pinfo memory pool, they have exactly the same scope. Simplification and minor
performance win (one GHashTable we longer have to create/destroy on every
packet).
svn path=/trunk/; revision=53076
for FT_UINT_STRINGs and FT_UINT_BYTEs is still in the TVB. Any infinite loop
that adds a counted field ought to be extracting the length for its own offset
anyways, in which case it will overflow on the next iteration and won't actually
loop forever.
svn path=/trunk/; revision=52766
This time it makes more sense, cause for each dissection we need two wmem allocators.
Reseting wmem allocator is much faster than destroy & create.
svn path=/trunk/; revision=52706
proto_tree_add_item was valid *before* we short-circuited based on a NULL tree.
This was good in that it removed a common source of really-long-loop bugs. It
was less good in that it cost us about 8% in speed when doing a tree-less
dissection, but we decided the tradeoff was worth it.
After Anders' recent mail to -dev about performance, I started thinking about
how to optimize this. It occurred to me that the vast majority of the logic
involved in the check was dealing with the length value - fetching the actual
length if it was a counted string, calculating the length if it was -1, adding
the length to the offset in a way that was free from overflows, etc.
All of this is (theoretically) unnecessary - simply checking the offset without
worrying about the length will still catch the very-long-loops, since it is the
offset that increases in each iteration, not the length.
All that to justify:
- implement tvb_ensure_offset_exists which throws an exception if the offset is
not within the tvb
- use it instead of all the complicated other logic in the pre-short-circuit
step of proto_tree_add_item and friends
This gives us back about 3/4 of the performance we lost in the original patch.
We're still ~2% slower than without any check, but this is the best I can think
of right now.
svn path=/trunk/; revision=52578
tree_data and reference it directly when allocating/freeing tree items. This
lets us keep multiple around when we need them, and still lets us use
wmem_free_all for a major speedup. It also, coincidentally, lets us get rid of
the annoying fi_tmp hack that was needed before, since that element gets swept
up in the free_all with everything else.
Keep one pool cached to avoid creating/destroying a pool for each packet,
another minor performance win.
The various changes in approach seem to balance out pretty much exactly, this
still gives ~11% over pre-52569.
svn path=/trunk/; revision=52573
field_info separately. We still have to walk the tree in order to free certain
fvalues, but that's not a big deal. Another ~11% speed-up running "tshark -nVr"
on a large capture.
svn path=/trunk/; revision=52569
Even without making use of free_all (which should be possible) this still
results in ~8% speedup running "tshark -nVr" on a large file in my tests.
svn path=/trunk/; revision=52568
explicit, and frees up the "generic" names (like tvb_memdup) for new signatures
that take the appropriate wmem pool.
Majority of the conversion done with sed.
svn path=/trunk/; revision=52164
For those with dissectors outside the source tree, please see tools/convert_expert_add_info_format.pl for help with the conversion. Please do not use expert_add_info_format_internal, as it's support time will be very short lived.
svn path=/trunk/; revision=51844
- (for now) keep ABI, restore prototype of old proto_tree_add_item, add new proto_tree_add_item_new
- add few helpers for boolean, time, string which will do ->id
- don't use HFI_INIT directly, use it by another macro (MSVC has very small limit for section name)
svn path=/trunk/; revision=51401
overloaded use of the DISPLAY field). Thanks to Jakub for pointing out I'd done
this wrong the first time (months ago in r49357).
Fixes severity display for collectd protocol, originally filed at:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8472
svn path=/trunk/; revision=50935
isn't necessarily going to be zero if the item is big-endian.
The last argument to test_length() is an encoding, not a big-endian vs.
little-endian Boolean; name it appropriately.
