This patch adds a new "ip.checksum_calculated" field that can be used
for display in a column.
Based on d7c4bde279 ("tcp: display
calculated checksum").
Change-Id: Ide5eb6640d51ded88b1df309092a0a3aaf482b03
Reviewed-on: https://code.wireshark.org/review/1676
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
This patch adds a new "udp.checksum_calculated" field that can be used
for display in a column or tshark.
Based on d7c4bde279 ("tcp: display
calculated checksum").
Change-Id: Iefcfd8395adeff7a3ac58a1bfff1a3c97976aa56
Reviewed-on: https://code.wireshark.org/review/1675
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
emem was exposed because of its memory limits trying to output PDML for a very large byte field in a capture file.
When converting from proto_construct_match_selected_string to fvalue_to_string_repr remember proto_construct_match_selected_string includes fieldname + value, not just value
bug:10081
Change-Id: I4fc6ea7fd1f63cff410207c8b30562771af40ada
Reviewed-on: https://code.wireshark.org/review/1578
Reviewed-by: Evan Huus <eapache@gmail.com>
Change-Id: I9bf53014d90857b7d71efbb09b5ceb708b3df6ca
Reviewed-on: https://code.wireshark.org/review/1683
Reviewed-by: Michael Mann <mmann78@netscape.net>
destination ports.
Change-Id: I490a716b7991d0d7dfcaecd722a267c77af2e776
Reviewed-on: https://code.wireshark.org/review/1682
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
We have callgrind benchmarks which shows that col_add_fstr() takes
5% of Ir count cause of formatting done in g_vsnprintf().
New col_add_lstr() can be used in few dissectors without much ugliness,
and it should be a little faster.
Change-Id: Ifddd951063dfd3a27c2a7da4dafce9b242c0472c
Reviewed-on: https://code.wireshark.org/review/1629
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
A line containing just "\n" will cause a buffer underrun.
Test:
tshark -r test/captures/sipmsg.log -X lua_script:test/lua/acme_file.lua -w /dev/null
Caught by ASAN.
Change-Id: Idf38f1af2b211101b3929ee3fbd83c54c99c1e21
Reviewed-on: https://code.wireshark.org/review/1673
Reviewed-by: Evan Huus <eapache@gmail.com>
wtap_dump_open() allocates an empty wtap_dumper struct such that
interface_data is not initialized. Fix this by adding the member back.
Regression from 3aee917058 ("wiretap:
remove unused code, drop number_of_interfaces").
Bug: 10113
Change-Id: Ia6259bf50b25d5e7aa837b0fb7396b07d5d3c72c
Reviewed-on: https://code.wireshark.org/review/1672
Reviewed-by: Evan Huus <eapache@gmail.com>
While investigating an ASAN issue (fixed in
commit dcdd076ab0), I got greatly confused
by three different types having the same "interface_data" field name:
* pcapng_t *pn stores an array of interface_data_t objects.
* wtap *wth stores an array of wtapng_if_descr_t objects.
* pcapng_dump_t should store an array of interface_data_t objects.
pcapng_dump_t and friends are unused since
commit c7f1a431d2, so drop it.
To fix the confusion, rename the interface_data_t type to
interface_info_t type and use the local variable "iface_info"
everywhere. Rename interface_data of pcapng_t to "interfaces" and
add a comment what this exactly means (interfaces listed in the capture
file).
Drop the number_of_interfaces field for interfaces as the array
length is already available from GArray. Now interface_data is always
initialized for wth (which also gets copied to idb).
s/int/guint/g and replace cast at some places.
There are no regressions for the in-tree test suite.
Change-Id: I2d5985c9f1e43f8230dbb4a73bd1e243c4858170
Reviewed-on: https://code.wireshark.org/review/1656
Reviewed-by: Evan Huus <eapache@gmail.com>
Tested-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
As Jakub pointed out, our +1/-1 logic for null terminators wasn't quite right.
Also be sure to re-copy the va_list parameter if we need to re-use it, as
otherwise things break oddly.
Change-Id: Ibeaa95af602f565791e9378a6cfce434f13025eb
Reviewed-on: https://code.wireshark.org/review/1670
Reviewed-by: Evan Huus <eapache@gmail.com>
- g_vsnprintf()[1] buffer size can includes space for terminating NUL,
this simplifies code, and fix problems with string truncation
- g_vsnprintf() returns number of bytes without terminating NUL, so we
need to do + 1
- second g_vsnprintf() call use already consumed 'ap2' va_arg, which
makes wmem_strdup_vprintf() doesn't work/ crash for FORMATTED string length > 80
[1] https://developer.gnome.org/glib/stable/glib-String-Utility-Functions.html#g-vsnprintf
Change-Id: I0ebb7f452e3e89c9b55f8ac889166f02e8a7c982
Reviewed-on: https://code.wireshark.org/review/1667
Reviewed-by: Michael Mann <mmann78@netscape.net>
That variable is only defined if we HAVE_LIBPCAP. Should fix OSX10.5 buildbot.
