Change all wireshark.org URLs to use https.
Fix some broken links while we're at it.
Change-Id: I161bf8eeca43b8027605acea666032da86f5ea1c
Reviewed-on: https://code.wireshark.org/review/34089
Reviewed-by: Guy Harris <guy@alum.mit.edu>
If the purported first tuple has a net of 0, it's a 3-octet version
indicator, not a tuple containing route information; the third octet is
a version number. Display the version number and skip it before
displaying the tuples.
If the first tuple is an extended network tuple, the sixth octet is a
version number; display it as such.
Change-Id: I7ffb8b9df025dd75eb43eba24a37ce6bd26e8019
Reviewed-on: https://code.wireshark.org/review/33152
Reviewed-by: Guy Harris <guy@alum.mit.edu>
And, for DDP packets, set the length in the LLAP tvbuff based on the
length to which the DDP dissector set its tvbuff.
That lets padding be recognized as such, and also prevents dissectors
called from the DDP dissector from running past the end of the packet.
Report invalid lengths with expert info.
Change-Id: Icc6ed222a4e7b33463c7c0b02c954952fe21949a
Reviewed-on: https://code.wireshark.org/review/33142
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We may want to have a preference to allow the user to specify which Mac
extended character set to use.
Change-Id: I0b8cc0c3f0f46f211aec37b428ab875205a1a000
Reviewed-on: https://code.wireshark.org/review/33126
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
EtherTalk and TokenTalk frames use LLC/SNAP headers with an OUI of
08:00:07 and a PID of 0x809B.
Frames with an Ethertype of 0x809B - either as the Ethertype field of an
Ethernet frame or as the PID, in combination of an OUI of 00:00:00, of
an LLC/SNAP frame - have an LLAP frame, complete with an LLAP header, as
the payload.
Don't treat 08:00:07 as a special case - register it as an OUI and give
it a dissector table, and register the DDP dissector in that dissector
table with ETHERTYPE_ATALK. Register the LLAP dissector in the
"ethertype" table with the Ethertype ETHERTYPE_ATALK.
This means we now have two separate LLC+SNAP PID tables for Apple; name
them appropriately.
That also means we need to add packet-atalk.c to the list of files
allowed to add "llc." named fields.
Change-Id: I00bafd692f83f73bd347628cb9e950863c26a2b7
Reviewed-on: https://code.wireshark.org/review/33125
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The DDP length is 10 bits long, not 2 bits long; it includes the bottom
2 bits of the first octet *and* all 8 bits of the second octet.
The checksum is at an offset of 2, not 0, from the beginning of the header.
Change-Id: I7e2b8eff4d023f80a894f1e1eec7b71d08510f7e
Reviewed-on: https://code.wireshark.org/review/33094
Reviewed-by: Guy Harris <guy@alum.mit.edu>
When a single UDP port is supporting multiple protocols, for example RTP and
RTCP can share a port, and one of these protocols is detected through a
heuristic before a superior protocol (e.g. SIP/SDP) has established that the
port has multiple protocols, then only the heuristic is used. This is due to
only looking for an exact match with find_conversation() and not going any
further. The superior protocol only adds the dissector by source address/port.
So, to fix, if we do not find the exact match, we continue serching for a
dissector on the partial matches.
Bug: 14370
Change-Id: Icdded9ca1637cd594b920f979f6f0a003bef9aae
Reviewed-on: https://code.wireshark.org/review/25432
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
For the moment this mirrors the port_type enumeration (PT_XXX), but the
intent is to move away from using "port types", eliminating most (if not
all)
Added conversation_pt_to_endpoint_type() so that conversations deal with the
correct enumeration. This is for dissector that use pinfo->ptype as input
to conversation APIs. Explicit use of port types are converted to using
ENDPOINT_XXX type.
Change-Id: Ia0bf553a3943b702c921f185407e03ce93ebf0ef
Reviewed-on: https://code.wireshark.org/review/24166
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Iba6238988ded675cba328ab512232d1919d93b4a
Reviewed-on: https://code.wireshark.org/review/20415
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Many of the register_init_routine/register_cleanup_routine functions
are for initializing and cleaning up a GHashtable.
wmem_map_new_autoreset can do that automatically, so convert many
of the simple cases.
