A given protocol's packet format may depend, for example, on which
lower-level protocol is transporting the protocol in question. For
example, protocols that run atop both byte-stream protocols such as TCP
and TLS, and packet-oriented protocols such as UDP or DTLS, might begin
the packet with a length when running atop a byte-stream protocol, to
indicate where this packet ends and the next packet begins in the byte
stream, but not do so when running atop a packet-oriented protocol.
Dissectors can handle this in various ways:
For example, the dissector could attempt to determine the protocol over
which the packet was transported.
Unfortunately, many of those mechanisms do so by fetching data from the
packet_info structure, and many items in that structure act as global
variables, so that, for example, if there are two two PDUs for protocol
A inside a TCP segment, and the first protocol for PDU A contains a PDU
for protocol B, and protocol B's dissector, or a dissector it calls,
modifies the information in the packet_info structure so that it no
longer indicates that the parent protocol is TCP, the second PDU for
protocol A might not be correctly dissected.
Another such mechanism is to query the previous element in the layers
structure of the packet_info structure, which is a list of protocol IDs.
Unfortunately, that is not a list of earlier protocols in the protocol
stack, it's a list of earlier protocols in the dissection, which means
that, in the above example, when the second PDU for protocol A is
dissected, the list is {...,TCP,A,B,...,A}, which means that the
previous element in the list is not TCP, so, again, the second PDU for
protocol A will not be correctly dissected.
An alternative is to have multiple dissectors for the same protocol,
with the part of the protocol that's independent of the protocol
transporting the PDU being dissected by common code. Protocol B might
have an "over a byte-stream transport" dissector and an "over a packet
transport" dissector, with the first dissector being registered for use
over TCP and TLS and the other dissector being registered for use over
packet protocols. This mechanism, unlike the other mechanisms, is not
dependent on information in the packet_info structure that might be
affected by dissectors other than the one for the protocol that
transports protocol B.
Furthermore, in a LINKTYPE_WIRESHARK_UPPER_PDU pcap or pcapng packet for
protocol B, there might not be any information to indicate the protocol
that transports protocol B, so there would have to be separate
dissectors for protocol B, with separate names, so that a tag giving the
protocol name would differ for B-over-byte-stream and B-over-packets.
So:
We rename EXP_PDU_TAG_PROTO_NAME and EXP_PDU_TAG_HEUR_PROTO_NAME to
EXP_PDU_TAG_DISSECTOR_NAME and EXP_PDU_TAG_HEUR_DISSECTOR_NAME, to
emphasize that they are *not* protocol names, they are dissector names
(which has always been the case - if there's a protocol with that name,
but no dissector with that name, Wireshark will not be able to handle
the packet, as it will try to look up a dissector given that name and
fail).
We fix that exported PDU dissector to refer to those tags as dissector
names, not protocol names.
We update documentation to refer to them as DISSECTOR_NAME tags, not
PROTO_NAME tags. (If there is any documentation for this outside the
Wireshark source, it should be updated as well.)
We add comments for calls to dissector_handle_get_dissector_name() where
the dissector name is shown to the user, to indicate that it might be
that the protocol name should be used.
We update the TLS and DTLS dissectors to show the encapsulated protocol
as the string returned by dissector_handle_get_long_name(); as the
default is "Application Data", it appeaers that a descriptive name,
rather than a short API name, should be used. (We continue to use the
dissector name in debugging messages, to indicate which dissector was
called.)
Remove the redundant BASE_FLOAT field display type. The name
BASE_FLOAT is meaningless and the value aliased to BASE_NONE.
Require BASE_NONE instead of BASE_FLOAT (corresponding to
the printf() %g format).
Add new float display types using BASE_DEC, BASE_HEX and BASE_EXP
corresponfing to %f, %a and %e respectively.
Add support for BASE_CUSTOM with floats.
These display bases work to replace unprintable characters so the
name is a misnomer. In addition they are the same option and this
display behaviour is not something that is configurable.
This does not affect encodings because all our internal text strings
need to be valid UTF-8 and the source encoding is specified using
ENC_*.
Remove the assertion for valid UTF-8 in proto.c because
tvb_get_*_string() must return a valid UTF-8 string, always, and we
don't need to assert that, it is expensive.
For better or worse, currently, if you have a field that is broken into
bitfields, the top-level field must be integral, so the entire field's
value is shown. A case could be made that FT_NONE should be supported,
but that's not the case now.
Fixes issue #17505.
These were detected by running check_typed_item_calls.py
with --consecutive, which flags items that have different
labels but the same filter string. Usually this is because
of copy/paste.
Quite a few similar bugs still exist, will address in a future commit.
The static arrays are supposed to be arrays of const pointers to int,
not arrays of non-const pointers to const int.
Fixing that means some bugs (scribbling on what's *supposed* to be a
const array) will be caught (see packet-ieee80211-radiotap.c for
examples, the first of which inspired this change and the second of
which was discovered while testing compiles with this change), and
removes the need for some annoying casts.
Also make some of those arrays static while we're at it.
