Create generic int/uint fill functions from hfinfo_[u]int_value_format.
XXX: to be honest I don't get it why if dev picked up BASE_DEC_HEX and has value string we're truncating it to BASE_DEC...
svn path=/trunk/; revision=50197
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3290
(TRY_TO_FAKE_THIS_ITEM disables bounds errors):
Before calling TRY_TO_FAKE_THIS_ITEM() check if the length given (or, in
the case of FT_UINT_{STRING,BYTES}, the length we retrieve from the TVB)
exceeds what's left in the TVB.
Do this only for proto_tree_add_item() for now (it's the most commonly used
and thus the biggest trouble maker in this area).
Similar changes for other APIs will come later (if nothing blows up). Despite
the fuzz failures this bug has caused I'm not sure about back-porting it...
svn path=/trunk/; revision=49644
Expert info "fields" can now be registered/addressed by name. Right now, the basic framework allows expert info fields to become "display filters". However more could be done, like user preferences overriding default severity level, speeding up expert info dialog load time by not needing to redissect a file, etc.
Long term goal is to have all expert_info filterable and have the functionality of expert_add_info_format() include the "registered index". expert_add_info_format_text() is the workaround until all current calls to expert_add_info_format() have been updated with either expert_add_info() or expert_add_info_format_text(). Then the remaining expert_add_info_format_text() will be renamed to expert_add_info_format().
svn path=/trunk/; revision=49559
Starting with collectd 5.0, the representation of time has changed. The new
fields "TIME_HR" and "INTERVAL_HR" contain the seconds since the epoch in steps
of 2^{-30} seconds (roughly nanosecond precision). This patch adds support for
both time formats.
From me:
Permit using 64-bit integers with value-strings, as this protocol actually
seems to needs it. We'll misbehave for named values > 2^32 but there aren't any
of those despite the field being 64 bits.
svn path=/trunk/; revision=49357
was done using textual search+replace, not anything syntax-aware, so presumably
it got most comments as well (except where there were typos).
Use a consistent coding style, and make proper use of the WS_DLL_* defines.
Group the functions appropriately in the header.
I ended up getting rid of most of the explanatory comments since many of them
duplicated what was in the value_string.c file (and were out of sync with the
recent updates I made to those in r48633). Presumably most of the comments
should be in the .h file not the .c file, but there's enough churn ahead that
it's not worth fixing yet.
Part of https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8467
svn path=/trunk/; revision=48634
glib memory slices.
- We weren't doing anything with the emem slab that couldn't be done with glib
slices.
- Removes a fair bit of code as well as one debugging environment variable.
- Glib slices are much cache-friendlier and are multi-threading friendly (if
we ever go there).
- Allows glib to actually return slices to the OS on occasion. The emem slab
would hold onto its memory forever which resulted in a great deal of wasted
memory after closing a large file.
svn path=/trunk/; revision=48218
This patch adds a new public API, proto_tree_add_bitmask_len(), identical to
proto_tree_add_bitmask() but using a caller-supplied length rather than an
inferred one. The underlying proto_item_add_bitmask_tree() code is modified
to display only fields for which all defined bits are available, and to
ignore bits that have no corresponding defined field ("forward compatibility"
cases).
From me: minor edits, see the bug for more details.
svn path=/trunk/; revision=48049
epan/show_exception.c, as it's used outside
epan/dissectors/packet-frame.c. Update their callers to include
<epan/show_exception.h> to get their declaration.
Add a CATCH_NONFATAL_ERRORS macro that catches all exceptions that, if
there's more stuff in the packet to dissect after the dissector call
that threw the exception, doesn't mean you shouldn't go ahead and
dissect that stuff. Use it in all those cases, including ones where
BoundsError was inappropriately being caught (you want those passed up
to the top level, so that the packet is reported as having been cut
short in the capture process).
Add a CATCH_BOUNDS_ERRORS macro that catches all exceptions that
correspond to running past the end of the data for a tvbuff; use it
rather than explicitly catching those exceptions individually, and
rather than just catching all exceptions (the only place that
DissectorError should be caught, for example, is at the top level, so
dissector bugs show up in the protocol tree).
Don't catch and then immediately rethrow exceptions without doing
anything else; just let the exceptions go up to the final catcher.
Use show_exception() to report non-fatal errors, rather than doing it
yourself.
If a dissector is called from Lua, catch all non-fatal errors and use
show_exception() to report them rather than catching only
ReportedBoundsError and adding a proto_malformed item.
