Added a new dissector for the Dynamic Source Routing (DSR) protocol (RFC 4728)
It should correctly dissect all DSR packets, including the "Flow State
Extension" DSR packets.
See Bug #10499 for capture file
Change-Id: Ie33a1a2fe095cab19d5abfbfa8e1c79fec664a35
Reviewed-on: https://code.wireshark.org/review/4251
Reviewed-by: Bill Meier <wmeier@newsguy.com>
If it is used, there is a modified file in git.
Fix this by only including the file if it exists.
Other changes:
- Rename the existing Custom files to CMakeListsCustom.txt.example.
- Move the plugins custom file to the top level (same level as its
including parent).
- Optionally allow a list of custom includes instead of the default one.
Change-Id: I8960eac6222f741c045055d43d1d5a2d4979caf6
Reviewed-on: https://code.wireshark.org/review/4163
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
S7 Communication is a Siemens proprietary protocol that runs between
programmable logic controllers (PLC) of the Siemens S7-300/400 family.
Dissector T.125 has to be disabled to let this dissector work.
Change-Id: I578cf270a4ae567f8e20dbabec1ce1e13fc08e6e
Reviewed-on: https://code.wireshark.org/review/3777
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
All credit for development should go Qiaoyin Yang
CP2179 protocol is a serial based protocol. The 2179 protocol is implemented with minor variations between vendors.
The RTAC implemented the 2179 client supporting a limited function codes and command codes. The RTAC doesn't support
multiple function codes in a single request and the dissector also doesn't support decoding these or corresponding responses.
Bug:10285
Change-Id: I217bf4185c52b0b183f69b3b5aa84613340d3944
Reviewed-on: https://code.wireshark.org/review/3089
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Use it in the MBMS synchronisation protocol dissector, rather than
calling tvb_get_ptr() there.
Change-Id: I7ddb3c6b30547826cb5372352c7c483d8a24dc8e
Reviewed-on: https://code.wireshark.org/review/3514
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have the wsutil routine just accumulate the stuff from the buffer handed
to us. Have the IUUP dissector deal with the extra stuff. Add a
update_crc10_by_bytes_tvb() routine, which is passed a tvbuff, offset,
and length, and use that rather than using tvb_get_ptr() in dissectors.
Change-Id: Iadd0823c764080e60d1339abb94d2e19150eabfe
Reviewed-on: https://code.wireshark.org/review/3509
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Wireshark already supports reading and writing logcat
logs saved in binary files. Binary format, although
better, is used less often than saving those logs to
text files.
This patch extends wireshark's support for android logcat
logs to reading and writing logcat logs in text files.
Features:
* support for tag, brief, process, thread, time, threadtime
and long formats
* saving in original format
* it's generally awesome
Change-Id: I013d6ac2da876d9a2b39b740219eb398d03830f6
Reviewed-on: https://code.wireshark.org/review/1802
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This is the first version of a Ceph dissector. It is not complete but
is far enough along to be helpful to many people working with Ceph.
Currently the dissector can fully dissect the Ceph protocol and has
support for full dissection of most common messages. For the other
messages for which full dissection is not available their metadata is
parsed and shown along with the raw data of the different message
sections.
Change-Id: Ic7917a3d01148c6fe2f9ea2c13ecd09ecc06c2d7
Reviewed-on: https://code.wireshark.org/review/1889
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Bug: 10282
Change-Id: Id3e53c53d024a74df0dfb5254e26d4594eb2e9a4
Reviewed-on: https://code.wireshark.org/review/3036
Reviewed-by: Michael Mann <mmann78@netscape.net>
Refactor (non-GUI) conversation table functionality from gtk/Qt to epan. Also refactor "common GUI" conversation table functionality.
The idea is to not have to modify the GUI when a dissector adds a new "conversation type"
Change-Id: I11f08d0d7edd631218663ba4b902c4a4c849acda
Reviewed-on: https://code.wireshark.org/review/3113
Reviewed-by: Gerald Combs <gerald@wireshark.org>
For each displayed packet list row, save a copy of or a pointer to
column strings similar to ui/gtk/packet_list_store.c. This lets us call
epan_dissect_run only once per row.
