Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
These were not supposed to be exposed in the actual filters, but are
used internally because a table value could not act as both a ProtoField
and a table of other ProtoFields.
|
|
The previous implementation took 8.9 seconds with this command:
tshark -Xlua_script:file-zip.lua -r TechnicLauncher.jar -Vx -ozip_archive.decompress:FALSE
If the signature was not optional, we could optimize and avoid a linear
search, using string.find with steps of four bytes on negative match.
This would take 5.6 seconds (but does not handle a missing signature).
The combined approach that first scans with string.find (assuming a
signature) and then falling back to a linear search (assuming no
signature) would take 14.4 seconds (terrible in the worst case).
So try another approach, doing a byte for byte search (as before), but
then delaying the signature check until the length is valid. This
improves the running time to 7.5 seconds.
|
|
Reduce time to process TechnicLauncher.jar from 20 to 9 seconds (ASAN
build with tshark -Vx) by reducing TvbRange allocations.
|
|
Allow decompression to be disabled for performance reasons.
|
|
Found also hints via http://unix.stackexchange.com/q/14705/8250
Anslysis of unix/unix.c was done on Info-ZIP 6.0.
|
|
System mappings are taken from the APPNOTE.
|
|
|
|
Finally parses dex2jar-2.0.zip now :-)
|
|
|
|
Jar magic found via
https://github.com/openjdk/jdk7-jdk/blob/f977378235c3f9a73b6f90980cbbcb3c78263c30/src/share/classes/java/util/jar/JarOutputStream.java#L103
|
|
Based on spec from
https://pkware.cachefly.net/webdocs/casestudies/APPNOTE.TXT
|
|
To be able to scan linearly, apply heuristics.
|
|
Well, this does not work because the actual data size is unknown... And
it turns out that you really have to parse the EoCD first, otherwise
.jar files cannot be parsed...
|
|
And also added missing fields for CD. Both were mostly scripted based on
the tables from Wikipedia.
|
|
|
|
|
|
Implemented a template for opening a file and making it available to
dissectors. For this, a FileHandler has been implemented which then
links with the MIME encapsulation type.
The "seek_read" issue mentioned in the comments should be fixed with
https://code.wireshark.org/review/19366
|