This patch introduces new APIs to allow dissectors to have a preference for
a (TCP) port, but the underlying data is actually part of Decode As functionality.
For now the APIs are intentionally separate from the regular APIs that register a
dissector within a dissector table. It may be possible to eventually combine the
two so that all dissectors that register with a dissector table have an opportunity
to "automatically" have a preference to adjust the "table value" through the
preferences dialog.
The tcp.port dissector table was used as the guinea pig. This will eventually be
expanded to other dissector tables as well (most notably UDP ports). Some
dissectors that "shared" a TCP/UDP port preference were also converted. It also
removed the need for some preference callback functions (mostly when the callback
function was the proto_reg_handoff function) so there is cleanup around that.
Dissectors that has a port preference whose default was 0 were switched to using
the dissector_add_for_decode_as_with_preference API rather than dissector_add_uint_with_preference
Also added comments for TCP ports used that aren't IANA registered.
Change-Id: I99604f95d426ad345f4b494598d94178b886eb67
Reviewed-on: https://code.wireshark.org/review/17724
Reviewed-by: Michael Mann <mmann78@netscape.net>
Have all dissector tables have a "supports Decode As" flag, which
defaults to FALSE, and which is set to TRUE if a register_decode_as()
refers to it.
When adding a dissector to a dissector table with a given key, only add
it for Decode As if the dissector table supports it.
For non-FT_STRING dissector tables, always check for multiple entries
for the same protocol with different dissectors, and report an error if
we found them.
This means there's no need for the creator of a dissector table to
specify whether duplicates of that sort should be allowed - we always do
the check when registering something for "Decode As" (in a non-FT_STRING
dissector table), and just don't bother registering anything for "Decode
As" if the dissector table doesn't support "Decode As", so there's no
check done for those dissector tables.
Change-Id: I4a1fdea3bddc2af27a65cfbca23edc99b26c0eed
Reviewed-on: https://code.wireshark.org/review/17402
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Many of the complaints from checkAPI.pl for use of printf are when its embedded
in an #ifdef and checkAPI isn't smart enough to figure that out.
The other (non-ifdef) use is dumping internal structures (which is a type of
debug functionality)
Add a "ws_debug_printf" macro for printf to pacify the warnings.
Change-Id: I63610e1adbbaf2feffb4ec9d4f817247d833f7fd
Reviewed-on: https://code.wireshark.org/review/16623
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This will make it easier to determine protocol dependencies.
Some LLC OUI dissector tables didn't have an associated protocol, so they were left without one (-1 used)
Change-Id: I6339f16476510ef3f393d6fb5d8946419bfb4b7d
Reviewed-on: https://code.wireshark.org/review/14446
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bound the recursion depth to avoid a stack overflow while parsing a
deeply nested constructed string.
Call chain before this patch:
- dissect_ber_octet_string
- dissect_ber_constrained_octet_string
- reassemble_octet_string (called for constructed types)
- dissect_ber_octet_string *recursion*
After this patch, the reassemble_octet_string will throw if the maximum
recursion depth is reached.
Bug: 11822
Change-Id: I6753e3c9f5dcbfab0e4c174418b2c7eb784d64d2
Reviewed-on: https://code.wireshark.org/review/14108
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When a set is empty, only a terminator (ber_sequence_t with NULL func)
is present. In that case, do not try to find more values as that will
never succeed.
Bug: 12106
Change-Id: I26cd4ba84a9580e92d5921592a27c2af17c0bebf
Reviewed-on: https://code.wireshark.org/review/14028
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
packet-per.c:959:6: warning: Access to field 'aligned' results in a dereference of a null pointer (loaded from variable 'actx')
packet-ber.c:1606:29: warning: Access to field 'pinfo' results in a dereference of a null pointer (loaded from variable 'actx')
packet-ber.c:1612:24: warning: Access to field 'created_item' results in a dereference of a null pointer (loaded from variable 'actx')
packet-ber.c:3156:41: warning: Access to field 'pinfo' results in a dereference of a null pointer (loaded from variable 'actx')
packet-ber.c:3182:24: warning: Access to field 'created_item' results in a dereference of a null pointer (loaded from variable 'actx')
Change-Id: Ibae00dc29a869701fe903a5b0c9944279aaa3df7
Reviewed-on: https://code.wireshark.org/review/13936
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
'const gpointer' is the same as 'void *const'. Replace with gconstpointer
where straightforward (assuming that was the intent) and use gpointer everywhere
else for clarity (that does not change *API* constness contract; it just means
a variable is not declared immutable inside the called funtion).
