Age | Commit message (Collapse) | Author | Files | Lines |
|
This makes sure that postdissectors that indicate that they need certain
fields in the first pass will get them.
While we're at it:
Fix the field-fetching code in TRANSUM not to assume it got any
instances of the field being fetched.
Rename process_packet_first_pass() in sharkd to process_packet(), as
it's the only routine in sharkd that processes packets.
Rename process_packet() in tshark and tfshark to
process_packet_single_pass(), as it's what's used if we're only doing
one-pass analysis.
Clean up comments and whitespace.
Change-Id: I3769af952c66f5ca4b68002ad6213858ab9cab9b
Reviewed-on: https://code.wireshark.org/review/21063
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
bugfixes.
Change-Id: I7c42ddabea263bb15178a71014b6e25eb690cc4c
Reviewed-on: https://code.wireshark.org/review/21042
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Pacify macOS buildbot
Change-Id: I60bdb0ca7b9a1456d6fe12879dec61c5dff19e53
Reviewed-on: https://code.wireshark.org/review/21039
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Problem: the "Apply as filter" option in the Endpoints dialog creates
the "INVALID==11:22:33:44:55:66" filter for IEEE 802.11 packets.
Since dissect_ieee80211_common initialises the address "whdr->src" and
"whdr->dst" fields using the "wlan_address_type" type, we have to do the
same in "wlan_host_get_filter_type". While at it, remove the check for
AT_ETHER since these will never match.
Change-Id: I43f9298adfa406ea37a383187137e3e0c1f8733d
Reviewed-on: https://code.wireshark.org/review/21015
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
It's sufficient to include <epan/proto.h>...
...as long as <epan/proto.h> includes <epan/tfs.h>, just as it includes
<epan/value_string.h>.
And, since it's already including <epan/value_string.h>, it doesn't need
to have a definition of struct _value_string as an incomplete type,
given that <epan/value_string.h> gives a definition of it as a complete
type.
Change-Id: Ic296bc0b0d68277ba7e0569412b780fd847ecca2
Reviewed-on: https://code.wireshark.org/review/21033
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I11d60b4405f4fde039affcdeebb13a3ceb2aded6
Reviewed-on: https://code.wireshark.org/review/20428
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I68ca00c970828311392565882bd7e4803df9818a
Reviewed-on: https://code.wireshark.org/review/21032
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
XXX_prime_with_YYY makes it a bit clearer than does XXX_prime_YYY that
we're not priming YYY, we're priming XXX *using* YYY.
Change-Id: I1686b8b5469bc0f0bd6db8551fb6301776a1b133
Reviewed-on: https://code.wireshark.org/review/21031
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Currently, this is only used to determine whether a protocol tree needs
to be built on the first pass or not - if there are postdissectors that
need fields, it does - but eventually we should be able to use it to
prime the dissection to deliver those fields in cases where we don't
need the *entire* protocol tree (rather than using a hack such as
cooking up a fake tap with a fake filter to do that).
Update MATE and TRANSUM to use it.
Clean up code to check whether we need a protocol tree, and add comments
before that code indicating, in each case, what the criteria are.
The array of postdissectors includes a length, so we don't need to
separately keep track of the number of postdissectors.
Clean up indentation while we're at it.
Change-Id: I71d4025848206d144bc54cc82941089a50e80ab7
Reviewed-on: https://code.wireshark.org/review/21029
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
The Windows builds (using msbuild) fail sporadically when building
documentation (target developer_guides). The problem is that the targets
"developer_guide_pdf_a4" and "developer_guide_html" both depend on
developer-guide.xml and msbuild does not notice that the file has
already been generated by the generate_developer-guide.xml target.
For a discussion of the problem, see
https://gitlab.kitware.com/cmake/cmake/issues/16767
To fix this, remove the "developer-guide.xml" dependency from
"developer_guide_xyz" (to prevent these targets from triggering building
"developer-guide.xml"). Instead, depend on a generated
"developer-guide.xml-stamp" file which is created by the
"generate_developer-guide.xml" target (but do *not* add it as output of
this target, otherwise we will have the original problem again).
This workaround is restricted to the MSVC generators because otherwise
it would trigger a CMP0058 policy warning when used with Ninja.
Change-Id: Idb3975cde35be2601b038a500d4886bbd3a684d7
Reviewed-on: https://code.wireshark.org/review/20812
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Bug: 13581
Change-Id: I8b9f2df47fabb25d8851debc616fee1091d49f31
Reviewed-on: https://code.wireshark.org/review/21018
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Bug: 13578
Change-Id: I92892a74adea49b71670b4dca57dd52e13537bd5
Reviewed-on: https://code.wireshark.org/review/21019
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Bug: 13576
Change-Id: I9a0f6c6b682877ed7b5ce4b6b249d4aa4034096a
Reviewed-on: https://code.wireshark.org/review/21020
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Bug: 13580
Change-Id: I4861c9b69bafe72ecb44e57c9be393506fb9715b
Reviewed-on: https://code.wireshark.org/review/21021
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
When preferences are modified, these must be marked to ensure that the
"prefs_changed" callback for Lua dissectors is invoked.