Don't catch exceptions when constructing a trailer tvbuff in
packet-ieee8023.c - just construct it after the payload has been
dissected, and let whatever exceptions that throws be handled at the top
level.
Avoid some TRY/CATCH/ENDTRY cases by using checks such as
tvb_bytes_exist() before even looking in the tvbuff.
svn path=/trunk/; revision=47924
apply/match-related actions. Have matchSelectedFilter figure out our
filter strings, which lets us remove duplicate code in the apply/match
action slots. Remove some leftover code from an experiment.
Adjust the temporary message colors in the status bar and label stack.
Add a NULL check to construct_match_selected_string.
svn path=/trunk/; revision=46449
ABORT_ON_DISSECTOR_BUG is set and we pass MAX_TREE_ITEMS.
If ABORT_ON_DISSECTOR_BUG is set and we get an unregistered hf, generate
an explanatory message (and a core).
svn path=/trunk/; revision=46323
chapter 3 has redefined to mean years *after* 2036) were being represented as
times prior to 1968.
This has been broken since r35840 (apparently not many people see NTP
timestamps beyond 2036 :-)): apparently I over-optimized packet-ntp's code
while copying it into proto.c: that temporary variable is necessary for the
unsigned math to happen correctly before assigning the result to the (signed)
time_t.
Leave a comment in the code indicating why the temporary variable is needed.
Copy that comment to packet-ntp.c.
Fix the same problem in ntp_to_nstime(): it also did not use the temporary variable.
svn path=/trunk/; revision=45790
- initialize edt once in few places, and later reset it after dissecting
(add_packet_to_packet_list),
- revert r45667, probably no longer needed.
svn path=/trunk/; revision=45669
Don't pass string-related encoding flags to get_uint_value() when handling
FT_UINT_STRING fields. This was causing all such fields with non-ASCII
encodings to use little-endian encoding, even when OR-ed with ENC_BIG_ENDIAN.
(not actually the topic of the above bug, but discovered during LLRP protocol
testing, which was the topic of the above bug)
svn path=/trunk/; revision=44619
add an expert item. For unusable lengths throw ReportedBoundsError but
try to continue on otherwise.
Based on a patch from Mike Morrin in bug 3884.
svn path=/trunk/; revision=44439
lets us pass a NULL pinfo to expert_add_info_format() and
expert_add_undecoded_item(), which makes it possible to use those
routines deep in the bowels of many dissectors. As a proof of concept
remove the recent pinfo additions to packet-afp.c. This should also make
it easier to fix bug 3884.
svn path=/trunk/; revision=44435
Since the tree will only be NULL here if someone messed up in proto.c and
since pi will only be NULL if tree is NULL, assert out if either of them are
NULL (don't use DISSECTOR_ASSERT() since such a condition wouldn't be the
dissector writer's fault).
Use TRY_TO_FAKE_THIS_REPR in ptvcursor_add_text_with_subtree().
We've had TRY_TO_FAKE_THIS_REPR for a long time now, don't wrap it in #if 1.
new_field_info() doesn't return NULL so don't check for it returning NULL in
ptvcursor_add().
svn path=/trunk/; revision=44322
Note: this shows up when doing 'tshark -G values'.
BASE_EXT_STRING with a missing extended string does *not* cause issues
with the normal display code:
ToDo (eventually): Add some code to enforce requirement that hf[] entries with BASE_EXT_STRING
(or BASE_RANGE_STRING) set must also have a 'strings' value.
svn path=/trunk/; revision=43150
g_strlcpy() always return the size of strlen(src), so in case of truncation it could happen that offset_r > size or offset_e > size.
Fix it by adding new function protoo_strlcpy() which returns how many bytes was copied to dest buffer.
svn path=/trunk/; revision=42676
same, and that the routines to get "Unicode" strings are really doing
UCS-2 (and not doing anything about code values that aren't valid in
UCS-2 strings).
Have tvb_get_ephemeral_string_enc() separate cases for ASCII and UTF-8,
even though they're *currently* treated the same.
For FT_UINT_STRING, treat an encoding value of TRUE as meaning
"little-endian ASCII"; pass all other encodings through to
tvb_get_ephemeral_string_enc().
svn path=/trunk/; revision=42592
removes a potential buffer overflow and should fix a bunch of Coverity
errors mentioned in bug 6878.