Change-Id: I93e1f435845fd5a5e5286487e9f0092fae052f3e
Reviewed-on: https://code.wireshark.org/review/19912
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Register all reassembly tables with a central unit, allowing the
central unit to have the callback that initializes and destroys
the reassembly tables, rather than have dissectors do it individually.
Change-Id: Ic92619c06fb5ba6f1c3012f613cae14982e101d4
Reviewed-on: https://code.wireshark.org/review/19834
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Mirror it after protocol dissector API.
Change-Id: I7985bcfa9e07654c7cf005efec94efc205d7a304
Reviewed-on: https://code.wireshark.org/review/18496
Reviewed-by: Michael Mann <mmann78@netscape.net>
Similar to the "tcp.port" changes in I99604f95d426ad345f4b494598d94178b886eb67,
convert dissectors that use "udp.port".
More cleanup done on dissectors that use both TCP and UDP dissector
tables, so that less preference callbacks exist.
Change-Id: If07be9b9e850c244336a7069599cd554ce312dd3
Reviewed-on: https://code.wireshark.org/review/18120
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Have all dissector tables have a "supports Decode As" flag, which
defaults to FALSE, and which is set to TRUE if a register_decode_as()
refers to it.
When adding a dissector to a dissector table with a given key, only add
it for Decode As if the dissector table supports it.
For non-FT_STRING dissector tables, always check for multiple entries
for the same protocol with different dissectors, and report an error if
we found them.
This means there's no need for the creator of a dissector table to
specify whether duplicates of that sort should be allowed - we always do
the check when registering something for "Decode As" (in a non-FT_STRING
dissector table), and just don't bother registering anything for "Decode
As" if the dissector table doesn't support "Decode As", so there's no
check done for those dissector tables.
Change-Id: I4a1fdea3bddc2af27a65cfbca23edc99b26c0eed
Reviewed-on: https://code.wireshark.org/review/17402
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This is an attempt to standardize display/handling of checksum fields for all dissectors.
The main target is for dissectors that do validation, but dissectors that just report the
checksum were also included just to make them easier to find in the future.
Bug: 10620
Bug: 12058
Ping-Bug: 8859
Change-Id: Ia8abd86e42eaf8ed50de6b173409e914b17993bf
Reviewed-on: https://code.wireshark.org/review/16380
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This will copy an address's "byte format" into a buffer. The original
intended design is for export_pdu functionality, which tries to do
this "manually" for many address types (and creates undesired dependencies)
The default functionality if a "byte format function" isn't provided
(currently the case for all address types) is a memcpy of the address
data. Providing "address to byte" functions to aid export PDU
functionality will be provided later.
Change-Id: I3703f9e617a8cef09165ad53a0f98c6372676b9b
Reviewed-on: https://code.wireshark.org/review/16070
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This saves many dissectors the need to find the data dissector and store a handle to it.
There were also some that were finding it, but not using it.
For others this was the only reason for their handoff function, so it could be eliminated.
Change-Id: I5d3f951ee1daa3d30c060d21bd12bbc881a8027b
Reviewed-on: https://code.wireshark.org/review/14530
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Started by grepping call_dissector_with_data, call_dissector_only and call_dissector and traced the handles passed into them to a find_dissector within the dissector. Then replaced find_dissector with find_dissector_add_dependency and added the protocol id from the dissector.
"data" dissector was not considered to be a dependency.
Change-Id: I15d0d77301306587ef8e7af5876e74231816890d
Reviewed-on: https://code.wireshark.org/review/14509
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This will make it easier to determine protocol dependencies.
Some LLC OUI dissector tables didn't have an associated protocol, so they were left without one (-1 used)
Change-Id: I6339f16476510ef3f393d6fb5d8946419bfb4b7d
Reviewed-on: https://code.wireshark.org/review/14446
Reviewed-by: Michael Mann <mmann78@netscape.net>
That removes most of the uses of the frame number field in the
frame_data structure.
Change-Id: Ie22e4533e87f8360d7c0a61ca6ffb796cc233f22
Reviewed-on: https://code.wireshark.org/review/13509
Reviewed-by: Guy Harris <guy@alum.mit.edu>
While it currently only contains packet_counts, it will hopefully stabilize the capture function signature if more fields are added.