This fixes bug 8953.
svn path=/trunk/; revision=50806
- Merge _UINT / _INT into one case
- fix possible generation of wrong expression ("some_integer") for unknown value in BASE_NONE field
svn path=/trunk/; revision=50548
Apply the fix for https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3290
to proto_tree_add_bits_item(). That is, test that we have offset+length bytes
left in the TVB before trying to fake the item.
svn path=/trunk/; revision=50504
Right now we have about 36K of ett items, and tree_is_expanded takes: 144K of memory (36K*sizeof(gboolean))
By making tree_is_expanded bit array, it reduce size to 4.5K (36K/8)
svn path=/trunk/; revision=50434
Now proto_data_add_maybe_interesting_field:
- it actually add field_info to interesting hash_tree
- accept only required parameters
- is called only by proto_tree_add_node
svn path=/trunk/; revision=50321
Right now for proto_tree_add format & _format_value TRY_TO_FAKE_THIS_ITEM() is called twice
one from 'format' function, second time from 'no format' function.
This reduces size of .text by 10K:
text data bss dec hex filename
76012 112 56 76180 12994 proto-after.o
86324 112 56 86492 151dc proto-before.o
svn path=/trunk/; revision=50318
Rename the "is_int" argument to fill_label_number() to make it clearer
what it indicates, i.e. whether the number is signed or unsigned.
svn path=/trunk/; revision=50224
Create generic int/uint fill functions from hfinfo_[u]int_value_format.
XXX: to be honest I don't get it why if dev picked up BASE_DEC_HEX and has value string we're truncating it to BASE_DEC...
svn path=/trunk/; revision=50197
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3290
(TRY_TO_FAKE_THIS_ITEM disables bounds errors):
Before calling TRY_TO_FAKE_THIS_ITEM() check if the length given (or, in
the case of FT_UINT_{STRING,BYTES}, the length we retrieve from the TVB)
exceeds what's left in the TVB.
Do this only for proto_tree_add_item() for now (it's the most commonly used
and thus the biggest trouble maker in this area).
Similar changes for other APIs will come later (if nothing blows up). Despite
the fuzz failures this bug has caused I'm not sure about back-porting it...
svn path=/trunk/; revision=49644
Expert info "fields" can now be registered/addressed by name. Right now, the basic framework allows expert info fields to become "display filters". However more could be done, like user preferences overriding default severity level, speeding up expert info dialog load time by not needing to redissect a file, etc.
Long term goal is to have all expert_info filterable and have the functionality of expert_add_info_format() include the "registered index". expert_add_info_format_text() is the workaround until all current calls to expert_add_info_format() have been updated with either expert_add_info() or expert_add_info_format_text(). Then the remaining expert_add_info_format_text() will be renamed to expert_add_info_format().
svn path=/trunk/; revision=49559
Starting with collectd 5.0, the representation of time has changed. The new
fields "TIME_HR" and "INTERVAL_HR" contain the seconds since the epoch in steps
of 2^{-30} seconds (roughly nanosecond precision). This patch adds support for
both time formats.
From me:
Permit using 64-bit integers with value-strings, as this protocol actually
seems to needs it. We'll misbehave for named values > 2^32 but there aren't any
of those despite the field being 64 bits.
svn path=/trunk/; revision=49357
was done using textual search+replace, not anything syntax-aware, so presumably
it got most comments as well (except where there were typos).
Use a consistent coding style, and make proper use of the WS_DLL_* defines.
Group the functions appropriately in the header.
I ended up getting rid of most of the explanatory comments since many of them
duplicated what was in the value_string.c file (and were out of sync with the
recent updates I made to those in r48633). Presumably most of the comments
should be in the .h file not the .c file, but there's enough churn ahead that
it's not worth fixing yet.
Part of https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8467
svn path=/trunk/; revision=48634
glib memory slices.
- We weren't doing anything with the emem slab that couldn't be done with glib
slices.
- Removes a fair bit of code as well as one debugging environment variable.
- Glib slices are much cache-friendlier and are multi-threading friendly (if
we ever go there).
- Allows glib to actually return slices to the OS on occasion. The emem slab
would hold onto its memory forever which resulted in a great deal of wasted
memory after closing a large file.
svn path=/trunk/; revision=48218
This patch adds a new public API, proto_tree_add_bitmask_len(), identical to
proto_tree_add_bitmask() but using a caller-supplied length rather than an
inferred one. The underlying proto_item_add_bitmask_tree() code is modified
to display only fields for which all defined bits are available, and to
ignore bits that have no corresponding defined field ("forward compatibility"
cases).
