summaryrefslogtreecommitdiff
path: root/lua/file-zip.lua
AgeCommit message (Collapse)AuthorFilesLines
2020-04-01file-zip: parse mtime into a human-readable formPeter Wu1-4/+28
2016-12-22file-zip: remove "._" from field namesPeter Wu1-1/+1
These were not supposed to be exposed in the actual filters, but are used internally because a table value could not act as both a ProtoField and a table of other ProtoFields.
2016-12-22file-zip: further speed up DD searchPeter Wu1-14/+13
The previous implementation took 8.9 seconds with this command: tshark -Xlua_script:file-zip.lua -r TechnicLauncher.jar -Vx -ozip_archive.decompress:FALSE If the signature was not optional, we could optimize and avoid a linear search, using string.find with steps of four bytes on negative match. This would take 5.6 seconds (but does not handle a missing signature). The combined approach that first scans with string.find (assuming a signature) and then falling back to a linear search (assuming no signature) would take 14.4 seconds (terrible in the worst case). So try another approach, doing a byte for byte search (as before), but then delaying the signature check until the length is valid. This improves the running time to 7.5 seconds.
2016-12-22file-zip: speed up data descriptor scanningPeter Wu1-7/+7
Reduce time to process TechnicLauncher.jar from 20 to 9 seconds (ASAN build with tshark -Vx) by reducing TvbRange allocations.
2016-12-22file-zip: allow decompression to be disabledPeter Wu1-2/+4
Allow decompression to be disabled for performance reasons.
2016-12-22file-zip: decode External File AttributesPeter Wu1-2/+14
Found also hints via http://unix.stackexchange.com/q/14705/8250 Anslysis of unix/unix.c was done on Info-ZIP 6.0.
2016-12-21file-zip: decode version field, update referencesPeter Wu1-15/+57
System mappings are taken from the APPNOTE.
2016-12-21file-zip: Deflate decompression supportPeter Wu1-0/+9
2016-12-21file-zip.lua: fix data length readoutPeter Wu1-1/+1
Finally parses dex2jar-2.0.zip now :-)
2016-12-21file-zip: compr method and extra attrsPeter Wu1-2/+14
2016-12-21file-zip: recognize Extra data and Jar magicPeter Wu1-4/+22
Jar magic found via https://github.com/openjdk/jdk7-jdk/blob/f977378235c3f9a73b6f90980cbbcb3c78263c30/src/share/classes/java/util/jar/JarOutputStream.java#L103
2016-12-21zip-file: decode more flagsPeter Wu1-12/+37
Based on spec from https://pkware.cachefly.net/webdocs/casestudies/APPNOTE.TXT
2016-12-21file-zip: implement heuristics to find DDPeter Wu1-15/+51
To be able to scan linearly, apply heuristics.
2016-12-21file-zip: WIP for data descriptorPeter Wu1-12/+60
Well, this does not work because the actual data size is unknown... And it turns out that you really have to parse the EoCD first, otherwise .jar files cannot be parsed...
2016-12-21file-zip: implement End of Central Directory RecordPeter Wu1-3/+31
And also added missing fields for CD. Both were mostly scripted based on the tables from Wikipedia.
2016-12-21file-zip: implement Central Directory recordPeter Wu1-6/+60
2016-12-21file-zip: decode local file headerPeter Wu1-1/+104
2016-12-21file-zip: start of a Zip Archive file dissector for WiresharkPeter Wu1-0/+95
Implemented a template for opening a file and making it available to dissectors. For this, a FileHandler has been implemented which then links with the MIME encapsulation type. The "seek_read" issue mentioned in the comments should be fixed with https://code.wireshark.org/review/19366
generated by cgit v1.2.1 (git 2.18.0) at 2024-04-29 07:24:43 +0000