Add a tlsinfo struct that is similar to tcpinfo, and carries
the sequence number (within the TLS stream) and the end of
stream notification (from the TCP FIN or close_notify alerts)
in addition to the session app handle pointer already used
by TLS heuristic dissectors.
Have HTTP use the end of stream notification in order to
handle DESEGMENT_UNTIL_FIN the same way it does when HTTP
is directly over TCP. Also have HTTP use the sequence number
in order to reduce chunked processing from O(N^2) to O(N)
similar to done over TCP.
Update all the TLS heuristic dissectors that set the app
handle to use the new structure.
Note the workaround for the issue #15159 - the TLS dissector
has to report to the TCP dissector that desegmentation at FIN
is required, so that the TCP dissector will know to call the
TLS dissector at FIN. However, the TLS dissector does not request
that the TCP dissector resend bytes belonging to records that
TLS has already desegmented (and decrypted, if possible), to
avoid decrypting twice (and upsetting the decoder state.)
This can mean the TCP dissector calling the TLS dissector to
desegment at FIN with a zero byte payload. In such as case, the
TLS dissector artificially returns "1" byte dissected to avoid
indicating rejecting the payload and having the TLS (and subdissector)
layers removed. (TCP ignores the value returned when desegmenting
at FIN.)
Fix#9154. Fix#14382.
A few of them just needed scratch memory, so allocate and free it
manually after doing any exception-raising checks.
A few others were returning memory, and needed conversion to accept a
wmem scope argument.
As requested [here][1], help with replacing calls to
`wmem_packet_scope()` with references to `pinfo->pool`.
My principles were:
* Plugins chosen semi-randomly.
* When a calling function already has a `pinfo` argument, just use that.
* Remove `_U_` from its signature if it was there.
* Don't go more than 2 or 3 levels deep of changing signatures.
* If a function is clearly allocing memory to return, change the
function signature to take a `wmem_allocator_t *`. Otherwise, either
that or take a `packet_info *` as seems to make sense.
* No mention of `wmem_packet_scope()` should remain in the files I've
touched.
* I didn't always succeed at this, but I made a dent.
[1]: https://www.wireshark.org/lists/wireshark-dev/202107/msg00052.html
reported by check_typed_proto_items.py
epan/dissectors/packet-aim.c:2380 proto_tree_add_item called for hf_generic_idle_time - item type is FT_UINT32 but call has len 2
epan/dissectors/packet-aim.c:3222 proto_tree_add_item called for hf_aim_messaging_unknown - item type is FT_UINT16 but call has len 1
The static arrays are supposed to be arrays of const pointers to int,
not arrays of non-const pointers to const int.
Fixing that means some bugs (scribbling on what's *supposed* to be a
const array) will be caught (see packet-ieee80211-radiotap.c for
examples, the first of which inspired this change and the second of
which was discovered while testing compiles with this change), and
removes the need for some annoying casts.
Also make some of those arrays static while we're at it.
Update documentation and dissector-generator tools.
Change-Id: I789da5fc60aadc15797cefecfd9a9fbe9a130ccc
Reviewed-on: https://code.wireshark.org/review/37517
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
- Some redundant assignments or tests.
- Some declarations were changed to match definitions in terms of
including _U_ for the same parameters
- Some parenthesis added/changed to made precedence more obvious
epan/color_filters.c:533: style: Variable 'name' is reassigned a value before the old one has been used.
epan/color_filters.c:534: style: Variable 'filter_exp' is reassigned a value before the old one has been used.
asn1/tcap/packet-tcap-template.c:2199: warning: Function 'dissect_tcap_ITU_ComponentPDU' argument order different: declaration '_U_, tvb, offset, _U_, tree, _U_' definition '_U_, tvb, offset, actx, tree, _U_'
epan/dissectors/packet-aim.c:2546: warning: Function 'dissect_aim_tlv_value_icq' argument order different: declaration 'ti, subtype, tvb, _U_' definition 'ti, _U_, tvb, pinfo'
epan/dissectors/packet-arp.c:1133: style: Clarify calculation precedence for '&' and '?'.
epan/dissectors/packet-arp.c:1143: style: Clarify calculation precedence for '&' and '?'.
epan/dissectors/packet-arp.c:1158: style: Clarify calculation precedence for '&' and '?'.
epan/dissectors/packet-arp.c:1168: style: Clarify calculation precedence for '&' and '?'.
