Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
Avoids malformed packet exception with certain unpadded values.
See also https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16386
|
|
Quick hack that allows me to debug DoH GET requests. See also
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14433
|
|
Support the POSIX tar format only and not other dialects.
|
|
Do not try to dissect its data as COFF, it could be something else.
|
|
|
|
Add Storage Classes dissection and fix for llvm-dlltool output which has
a large "//" archive member (longnames) that are newline-terminated
instead of null-terminated.
Tested against the output .lib file from LLVM 7.0.0-1:
llvm-dlltool -m i386:x86-64 -d libgnutls-30.def -l libgnutls-30.lib -D libgnutls-30.dll
|
|
Created in order to compare libgcrypt-20.dll.a as created by MinGW
versus libgcrypt-20.lib as created by MSVC.
Based on file-zip.lua.
|
|
And remove the unnecessary nothing() function, it was there to test a
crash issue.
|
|
Added in 2015-09-27, contains a minimal dissector that does not use
fields.
|
|
These were not supposed to be exposed in the actual filters, but are
used internally because a table value could not act as both a ProtoField
and a table of other ProtoFields.
|
|
The previous implementation took 8.9 seconds with this command:
tshark -Xlua_script:file-zip.lua -r TechnicLauncher.jar -Vx -ozip_archive.decompress:FALSE
If the signature was not optional, we could optimize and avoid a linear
search, using string.find with steps of four bytes on negative match.
This would take 5.6 seconds (but does not handle a missing signature).
The combined approach that first scans with string.find (assuming a
signature) and then falling back to a linear search (assuming no
signature) would take 14.4 seconds (terrible in the worst case).
So try another approach, doing a byte for byte search (as before), but
then delaying the signature check until the length is valid. This
improves the running time to 7.5 seconds.
|
|
Reduce time to process TechnicLauncher.jar from 20 to 9 seconds (ASAN
build with tshark -Vx) by reducing TvbRange allocations.
|
|
Allow decompression to be disabled for performance reasons.
|
|
Found also hints via http://unix.stackexchange.com/q/14705/8250
Anslysis of unix/unix.c was done on Info-ZIP 6.0.
|
|
System mappings are taken from the APPNOTE.
|
|
|
|
Finally parses dex2jar-2.0.zip now :-)
|
|
|
|
Jar magic found via
https://github.com/openjdk/jdk7-jdk/blob/f977378235c3f9a73b6f90980cbbcb3c78263c30/src/share/classes/java/util/jar/JarOutputStream.java#L103
|
|
Based on spec from
https://pkware.cachefly.net/webdocs/casestudies/APPNOTE.TXT
|
|
To be able to scan linearly, apply heuristics.
|
|
Well, this does not work because the actual data size is unknown... And
it turns out that you really have to parse the EoCD first, otherwise
.jar files cannot be parsed...
|
|
And also added missing fields for CD. Both were mostly scripted based on
the tables from Wikipedia.
|
|
|
|
|
|
Implemented a template for opening a file and making it available to
dissectors. For this, a FileHandler has been implemented which then
links with the MIME encapsulation type.
The "seek_read" issue mentioned in the comments should be fixed with
https://code.wireshark.org/review/19366
|
|
Last modified at 2015-12-08
|
|
GELF is a simple UDP protocol, every datagram is a gzipped JSON message.
This dissector demonstrates how one could decompress it and parse it as
JSON.
Does not support chunked format.
|