.device_address.endpoint
This makes it much easier to read traces that captured traffic on
more than one bus.
Change-Id: I264db2ceea712d94632d5d08d05d3af22a4a03fe
Reviewed-on: https://code.wireshark.org/review/2833
Reviewed-by: Evan Huus <eapache@gmail.com>
These changes were originally done in g971ffd6
Change-Id: I9de28ba7089f99e8058207f3b6d34de931decf76
Reviewed-on: https://code.wireshark.org/review/2835
Reviewed-by: Bill Meier <wmeier@newsguy.com>
- Properly dissect multiple VNC PDUs in one (or more) TCP segment(s).
- Dissect additional message types ('Fence' and 'Enable Continuous Updates').
- Handle "num_rects" field = 0xFFFF (TightVNC).
- Add some more info as to sources of information about the VNC protocol.
- Add an XXX note as to the (incorrect) reassembly method being used.
- Add some notes as to possible ToDo's.
Change-Id: Id4942c50b3d1373bd2e72c0131614835dc39ba90
Reviewed-on: https://code.wireshark.org/review/2834
Reviewed-by: Bill Meier <wmeier@newsguy.com>
NDPS dissector is also the poster child for not being considered "that naughty" by checkAPIs because most of its proto_tree_add_text calls don't have printf-style arguments (which is what checkAPIs really keys off of)
Fixed both cases and removed about 370 proto_tree_add_text calls from the dissector.
Change-Id: I721678c39d4a0544e5e7212e622c0c2eebfd04f7
Reviewed-on: https://code.wireshark.org/review/2775
Reviewed-by: Evan Huus <eapache@gmail.com>
Fetch header value, only when we need to parse it.
Change-Id: I3c170ef8ab03985c8111a1b84ac1afc87bc8b5ca
Reviewed-on: https://code.wireshark.org/review/2767
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
As Anders correctly pointed out in I7d8f84b2e, constantly resetting state will
turn init_dissection into a bit of a hot path. Especially as we will already
bear the overhead of switching files, we don't want to fall any further behind
than we have to.
This change includes three unrelated optimizations that reduce the cost of
init_dissection by about 40% as measured by callgrind:
- only initialize ares/ADNS if that preference is enabled (this of course only
applies if you specify -n to tshark or otherwise disable the preference)
- use memcpy instead of a loop in sigcomp UDVM init
- use memcpy instead of a loop in bootp dissector
The only remaining obvious hot spot in this path is reassembly_table_init since
it is called by so many dissectors. Suggestions (perhaps to get rid of the
GPtrArray) welcome.
Oh, and one other change to use g_strerror instead of strerror as insisted
upon by the API pre-commit hook.
Change-Id: I18a74f2b64b25498116079bd4e7fc2b335c7703a
Reviewed-on: https://code.wireshark.org/review/2738
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use tvb_pbrk_guint8, tvb_find_guint8 when possible.
Change-Id: If8090d9b9b92146e9c216f139c056130d6b04e78
Reviewed-on: https://code.wireshark.org/review/2569
Reviewed-by: Anders Broman <a.broman58@gmail.com>
At the suggestion of Toralf Förster. This includes an expert info, as well as
making SSL a new-style dissector and rejecting traffic that looks like
unencrypted text.
Change-Id: Ib09ea0d97952330f092590ff3fc6488807cdbb81
Reviewed-on: https://code.wireshark.org/review/2693
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Evan Huus <eapache@gmail.com>
Added dissection of the SIP Service-Route header.
Change-Id: Ic4523edb374ae03492af5853863dde501a0c30e0
Reviewed-on: https://code.wireshark.org/review/2721
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Id00f456479415adf0a219af6c9a2108d4b3642d0
Reviewed-on: https://code.wireshark.org/review/2702
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I7e016f10fcfdc0523bf2fe8c11295c0334f7c332
Reviewed-on: https://code.wireshark.org/review/2694
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: If110de1e0555637264f86f1508858d569871a9c7
Reviewed-on: https://code.wireshark.org/review/2675
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ia7014003a3cff5181295172978d6c613c3b83b0b
Reviewed-on: https://code.wireshark.org/review/2676
Tested-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Also, note that we need to determine how to handle Application Layer
Feedback messages based on the SDP setup traffic for the session; recent
changes disabled dissection of REMB Application Layer Feedback messages
in favor of MS-RTP Application Layer Feedback messages. (This is why we
shouldn't remove dissect_rtcp_psfb_remb() unless REMB isn't being used
any more.)
