keyword and text are latin1 strings
Change-Id: I01637efa2ebf4d1e1a83f6001737066dc1258e6c
Reviewed-on: https://code.wireshark.org/review/913
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
It automatically works for LINKTYPE_PKTAP and, by default, for
LINKTYPE_USER2; if any other dissector is specified for LINKTYPE_USER2,
that dissector overrides PKTAP.
Change-Id: Ic00ac8a81c6101e45d638d337aef42df3920da12
Reviewed-on: https://code.wireshark.org/review/903
Reviewed-by: Evan Huus <eapache@gmail.com>
Added (hidden) dnp3.addr field set by both source and destination dnp3
addresses to allow easier filtering.
Change-Id: I04980c24c1b9f30a2ee5a0d5ea4ac32ae877504e
Reviewed-on: https://code.wireshark.org/review/908
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Graham Bloice <graham.bloice@trihedral.com>
In epan/proto.c in function proto_tree_add_split_bits_crumb, the
proto_tree_add_text function is called with one of its arguments
using ENC_BIG_ENDIAN, but it's not an argument for proto_tree_add_text
itself but instead a function being called inside it. checkAPIs.pl
tries to avoid this in check_proto_tree_add_XXX_encoding, by removing
parenthesis arguments, but in this acse there are newlines between
the arguments, causing the regex to not catch them. This commit
fixes the regex.
Change-Id: I70ef79d5436ba2ec04ffdc3d9939c7aa2cdf6a1f
Reviewed-on: https://code.wireshark.org/review/902
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Since tshark.c was using strdup, perror, and g_main_quit, changes to
the file won't pass checkAPIs; so this commit replaces those with
the approved functions; except strdup, which was unecessary.
Change-Id: I031aa44594f2b96960a45f48537ab4e9a10d34b1
Reviewed-on: https://code.wireshark.org/review/898
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Since proto.c was using strcat(), changes to the file won't pass checkAPIs.
So this commit replaces it with the appropriate function, and also replaces
the deprecated tvb_length_remaining and tvb_ensure_length_remaining function
calls with the new versions, since checkAPIs was warning about that too.
This commit does not change the ep_* memorry calls to the new wmem-based
ones though, as that's a bigger deal than this trivial commit I think.
Change-Id: I51e6d5b3a6e03233f2695c890ff4c10d02fdb0c0
Reviewed-on: https://code.wireshark.org/review/905
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
As the comment after the WTAP_ENCAP_ list says, "After adding new item
here, please also add new item to encap_table_base array".
Change-Id: I918603fa271978b3a81525466c5f4067efc7a783
Reviewed-on: https://code.wireshark.org/review/897
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Bugs fixed:
- col_...() should not be called under 'if (tree)';
- proto_reg_handoff_pdc(): pdc tcp.port preference change was handled incorrectly;
Minor changes:
- Move proto_reg_handoff...() to the end of the file as per convention;
- new_register_dissector...() call not needed;
- Remove some unneeded initializers;
- 'xxx++' ==> 'xxx += 1' in a few instances;
- widen a few variables (guint? ==> guint);
- Add XXX comment about possible simplification of the code;
- Remove unneeded #include <epan/reassemble.h>;
- Reformat hf[] entries for readability;
- Do whitespace changes;
Change-Id: Ib9224f0c6392a45c19656a63bbac97fbaf3acc08
Reviewed-on: https://code.wireshark.org/review/900
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Tested-by: Bill Meier <wmeier@newsguy.com>
Minor changes;
- Remove #include <epan/etypes.h>; It's not needed;
- Do some whitespace changes;
- Use tab-width=8 in editor modelines
Change-Id: I84a1c9bc814fae384c4d5a434c2f9aed865c76ae
Reviewed-on: https://code.wireshark.org/review/899
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Tested-by: Bill Meier <wmeier@newsguy.com>
(Using sed : sed -i '/^\*\* \$Id\$/,+1 d') (2 star and space)
Change-Id: I48505ffb8bfa103cd7db0117e18cdb1925a7034d
Reviewed-on: https://code.wireshark.org/review/884
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Last one $Id$ (remove by hand) to make checkAPI haapy !
Change-Id: I5adfdcac0629a36e08c5fe3ea7960bdbc251364f
Reviewed-on: https://code.wireshark.org/review/887
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(Using sed : sed -i '/^\# \$Id\$/,+1 d') (start with dash)
Change-Id: Ia4b5a6c2302f6a531f6a86c1ec3a2f8205c8c2dd
Reviewed-on: https://code.wireshark.org/review/881
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(Using sed : sed -i '/^ \$Id\$/,+1 d') (No star only 2 spaces before)
Change-Id: Id7b254031769a9dca2941304e4d3a0f4bdbc3f54
Reviewed-on: https://code.wireshark.org/review/883
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(Using sed : sed -i '/^\* \$Id\$/,+1 d') (no space before star)
Change-Id: I318968db2b8512ba1303b5fc5c624c66441658f0
Reviewed-on: https://code.wireshark.org/review/879
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(Using sed : sed -i '/^ \t$Id\$/,+0 d') (tab before $Id$)
Also modify generator (NDR.pm)
Change-Id: I348a1d129d1d1320bd80b428038ea5ed291d6ca8
Reviewed-on: https://code.wireshark.org/review/878
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(Using sed : sed -i '/^\$Id\$/,+1 d') (No space or star before $Id$)
Change-Id: I0801bd7cf234d32487008a8b6dcee64875b07688
Reviewed-on: https://code.wireshark.org/review/876
Reviewed-by: Evan Huus <eapache@gmail.com>
(Using sed : sed -i '/^ \* \$Id\$/,+1 d') (Double space between star and $Id$)
Change-Id: If9b8f345e3b6493de0b573600e60005c8b0b33c3
Reviewed-on: https://code.wireshark.org/review/877
Reviewed-by: Evan Huus <eapache@gmail.com>
7 SIP Messages
SIP is a text-based protocol and uses the UTF-8 charset
So use ENC_UTF_8|ENC_NA.