epan/dissectors/packet-gtpv2.c:5997: warning: Function 'dissect_gtpv2_mbms_service_area' argument order different: declaration 'tvb, _U_, tree, _U_, _U_, _U_, _U_, _U_' definition 'tvb, _U_, tree, item, _U_, _U_, _U_, _U_'
epan/dissectors/packet-gtpv2.c:6291: warning: Function 'dissect_gtpv2_mbms_time_to_data_xfer' argument order different: declaration 'tvb, _U_, tree, _U_, _U_, _U_, _U_, _U_' definition 'tvb, _U_, tree, item, _U_, _U_, _U_, _U_'
epan/dissectors/packet-gtpv2.c:6369: warning: Function 'dissect_gtpv2_epc_timer' argument order different: declaration 'tvb, _U_, tree, _U_, _U_, _U_, _U_, _U_' definition 'tvb, _U_, tree, item, _U_, message_type, _U_, _U_'
epan/dissectors/packet-knxip.c:2939: style: Condition 'mac_error' is always false (just added comment)
epan/dissectors/packet-mac-lte.c:4386: style: Clarify calculation precedence for '&' and '?'.
epan/dissectors/packet-nas_5gs.c:1828: style: Variable 'nas5gs_data->payload_container_type' is reassigned a value before the old one has been used. (noted confusing recursion)
epan/dissectors/packet-rpcrdma.c:587: warning: Identical condition 'offset>max_offset', second condition is always false
epan/dissectors/packet-rsl.c:2098: style: Assignment of function parameter has no effect outside the function.
Change-Id: Ib5c9a04cfb6e6233972bc041434601c8ef09c969
Reviewed-on: https://code.wireshark.org/review/37343
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Change all wireshark.org URLs to use https.
Fix some broken links while we're at it.
Change-Id: I161bf8eeca43b8027605acea666032da86f5ea1c
Reviewed-on: https://code.wireshark.org/review/34089
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Rename packet-ssl{,-utils}.[ch] to packet-tls{,-utils}.[ch].
Change-Id: I4732162ec131ddf0734b3dd191ccc9e48a76ce06
Reviewed-on: https://code.wireshark.org/review/29659
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Rename the "ssl" protocol to "tls" and add an "ssl" alias. Prefer "TLS"
over "SSL" in user interface text and in the documentation.
Fix the test_tls_master_secret test while we're here.
Bug: 14922
Change-Id: Iab6ba2c7c4c0f8f6dd0f6d5d90fac5e9486612f8
Reviewed-on: https://code.wireshark.org/review/29649
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
It's a little more efficient to use proto_tree_add_item, than
proto_tree_add_xxx, passing it the returned tvb_get_xxx value.
Change-Id: I22ddd7ab36e1ee5aae78fc693d7dbac4b4f802f2
Reviewed-on: https://code.wireshark.org/review/21691
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I4a74120ad1424f2b5aab0a4ef734ff52e5ac1a14
Reviewed-on: https://code.wireshark.org/review/21586
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
All cases of the "original" format_text have been handled to add the
proper wmem allocator scope. Remove the "original" format_text
and replace it with one that has a wmem allocator as a parameter.
Change-Id: I278b93bcb4a17ff396413b75cd332f5fc2666719
Reviewed-on: https://code.wireshark.org/review/19884
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This allows for a wmem_allocator for users of format_text who want
it (dissectors for wmem_packet_scope()). This lessens the role of
current format_text functionality in hopes that it will eventually
be replaced.
Change-Id: I970557a65e32aa79634a3fcc654ab641b871178e
Reviewed-on: https://code.wireshark.org/review/19855
Reviewed-by: Michael Mann <mmann78@netscape.net>
These are probably obsolete dissectors anyway, but they are a
bunch of very small files causing unnecessary file pollution.
Change-Id: I03976484996b4bf987d6743ed379534456809c2c
Reviewed-on: https://code.wireshark.org/review/19437
Reviewed-by: Michael Mann <mmann78@netscape.net>
This patch introduces new APIs to allow dissectors to have a preference for
a (TCP) port, but the underlying data is actually part of Decode As functionality.
For now the APIs are intentionally separate from the regular APIs that register a
dissector within a dissector table. It may be possible to eventually combine the
two so that all dissectors that register with a dissector table have an opportunity
to "automatically" have a preference to adjust the "table value" through the
preferences dialog.
The tcp.port dissector table was used as the guinea pig. This will eventually be
expanded to other dissector tables as well (most notably UDP ports). Some
dissectors that "shared" a TCP/UDP port preference were also converted. It also
removed the need for some preference callback functions (mostly when the callback
function was the proto_reg_handoff function) so there is cleanup around that.
Dissectors that has a port preference whose default was 0 were switched to using
the dissector_add_for_decode_as_with_preference API rather than dissector_add_uint_with_preference
Also added comments for TCP ports used that aren't IANA registered.