Change-Id: I003552c58043c7c2d67aec458187b12b233057e2
Reviewed-on: https://code.wireshark.org/review/12690
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
They are modeled after dissection dissector tables, but for the moment, don't have/need the flexibility. They are intended to be much simpler/faster than full dissection.
The two most used/needed are "wtap_encap" and "ethertype", so they were the basis of starting to use and test capture dissector table API. Others may be added in the future.
The "capture dissector" function signature needed a bit of tweeking to handling "claiming" of a packet.
The current application of this is capture functions returning TRUE if they affected a "type" of packet count. Returning FALSE ends up considering the packet an "other" type.
Change-Id: I81d06a6ccb2c03665f087258a46b9d78d513d6cd
Reviewed-on: https://code.wireshark.org/review/12607
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Capture dissectors could be architected like dissection dissectors, with tables and subtables and possibly using tvbs to pass there data instead of raw byte arrays. This is a first step towards that by refactoring capture_info_packet() to work off of a "capture dissector table"
Registering the capture dissection functions instead of calling them directly also clears up a bunch of dissector header files who sole purpose was providing the capture dissection function definition.
Change-Id: I10e9b79e061f32d2572f009823601d4f048d37aa
Reviewed-on: https://code.wireshark.org/review/12581
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Some of the ASN.1 dissectors still generate a new_create_dissector_handle from the tool itself, so leave those for now.
Change-Id: Ic6e5803b1444d7ac24070949f5fd557909a5641f
Reviewed-on: https://code.wireshark.org/review/12484
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Calling a protocol dissection function will properly set/restore pinfo->current_proto, so there's no need to duplicate it.
Change-Id: Ic2ec0b35fa4d46a98f3410bf238056425076e4a9
Reviewed-on: https://code.wireshark.org/review/12205
Reviewed-by: Michael Mann <mmann78@netscape.net>
This finalizes the transformation for dissectors.
Change-Id: Ie5986b72bb69a6e8779ca3f5e20a80357c9e6fea
Reviewed-on: https://code.wireshark.org/review/12122
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Picking off "easy" dissectors that only have one or two exit points at most.
Change-Id: Ie514f126352e7598acc4f7c38db9c61d105d5e48
Reviewed-on: https://code.wireshark.org/review/11850
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The target here is the Decode As dialog where protocols have multiple registrations into a dissector table and that shows up as multiple entries in the Decode As dialog list with the same name so users are unsure which "dissector" they are choosing.
The "default" behavior (done in this commit) is to not allow duplicates for a dissector table, whether its part of Decode As or not. It's just ENFORCED for Decode As.
Bug: 3949
Change-Id: Ibe14fa61aaeca0881f9cc39b78799e314b5e8127
Reviewed-on: https://code.wireshark.org/review/11405
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
According to RFC 6062, once the connection is established, data is sent as-is
To stop the STUN dissector from interfering, add the ability to specify a starting
frame for a conversation dissector and use it
Bug: 11641
Change-Id: I65ca96bddacf70444009c0642ea22173fa68992e
Reviewed-on: https://code.wireshark.org/review/11372
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Replace CMP_ADDRESS, COPY_ADDRESS, et al with their lower-case
equivalents in the asn1 and epan directories.
Change-Id: I4043b0931d4353d60cffbd829e30269eb8d08cf4
Reviewed-on: https://code.wireshark.org/review/11200
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Assuming *any* of the routines that generate printable strings should be
thought of as "for internal use by libwireshark routines only, not by
dissectors", the ones that *are* used by dissectors obviously shouldn't
be. The ability for dissectors to register address types certainly
expands the list of routines they would use.
Move everything used by dissectors from to_str-int.h into to_str.h, and
have dissectors not include to_str-int.h.
(Perhaps we should just get rid of to_str-int.h altogether.)
Change-Id: I3c583351f038233c9bcd8f9216188f82630267fa
Reviewed-on: https://code.wireshark.org/review/11149
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This patch moves g_hash_table_destroy calls from the init routine to
the cleanup routine. Besides that, the conditional check for the hash
table has been removed, assuming that init is always paired with a
cleanup call.
If reassembly_table_init is found, a reassembly_table_destroy call is
prepended to the cleanup function as well.