Bug: 9511
Change-Id: I17e8ebeb5ed70518c9047413c3b2a46f01e904ef
Reviewed-on: https://code.wireshark.org/review/2752
Reviewed-by: Anders Broman <a.broman58@gmail.com>
wsutil contains the only code that uses version.h; make the dependency
explicit, to see whether that fixes the current build issues with Debian
packaging.
Also, get rid of all *other* dependencies on gitversion.
Change-Id: I89fa5e4112633b83a1a7dfa349bc337e3688575f
Reviewed-on: https://code.wireshark.org/review/2823
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Profling SIP shows that gperf generated hashing code, is
3 times faster than using GHashTable & g_str_hash/_equal()
This result in about 1% improve of whole dissection (sip traffic with filter).
Change-Id: Id6bf64bacd872e2d1c30a1b6356db444b25ba326
Reviewed-on: https://code.wireshark.org/review/2116
Reviewed-by: Anders Broman <a.broman58@gmail.com>
bug: 6071
Change-Id: If7b544a762df10ffc13aeaf8886cf74a1757c37c
Reviewed-on: https://code.wireshark.org/review/2512
Tested-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
From Masatake YAMATO
changes in patch3 (Masatake YAMATO):
* Fix a typo(s/Sequnce/Sequence/)
* Use variable len instead of a number literal
* Put _U_ marker to length parameter of dissect_corosync_totemsrp_ip_address
* Use tvb_report_length instread of tvb_length
changes in patch5 (Masatake YAMATO):
* packet-corosync-totemsrp.c: Adapt to new dissector_try_heuristic interface
+ pass hdtbl_entry argument to dissector_try_heuristic.
* packet-corosync-totemnet.c: Initialize corosync_totemnet_port to 5405
changes in patch6 (Masatake YAMATO):
* packet-corosync-totemsrp.c: Use tvb_reported_length instead of tvb_length.
* packet-corosync-totemsrp.c: Remove unnecessary trailing space in string literals.
* packet-corosync-totemnet.c: Remove SVN Id tag in a comment.
changes in patch8 (Masatake YAMATO):
* packet-corosync-totemnet.c: Remove SVN Id tag in comment(again).
* packet-corosync-totemsrp.c: Use val_to_str_const instead of val_to_str.
changes in patch9 (Masatake YAMATO):
* wsutil/sober128.[ch]: New files derived from packet-corosync-totemnet.c.
Decryption code is moved here.
* packet-corosync-totemnet.c: Remove all decryption code from this file.
Change-Id: Id832d9c5ce1be1668c857c9bbf39e8a84c31880c
Reviewed-on: https://code.wireshark.org/review/725
Reviewed-by: Evan Huus <eapache@gmail.com>
Added KCS and TMode protocol dissectors.
Request/response logic has been revised.
Saved request data logic has been revised.
Added Get Message command response dissector.
Added missing PICMG command dissectors.
Added new PICMG command dissectors.
Added new PPS OEM command entries.
Added VITA 46.11 command dissectors.
From: Bill Meier:
- refs to value_strings/range_strings in hf[] entries, by convention, should use VALS/RVALS macros;
- refs to true_false_strings should use TFS(&...) macro.
also: true_false_string definitions should not be defined as arrays.
- remove some unneeded #includes (packet-ipmi.c).
- Do some re-indentation.
- Add editor-modelines as needed.
bug: 10004
Change-Id: Ib269b35784c0b70892d1e0111bcfb483ea64092c
Reviewed-on: https://code.wireshark.org/review/1185
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a dissector table for the 802.3 "slow protocols" subtype, split the
dissectors for those protocols into separate files, and have them
register in that dissector table.
Remove some unnecessary #includes while we're at it.
Change-Id: Ic36c9c255efdd348055fa4f21fd6cc094f74e378
Reviewed-on: https://code.wireshark.org/review/1891
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I8e20917ac08e2349caf330ee967d24d7c738bb71
Reviewed-on: https://code.wireshark.org/review/1815
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Add a dissector for pcap-ng file-type-specific blocks; it creates a
dissector table using the block type as the key, attempts to call the
appropriate dissector using that table, and does a minimal dissection if
that fails.