Change-Id: I0101eca3dd7d8ff9ebf98fd733548131b862919e
Reviewed-on: https://code.wireshark.org/review/890
Reviewed-by: Anders Broman <a.broman58@gmail.com>
With -Wunreachable-code flags (and disable for the moment -Wdocumentation)
Change-Id: I126c962b32e650a63b78092e95896736ae7335c9
Reviewed-on: https://code.wireshark.org/review/678
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
- 'is_valid_path' function has been corrected
- an OSC path is valid if:
- it consists of printable characters only
- does not contain ' ' and '#'
- characters '*' ',' '?' '[' ']' '{' '}' are valid, but have special meaning at the receiving end (used for pattern matching)
Change-Id: I4ff4308d0955da2ef377d606b7778819b97754a0
Reviewed-on: https://code.wireshark.org/review/868
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
- Add -b option to randpkt-test.sh and test-captures.sh;
- Create/ue a common function to do '-x' tests on files/dirs;
- Rename exit_error function to ws_exit_error
Change-Id: I032c9d784bec1fb6b0717aaad08a061e4d935476
Reviewed-on: https://code.wireshark.org/review/872
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Tested-by: Bill Meier <wmeier@newsguy.com>
When the '-Y' display filter option is given with a '-2', and a '-w' to write out
the packets, tshark grabs *all* dependent frames in the catprue file, even those
that weren't dependents of a matching packet. Note that this also uses the '-2'
two-pass option, since only two-pass mode writes out dependent frames to begin with.
Change-Id: I17726447bec434ba2566e98fb78893d1331e3056
Reviewed-on: https://code.wireshark.org/review/866
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Leave it there, but commented out, just in case it *should* be used.
"#if 0" out the code that sets it.
Change-Id: I8802fc416030106d9d8421b0d7b8612597794bab
Reviewed-on: https://code.wireshark.org/review/867
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The "48 bits, in a weird byte order" is a variant of 64-bit
"Corey-endian", with the upper 16 bits of the result - which are in the
*middle* of the bytes of the number - ignored. Define a pcorey48tohll()
macro and use that, rather than the loop.
There are a bunch of #defines for offsets in the headers; use them
rather than magic constants.
Change-Id: Idfdc8a741278d71a5db47c067914c97615c3e02d
Reviewed-on: https://code.wireshark.org/review/864
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We rarely know exactly how long a string will be, but we frequently have a good
lower bound (that's better than the default strbuf size of 16). Starting at that
size probably reduces the amount of allocation/copying needed.
Also make use of the new _finalize() method to save memory and avoid constness
problems.
Change-Id: I3f043bd12c1ccfce5990168fb6531ecd287bec5b
Reviewed-on: https://code.wireshark.org/review/856
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Evan Huus <eapache@gmail.com>
This is a tree implementation intended to replace the current red-black tree in
wmem_tree (which was inherited from emem), assuming there are no regressions.
Splay trees bubble recently accessed keys to the top, and as such have a number
of very nice properties: https://en.wikipedia.org/wiki/Splay_tree
This implementation is a variant known as "independent semi-splaying", which has
better practical performance. It should do about as well as the red-black tree
for random insertions and accesses, but somewhat better for patterned accesses
(such as accessing each key in order, or accessing certain keys very
frequently).
There are a few other changes relative to the red-black tree implementation that
are worth mentioning:
- Instead of requiring complex keys to be split into guint32 chunks and doing
this weird trick with sub-trees, I let the keys be arbitrary pointers and
allowed the user to specify an arbitrary comparison function. If the function
is NULL then the pointers are compared directly for the simple integer-key
case.
- Splay trees do not need to store a red-black colour flag for each node. It is
also much easier to do without the parent pointer in each node. And due to
the simpler system for complex keys, I was able to remove the "is_subtree"
boolean. As such, splay nodes are 12 bytes smaller on 32-bit platforms, and
16 bytes smaller on a 64-bit platform.
All done in about half the lines of code.
Change-Id: I89fb57e07d2bb7e3197190c7c2597b0c5adcc03b
Reviewed-on: https://code.wireshark.org/review/758
Reviewed-by: Evan Huus <eapache@gmail.com>
We should return if we've already somehow overflowed the apparent length, not
just if we've hit it dead on.
Fixes bug #9932 and probably others.
Change-Id: I2719c3bd38f03e18ea557df962ee4a1beb64c2e8
Reviewed-on: https://code.wireshark.org/review/862
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Bug Fixed: UDP heuristic wasn't properly setting the dissector
for the UDP conversation.
From https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9837#c3:
I did a little survey about alternative OSC transmission, but UDP.
As OSC is packet-based, it is tramitted raw via packet-oriented protocols (e.g. UDP).
For reliable stream-based protocols (TCP, USB), the raw OSC packet is
prefixed with the packets Int32 size as a packetization scheme.
For unreliable stream-based protocols (RS232 and other serial lines),
the raw OSC packet is SLIP and/or double SLIP encoded as packetization
scheme.
There was discussion in the past to make SLIP encoding the default for
all stream-based protocols, but apparently it has never been adopted
for any OSC via TCP implementation I've found in the web.
As OSC is used in networked Audio, most implementations run with the
Nagle algorithm disable, and send the prefixed length and the raw OSC
packet separately.
Change-Id: Ife690cc5ea0575c65124a7b441431e1cc6ba5091
Reviewed-on: https://code.wireshark.org/review/858
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Tested-by: Bill Meier <wmeier@newsguy.com>
Bill Meier