While it does make packet-sigcomp.c much bigger, there's no reason for it to be in epan directory.
Change-Id: I2d78c32de1d56e76578e610d4df586b5610d1b49
Reviewed-on: https://code.wireshark.org/review/6682
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Do not make any assumption on the endianness: not all hosts running Wireshark are little endian
Change-Id: I8792904f7000b4f2b9e44ffe41f350ba8b4932d4
Reviewed-on: https://code.wireshark.org/review/6693
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Change-Id: I4d7d1826391b0ac12ef6ad184e7c79d279db5e28
Also: remove some dead initializers.
Reviewed-on: https://code.wireshark.org/review/6688
Reviewed-by: Bill Meier <wmeier@newsguy.com>
(Bugs were introduced in gf5e2b42);
Misc:
Localize a few variables;
Remove some dead initializers.
Change-Id: Ib7493740ecf29ed9f753475f721b47a64f54a278
Reviewed-on: https://code.wireshark.org/review/6687
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Only display dissect of Modem Capabilites when sub option = 5
Actually, it is always display when ftype == special (like sub option = 0)
Change-Id: I5b75654b750bae5ae5022adcb5e8dd055ce6b291
Reviewed-on: https://code.wireshark.org/review/6519
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Caught by ASAN (thanks Alexis!)
Change-Id: Ibbe2c405ba1a3ba0d5a5b9ffff9e95282526028b
Reviewed-on: https://code.wireshark.org/review/6652
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Revert to the older code, but just show the time as "Not representable"
if gmtime() fails.
Change-Id: I435facc042e3ca35fb07292a4b2657ccdfd02abb
Reviewed-on: https://code.wireshark.org/review/6672
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: Id5e5efea46e9ff6196607e56f0212fb083e8635c
Reviewed-on: https://code.wireshark.org/review/6670
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
add a length paramenter to the body dissection functions in the apdu table
Change-Id: I4abbd9078fd36385a816963ab042f443e3c26b60
Reviewed-on: https://code.wireshark.org/review/6669
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I3dc0f58b4861a08be687214cae9c6681ebcac286
Reviewed-on: https://code.wireshark.org/review/6668
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
define an apdu table with the direction, minimum length
and a fuction to dissect the apdu payload
set the source and destination address columns depending on the apdu
add some entries to the apdu table
Change-Id: I52bd15bfab7bbe6c97dfe64084e69a51e65a8a6e
Reviewed-on: https://code.wireshark.org/review/6667
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I520b38ed37b2d16d9a15f57b8e83b0b59c9a528c
Reviewed-on: https://code.wireshark.org/review/6666
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
and not each time prefs are changed.
Also: do minor whitespace changes.
Change-Id: I04bfc212e288473a78113e8b124ce4a13ad74ad1
Reviewed-on: https://code.wireshark.org/review/6663
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Don't do manual conversion of a time-field to UTC using gmtime().
Use the standard Wireshark mechanisms.
Change-Id: I2eaee074a590ecab492336bb6ad794bdd036f699
Reviewed-on: https://code.wireshark.org/review/6661
Reviewed-by: Bill Meier <wmeier@newsguy.com>
For FT_ABSOLUTE_TIME fields:
Instead of calling gmtime()/mktime() to convert a time to UTC time
which is then displayed using proto_tree_add_time(),
Use ABSOLUTE_TIME_UTC as the 'display' value for the field and then
display the field using proto_tree_add_item().
Change-Id: I1926c40de76a86072437902cb7621d3873827b11
Reviewed-on: https://code.wireshark.org/review/6659
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Wrong offset (14 -> 20) to get IP Address Legnth
Issue Reported by Rui
Bug: 10873
Change-Id: Ib7aa80ac78028a2c8d548f4030278166be9ed0cc
Reviewed-on: https://code.wireshark.org/review/6657
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
With this patch we want to enable a better support of POWERLINK
as a protocol for people who have to perform network diagnostics using
analyzing tools. Up until now, the main tool used was Omnipeek.
Now wireshark will be used more and more, due to the new extcap
infrastructure, which supports debug tools to be added as capture
devices.
To better facilitate that change, we have adapted the textual
representation of the Omnipeek dissector for POWERLINK, as it
allows for a faster and simpler diagnosis routine.
Additionally the name of the protocol has been changed to it's
correct name "POWERLINK" as this is the official name used by
EPSG for describing the protocol.
Changelog:
- Add error code definitions and string values.
- Change name for protocol column to POWERLINK which is more commonly
used than EPL.
- Reformat output in info column to look like output the output of
the POWERLINK plugin for Omnipeek. This facilitates the transition
to Wireshark. The added information and changed output improves the
debugging of POWERLINK nerworks.
Change-Id: I795e2487f2ae7af6b90c29366a1843c9fabffa85
Reviewed-on: https://code.wireshark.org/review/5581
Reviewed-by: Roland Knall <rknall@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
To check if a payload is json, the library libjsmn has been added to the source tree, with its licence (MIT).