Change-Id: Iad2ef13205bfb4ff0056b2bce056353b58942267
Reviewed-on: https://code.wireshark.org/review/13945
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
That removes most of the uses of the frame number field in the
frame_data structure.
Change-Id: Ie22e4533e87f8360d7c0a61ca6ffb796cc233f22
Reviewed-on: https://code.wireshark.org/review/13509
Reviewed-by: Guy Harris <guy@alum.mit.edu>
There are no longer any "old" dissectors, so "new_" is redundant.
Change-Id: I5fee51228c2a8562166f5991e1f30c2c697e45c8
Reviewed-on: https://code.wireshark.org/review/13273
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I8512cfa1d424f82a873a0e0e1d22c7b075fdd7f3
Reviewed-on: https://code.wireshark.org/review/13069
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This includes:
1. new_create_dissector_handle -> create_dissector_handle
2. new_register_dissector -> register_dissector
3. new_register_ber_oid_dissector -> register_ber_oid_dissector
4. new_register_ber_syntax_dissector -> register_ber_syntax_dissector
Also remove PDU_NEW, SYNTAX_NEW and REGISTER_NEW as there is no need for the distinction anymore.
Change-Id: I82c7de7c8ffeeab3259d1b55bb4afc5f6a1e0329
Reviewed-on: https://code.wireshark.org/review/12491
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ie39ef054a4a942687bd079f3a4d8c2cc55d5f22c
Reviewed-on: https://code.wireshark.org/review/12485
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Some of the ASN.1 dissectors still generate a new_create_dissector_handle from the tool itself, so leave those for now.
Change-Id: Ic6e5803b1444d7ac24070949f5fd557909a5641f
Reviewed-on: https://code.wireshark.org/review/12484
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Both old and new style API existed, just remove the "old" one.
Change-Id: If725e778a0ecad5a431d634ed5c4856b4a281013
Reviewed-on: https://code.wireshark.org/review/12107
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The target here is the Decode As dialog where protocols have multiple registrations into a dissector table and that shows up as multiple entries in the Decode As dialog list with the same name so users are unsure which "dissector" they are choosing.
The "default" behavior (done in this commit) is to not allow duplicates for a dissector table, whether its part of Decode As or not. It's just ENFORCED for Decode As.
Bug: 3949
Change-Id: Ibe14fa61aaeca0881f9cc39b78799e314b5e8127
Reviewed-on: https://code.wireshark.org/review/11405
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This callback was added by a mistake when adding support for
P3 over RTSE in commit 0a6d1f98.
Change-Id: Ifff0bed3b2a2a0fd2354f9c6b7072de3303dae27
Reviewed-on: https://code.wireshark.org/review/11500
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
In the past large integers would be displayed as text, later on this
was changed into a "proper" header field. In most cases you do not want
to see "ber.64bit_uint_as_bytes" though, but the original field name.
This patch allows fields that are marked as FT_BYTES to be displayed
with their original header field details (name, description, etc.).
Change-Id: I4ab1a4cce649a225c73298fbf4dcf1692c693a03
Reviewed-on: https://code.wireshark.org/review/10539
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This patch adds reassembly_table_destroy calls as cleanup function for
dissectors which have a simple init routine that just calls
reassembly_table_init (comments are ignored).
The changes were automatically generated using
https://git.lekensteyn.nl/peter/wireshark-notes/diff/one-off/cleanup-rewrite.py?id=4cc0aec05dc67a51926a045e1955b7a956757b5e
(with the if and assignment parsers disabled).
The only difference from the autogenerated output is that the XXX
comments from the init routines in smb-pipe and tds dissectors are kept.
Change-Id: I64aedf7189877247282b30b0e0f83757be6199e7
Reviewed-on: https://code.wireshark.org/review/9222
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fixes this UBSan warning:
epan/dissectors/packet-ber.c:1917:23: runtime error: left shift of
54645397829836991 by 8 places cannot be represented in type
'long int'
Integers are two's complement, so really just cast it to unsigned to
avoid undefined behavior and still set the upper bit.
Change-Id: Ia5d080ae8b9dd39aef5e700daeede5c235b425ea
Reviewed-on: https://code.wireshark.org/review/8908
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The start_ptr parameter was missing.
Bug: 11264
Fixes: 8ccf65bfb2 Eliminate proto_tree_add_text from a few dissectors.