Update documentation and dissector-generator tools.
Change-Id: I789da5fc60aadc15797cefecfd9a9fbe9a130ccc
Reviewed-on: https://code.wireshark.org/review/37517
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Stop including glib.h in dissectors, this will come in implicitly with
packet.h including proto.h, an essential include file for dissectors.
While at it, config.h is no longer conditional and stdio.h is usually
not needed either. Some other cleanups too.
Change-Id: I60c12f16d7ef1e6398509293031ffed7460d2c61
Reviewed-on: https://code.wireshark.org/review/36969
Reviewed-by: Orgad Shaneh <orgads@gmail.com>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The BT ATT protocol dissector has a dissector table for the
`btatt.handle` field so that is is possible to register subdissectors.
But registrating the subdissector via `btatt.handle` field has no
effect. Instead, it has to be registered via `bluetooth.uuid` field.
In some cases, the BT ATT dissector doesn't call its subdissectors when
it is registered via `bluetooth.uuid` field: It is when no frame
connects the BT UUID to the handle.
This fix now calls the registered subdissector of the `btatt.handle`
field if any.
As an improvement, duplicate code could be removed for BT GATT
subdissectors because dissect_btgatt() extracts already the UUID from
the short name and then calls dissect_attribute_value().
The BT GATT subdissectors will be shown as subtree as before because its
implementation is in the same file. All other subdissectors will get its
own root tree as it is common for new protocol layers.
Bug: 16371
Change-Id: I99393e51e949a6488014f175c09a44743ce353a2
Reviewed-on: https://code.wireshark.org/review/36176
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Check the bluetooth_data pointer validity before using it for the
red-black tree key. It should be non nul when called from another
dissector, but it's not the case when you call btatt dissector
directly through a user DLT.
Bug: 16104
Change-Id: Ic572d639a8695b93102529a45b99ff6c3c7def03
Reviewed-on: https://code.wireshark.org/review/34948
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
Change all wireshark.org URLs to use https.
Fix some broken links while we're at it.
Change-Id: I161bf8eeca43b8027605acea666032da86f5ea1c
Reviewed-on: https://code.wireshark.org/review/34089
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The title of a decode_as_t was used by the GTK UI. It's no
longer required for Qt.
Change-Id: Ibd9d4acbe9cad2c1af520340d04e550326a97ebe
Reviewed-on: https://code.wireshark.org/review/33557
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add dissector for all messages of Bluetooth Mesh Foundation models.
Bug: 15797
Change-Id: Ife831fe24bbbcaf2e99c9bff69b24c0d4fe2d1de
Reviewed-on: https://code.wireshark.org/review/33361
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jonas Jonsson <jonas@ludd.ltu.se>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Added support for Bluetooth Mesh beacons
Added support for Bluetooth Mesh Provisioning protocol
Added support for Bluetooth Mesh Proxy protocol
Added support for Bluetooth Mesh PB-ADV provisioning bearer
Added support for Bluetooth Mesh PB-GATT provisioning bearer
Link to Bluetooth Mesh Profile specification
https://www.bluetooth.org/docman/handlers/downloaddoc.ashx?doc_id=457092
Bug: 15523
Change-Id: I408726c0bc7e1d81077539d451c2047f540dd865
Reviewed-on: https://code.wireshark.org/review/32076
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Make the time stamp precision a 4-bit bitfield, so, when combined with
the other bitfields, we have 32 bits. That means we put the flags at
the same structure level as the time stamp precision, so they can be
combined; that gets rid of an extra "flags." for references to the flags.
Put the two pointers next to each other, and after a multiple of 8 bytes
worth of other fields, so that there's no padding before or between them.
It's still not down to 64 bytes, which is the next lower power of 2, so
there's more work to do.
Change-Id: I6f3e9d9f6f48137bbee8f100c152d2c42adb8fbe
Reviewed-on: https://code.wireshark.org/review/31213
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add support for "FiTness Machine Service" characteristics:
- 0x2ADA Fitness Machine Status
Change-Id: Ifceae6aba9f1849d1b9f027e54953385c0d1a98c
Reviewed-on: https://code.wireshark.org/review/30042
Petri-Dish: Michal Labedzki <michal.labedzki@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Add support for "FiTness Machine Service" characteristics:
- 0x2AD4 Supported Speed Range
- 0x2AD5 Supported Inclination Range
- 0x2AD6 Supported Resistance Level Range
- 0x2AD7 Supported Heart Rate Range
- 0x2AD8 Supported Power Range
Change-Id: I4b34be8c6655510218cdeb776c0e00a956b2afe9
Reviewed-on: https://code.wireshark.org/review/29391
Petri-Dish: Michal Labedzki <michal.labedzki@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Display correct temperature unit for the Temperature Measurement Value.