Change-Id: Ib320bdf4a64263fdef29fc4ea2583eaae1cc4bee
Reviewed-on: https://code.wireshark.org/review/2684
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Support for Profile Specific Extensions from MS-RTP
Support for RTCP Feedback Messages
Support for Application Layer Feedback Messages.
MS-RTP: Real-time Transport Protocol (RTP) Extensions
http://msdn.microsoft.com/en-us/library/office/cc431492.aspx
Change-Id: I1f1e6e60b5f9d09b1dffd7e308426c0b67914441
Reviewed-on: https://code.wireshark.org/review/2586
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. The only indication we get of an out-of-order value string is a message on
STDERR, so check that and fail the test if STDERR wasn't empty.
2. This exposes an out-of-order value string in packet-stun.c; fix it.
3. This triggered the pre-commit hook on packet-stun.c, which noticed an API
error (ENC_ASCII -> ENC_ASCII|ENC_NA); fix that too.
Change-Id: I36f87a2a87b40537119562f22a7e3012716ff239
Lesson: automated testing/tooling is both wonderful and scary.
Reviewed-on: https://code.wireshark.org/review/2682
Reviewed-by: Evan Huus <eapache@gmail.com>
Change-Id: I9339869defa47a862b6174d8821cdd8e6186f5c5
Reviewed-on: https://code.wireshark.org/review/2678
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: Iac6a259a1081b907149c49023614a5053440e560
Reviewed-on: https://code.wireshark.org/review/2677
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I525ac2aae2bdbfd5f3a2f3b35f1bf10dde053f66
Reviewed-on: https://code.wireshark.org/review/2667
Tested-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Interactive Connectivity Establishment ICE Extensions 2.0
http://msdn.microsoft.com/en-us/library/office/cc431504.aspx
Change from review:
1) Change encoding for foundation to ASCII
2) Move case for MS_IMPLEMENTATION_VER.
Change-Id: Ic524a2fe811695478aba81af9cbb3dbd031bbce3
Reviewed-on: https://code.wireshark.org/review/2579
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: I2ea1892b5963cc5578cbdd2b03029ca8424f2267
Reviewed-on: https://code.wireshark.org/review/2640
Tested-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I5f573dffabb8685a8e5a334ff2bfb24d9838daa6
Reviewed-on: https://code.wireshark.org/review/2601
Tested-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
- Respect the length field when dissecting message sets
- Don't "wrap around" in capture when doing request/response matches
Also convert one instance to proto_tree_add_subtree, as an experiment.
Change-Id: Id161687865afa7ca83e6943a643bc54582f65554
Reviewed-on: https://code.wireshark.org/review/2624
Reviewed-by: Evan Huus <eapache@gmail.com>
see mon_bin_event() in the linux kernel where the setup_flag is set only
for control urbs
clean up various things related to this assertion:
remove type_2 parameter
show the iso descriptors in any case
calculate the end offset correctly, the end offset is the byte after the
iso data
Change-Id: Iebfbe6443c224a958a1697563aa8fb853d7aa8c2
Reviewed-on: https://code.wireshark.org/review/2541
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: Id06bd486114a80fb899f8dc148d48928e99e775e
Reviewed-on: https://code.wireshark.org/review/2602
Reviewed-by: Michael Mann <mmann78@netscape.net>
Since DTLS and TLS do not differ in handling ClientKeyExchange and
ServerKeyExchange, its dissection got moved to ssl-utils. The code is
based on the SSL dissector, with header field names adjusted to the
DTLS ones (those got capitalized). Besides a version difference (for
signatures), the header field and function names, the DTLS and SSL code
are equal (this is verified).