We might want to do the same for no_of_bits.
svn path=/trunk/; revision=41945
The attached patches add the ability to dissect split bit-strings as discussed under bug 6797.
proto_tree_add_split_bits_ret_val()
proto_tree_add_split_bits_crumb()
svn path=/trunk/; revision=41246
descriptions. Captitalize and fix up the descriptions. Use its output to
create the field type list in the wireshark-filter man page.
svn path=/trunk/; revision=40306
OOPS: ',' in 'tpncp.fxs_ana,og_voltage_beading'
Now:
Invalid character ',' in filter name 'tpncp.fxs_ana,og_voltage_beading'
svn path=/trunk/; revision=40256
dissectors, because it does not work as expected and causes an assert.
Added generic splash updates for python register and handoff instead.
This should fix bug 5431.
svn path=/trunk/; revision=39221
make FT_STRING and FT_UINT_STRING handle string encodings.
Get rid of FT_EBCDIC in favor of FT_STRING with ENC_EBCDIC.
Add some URLs for DRDA.
Clean up some stuff in TN3270 and TN5250, including using ENC_ values
for proto_tree_add_item().
svn path=/trunk/; revision=37909
values, and use them in the MQ dissector, so EBCDIC strings are
displayed as such.
Fix up some other final arguments to proto_tree_add_item().
svn path=/trunk/; revision=37872
"You cannot just make the "len" field of a GByteArray larger, if there's
no data to back that length; you can only make it smaller."
Two equal values are always equal!
This fixes bug 5941.
svn path=/trunk/; revision=37783
any conflicting entries. i.e. lots of value_strings have repeated items, but
for now only warn for cases where the same numeric value appears with a
different string.
Because this will slow down startup and output distracting warnings, it has been
#if 0'd out for now. As discussed on the dev mailing list, it'd be good to
create a #define for developer/non-release builds so that tests such as this
can regularly be run.
svn path=/trunk/; revision=37274
* Remove proto_tree_add_eui64 function from 802.15.4 Dissector
* Replace print_eui64/print_eui64 by eui64_to_str/get_eui64_name
* Update Documentation (README.dev)
* Add new function in libwireshark.def
* Support of encoding for tvb_eui64_to_str
* Use FT_EUI64 for ICMPv6, CAPWAP, Zbee ... dissector
svn path=/trunk/; revision=37015
so that if the start_ptr is NULL the bytes are extracted from the given TVB
using the given offset and length.
Replace a bunch of:
proto_tree_add_bytes_format*(tree, hf, tvb, offset, length, tvb_get_ptr(tvb, offset, length), [...])
with:
proto_tree_add_bytes_format*(tree, hf, tvb, offset, length, NULL, [...])
svn path=/trunk/; revision=35896
orthogonal to the byte order.
This means that we can't just test for a non-zero encoding to determine
whether the format is big-endian or little-endian when we set the
field's endianness flag; instead, for the types where we accept any
non-zero value as meaning "litle-endian", map it to ENC_LITTLE_ENDIAN.
When we use ENC_TIME_NTP, OR in the byte order flag. While we're at it,
in the dissectors that used ENC_TIME_NTP, update all the other encoding
items in proto_tree_add_item() calls to use the appropriate ENC_ value.
svn path=/trunk/; revision=35841
an encoding of ENC_TIME_NTP.
This increases the number of decimal places shown for NTP times (from 6 to 9),
so round the value to the nearest microsecond. (I can't tell if NTP times are
ever more precise than a microsecond--this rounding is mainly to be closer to
the old behavior.)
Use proto_tree_add_item() for some NTP times.
svn path=/trunk/; revision=35840
- Allow direct access when a range of values begins with a value other than 0;
- Provide value_string_ext_new() for creating extended value strings at runtime;
- Do access to value_string_ext members via a macro (all but value_string.c);
- Update documentation.
svn path=/trunk/; revision=34514
We have some different fields using the same abbreviation (e.g "eth.dst"
used in both eth and tte), and this patch will fetch values from all fields.
When using occurrences the entries listed first is from the field registered
last when starting Wireshark, and not ordered from the occurrence in the
packet, but I don't see how we can easily fix this.
svn path=/trunk/; revision=34513
Limit the input field for occurrence to 4 characters to prevent an overflow.
Make sure "... as filter" does not result in an invalid filter string if all occurrences are displayed.
svn path=/trunk/; revision=34247
entry displaying a integer value. The resolved string can contain a space,
and our routines does not quote integer values, and A DEC_HEX/HEX_DEC
combination will never match.
svn path=/trunk/; revision=33315
va_start and va_end unless you're actually going to use the va_list"
(those bring the va_start and va_end closer to the use point, which
makes it a little more obvious that we're using <stdarg.h> correctly and
makes it a little harder to use it incorrectly).
svn path=/trunk/; revision=32963
"representation" - we already use "representation" to refer to the text
representation of fields.