Comments have been removed from the init function as well as these did
not seem to have additional value ("destroy hash table" is clear from
the context).
The changes were automatically generated using
https://git.lekensteyn.nl/peter/wireshark-notes/diff/one-off/cleanup-rewrite.py?id=4d11f07180d9c115eb14bd860e9a47d82d3d1dcd
Manually edited files (for assignment auditing): dvbci, ositp, sccp,
tcp.
Other files that needed special attention due to the use of
register_postseq_cleanup_routine:
- ipx: keep call, do not add another cleanup routine.
- ncp: remove empty mncp_postseq_cleanup. mncp_hash_lookup is used
even if a frame is visited before (see dissect_ncp_common), hence
the hash table cannot be destroyed here. Do it in cleanup instead.
- ndps: add cleanup routine to kill reassembly table, but do not
destroy the hash table as it is already done in ndps_postseq_cleanup.
Change-Id: I95a72b3df2978b2c13fefff6bd6821442193d0ed
Reviewed-on: https://code.wireshark.org/review/9223
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I0c9cc5d574fdd73ecf1f8b32dbbf0ddb2b885116
Reviewed-on: https://code.wireshark.org/review/7437
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add address_with_resolution_to_str API that returns address string + name resolution in the format %s (%s), first string is resolved name (if available) and second string is raw address string.
Convert AT_FCWWN to using proper name resolution format
First use of address_with_resolution_to_str with field types in proto.c
Change-Id: I2ae77c29a4ffc30bb919fbec00f06629830898c2
Reviewed-on: https://code.wireshark.org/review/7196
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This allows for even more cleanup with respect to how address types are handled, including removing address_to_str.c. Most of the functionality was folded into address_types.c, but the remainder was just dispersed because it didn't make sense to keep the file.
Change-Id: Id4e9391f0c3c26eff8c27b362e4f7a1970d718b4
Reviewed-on: https://code.wireshark.org/review/7038
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Information about dissector (filter) fields should be kept in a dissector as much as possible. Supporting "column filter string" also allows other dissectors to create their own "address types" with different column filters (because AT_ETHER isn't always an "Ethernet" address).
This feature also allowed a few "dissector specific" address types to be moved to their own dissector.
Change-Id: Ie9024af4db62bc2ee4f8c9d28a1d807f706f45bf
Ping-Bug:7728
Reviewed-on: https://code.wireshark.org/review/7029
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
For structures used as the data in an address, use wmem_new(), so that
structure padding is zeroed out; the comparison code for addresses
compares all bytes of the structure for addresses that are structures,
and the hashing code for hash tables using addresses as keys hash all
the bytes, so we have to make sure that, for addresses that are the
same, *all* bytes are the same.
Change-Id: I995fd26cc2f20edb5a599f95562b720561708e57
Reviewed-on: https://code.wireshark.org/review/6517
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Convert one other set of static variables to pinfo scoped memory while we are at it
Change-Id: If550b76ef6a4dd2707d79de8579ac439d16dce79
Reviewed-on: https://code.wireshark.org/review/6490
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The functionality was suiting for address_to_str.c and the #defines belong in packet-atalk.h. Kept the address structure with the "address string conversion", but that can probably be better cleaned up when the address to str as a whole is cleaned up.
Would also consider making AT_ATALK an FT_ type as well.
Change-Id: Ia534096c707e6fb94acdfee0d332beda6571c371
Reviewed-on: https://code.wireshark.org/review/6417
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I914918d9629f654ead497dddac0f412b690e4409
Reviewed-on: https://code.wireshark.org/review/6430
Reviewed-by: Michael Mann <mmann78@netscape.net>
Specifically:
- Set packet.h to be the first wireshark #include after
config.h and "system" #includes.
packet.h added as an #include in some cases when missing.
- Remove some #includes included (directly/indirectly) in
packet.h. E.g., glib.h.
(Done only for those files including packet.h).
- As needed, move "system" #includes to be after config.h and
before wireshark #includes.
- Rework various #include file specifications for consistency.
- Misc.
Change-Id: Ifaa1a14b50b69fbad38ea4838a49dfe595c54c95
Reviewed-on: https://code.wireshark.org/review/5923
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Bill Meier <wmeier@newsguy.com>