Change-Id: I0bafc48955ef4af3c0b8d9d7a35b1e8b27577d31
Reviewed-on: https://code.wireshark.org/review/1669
Reviewed-by: Evan Huus <eapache@gmail.com>
cost by more than half.
Change-Id: I6ad2ae407325d2091ffb60919cb3ed74f78f39fa
Reviewed-on: https://code.wireshark.org/review/1662
Reviewed-by: Anders Broman <a.broman58@gmail.com>
From Boaz
In IANA the two IPv4 protocols are defined:
35 IDPR Inter-Domain Policy Routing Protocol
45 IDRP Inter-Domain Routing Protocol
http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
However, in Wireshark, they are named:
{ IP_PROTO_IDPR, "Interdomain routing" }, /* 35 IDPR Inter-Domain Policy Routing Protocol [Martha_Steenstrup] */
{ IP_PROTO_IDRP, "IDRP" }, /* 45 IDRP Inter-Domain Routing Protocol [Sue_Hares] */
Which is somewhat confusing.
I think IDPR should be named "Inter-Domain Policy Routing".
And IDRP should be named "Inter-Domain Routing Protocol".
Change-Id: I69b34ea8d9b3169fd779357710edb44cfb5cb2b3
Reviewed-on: https://code.wireshark.org/review/1664
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Removed the additional "parseFields" layer as it was unnecessary and IMO ends up creating more work for a developer if they want to add additional filterable fields. That layer also hid the (large) number of unfilterable fields that were in the dissector that would normally be caught by counting the number of proto_tree_add_text function calls.
Change-Id: I6f9607938c2386de40bdd3dae652614f07dda31e
Reviewed-on: https://code.wireshark.org/review/1653
Reviewed-by: Peter Ross <peter.ross@rmit.edu.au>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Use wmem_array_append rather than wmem_array_append_one to make sure the pointer
types match up. _append_one automatically takes the address of its argument,
which causes problems if that argument is already a pointer.
Thanks to Alexis for catching this.
Change-Id: Ie702bb2c776f9fcf31bd64073c756edd75d888e8
Reviewed-on: https://code.wireshark.org/review/1657
Reviewed-by: Michael Mann <mmann78@netscape.net>
With this patch, wireshark dissects the Feature-List flags field in Gx message
and displays the name and value of each of Feature bit.
Change-Id: I18af8a133ae7db4da5a126a81521c474d1553719
Reference: 3GPP TS 29.212 V11.7.0, Section 5.4.1.
Reviewed-on: https://code.wireshark.org/review/1652
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Introduce a new tvb_ipxnet_to_string() routine to help that.
Change-Id: Icb27f7cdd6e6e7de67e765715e450063d7de6072
Reviewed-on: https://code.wireshark.org/review/1647
Reviewed-by: Guy Harris <guy@alum.mit.edu>
While debugging a network issue, I found incorrect TCP checksums. These
are shown in the packet details, but are not available as column. This
patch adds the "tcp.checksum_calculated" field which is only available
if a checksum can be calculated (i.e., checksumming is enabled and the
full segment is available).
The fields are added separately for each checksum case to make it appear
before "Checksum Bad/Good" and to avoid calculating the expected field
value for the "good" cases.
Change-Id: I36af7894d526382ef636c5fa51e74871212b2909
Reviewed-on: https://code.wireshark.org/review/1627
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Additional belated followup to gfe195c0c9 per conversation on -dev about the use
of -1 and when we should throw exceptions. See also g867a1827e7.
Should (in theory) permit reverting gfe195c0c9.
Bug:9999
Bug:10030
Change-Id: I56e5f4e5dc12fe82268243d0b113cfc9ff5fdd17
Reviewed-on: https://code.wireshark.org/review/1603
Reviewed-by: Anders Broman <a.broman58@gmail.com>
- Use length_remaining in tvb_find_line_end() rather than -1 it should
give a faster code path.
Change-Id: Ia6c289f1701add48429b25152db8a8e5cea9e053
Reviewed-on: https://code.wireshark.org/review/1632
Reviewed-by: Anders Broman <a.broman58@gmail.com>