Change-Id: I67e139f06ba88d40faa5b4ab169e8df08f5bfe7b
Reviewed-on: https://code.wireshark.org/review/1784
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This doesn't appears to be "autogenerated", and it certainly isn't the biggest dissector even after the merge. This avoid file pollution, makes less non-static variables/functions and makes the check* scripts job easier.
Change-Id: If94857e4a3e602c3d45201b1aebbf466ba3e1dd1
Reviewed-on: https://code.wireshark.org/review/1597
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Evan Huus <eapache@gmail.com>
Described in:
Robertson, W., and Ross, P., Extending the Wireshark Network Protocol Analyser
to Decode Link 16 Tactical Data Link Messages, Defence Science and Technology
Organisation, January 2014. DSTO-TN-1257.
Change-Id: Ie4b1228ef112e56b3ab975d0c9254fa468b90cc2
Reviewed-on: https://code.wireshark.org/review/1551
Reviewed-by: Michael Mann <mmann78@netscape.net>
Instead of forcing developers to generate sminmpec.c (which will have
different results depending on the presence or absence of a working
Internet connection) add sminmpec.c back to the repository. I'll add
it to the weekly update-numbers script so that it will be updated at
the same time as manuf, services, enterprise-numbers, and usb.c.
Change the Autotools, CMake, and Nmake sminmpec.c target name to
"update-sminmpec".
Remove the mtime check from make-sminmpec.pl. Update enterprise-numbers
and sminmpec.c while we're here.
Tested with an in-tree Autotools build and an out-of-tree CMake build.
Change-Id: Iecc332ce2731e3e98ab0205a56c78807e599a026
Reviewed-on: https://code.wireshark.org/review/1516
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This dissector dissects MA USB Packets. It is capable of dissecting
Media Agnostic packets both in a TCP stream as well as packets sent
over SNAP (referred to in spec as "Raw Ethernet" mode).
Change-Id: I3ad4e1beb891f9c2835adff320095e7e738241eb
Signed-off-by: Sean O. Stalley <sean.stalley@intel.com>
Reviewed-on: https://code.wireshark.org/review/1252
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
For packet-scope allocation, there's no need to support realloc(), free()
cause memory will be garbage collected after packet dissection.
(and this allocator is much faster than full block allocator).
Change-Id: I73fdf708c3077f48f55bdcc71f4fa859e4ac2335
Reviewed-on: https://code.wireshark.org/review/1428
Reviewed-by: Anders Broman <a.broman58@gmail.com>
See IEEE Standard 802.3-2012 Section 5, Clause 65 and CableLabs DPoE
Security and Certificate Specification 1.0, Section 6.
Currently dissects 1G mode. 10G mode will be added when hardware is
available.
Change-Id: I6232af9bf6807644ef66a120d97e5fa5927988fe
Reviewed-on: https://code.wireshark.org/review/1284
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
it no longer has any warnings
This reverts commit 30c9f421c0.
Change-Id: I5cc71f905ffa4f00ffb44ad7d03b2684c2e44e38
Reviewed-on: https://code.wireshark.org/review/1316
Reviewed-by: Evan Huus <eapache@gmail.com>
As pointed out by David Ameiss, I only did automake the first time round.
Change-Id: Ie72ab5014d8f21d194d15af430c6c0a8a612f5f7
Reviewed-on: https://code.wireshark.org/review/1309
Reviewed-by: Evan Huus <eapache@gmail.com>
This has two expected uses:
- Many current users of wmem_tree don't actually need the predecessor lookup
it provides (the lookup_le function family). A hash map provides straight
insertion and lookup much more efficiently than a wmem_tree when predecessor
lookup isn't needed.
- Many current users of glib's hash table and hash functions use untrusted data
for keys, making them vulnerable to algorithmic complexity attacks. Care has
been taken to make this implementation secure against such attacks, so it
should be used whenever data is untrusted.
In my benchmarks it is measurably slower than GHashTable, but not excessively
so. Given the additional security it provides this seems like a reasonable
trade-off (and it is still faster than a wmem_tree).
Change-Id: I2d67a0d06029f14c153eaa42d5cfc774aefd9918
Reviewed-on: https://code.wireshark.org/review/1272
Reviewed-by: Evan Huus <eapache@gmail.com>