The preferences are still supported for backwards compatibility, but the heuristic_protos file has final say on the "preference" to enable/disable a heuristic dissector.
Also add parameter to heur_dissector_add() for the "default" enable/disable of a heuristic dissector. With this parameter, a few more (presumably weak) heuristic dissectors have been "registered" but of course default to being disabled.
Change-Id: I51bebb2146ef3fbb8418d4f5c7f2cb2b58003a22
Reviewed-on: https://code.wireshark.org/review/9610
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This allows better presentation of heuristic dissectors to the end user.
Change-Id: I2ff3985ab914e83c2989880cc0c7b9904045b3f6
Reviewed-on: https://code.wireshark.org/review/9602
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Destroy the reassembly tables on exit, fix memleak in profinet
dissector.
Change-Id: Id34dbfde42fe715513997452f87cd4fdc328e294
Reviewed-on: https://code.wireshark.org/review/9229
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This optional attribute allows identifying separately orderable OEM parts used to built the device.
It consists of the following attributes:
Number Of Entries, IM Annotation, Vendor ID, IM Order ID, Serial Number, Hardware Revision, Software Revision
Change-Id: I793f6ecd798f93e7f40e8e1a42e42a7070a4a1c1
Reviewed-on: https://code.wireshark.org/review/8955
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
An IO device may define so called “combined objects”.
A particular combined object is a group of related submodules, e.g. an interface and its ports.
The Combined Object Container holds the parametrization for all submodules.
Change-Id: Ifb6c63d2c3a1d3cf2cf100a8f54cf0eafa84fe6c
Reviewed-on: https://code.wireshark.org/review/8853
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This make reading fiber optic diagnosis data possible.
Change-Id: I90b49443ffa1b69912d37cbf7a751328eec9d590
Reviewed-on: https://code.wireshark.org/review/8750
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
That eliminates a redundant and confusing data type, and avoids issues
with one piece of code using e_uuid_t but wanting to use routines
expecting an e_guid_t.
Change-Id: I95e172d46d342ab40f6254300ecbd2a0530cde60
Reviewed-on: https://code.wireshark.org/review/7506
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This reverts commit 0452f763fb. Changes should
have been made in ChannelProperties instead of Submodule state. Current
implementation merely *appears* to be correct as we are reading it as a two bit
value but instead should be addressing it as individual bits, little endian
Bug: 10753
Change-Id: Ia3bd088aeb376b8511d64352f62c4304e4129ba6
Reviewed-on: https://code.wireshark.org/review/6334
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Bug: 10753
Change-Id: Ib5522eba5c1d9107219ee2d70c96899ba6f22ca1
Reviewed-on: https://code.wireshark.org/review/6258
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ia144061dc8c394d9ae89135009d06457e2aabb7d
Reviewed-on: https://code.wireshark.org/review/6152
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ic839f2995532d68308f8b5908c185acc7acaaa9c
Mostly: remove '#include <glib/glib.h>' and certain
other #includes already included in packet.h
Reviewed-on: https://code.wireshark.org/review/5971
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Change-Id: I8cce9fddbfe950e27e96ea8a5a6d2e0921ff4260
Reviewed-on: https://code.wireshark.org/review/5933
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This allows dissector lists to be looked up by name, so they can be
shared by multiple dissectors.
(This means that there's no "udplite" heuristic dissector list, but
there shouldn't be one - protocols can run atop UDP or UDPLite equally
well, and they share a port namespace and uint dissector table, so they
should share a heuristic dissector table as well.)
Change-Id: Ifb2d2c294938c06d348a159adea7a57db8d770a7
Reviewed-on: https://code.wireshark.org/review/5936
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Profinet I/O and DCOM CBA had completely separate uses for the profinet_type member, so it's okay to separate them with different proto ids tracking the proto_data.