This patch refactors the dissectors for DHE_RSA and ECDHE to make use of
a common function to dissect the signed_params field. All offset
tracking is also removed in favor of exception handling by the
proto_tree_add_item function. Occurrences of proto_tree_add_uint are
also replaced by proto_tree_add_item for simplicity.
After those changes, the SKE dissector for DH key exchanges is updated
to handle the mandatory signature field in TLSv1.2, using the newly
added function. (bug 9208)
Another bug occurred after the length check removal, pre-TLS and
OpenSSL's old DTLS implemenation do not include a vector length in
the CKE. This is now also fixed. (bug 10222)
Other minor changes: comments added/corrected, renamed
keyex_dh -> keyex_dhe (includes DHE_RSA and DHE_DSS).
Bug: 9208
Bug: 10222
Change-Id: I76e835d56a65c91facce46840d79c1c48ce8d5dd
Reviewed-on: https://code.wireshark.org/review/2542
Reviewed-by: Evan Huus <eapache@gmail.com>
Remove no longer needed system includes
Change-Id: Id9ffffaa7da5185041db63fa7611d348a1cc4b68
Reviewed-on: https://code.wireshark.org/review/2577
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
Profling SIP shows that gperf generated hashing code, is
3 times faster than using GHashTable & g_str_hash/_equal()
This result in about 1% improve of whole dissection (sip traffic with filter).
Change-Id: Id6bf64bacd872e2d1c30a1b6356db444b25ba326
Reviewed-on: https://code.wireshark.org/review/2116
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When dissecting with columns TCP dissector spends
around 1/4 time in col_append_fstr(), add col_append_lstr()
and do formatting by ourselves.
Change-Id: If90bc26242761884b4991e8db0db62c8f9e32690
Reviewed-on: https://code.wireshark.org/review/2527
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Presumably that was the intent.
Change-Id: Icf8529a23a9a36e7f12e446d67f3867771b221d8
Reviewed-on: https://code.wireshark.org/review/2566
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I753ca95e2e1b38bad2c09955317e648c525e40ef
Reviewed-on: https://code.wireshark.org/review/2509
Tested-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
bug: 6071
Change-Id: If7b544a762df10ffc13aeaf8886cf74a1757c37c
Reviewed-on: https://code.wireshark.org/review/2512
Tested-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ib60ca75b7da8cfa21cfe2999c9b9448a02c332df
Reviewed-on: https://code.wireshark.org/review/2560
Tested-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Some binary logcat packets has more then one line, show them in
a convenient form.
Change-Id: I008aac6fe5589f2b10db51f7221853f9d79bbc7a
Reviewed-on: https://code.wireshark.org/review/2549
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Fix invalid structure casting by using defaults values,
this also fix DecodeAs for A2DP.
Do the same for VDP.
Change-Id: I360787af648ed65205eb54732ab6d88f8532cf15
Reviewed-on: https://code.wireshark.org/review/2551
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Some interfaces support multiple Bluetooth adapters with events like
add/remove. We must support that to distinquish adapters streams
in case that new adapter has the same id that old one.
Next one is create session for "Connection Handle", so
next layer will now when it is connected and disconnected.
This is also used to distinguish streams.
Change-Id: I9e062c8e4cc9c033b75f1a596e8351a215169843
Reviewed-on: https://code.wireshark.org/review/2548
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Hopefully, this will fix the warnings from the buildbot that entry_item
was used without being set.
Change-Id: Ibfd921bfbbad68cd8eafd1e3ad3d178cfca03d6e
Reviewed-on: https://code.wireshark.org/review/2547
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: Ieaa0fa5cdbe8dc8f50cf5b9ee432c786a8f9fc9a
Reviewed-on: https://code.wireshark.org/review/2540
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: Ia32c2f24df9392d1102fa1121ac93b1071bae7ca
Reviewed-on: https://code.wireshark.org/review/2538
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I6cbc5047b8d58ecbe41bf5392d31dc0adc81d5d5
Reviewed-on: https://code.wireshark.org/review/2537
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: Iec3bdfcb3cb14e97045789aec1e11288357d379d
Reviewed-on: https://code.wireshark.org/review/2536
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I4e60295208c2ac35a452f5fb3dffd090cc151473
Reviewed-on: https://code.wireshark.org/review/2535
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
(just copied the existing code)
Change-Id: Ia6dd9be9b39c3c16408e22181225c18d56ac6016
Reviewed-on: https://code.wireshark.org/review/2534
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
This fix does change the format printed for values using bitmasks
(because the bit values are printed first) and is not always wanted
in this dissectors (because of readability).