Change-Id: I99604f95d426ad345f4b494598d94178b886eb67
Reviewed-on: https://code.wireshark.org/review/17724
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ic644042d238b5f2abcd874bca92c6dea55804ba9
Reviewed-on: https://code.wireshark.org/review/15913
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Very weak form of heuristics has been added based on the FLAP id byte,
but disabled by default. Make it possible to use this protocol in the
RSA keys list dialog.
Bug: 11990
Change-Id: I61f24ae9679c738194393bed0d012d2a752171b2
Reviewed-on: https://code.wireshark.org/review/13195
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Some of the ASN.1 dissectors still generate a new_create_dissector_handle from the tool itself, so leave those for now.
Change-Id: Ic6e5803b1444d7ac24070949f5fd557909a5641f
Reviewed-on: https://code.wireshark.org/review/12484
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
remove also orig_offset (no longer needed)
Change-Id: Idc65b45fb67bae6acdca33962f3352a50296a6e5
Reviewed-on: https://code.wireshark.org/review/8650
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It's a FT_UINT_STRING field type
This reverts commit dc14e3ce0d.
Change-Id: I1185efbad459887fb9c16fb01e670bc43e6f2d84
Reviewed-on: https://code.wireshark.org/review/8623
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Change-Id: Ic7385d0555d72aa8ea2b9beb284ca1f6a115b174
Reviewed-on: https://code.wireshark.org/review/8616
Reviewed-by: Michael Mann <mmann78@netscape.net>
Provide a way for Lua-based dissectors to invoke tcp_dissect_pdus()
to make TCP-based dissection easier.
Bug: 9851
Change-Id: I91630ebf1f1fc1964118b6750cc34238e18a8ad3
Reviewed-on: https://code.wireshark.org/review/6778
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Hadriel Kaplan <hadrielk@yahoo.com>
Change-Id: I40d0c8253743183aecef252040b7dd6742ae5c71
Reviewed-on: https://code.wireshark.org/review/5934
Reviewed-by: Michael Mann <mmann78@netscape.net>
Specifically:
- Set packet.h to be the first wireshark #include after
config.h and "system" #includes.
packet.h added as an #include in some cases when missing.
- Remove some #includes included (directly/indirectly) in
packet.h. E.g., glib.h.
(Done only for those files including packet.h).
- As needed, move "system" #includes to be after config.h and
before wireshark #includes.
- Rework various #include file specifications for consistency.
- Misc.
Change-Id: Ifaa1a14b50b69fbad38ea4838a49dfe595c54c95
Reviewed-on: https://code.wireshark.org/review/5923
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Part 1 of many
Change-Id: I77a5789ac23388e6a5f8098dc398592f39638124
Reviewed-on: https://code.wireshark.org/review/5532
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ib60ca75b7da8cfa21cfe2999c9b9448a02c332df
Reviewed-on: https://code.wireshark.org/review/2560
Tested-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
tvb_new_subset -> tvb_new_subset_remaining it appears that's what the intention is.
Change-Id: I2334bbf3f10475b3c22391392fc8b6864454de2d
Reviewed-on: https://code.wireshark.org/review/1999
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
http://web.archive.org/web/20080308233204/http://dev.aol.com/aim/oscar/#SNAC
"In general strings are not NULL terminated and are encoded using UTF8."
It also says
Authentication
Over the years, the AIM backend has supported several different
methods for authentication. ...
When a client collects the loginId and password for the user it
should not normalize them in any manner. It also should not
prevent the user from entering certain characters as the AIM
name space is constantly changing. For example, currently the
AIM name space is ASCII based, but in the future that may
change. In general, the client should not perform input
checking and instead allow the backend to reject bad values.
which also suggests not assuming ASCII.
So use ENC_UTF_8 in most cases.
For actual messages, it says:
An IM can be encoded in the following different forms:
Name Value Notes
ASCII 0 ANSI ASCII -- ISO 646
UNICODE 2 ISO 10646.USC-2 Unicode
LATIN_1 3 ISO 8859-1
so, if that's the case, the dissector should choose beween
ENC_ASCII|ENC_NA, ENC_UCS_2|ENC_appropriate_ENDIAN, and
ENC_ISO_8859_1|ENC_NA.
Use tvb_get_string_enc() with an encoding rather than tvb_get_string().
svn path=/trunk/; revision=54908
favor of the AIM dissector having its own private way of handing off to
subdissectors. Get rid of the subdissector table.
svn path=/trunk/; revision=53989
Now that "bytes consumed" can be determined, should tcp_dissect_pdus() take advantage of that?
Should tcp_dissect_pdus return length (bytes consumed)? There are many dissectors that just call tcp_dissect_pdus() then return tvb_length(tvb). Seems like that could all be rolled into one.
svn path=/trunk/; revision=53198