Change-Id: I7b9c01b8d4f74d51fe9f9ef2f957479dff0a7157
Reviewed-on: https://code.wireshark.org/review/5852
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I3b5afb8a59f6443624708b9fecfdcbe93dad59ef
Note: Some of the filters, when/if used, could have caused Wireshark crashes.
Reviewed-on: https://code.wireshark.org/review/5575
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Change-Id: Idd5818cbb2b1f8628bb29c2c71dfc6d41df89b5d
Reviewed-on: https://code.wireshark.org/review/5448
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
For now, this just pacifies fuzz-testing. If real world examples have this, there needs to be a drastic overhaul to support fields that could be either 32 or 64-bit values.
Bug:9329
Change-Id: I3e28808ca0291868a5f84258b0ee1e2a922703c2
Reviewed-on: https://code.wireshark.org/review/4189
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add static before function
Change-Id: Icb54ccf58e5752892e7217327380a0af7da45647
Reviewed-on: https://code.wireshark.org/review/3690
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I13924c5a2f056688a42cdee25654d82c056b5f97
Reviewed-on: https://code.wireshark.org/review/2974
Reviewed-by: Michael Mann <mmann78@netscape.net>
tvb_new_subset -> tvb_new_subset_remaining it appears that's what the intention is.
Change-Id: I2334bbf3f10475b3c22391392fc8b6864454de2d
Reviewed-on: https://code.wireshark.org/review/1999
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
which can be used to call the found heuristic dissector on the next pass.
Introduce call_heur_dissector_direct() to be used to call a heuristic
dissector which accepted the frame on the first pass.
Change-Id: I524edd717b7d92b510bd60acfeea686d5f2b4582
Reviewed-on: https://code.wireshark.org/review/1697
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Added DCP decoding of reset to factory
removed unused value_strings
corrected decoding of PDSubFrameBlock
most of the length display added a dec_hex display
Signed-off-by: Widok <kellingwido@aol.com>
Change-Id: I17b59b45eff37b65047a7a3e5e275f01a37ee616
Reviewed-on: https://code.wireshark.org/review/517
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
I'm not sold on the name or module the proto_data functions live in, but I believe the function arguments are solid and gives us the most flexibility for the future. And search/replace of a function name is easy enough to do.
The big driving force for getting this in sooner rather than later is the saved memory on ethernet packets (and IP packets soon), that used to have file_scope() proto data when all it needed was packet_scope() data (technically packet_info->pool scoped), strictly for Decode As.
All dissectors that use p_add_proto_data() only for Decode As functionality have been converted to using packet_scope(). All other dissectors were converted to using file_scope() which was the original scope for "proto" data.
svn path=/trunk/; revision=53520
All "generated" source was manually modified (with the power of search/replace), but I believe the "source input" files have been adjusted (checked into revs 53098 and 53099) to reflect the necessary changes (with possible whitespace formatting differences).
The Microsoft compiler doesn't flag "unused function parameters", so I apologize in advance if I may have missed a few. The "dcerpc_info* di" parameter is used in almost every function.
svn path=/trunk/; revision=53100
- when the text parameter is constant col_add_str() and col_set_str() are equivalent but col_set_str() is faster.
- same for replace col_append_fstr and col_append_str
- remove col_clear() when it's redundant:
+ before a col_set/col_add if the dissector can't throw an exception.
- replace col_append() after a col_clear() with faster col_add... or col_set
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9344
svn path=/trunk/; revision=52948
NOTE: Some of the expert group values may need to be checked, PI_UNDECODED doesn't always seem like the right choice. I thought PI_PROTOCOL should be used more.
This concludes the conversion expert_add_info_format for all dissectors (where the function isn't commented or #defined out). Onto the "internal" (epan/lua) uses of the call.
svn path=/trunk/; revision=51841
my assumption is that this was a typo
check should be for u8BlockVersionLow>2
there's code to handle u8BlockVersionLow 0, 1 and 2
svn path=/trunk/; revision=48805
Michael Mann