Change some routines with an endianness argument to make it a
representation argument instead;
svn path=/trunk/; revision=32929
argument indicating whether to include the time zone in the string. If
we're constructing a display filter, don't include the time zone,
otherwise do. Fixes bug 4756.
svn path=/trunk/; revision=32913
the base_display_e enum.
Fix a couple of dissectors that were still using FT_ABSOLUTE_TIME with
BASE_NONE. (The time format chosen is based only on an attempt to not change
the behavior. I don't know that it's right.) One of these is built by Pidl.
I'll send a patch upstream too.
When checking hfinfos, display the absolute_time_display_e values too.
Display "bit count: X" instead of "unknown" when the display value doesn't
match one of the enumerated values.
svn path=/trunk/; revision=32552
(hopefully useful) explanation of what's wrong with his/her hfinfo field
rather than just asserting out.
So now instead of just getting a message saying aborted(core dumped), you can
get, for example:
22:31:54 Err Field 'Message in frame' (sccp.assoc.msg) is an FT_FRAMENUM and is BASE_DEC instead of BASE_NONE
*and* an abort(core dumped) (for those who want it).
svn path=/trunk/; revision=32549
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4422
From me: Fix a number of instances where the function prototype or
the function definition wasn't changed so there was a mismatch
thus causing Windows (but not gcc) compilation errors.
svn path=/trunk/; revision=32365
%#o instead of %o
This means that the value will be printed with a leading 0, which is the
standard way to denominate that a value is in base octal.
svn path=/trunk/; revision=32241
date as YYYY/DDD, where DDD is a 1-origin day of year. Move the formats
to a "time_fmt.h" file, included by the headers that use it. Have
abs_time_to_str() and abs_time_secs_to_str() take the date format value,
rather than a Boolean "show this as UTC" flag, as an argument. Document
the ABSOLUTE_TIME_ formats a bit better. Use that format in the CCSDS
and VCDU dissectors, rather than having those dissectors do the
formatting themselves.
svn path=/trunk/; revision=32034
ABSOLUTE_TIME_LOCAL or ABSOLUTE_TIME_UTC, indicating whether to display
the date/time in local time or UTC. (int)ABSOLUTE_TIME_LOCAL ==
(int)BASE_NONE, so there's no source or binary compatiblity issue,
although we might want to eliminate BASE_NONE at some point and have the
BASE_ values used with integral types start at 0, so that you can't
specify BASE_NONE for an integral field.
svn path=/trunk/; revision=31319
a mask to select the base_display_e value from a display field in a
header_field_info structure.
Never select that value by masking out the BASE_RANGE_STRING flag bit,
as that won't continue to work if more flag bits, or other bitfields,
are added. Instead, mask with BASE_DISPLAY_E_MASK.
Note that the base_display_e value and BASE_RANGE_STRING flag are only
for integral field types, and clarify what BASE_DISPLAY_E_MASK is.
Give at least one of the reasons why hiding protocol fields is not
considered a good idea.
svn path=/trunk/; revision=31249
indicating whether the time should be shown as local time or UTC. For
now, always pass FALSE, meaning "show as local time".
Clean up some stuff in the SNMP dissector, use abs_time_secs_to_str()
for times with one-second resolution, and update a comment in various
macros in the WSP dissector, while we're at it.
svn path=/trunk/; revision=31227
FT_NONE: Print nothing
FT_PROTOCOL: Print "Yes" if protocol exists in packet
FT_IPv6: Print address
The changes in r29551 made wireshark crash for this columns.
svn path=/trunk/; revision=31016
* Fix memleak (df->deprecated in dfilter_free())
* Free protocol hash tables on cleanup.
* Free protocols list on cleanup.
* Free memory allocated by fgetline() in parse_services_file()
From me:
* proto.c: set gmc_hfinfo to NULL after free
* proto.c: switch order of g_free() and g_list_remove() in proto_cleanup()
svn path=/trunk/; revision=29656
just commit this:
Change the checks for type FT_IPv6 to no longer require
a lenght of exaclty 16 bytes, but something between
0 and 16 bytes. That way, we can filter on prefixes
that do not provide the whole length of 16 bytes.
svn path=/trunk/; revision=29594
Jakub Zawadzki