TODO: the libjsmn can be used to extract tokens in the standard dissection other than heurisitic part.
HPFEEDS dissector has also been changed in order to leverage the new json dissector.
Bug: 10834
Change-Id: Ib1df2a699982dbdd2b5418e97edbdb5cbd9c8978
Reviewed-on: https://code.wireshark.org/review/6350
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
TCAP permits the changing of the originating address on the first
backwards continue (i.e. the establishment of the dialogue).
See ITU-T Q.771 (06/97) clause 3.1.2.2.2.2 Confirmation of the dialogue.
In practice, a BEGIN replied to with an END can also exhibit this behaviour.
For example, a BEGIN from GT A TID TA -> GT B,
and the reply CONTINUE from GT B2 TID TB -> GT A TID TA.
To support this, only support a single address hash in
tcaphash_begin_info_key_t and tcaphash_end_info_key_t.
The match of the first CONTINUE should find the appropriate
tcaphash_begin and create the appropriate tcaphash_end entries.
Also fix compile warning with DEBUG_TCAPSRT.
Bug: 10841
Change-Id: Ibe75e3940e757727357b20be10f9c195c5888fdd
Reviewed-on: https://code.wireshark.org/review/6446
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Changes: Number of small changes to the xml file:
- some fields being connected to the wrong message version
- some header field naming
Change-Id: I062c31777a4193de3d5c44b0ba733dd9d1702352
Reviewed-on: https://code.wireshark.org/review/6602
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
some commercial IPTV streamers send bogus info in the extension headers, add some sanity check to skip the erroneous bytes.
Bug: 10513
Change-Id: I6f20073a00ed0f791fa99701534360d304060053
Reviewed-on: https://code.wireshark.org/review/6606
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
There are a few oid functions that are only called in oids_test.c. I'll presume the APIs are used in proprietary dissectors rather than just remove them.
Change-Id: I4595e00f93bf9ab8cf2493fe0432b91960f55a3f
Reviewed-on: https://code.wireshark.org/review/6592
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Get rid of references to ep_ and se_ allocation in code that now uses
wmem allocation instead.
Fix API documentation of conversation_table.h routines to reflect that
as well - some APIs changed to pass wmem scopes.
Also, zbee_sec_key_hash() now takes the output buffer as an argument and
just returns it, and nobody actually uses the return value, so change it
to return void.
Change-Id: Ife1ec675a9322fd0f0be306a9d639ec17aad1c7a
Reviewed-on: https://code.wireshark.org/review/6636
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I3499c2f9e07a960f8bdf83973693bdeb4fb4ebd9
Reviewed-on: https://code.wireshark.org/review/6630
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I04eba644be7dd3e64b67c7d42c596bcdcf6a1942
Reviewed-on: https://code.wireshark.org/review/6628
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: Ie4d52b62824a8c0c777ffce3988fbe1fd4e5b4a4
Reviewed-on: https://code.wireshark.org/review/6627
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: Ibb683f6d42125b13417aceb06949102a9821d626
Reviewed-on: https://code.wireshark.org/review/6626
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
As indicated in the comment above, the previous code was done on purpose to handle the NUL case
Bug: 10866
Change-Id: I66eb9f6fbc9477456310978b420ba30975d81b0a
Reviewed-on: https://code.wireshark.org/review/6621
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Change-Id: I7e8cfe3a220d65e80afa109a62867c4ff2ce08e8
Reviewed-on: https://code.wireshark.org/review/6619
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
It does not work with defines, but is already a great step forward
Change-Id: I346d4124690ec46a2299d4eae8031bbb19a3db8e
Reviewed-on: https://code.wireshark.org/review/6617
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Have dfilter_compile() take an additional gchar ** argument, pointing to
a gchar * item that, on error, gets set to point to a g_malloc()ed error
string. That removes one bit of global state from the display filter
parser, and doesn't impose a fixed limit on the error message strings.
Have fvalue_from_string() and fvalue_from_unparsed() take a gchar **
argument, pointer to a gchar * item, rather than an error-reporting
function, and set the gchar * item to point to a g_malloc()ed error
string on an error.
Allow either gchar ** argument to be null; if the argument is null, no
error message is allocated or provided.
Change-Id: Ibd36b8aaa9bf4234aa6efa1e7fb95f7037493b4c
Reviewed-on: https://code.wireshark.org/review/6608
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I973c672e9d573ad67e9b9fd82a5610aaf8a74efa
Reviewed-on: https://code.wireshark.org/review/6605
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ifa96dc38a277b86c28f762489251dcc595afae67
Reviewed-on: https://code.wireshark.org/review/6603
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 10862
Change-Id: Ie315298dd090b3b689f6a9bfff6f6f5bf7cc715a
Reviewed-on: https://code.wireshark.org/review/6594
Reviewed-by: Michael Mann <mmann78@netscape.net>