Change-Id: I52a59fe572cd1d0da8c6eb64e703752f5e352ed6
Reviewed-on: https://code.wireshark.org/review/8878
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Peter Wu <peter@lekensteyn.nl>
Change-Id: Ia6b62fae76ae76a2859ec47229e1c299bddb5a31
Reviewed-on: https://code.wireshark.org/review/8749
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Resolve mixed space/tab issue in the RTSE and BER dissectors and included modelines in both templates.
Change-Id: I4b75bad94ed111d0faee205e026b2322b7dafbd1
Reviewed-on: https://code.wireshark.org/review/6932
Reviewed-by: Michael Mann <mmann78@netscape.net>
There are a few oid functions that are only called in oids_test.c. I'll presume the APIs are used in proprietary dissectors rather than just remove them.
Change-Id: I4595e00f93bf9ab8cf2493fe0432b91960f55a3f
Reviewed-on: https://code.wireshark.org/review/6592
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Michael Mann <mmann78@netscape.net>
- Use report_...failure() (in most cases).
- Also: Do some misc fixes in certain disectors
- re-arrange order of #includes
- Fixup preferences help text
Change-Id: I385f6f97257f365f53ce611df02f57f9257dc5f9
Reviewed-on: https://code.wireshark.org/review/6039
Petri-Dish: Bill Meier <wmeier@newsguy.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Specifically:
- Set packet.h to be the first wireshark #include after
config.h and "system" #includes.
packet.h added as an #include in some cases when missing.
- Remove some #includes included (directly/indirectly) in
packet.h. E.g., glib.h.
(Done only for those files including packet.h).
- As needed, move "system" #includes to be after config.h and
before wireshark #includes.
- Rework various #include file specifications for consistency.
- Misc.
Change-Id: Ifaa1a14b50b69fbad38ea4838a49dfe595c54c95
Reviewed-on: https://code.wireshark.org/review/5923
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Both exponent and 'integer N' values are limited:
* max exponent is 3 octets/24-bits
* max integer N is 8 octets/64-bit
Tested with zero value/length, integers, doubles, positive and negative numbers all using the Basic Encoding Rules (BER)
Change-Id: If92e1b3e209c42909b8cb76e6f50b8e6cd1da0da
Reviewed-on: https://code.wireshark.org/review/5527
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The code checks whether the tag AND class are matching with their expected values, but only the tag information is shown in the error message.
When the class is not matching, the error message shows the given and expected tags which are the same, confusing the user what is wrong with it.
Furthermore, the messages for SEQUENCE and SEQUENCE OF are made the same/similar.
Change-Id: I6c1d0968c903105ec7f6e0648d589a4263a8ca18
Reviewed-on: https://code.wireshark.org/review/5162
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Change-Id: I6d3125f15d268edd47ef74dd655eb86cb25ee52d
Reviewed-on: https://code.wireshark.org/review/5047
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This will register BER PDU-dissectors as "new".
Return number of bytes dissected from dissector_try_* functions.
Return number of bytes dissected in DissectorTable:try()
This will make it possible to get dissected length when using
dissector_try_*() and dissected ASN.1 length in Lua when using
DissectorTable:try() (as we already have for Dissector:call).
Change-Id: Iee17a68dc214fa0fb50b25fc927026ad7c1cbce4
Reviewed-on: https://code.wireshark.org/review/4531
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Stig Bjørlykke <stig@bjorlykke.org>
This will register BER PDU-dissectors as "new".
Return number of bytes dissected from dissector_try_* functions.
Return number of bytes dissected in DissectorTable:try()
This will make it possible to get dissected length when using
dissector_try_*() and dissected ASN.1 length in Lua when using
DissectorTable:try() (as we already have for Dissector:call).
Change-Id: I8802a812bd484c1e8794c618b87e676003aea94a
Reviewed-on: https://code.wireshark.org/review/4493
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Stig Bjørlykke <stig@bjorlykke.org>
Add a routine ber_tvb_new_subset_length() used to construct tvbuffs for
parts of the packet, and have it check the specified length against the
*reported* length. NOTE: that routine should really take an item and an
expert info value as arguments and, if the length is greater than the
remaining packet length, add an expert info for that.
Also, when counting items in a SEQUENCE-OF:
keep track of whether we succeeded in counting them, and report
an "unknown number of items" if we didn't;
if the length of an item in the SEQUENCE-OF is so big we get an
overflow, just bail out of the count loop and indicate that we
didn't succeed in counting them - let the error be reported in
the process of dissection.