Bug: 13536
Change-Id: Ib93b2920ebefbc1532d3c6cd097f802a45ec6f35
Reviewed-on: https://code.wireshark.org/review/21016
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Ib4c7cee28586a9506b94f4cd28ed6417809f76ce
Reviewed-on: https://code.wireshark.org/review/20952
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This seems to be working for clang, but with gcc bssid_broadcast.data
don't have FFs, and is_broadcast_bssid() fails.
Change-Id: I69bdd91fe1838ab1f2a22a082a460c6cb3e34616
Reviewed-on: https://code.wireshark.org/review/20989
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: If0c9dd3f3ca2321aaf9176330299a32f611d34ce
Reviewed-on: https://code.wireshark.org/review/20990
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Bug: 13572
Change-Id: Ieb1b972f95bc5c445597dd9aa2a0d8e7e9985238
Reviewed-on: https://code.wireshark.org/review/21013
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
For consistency with other netlink dissectors, the file is named
"netlink-generic", but the short protocol name is "genl" for brevity.
Ping-Bug: 13561
Change-Id: I6f94454f8366467fd833c3e57364c515aee9e86f
Reviewed-on: https://code.wireshark.org/review/20875
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
[-Werror=duplicated-branches] found by gcc7
Change-Id: Ia2cca91f03f312b0163848917f04bb5e17baf876
Reviewed-on: https://code.wireshark.org/review/20692
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
- Change internal variables to have shorter and explicit name
- Add extra item to perform filtering
Change-Id: I84a55540d552ffba6c935eb0bc2d24b7859be1b6
Reviewed-on: https://code.wireshark.org/review/20928
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
proto_tree_add_checksum uses expert info and shouldn't be
"NULL tree protected"
Change-Id: If8a367c2be69252e9c6613329b7f78ad7e1e34eb
Ping-Bug: 13586
Reviewed-on: https://code.wireshark.org/review/21012
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
s. https://tools.ietf.org/html/rfc6790#section-5.1
Bug: 13584
Change-Id: I1271b154960d7c46f9d0776a431beab3290c2871
Reviewed-on: https://code.wireshark.org/review/21007
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Additional dissectors for Mesh Link Establishment (MLE) and Thread CoAP
TMF messages. MLE is also used in ZigBee IP.
Change-Id: I5b9c224d7df48855b79ccac67dca7661a51d0a9b
Bug: 13495
Reviewed-on: https://code.wireshark.org/review/20594
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
BASE_VALS_NO_UNKNOWN is a special value_string value for only a single
(maybe 2) numerical value(s). If a field has the numerical value
that doesn't match anything in the value_string, just the number
is supplied for the field (no "Unknown")
Dissectors that had this use case have been converted in the patch.
Change-Id: Ie63a36cceec2fe4436938ec7e3d7f9e690d2b8d9
Reviewed-on: https://code.wireshark.org/review/20736
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Enhancements to security processing add support for Thread, MLE and ZigBee
IP. Thread and ZigBee IP use a hash for key derivation for MAC and MLE
security processing. Thread additionally uses a sequence counter.
Ping-Bug: 13495
Change-Id: Ib8351b21e5615cd44880f5126f59fd0dc0a11742
Reviewed-on: https://code.wireshark.org/review/20585
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
array length
Bug: 13559
Change-Id: I612a7e2c104603a0aa14a0775bf9b8d247069398
Reviewed-on: https://code.wireshark.org/review/20992
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Otherwise you can have put multiple lines in the info column when a
packet is wrongly identified as RTPproxy (TCP connection using the
default RTPproxy port for example)
Bug: 13582
Change-Id: I817f67d5fc8c0d5f9d252f0f949af715bfc0ef56
Reviewed-on: https://code.wireshark.org/review/21000
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Lemenkov <lemenkov@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Change-Id: I62c04933fa0f80c2e4af8a885554328cc9fc50a7
Reviewed-on: https://code.wireshark.org/review/20995
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
The tvb length must be checked before trying to read 2 bytes
Bug: 13577
Change-Id: I8ba8320b3a0a96239e52a36bc09bb6b41e65a657
Reviewed-on: https://code.wireshark.org/review/20991
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Regression introduced in gcf7979c
Bug: 13579
Change-Id: Ia2c0d95eec45937ffcdbee52022466a30ebab1f8
Reviewed-on: https://code.wireshark.org/review/20988
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I874ce616ef2b3d7eac0d7b034c83c0b7ac8ac731
Reviewed-on: https://code.wireshark.org/review/20987
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I7a20dd07b378dbd27122b3a92b1bfa9bdb5b5d4d
Reviewed-on: https://code.wireshark.org/review/20986
Reviewed-by: Nicolas BERTIN <nicolas.bertin@al-enterprise.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
[-Werror=implicit-fallthrough] found by gcc7
Change-Id: Id18a0879114f11acb1db8dea8d94a1fb845b5e58
Reviewed-on: https://code.wireshark.org/review/20993
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
found by gcc7
and add also a missing (optional) break after default
Change-Id: I03d594db4702ccb4ebab3fca6b071d323e7f8d39
Reviewed-on: https://code.wireshark.org/review/20994
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Change-Id: I296c032a48c103e32fe886a317fddf7a52bff6c9
Signed-off-by: Alistair Leslie-Hughes <leslie_alistair@hotmail.com>
Reviewed-on: https://code.wireshark.org/review/20959
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Add protocol to tree without carriage return / newline bytes
Bug: 13574
Change-Id: I757a0a3b034943da7f42557a96cdb10a45627dc7
Reviewed-on: https://code.wireshark.org/review/20981
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
That way, nothing using libwireshark needs to know what settings need to
be loaded, they just call epan_load_settings().
