1. Make a "dissect_dictionary" function for the common dissection of the different primary header versions.
2. Remove some of the "dissection aborts" if sdnv values are bad. Detecting malformed packets can be a good thing.
3. Make fields that use a sdnv value filterable, with expert info if the value is bad.
svn path=/trunk/; revision=51365
1. Cleanly break out Convergence Layer Protocol (TCPCL) into its own (new-style) pure dissector.
2. Make Bundle dissection into a new style dissector and clean so that it can be called using call_disssector.
3. Use tcp_dissect_pdus for TCPCL protocol instead of "manual" while loop. This allows contact header to benefit from TCP fragmentation.
4. Make time fields use time field types so they can be filterable.
5. A few functions were move to remove need for static declaration at top of file.
6. Remove pri_hdr_procflags global variable.
Next up - making more fields filterable.
svn path=/trunk/; revision=51337
be done on flows from one address to another; reassembly for protocols
running atop TCP should be done on flows from one TCP endpoint to
another.
We do this by:
adding "reassembly table" as a data structure;
associating hash tables for both in-progress reassemblies and
completed reassemblies with that data structure (currently, not
all reassemblies use the latter; they might keep completed
reassemblies in the first table);
having functions to create and destroy keys in that table;
offering standard routines for doing address-based and
address-and-port-based flow processing, so that dissectors not
needing their own specialized flow processing can just use them.
This fixes some mis-reassemblies of NIS YPSERV YPALL responses (where
the second YPALL response is processed as if it were a continuation of
a previous response between different endpoints, even though said
response is already reassembled), and also allows the DCE RPC-specific
stuff to be moved out of epan/reassembly.c into the DCE RPC dissector.
svn path=/trunk/; revision=48491
(or at least the complaints from Valgrind; I couldn't reproduce the crash).
What part of:
~~~
* If you're thinking of using tvb_get_ptr, STOP WHAT YOU ARE DOING
* IMMEDIATELY. Go take a break. Consider that tvb_get_ptr hands you
* a raw, unprotected pointer that you can easily use to create a
* security vulnerability or otherwise crash Wireshark. Then consider
* that you can probably find a function elsewhere in this file that
* does exactly what you want in a much more safe and robust manner.
~~~
did someone not read?
Use tvb_get_ephemeral_stringz() instead of adding (apparently not sufficiently
checked!) offsets to the result of tvb_get_ptr() and assuming that the result
is a) in bounds and b) a NULL-terminated string.
svn path=/trunk/; revision=46577
The reassembled fragments tree in the Packet Details view is awesome, but it
lacks one thing: a field that exposes the reassembled data.
tcp.data already exists for exposing a single TCP segment's payload as a byte
array. It would be handy to have something similar for a single application
layer PDU when TCP segment reassembly is involved. I propose
tcp.reassembled.data, named and placed after the already existing field
tcp.reassembled.length.
My primary use case for this feature is outputting tcp.reassembled.data with
tshark for further processing with a script.
The attached patch implements this very feature. Because the reassembled
fragment tree code is general purpose, i.e. not specific to just TCP, any
dissector that relies upon it can add a similar field very cheaply. In that
vein I've also implemented ip.reassembled.data and ipv6.reassembled.data, which
expose reassembled fragment data as a single byte stream for IPv4 and IPv6,
respectively. All other protocols that use the reassembly code have been left
alone, other than inserting NULL into their initializer lists for the newly
introduced struct field reassemble.h:fragment_items.hf_reassembled_data.
svn path=/trunk/; revision=44802
(in some cases by changing proto_tree_add_item() to use
what appears to be the correct 'tree' arg);
Do whitespace cleanup.
svn path=/trunk/; revision=39772
1. If there's no character encoding (ENC_ASCII, ...) specified
then use ENC_ASCII.
2. For all but FT_UINT_STRING, always use ENC_NA
(replacing any existing True/1/FALSE/0
/ENC_BIG_ENDIAN/ENC_LITTLE_ENDIAN).
svn path=/trunk/; revision=39426
Specifically: Replace FALSE|0 and TRUE|1 by ENC_BIG_ENDIAN|ENC_LITTLE_ENDIAN as
the encoding parameter for proto_tree_add_item() calls which directly reference
an item in hf[] which has a type of:
FT_UINT8
FT_UINT16
FT_UINT24
FT_UINT32
FT_UINT64
FT_INT8
FT_INT16
FT_INT24
FT_INT32
FT_INT64
FT_FLOAT
FT_DOUBLE
svn path=/trunk/; revision=39288
Metadata Blocks in the bundle protocol (DTN) can contain EID references. These
are not considered by the current implementation and following blocks are
parsed wrong. The attached patch solves this bug and increment the offset as
much as needed to skip the EID references.
svn path=/trunk/; revision=38448
Also: Significant code rework including:
- Fix bug wherein a timestamp was incorrectly reported as being an Error;
- Replace many proto_tree_add_text()/proto_item_set_text() sequences each by a
single proto_tree_add_text().
- remove unneeded #include <string.h>
- Whitespace clanup including replacing mixed space/tab indentation by spaces.
svn path=/trunk/; revision=36437
keys to have _uint in their names, to match the routines that handle
dissector tables with string keys. (Using _port can confuse people into
thinking they're intended solely for use with TCP/UDP/etc. ports when,
in fact, they work better for things such as Ethernet types, where the
binding of particular values to particular protocols are a lot
stronger.)
svn path=/trunk/; revision=35224
argument indicating whether to include the time zone in the string. If
we're constructing a display filter, don't include the time zone,
otherwise do. Fixes bug 4756.
svn path=/trunk/; revision=32913
date as YYYY/DDD, where DDD is a 1-origin day of year. Move the formats
to a "time_fmt.h" file, included by the headers that use it. Have
abs_time_to_str() and abs_time_secs_to_str() take the date format value,
rather than a Boolean "show this as UTC" flag, as an argument. Document
the ABSOLUTE_TIME_ formats a bit better. Use that format in the CCSDS
and VCDU dissectors, rather than having those dissectors do the
formatting themselves.
svn path=/trunk/; revision=32034
indicating whether the time should be shown as local time or UTC. For
now, always pass FALSE, meaning "show as local time".
Clean up some stuff in the SNMP dissector, use abs_time_secs_to_str()
for times with one-second resolution, and update a comment in various
macros in the WSP dissector, while we're at it.
svn path=/trunk/; revision=31227
The primary header in bundle protocol contains some offset values(destination
scheme offset, destination ssp offset, source scheme offset, source ssp offset,
etc). These are the offsets within the dictionary if the length of the
dictionary length is greater than 0. But if the dictionary length is 0, then
these offset refer to node number and service number respectively(according to
compressed bundle header encoding). For example if destination scheme offset is
2 and the destination ssp offset is 1, then the destination
EID(<node_number>.<service_number>) is 2.1.
Currently the dtn dissector will consider these offsets to be actual offsets in
the dictionary even if the dictionary length is 0. So the values for the
EID's(destination, source, report, custodian) and their schemes are junk
values. For example if the destination scheme offset is 2 and the destination
ssp offset is 1 and the dictionary length is 0(which means the dictionary is
empty), then the destination scheme is 2 bytes after the beginning of the
metadata block(field after dictionary) and destination is 1 byte after the
beginning of the metadata block.
svn path=/trunk/; revision=30682
display_metadata_block() return 0 (meaning they failed to decode something and
the offset was not incremented) rather than checking if the resulting offset
is 0.
This fixes the infinite loop reported in:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4156
svn path=/trunk/; revision=30672