We should have a better way of doing what I want in this dissectors,
so I'll have a look at this later.
Change-Id: I2477aa6b1d0c42a7ad5848bba3cb74dce3bba1f0
Reviewed-on: https://code.wireshark.org/review/2485
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Hopefully that name makes it clear what the routiner's purpose is, and
will encourage people to use it rather than using dissector_add_uint()
with a bogus integer value.
Change-Id: Ic5be456d0ad40b176aab01712ab7b13aed5de2a8
Reviewed-on: https://code.wireshark.org/review/2483
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I6653b733dfd2c587909371e50fd0c2efc4649dcd
Reviewed-on: https://code.wireshark.org/review/2482
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I5762fb30f57d0f9bc3e5fc786577ed1cc49b64d7
Reviewed-on: https://code.wireshark.org/review/2481
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Hidden fields are deprecated, and we were hiding them inconsistently anyways.
Bug:10211
Change-Id: Iaf1576ae7bc04c0c0bd896c096b117f1b8af2e9e
Reviewed-on: https://code.wireshark.org/review/2474
Reviewed-by: Evan Huus <eapache@gmail.com>
Also ensured some files have their correct names at the top so they are more easily grepped
Change-Id: Ib0f5ddf14eb1616a93dee496107dc0eb09048825
Reviewed-on: https://code.wireshark.org/review/2452
Reviewed-by: Michael Mann <mmann78@netscape.net>
Essentially:
When more data is needed to continue dissecting a PDU, use
DESEGMENT_ONE_MORE_SEGMENT instead of repeatedly requesting
additional bytes (for one or a few more fields).
- Improves the efficiency of the dissection;
- Prevents 'one-pass' tshark dissection from redissecting
the PDU repeatedly many, many times with each time dissecting
the PDU with one or a few more additional fields.
This generated *lots* of (repeated) output since a reassembled
VNC PDU can contain many fields (each of short length).
- (A comment in packet-tcp.c states, in effect, that repeatedly
requesting a specific amount of more bytes to dissect a PDU
will "break reassembly" although I note that the reassembly did
seem to work (in-efficiently)).
Note: Although this patch improves the handling of reassembly, the
dissector has significant issues. For example. see Bug #5366.
I expect this fixes the Bug #10134 issue: "Cannot allocate memory";
Before the fix, 'tshark -nVxr' for the input file generated trees with
multiple hundreds of thousands of entries and generated reassembled
PDUs consisting of many, many small fragments.
Change-Id: I970037c346fbaa4bffa5726fd5bee5f69396eabf
Reviewed-on: https://code.wireshark.org/review/2471
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Also rename base protocol filter name to match prefix of all other fields
Change-Id: Iff234c1443252b9f8e6d87fd7a76925746b5e513
Reviewed-on: https://code.wireshark.org/review/2449
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Cleaned up filter names that were shared, but had different types (which can cause problems in a display filter compare)
Also cleaned up many [FIELDDESCR] that effectively mimicked the field name. Even more could probably be done (and/or rename field name to be more descriptive), but I was being conservative.
Change-Id: I2e072b4f411c390b9430a0a0d903133d6decae5e
Reviewed-on: https://code.wireshark.org/review/2448
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Don't manually fetch each character to find ',' use tvb_find_guint8()
Change-Id: I29711421469e868a86bf2edd7adf8dcc85ed26eb
Reviewed-on: https://code.wireshark.org/review/2446
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I59ad726c16d4a85dd065f4a21bdf5d86e47c82cd
Reviewed-on: https://code.wireshark.org/review/2451
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Reviewed-by: Michael Mann <mmann78@netscape.net>
(unknown length)
this fixes bug 9527
Change-Id: I255ae9662dfeea06e61e4b0891e0ea8eaa254d0f
Reviewed-on: https://code.wireshark.org/review/2462
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: Ie1a71046b791bcbbf3cf02ddd1c4ddc88b388302
Reviewed-on: https://code.wireshark.org/review/2461
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Check for all the different AF_INET6 values that are on various OSes.