Change-Id: I32172737baaed35fc9a0e6c19a727a6ac71ddfb2
Reviewed-on: https://code.wireshark.org/review/4103
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Fix some indentation while we're at it.
Change-Id: I887af6e7507e1cd3c7e2b5bb5124d913aea01f9c
Reviewed-on: https://code.wireshark.org/review/3552
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: Ib60ca75b7da8cfa21cfe2999c9b9448a02c332df
Reviewed-on: https://code.wireshark.org/review/2560
Tested-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Hopefully that name makes it clear what the routiner's purpose is, and
will encourage people to use it rather than using dissector_add_uint()
with a bogus integer value.
Change-Id: Ic5be456d0ad40b176aab01712ab7b13aed5de2a8
Reviewed-on: https://code.wireshark.org/review/2483
Reviewed-by: Guy Harris <guy@alum.mit.edu>
this can happen and cause invalid memory accesses with incorrectly-large padding
values
Bug:10187
Change-Id: Ib9b2a2fa10766efb4d95d588f57354a56373c626
Reviewed-on: https://code.wireshark.org/review/2325
Reviewed-by: Evan Huus <eapache@gmail.com>
This makes it possible to dissect part of a package as ASN.1.
Change-Id: I53dd6bc916fa0d2c932d77fef437c2094fdd29ed
Reviewed-on: https://code.wireshark.org/review/2238
Reviewed-by: Evan Huus <eapache@gmail.com>
tvb_new_subset -> tvb_new_subset_remaining it appears that's what the intention is.
Change-Id: I2334bbf3f10475b3c22391392fc8b6864454de2d
Reviewed-on: https://code.wireshark.org/review/1999
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
There appear to be a couple of bugs in the flow control of this function (which
is very confusing), at least one of which is leading to a buffer overrun. See
the bug comments for more details and guesses of what the correct thing to do
is.
Bug:9579
Change-Id: Ibd3077792c7689a715ea53e8bf8c7a561c67389f
Reviewed-on: https://code.wireshark.org/review/1530
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
This should complete the transition to the "New" type.
Change-Id: I882b088206c6e6d0592159451c943caeaf5b90ec
Reviewed-on: https://code.wireshark.org/review/1202
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This squelches some run-time dissector asserts.
Change-Id: I0ce33c4eb6e9c3bd371e47363a981e9a7a0dc789
Reviewed-on: https://code.wireshark.org/review/997
Reviewed-by: Guy Harris <guy@alum.mit.edu>
For various string types defined in X.680, use the appropriate encoding,
or ENC_ASCII|ENC_NA in some cases where we don't have an appropriate
encoding yet.
This most significantly fixes the handling of BMPString and
UniversalString, which are supersets of ASCII (Unicode Basic
Multilingual Plane and Unicode, respectively), but don't encode ASCII
characters as single octets. It also fixes UTF8String to, well,
properly recognize UTF-8.
This also lets us get rid of the special handling of SyntaxBMPString in
X.509sat (and, in fact, *requires* us to get rid of it, as, otherwise,
the string value appears twice).
Change-Id: I325c4e71a6110278eb23b86e0d986e6439cfc328
Reviewed-on: https://code.wireshark.org/review/994
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The majority of the fixes are for calls to uat_new(). Instead of
having each caller cast its private data to (void**), we use void*
in the uat_new() API itself. Inside uat_new(), we cast the void*
to void**.
Some dissectors use val64_string arrays, so a VALS64() macro was
added for those, to avoid using VALS(), which is useful only for
value_string arrays.
packet-mq.c was changed because dissect_nt_sid() requires
a char**, not a guint**. All other callers of dissect_nt_sid() use
char*'s (and take the address of it) for their local storage. So,
this was changed to follow the other practices.
A confusion between gint and absolute_time_display_e in packet-time.c
was cleared up.
The ugliest fix is the addition of ip6_guint8_to_str(), for exactly
one caller. The caller uses one type of ip6 address byte array,
while ip6_to_str() expects another. This new function is in place
until the various address implementations can be consolidated.
Add VALS64() to the developer documentation.
Change-Id: If93ff5c6c8c7cc3c9510d7fb78fa9108e4552805
Reviewed-on: https://code.wireshark.org/review/48
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
obvious that the returned string is ephemeral, and opens up the original names
in the API for versions that take a wmem pool (and thus can work in any scope).
svn path=/trunk/; revision=54249
from the GTK flavor in two major ways:
- The "Decode As" and "User Specified Decodes" dialog have been unified.