From me: minor edits, see the bug for more details.
svn path=/trunk/; revision=48049
epan/show_exception.c, as it's used outside
epan/dissectors/packet-frame.c. Update their callers to include
<epan/show_exception.h> to get their declaration.
Add a CATCH_NONFATAL_ERRORS macro that catches all exceptions that, if
there's more stuff in the packet to dissect after the dissector call
that threw the exception, doesn't mean you shouldn't go ahead and
dissect that stuff. Use it in all those cases, including ones where
BoundsError was inappropriately being caught (you want those passed up
to the top level, so that the packet is reported as having been cut
short in the capture process).
Add a CATCH_BOUNDS_ERRORS macro that catches all exceptions that
correspond to running past the end of the data for a tvbuff; use it
rather than explicitly catching those exceptions individually, and
rather than just catching all exceptions (the only place that
DissectorError should be caught, for example, is at the top level, so
dissector bugs show up in the protocol tree).
Don't catch and then immediately rethrow exceptions without doing
anything else; just let the exceptions go up to the final catcher.
Use show_exception() to report non-fatal errors, rather than doing it
yourself.
If a dissector is called from Lua, catch all non-fatal errors and use
show_exception() to report them rather than catching only
ReportedBoundsError and adding a proto_malformed item.
Don't catch exceptions when constructing a trailer tvbuff in
packet-ieee8023.c - just construct it after the payload has been
dissected, and let whatever exceptions that throws be handled at the top
level.
Avoid some TRY/CATCH/ENDTRY cases by using checks such as
tvb_bytes_exist() before even looking in the tvbuff.
svn path=/trunk/; revision=47924
apply/match-related actions. Have matchSelectedFilter figure out our
filter strings, which lets us remove duplicate code in the apply/match
action slots. Remove some leftover code from an experiment.
Adjust the temporary message colors in the status bar and label stack.
Add a NULL check to construct_match_selected_string.
svn path=/trunk/; revision=46449
ABORT_ON_DISSECTOR_BUG is set and we pass MAX_TREE_ITEMS.
If ABORT_ON_DISSECTOR_BUG is set and we get an unregistered hf, generate
an explanatory message (and a core).
svn path=/trunk/; revision=46323
chapter 3 has redefined to mean years *after* 2036) were being represented as
times prior to 1968.
This has been broken since r35840 (apparently not many people see NTP
timestamps beyond 2036 :-)): apparently I over-optimized packet-ntp's code
while copying it into proto.c: that temporary variable is necessary for the
unsigned math to happen correctly before assigning the result to the (signed)
time_t.
Leave a comment in the code indicating why the temporary variable is needed.
Copy that comment to packet-ntp.c.
Fix the same problem in ntp_to_nstime(): it also did not use the temporary variable.
svn path=/trunk/; revision=45790
- initialize edt once in few places, and later reset it after dissecting
(add_packet_to_packet_list),
- revert r45667, probably no longer needed.
svn path=/trunk/; revision=45669
Don't pass string-related encoding flags to get_uint_value() when handling
FT_UINT_STRING fields. This was causing all such fields with non-ASCII
encodings to use little-endian encoding, even when OR-ed with ENC_BIG_ENDIAN.
(not actually the topic of the above bug, but discovered during LLRP protocol
testing, which was the topic of the above bug)
svn path=/trunk/; revision=44619
add an expert item. For unusable lengths throw ReportedBoundsError but
try to continue on otherwise.
Based on a patch from Mike Morrin in bug 3884.
svn path=/trunk/; revision=44439
lets us pass a NULL pinfo to expert_add_info_format() and
expert_add_undecoded_item(), which makes it possible to use those
routines deep in the bowels of many dissectors. As a proof of concept
remove the recent pinfo additions to packet-afp.c. This should also make
it easier to fix bug 3884.
svn path=/trunk/; revision=44435
Since the tree will only be NULL here if someone messed up in proto.c and
since pi will only be NULL if tree is NULL, assert out if either of them are
NULL (don't use DISSECTOR_ASSERT() since such a condition wouldn't be the
dissector writer's fault).
Use TRY_TO_FAKE_THIS_REPR in ptvcursor_add_text_with_subtree().