If Totem is, and will forever be, used *ONLY* on one particular OS, feel
free to remove the uses of other _AF_INET6 values (but do *not* change
back to using the OS's AF_INET6; this should dissect the protocol
correctly on *all* OSes).
Add a common AF_INET definition to epan/aftypes.h while we're at it, and
use that; as most OSes picked up 4.2BSD's AF_INET value, most if not all
of them use 2, but IPv6 came out after 4.2BSD, and various OSes all
picked their own values for AF_INET6.
Change-Id: Iae15dfdd15203ed3ecd078a6499821dc09139a98
Reviewed-on: https://code.wireshark.org/review/2458
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: Ib3a1ddc4342a7a8648d6ed8bfcb35aa229c56a27
Reviewed-on: https://code.wireshark.org/review/2445
Reviewed-by: Michael Mann <mmann78@netscape.net>
At least now it does. (So does ep_address_to_str().)
Change-Id: I5fdf15ca42faac802fd21b4b6f5b750ed402bd05
Reviewed-on: https://code.wireshark.org/review/2442
Reviewed-by: Guy Harris <guy@alum.mit.edu>
ep_address_to_str() doesn't crash if called outside packet scope, but
it's still not correct to use outside packet scope. Use
address_to_str(NULL, ...) to allocate those strings, and then explicitly
free them when we're done; exceptions don't get thrown between the
allocate and free, so there's no risk of a leak.
Change-Id: Iea2af93b0757e648d399e2ba64249224eb7e9e3c
Reviewed-on: https://code.wireshark.org/review/2438
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Most (all?) of these functions are being called within GUI, so they can't have packet_scope, which is why they weren't already converted (I made this mistake once already)
This reverts commit 7fea55a054.
Change-Id: I4bf29b206e5e1f5daefcec131309a8f6e78e1eb1
Reviewed-on: https://code.wireshark.org/review/2428
Reviewed-by: Michael Mann <mmann78@netscape.net>
From Masatake YAMATO
changes in patch3 (Masatake YAMATO):
* Fix a typo(s/Sequnce/Sequence/)
* Use variable len instead of a number literal
* Put _U_ marker to length parameter of dissect_corosync_totemsrp_ip_address
* Use tvb_report_length instread of tvb_length
changes in patch5 (Masatake YAMATO):
* packet-corosync-totemsrp.c: Adapt to new dissector_try_heuristic interface
+ pass hdtbl_entry argument to dissector_try_heuristic.
* packet-corosync-totemnet.c: Initialize corosync_totemnet_port to 5405
changes in patch6 (Masatake YAMATO):
* packet-corosync-totemsrp.c: Use tvb_reported_length instead of tvb_length.
* packet-corosync-totemsrp.c: Remove unnecessary trailing space in string literals.
* packet-corosync-totemnet.c: Remove SVN Id tag in a comment.
changes in patch8 (Masatake YAMATO):
* packet-corosync-totemnet.c: Remove SVN Id tag in comment(again).
* packet-corosync-totemsrp.c: Use val_to_str_const instead of val_to_str.
changes in patch9 (Masatake YAMATO):
* wsutil/sober128.[ch]: New files derived from packet-corosync-totemnet.c.
Decryption code is moved here.
* packet-corosync-totemnet.c: Remove all decryption code from this file.
Change-Id: Id832d9c5ce1be1668c857c9bbf39e8a84c31880c
Reviewed-on: https://code.wireshark.org/review/725
Reviewed-by: Evan Huus <eapache@gmail.com>
I've avoided using any mathematical checks even though tlv type vals increase linearly just in case they change in the future.
Change-Id: I0ec7021df5b91543e12edf9ba8d9c4ac44ecb11c
Signed-off-by: Anish Bhatt <anish@chelsio.com>
Reviewed-on: https://code.wireshark.org/review/2193
Reviewed-by: Evan Huus <eapache@gmail.com>
No need to use dissector_add_uint() with a bogus value.