- You can modify the decode as behavior at any time, not just when you
have a packet selected.
Revert part of 53498 so that we can move items marked
/*** THE FOLLOWING SHOULD NOT BE USED BY ANY DISSECTORS!!! ***/
from epan/decode_as.h to ui/decode_as_utils.h.
Move "save" code from decode_as_dlg.c to decode_as_utils.c as well.
In packet-dcerpc.c don't register a table named "ethertype". We might
want to add checks for duplicate table names.
To do:
- Add support for ranges?
- Either add support for DCERPC or make DCERPC use a regular dissector
table.
- Fix string selectors (i.e. BER).
svn path=/trunk/; revision=53910
The basic idea behind this design is to have dissectors register with a "decode as list" with their name and dissector table. When "Decode As" dialog is launched, any "registered" dissector found in the packet will cause a tab to be created in the dialog.
This patch includes just the dissector portion of the functionality (minus packet-dcerpc.[ch] because it has hooks to the current GUI)
svn path=/trunk/; revision=53445
The intention is to aid in the removal of pinfo->private_data use as well as static global variables in a dissector. For now, all calls to call_ber_oid_callback have the data parameter set to NULL.
svn path=/trunk/; revision=52994
There seem to be several cases of proto_tree_add_string_format where a "string" value/filter doesn't really make sense because it's always empty, and is just being used as a "filterable subtree header (placeholder)". They appear to be more for "presense" than "value" and should probably be FT_NONE, although I'd almost argue for removing the filter in favor of proto_tree_add_text.
svn path=/trunk/; revision=52296
the same captured and reported lengths so that we don't end up throwing
BoundsErrors ("Packet size limited during capture") when the packet is simply
malformed.
This fixes one of the issues reported in https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8816
svn path=/trunk/; revision=50055
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7359
The BER integer dissection routines take an hf_id, but that can be -1.
Only fetch the type (to check signedness) if hf_id >= 0, as otherwise this
causes a dissector bug. Default to signed if given no hf_id - I don't know
whether this should be unsigned or not, but the old behaviour was that
everything was signed so it's not a regression at least.
svn path=/trunk/; revision=49101
be done on flows from one address to another; reassembly for protocols
running atop TCP should be done on flows from one TCP endpoint to
another.
We do this by:
adding "reassembly table" as a data structure;
associating hash tables for both in-progress reassemblies and
completed reassemblies with that data structure (currently, not
all reassemblies use the latter; they might keep completed
reassemblies in the first table);
having functions to create and destroy keys in that table;
offering standard routines for doing address-based and
address-and-port-based flow processing, so that dissectors not
needing their own specialized flow processing can just use them.
This fixes some mis-reassemblies of NIS YPSERV YPALL responses (where
the second YPALL response is processed as if it were a continuation of
a previous response between different endpoints, even though said
response is already reassembled), and also allows the DCE RPC-specific
stuff to be moved out of epan/reassembly.c into the DCE RPC dissector.
svn path=/trunk/; revision=48491
indentation, whitespace, long-lines, etc.
Also;
- replace two usages of fprintf(stderr,...) by g_warning();
- revert incorrect replacement of FALSE by ENC_BIG_ENDIAN
done a while back (2 cases);
[The incorrect use of ENC_BIG_ENDIAN was benign since
ENC_BIG_ENDIAN is currently defined ad 0x0000000]
svn path=/trunk/; revision=45625
The reassembled fragments tree in the Packet Details view is awesome, but it
lacks one thing: a field that exposes the reassembled data.
tcp.data already exists for exposing a single TCP segment's payload as a byte
array. It would be handy to have something similar for a single application
layer PDU when TCP segment reassembly is involved. I propose
tcp.reassembled.data, named and placed after the already existing field
tcp.reassembled.length.
My primary use case for this feature is outputting tcp.reassembled.data with
tshark for further processing with a script.
The attached patch implements this very feature. Because the reassembled
fragment tree code is general purpose, i.e. not specific to just TCP, any
dissector that relies upon it can add a similar field very cheaply. In that
vein I've also implemented ip.reassembled.data and ipv6.reassembled.data, which
expose reassembled fragment data as a single byte stream for IPv4 and IPv6,
respectively. All other protocols that use the reassembly code have been left
alone, other than inserting NULL into their initializer lists for the newly
introduced struct field reassemble.h:fragment_items.hf_reassembled_data.
svn path=/trunk/; revision=44802
Michael Mann