We've had TRY_TO_FAKE_THIS_REPR for a long time now, don't wrap it in #if 1.
new_field_info() doesn't return NULL so don't check for it returning NULL in
ptvcursor_add().
svn path=/trunk/; revision=44322
Note: this shows up when doing 'tshark -G values'.
BASE_EXT_STRING with a missing extended string does *not* cause issues
with the normal display code:
ToDo (eventually): Add some code to enforce requirement that hf[] entries with BASE_EXT_STRING
(or BASE_RANGE_STRING) set must also have a 'strings' value.
svn path=/trunk/; revision=43150
g_strlcpy() always return the size of strlen(src), so in case of truncation it could happen that offset_r > size or offset_e > size.
Fix it by adding new function protoo_strlcpy() which returns how many bytes was copied to dest buffer.
svn path=/trunk/; revision=42676
same, and that the routines to get "Unicode" strings are really doing
UCS-2 (and not doing anything about code values that aren't valid in
UCS-2 strings).
Have tvb_get_ephemeral_string_enc() separate cases for ASCII and UTF-8,
even though they're *currently* treated the same.
For FT_UINT_STRING, treat an encoding value of TRUE as meaning
"little-endian ASCII"; pass all other encodings through to
tvb_get_ephemeral_string_enc().
svn path=/trunk/; revision=42592
removes a potential buffer overflow and should fix a bunch of Coverity
errors mentioned in bug 6878.
We might want to do the same for no_of_bits.
svn path=/trunk/; revision=41945
The attached patches add the ability to dissect split bit-strings as discussed under bug 6797.
proto_tree_add_split_bits_ret_val()
proto_tree_add_split_bits_crumb()
svn path=/trunk/; revision=41246
descriptions. Captitalize and fix up the descriptions. Use its output to
create the field type list in the wireshark-filter man page.
svn path=/trunk/; revision=40306
OOPS: ',' in 'tpncp.fxs_ana,og_voltage_beading'
Now:
Invalid character ',' in filter name 'tpncp.fxs_ana,og_voltage_beading'
svn path=/trunk/; revision=40256
dissectors, because it does not work as expected and causes an assert.
Added generic splash updates for python register and handoff instead.
This should fix bug 5431.
svn path=/trunk/; revision=39221
make FT_STRING and FT_UINT_STRING handle string encodings.
Get rid of FT_EBCDIC in favor of FT_STRING with ENC_EBCDIC.
Add some URLs for DRDA.
Clean up some stuff in TN3270 and TN5250, including using ENC_ values
for proto_tree_add_item().
svn path=/trunk/; revision=37909
values, and use them in the MQ dissector, so EBCDIC strings are
displayed as such.
Fix up some other final arguments to proto_tree_add_item().
svn path=/trunk/; revision=37872
"You cannot just make the "len" field of a GByteArray larger, if there's
no data to back that length; you can only make it smaller."
Two equal values are always equal!
This fixes bug 5941.
svn path=/trunk/; revision=37783
any conflicting entries. i.e. lots of value_strings have repeated items, but
for now only warn for cases where the same numeric value appears with a
different string.
Because this will slow down startup and output distracting warnings, it has been
#if 0'd out for now. As discussed on the dev mailing list, it'd be good to
create a #define for developer/non-release builds so that tests such as this
can regularly be run.
svn path=/trunk/; revision=37274
* Remove proto_tree_add_eui64 function from 802.15.4 Dissector
* Replace print_eui64/print_eui64 by eui64_to_str/get_eui64_name
* Update Documentation (README.dev)
* Add new function in libwireshark.def
* Support of encoding for tvb_eui64_to_str
* Use FT_EUI64 for ICMPv6, CAPWAP, Zbee ... dissector
svn path=/trunk/; revision=37015
so that if the start_ptr is NULL the bytes are extracted from the given TVB
using the given offset and length.
Replace a bunch of:
proto_tree_add_bytes_format*(tree, hf, tvb, offset, length, tvb_get_ptr(tvb, offset, length), [...])
with:
proto_tree_add_bytes_format*(tree, hf, tvb, offset, length, NULL, [...])
svn path=/trunk/; revision=35896