Bug: 15058
Change-Id: I310c2fabfb1a824cb84f6f4182e881d7a22495cb
Reviewed-on: https://code.wireshark.org/review/29139
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
- 0x2A1F Temperature Celsius
- 0x2A20 Temperature Fahrenheit
- 0x2A2F Position 2D
- 0x2A30 Position 3D
- 0x2A3A Removable
- 0x2A3B Service Required
- 0x2A3C Scientific Temperature Celsius
- 0x2A3D String
- 0x2A3E Network Availability
- 0x2A57 Digital Output
- 0x2A59 Analog Output
Change-Id: I0c5bc4ba368c26edd600730ed62990abc9f4f1f9
Reviewed-on: https://code.wireshark.org/review/28956
Petri-Dish: Michal Labedzki <michal.labedzki@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The dissectors are registered using lower-case a through f; call them
that way.
XXX - why is this not just done with a dissector table with an unsigned
integer key?
Bug: 14994
Change-Id: I73dbfe8ea0cc3545d67f5315d3cd8ac1eee3385f
Reviewed-on: https://code.wireshark.org/review/28818
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Report a dissector bug, rather than calling the data dissector.
Change-Id: I7bde1001a48d2443acf2dc7caa83434e0972aab7
Reviewed-on: https://code.wireshark.org/review/28814
Reviewed-by: Guy Harris <guy@alum.mit.edu>
They're not guaranteed to have been registered.
Bug: 14994
Change-Id: I11c2b2d4d8a7dd020a0ef3d700b29b0859bc68ca
Reviewed-on: https://code.wireshark.org/review/28805
Reviewed-by: Guy Harris <guy@alum.mit.edu>
- 0x2A0B Exact Time 100
- 0x2A10 Secondary Time Zone
- 0x2A15 Time Broadcast
- 0x2A1A Battery Power State
- 0x2A1B Battery Level State
Change-Id: I857a8ff6e38b0093d2d746c789d8f33ec59eb553
Reviewed-on: https://code.wireshark.org/review/28553
Petri-Dish: Michal Labedzki <michal.labedzki@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Additional 65 characteristics to be done later.
Change-Id: Ic7d9a868619d26a49b8e322d1f9bde0ab3753319
Reviewed-on: https://code.wireshark.org/review/27361
Petri-Dish: Michal Labedzki <michal.labedzki@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Implement "usage" of those chatacteristics.
Change-Id: I708537909b89f29df19e3bbac339ee37e890f2d0
Reviewed-on: https://code.wireshark.org/review/27360
Petri-Dish: Michal Labedzki <michal.labedzki@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In order to simplify the display filter scanner, try to restrict the use
of dots ('.') in field names. Forbid leading dots, does not affect
current dissectors. Fix '..' typo in fpp dissector and forbid it. Forbid
trailing dots after fixing dissectors: some of them just have an excess
dot, others are missing a name after the dot.
Change-Id: I6e58a04ef0306ee8c16fbf6a3cabb076d7fc69c9
Reviewed-on: https://code.wireshark.org/review/26967
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. Use explicit cast from gint16 to gint then to gdouble
- I can understand my compiler - implicit cast is not explicit cast
2. Fix const cast by remove "const" from one field but add it whenever
possible in other places
Change-Id: Iab7401f972c40bca2df58f91b89e29cf2d7cf11b
Reviewed-on: https://code.wireshark.org/review/26917
Petri-Dish: Michal Labedzki <michal.labedzki@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michal Labedzki <michal.labedzki@wireshark.org>
Add 8-bit, 16-bit, 24-bit, and 32-bit "fetch signed value" routines, and
use them rather than casting the result of the 8/16/24/32-bit "fetch
unsigned value" routines to a signed type (which, BTW, isn't sufficient
for 24-bit values, so this appears to fix a bug
in epan/dissectors/packet-zbee-zcl.c).
Use numbers rather than sizeof()s in various tvb_get_ routines.
Change-Id: I0e48a57fac9f70fe42de815c3fa915f1592548bd
Reviewed-on: https://code.wireshark.org/review/26844
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Updated on 31st March 2018:
- UUIDs
- Company Ids
- links to Assign Numbers
- change of "Bond Management Feature" to (..) Features seems to be mistake,
so I ignore it, but fix btatt name of this characteristic
Change-Id: If76148c70276017647f5d3de000be112de102988
Reviewed-on: https://code.wireshark.org/review/26696
Petri-Dish: Michal Labedzki <michal.labedzki@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Do not add two "Handle:" in COL_INFO for opcode "Error Response".
Change-Id: I13dd5fc3bbef1762c2e868dfe885fa5d6437412e
Reviewed-on: https://code.wireshark.org/review/25152
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Do not add custom UUID dissectors to the DecodeAs "btatt.handle"
table because it does not work to DecodeAs this attributes using
the "BT ATT Handle" field.
This removes some of the artificial protocols which is generated
from BT attributes, and avoids adding new ones when extending
the custom UUID dissection support.
Change-Id: I8384a56b49cac2ea64508470d67c67b6ec7cd13e
Reviewed-on: https://code.wireshark.org/review/25107
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Correct include patch for packet-lldp.c
Change-Id: I5e2a267943ccd39616ef323848104fdba23c8f38
Reviewed-on: https://code.wireshark.org/review/24009
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>