Change-Id: Ia5e51d199487ba14cd671c7df44231a0d407c50b
Reviewed-on: https://code.wireshark.org/review/2431
Reviewed-by: Guy Harris <guy@alum.mit.edu>
- Combine tvb_find_guint8() for comma, semicolon into one tvb_pbrk_guint8()
- Instead of fetching each character use tvb_pbrk_guint8() to fast
forward.
- Remove not needed tvb_find_guint8() call, as the result is discarded.
Change-Id: I38d6775b187146656d47cea9b64f8e0ccad18d36
Reviewed-on: https://code.wireshark.org/review/2384
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Separating the "try to guess whether there's a control word" type from
the "yes, there's a control word" and "no, there's not a control word"
types is just a huge UI botch.
Make it clearer that the default is "Ethernet pseudo-wire, try to guess
whether there's a control word".
Change-Id: I91cc526fc709ad102b22ca67f5a9d7c98fffa0cc
Reviewed-on: https://code.wireshark.org/review/2414
Reviewed-by: Guy Harris <guy@alum.mit.edu>
and will be verified by Jasper next week
Change-Id: I3cda397285e8174abb9c05b7aaf7c1bfabdfc71a
Reviewed-on: https://code.wireshark.org/review/2408
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
Instead, explicitly allocate and free the address string.
Using packet scope was causing test failures.
Change-Id: Ie18d2da44d2eec8a92a6a86b0ba883a5525f49cd
Reviewed-on: https://code.wireshark.org/review/2387
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This (if it works well) will let us do much more accurate out-of-order
detection, which is currently otherwise hardcoded to 3ms. Ask Jörg for details.
Change-Id: Ie0662723946edeaea1e43958bf7f5158f09dde71
Reviewed-on: https://code.wireshark.org/review/2367
Reviewed-by: Evan Huus <eapache@gmail.com>
Change-Id: Id292fd1b0fbff3a043e64296a88c78c1a5ac00d7
Reviewed-on: https://code.wireshark.org/review/2369
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I2274b97c74a845e6514e8acff136e55f721f11a8
Reviewed-on: https://code.wireshark.org/review/2354
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: Ie494a52fa73f7b91bc65da1bc36516f799ef4967
Reviewed-on: https://code.wireshark.org/review/2353
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
bit decoding for these values.
Change-Id: I7ab6c4badf5b66d6f434a47523e2b35730ecb65d
Reviewed-on: https://code.wireshark.org/review/2338
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
this can happen and cause invalid memory accesses with incorrectly-large padding
values
Bug:10187
Change-Id: Ib9b2a2fa10766efb4d95d588f57354a56373c626
Reviewed-on: https://code.wireshark.org/review/2325
Reviewed-by: Evan Huus <eapache@gmail.com>
Using dissect_nt_64bit_time it is not possible to access the created proto_item afterwards, hence the new function.
Change-Id: I39aca92536a53841045c30b601b6ec1a7d8bfb4e
Reviewed-on: https://code.wireshark.org/review/2160
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Select an appropriate gcrypt cipher based on ISAKMP encryption ID and
key length attribute. Fixes bug 10128.
Bug:10128
Change-Id: Ie74fc51eb9bfe6d68340056d3ef2ef28c7677fb8
Signed-off-by: Alex Badea <abadea@ixiacom.com>
Reviewed-on: https://code.wireshark.org/review/2296
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
There is a check that disables decryption for non-PSK authentication. It
has been around ever since its introduction in commit acfe071e (svn
r17229). As suggested in bug 7951, remove this check to allow decryption
for e.g. certificates authentication.
Bug: 7951
Change-Id: I5e98407d0f8dbabac2cdaf632cf0af403192872b
Signed-off-by: Alex Badea <abadea@ixiacom.com>
Reviewed-on: https://code.wireshark.org/review/2297
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Also make repetition_coding_indications[] standard terminated.
Change-Id: Ice20e1f27f5ab4d111f893608a230b83899efc9f
Reviewed-on: https://code.wireshark.org/review/2288
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>