Change-Id: I9390e259e286fc4f5acaeaac2767e4c3c4b656af
Reviewed-on: https://code.wireshark.org/review/20983
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I4d9582661f2f1728d400eeb2a1b1dea98f32ce7f
Reviewed-on: https://code.wireshark.org/review/20982
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
While "cmake -DENABLE_CHM_GUIDES=ON" succeeds on Linux, the actual build
fails. Since the default for ENABLE_CHM_GUIDES is OFF, let's fail early
when ENABLE_CHM_GUIDES is requested.
When hcc.exe is found, do report the package as available.
Change-Id: If6fc3eb18f1150c251e2886f1f16277669f8ec25
Reviewed-on: https://code.wireshark.org/review/20811
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
|
|
Update manuf, services enterprise-numbers, translations, and other items.
Change-Id: I147cbfa4c9cca70ad581d2e3c149473afd243086
Reviewed-on: https://code.wireshark.org/review/20978
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Change-Id: Ic469517dc414e1eb62b27b6d2b0b0a7837790bf9
Reviewed-on: https://code.wireshark.org/review/20975
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
It doesn't belong in libwireshark, as it doesn't affect dissection, but
it *does* belong in libui, as it's helper code for the UIs.
Change-Id: I8a5e0640a299a08e9ec1917dd253197438ebfdbc
Reviewed-on: https://code.wireshark.org/review/20974
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
No need to duplicate it in N different programs.
Update comments while we're at it.
Change-Id: I3096cbe5448a19363eff6303bdd54e522dae9336
Reviewed-on: https://code.wireshark.org/review/20973
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I993133931af222c94f4a8814583fef97e49542ca
Reviewed-on: https://code.wireshark.org/review/20972
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I3c1e4080c28d0d14eaf7ecfb5540c53f8736703c
Reviewed-on: https://code.wireshark.org/review/20971
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
It's identical in the GTK+ and Qt UIs, and it should just be done in
libwireshark.
Rename some routines to just speak of enabled_and_disabled_lists, so we
don't have to say enabled_and_disabled_protos_and_heuristic_dissectors
or something such as that.
Clean up indentation.
Change-Id: Ief2e612d9e1b60d8d0123b6bd3409dce5faf6495
Reviewed-on: https://code.wireshark.org/review/20970
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Let subdissectors handle parsing and addition of the Netlink header
instead of doing this before calling subdissectors. After this patch:
- Protocol filters like "netlink-netfilter" can be used to match
packets (previously only a text item was added to the tree).
- Subdissectors have more freedom in modifying the type field, so now
it shows the correct type directly rather than "Message type:
Protocol-specific".
- netfilter: the type fields are now actually linked to a tvb,
previously it was linked to a NULL tvb.
- netfilter: fix unintended rejection of packets (the length should
have been added to the offset, otherwise it would fallback to the
data dissector).
- Now subdissectors will not be called for control messages (so the
netlink-conntrack.pcap sample now shows "Netlink" instead of "Netlink
route" for the "End of dump" control message).
Change-Id: I2ab1bef91fb0080664195b281a6a45c9702914e5
Reviewed-on: https://code.wireshark.org/review/20910
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
From https://wiki.linuxfoundation.org/networking/generic_netlink_howto
"Arrays can be represented by using a single nested attribute as a
container with several of the same attribute type inside each
representing a spot in the array."
This patch adds a helper function to dissect such a type (it will be
used by Generic Netlink for CTRL_ATTR_OPS and CTRL_ATTR_MCAST_GROUPS).
Change-Id: I60537712f7fb0f9d4fb8850c6c8eef590635f49f
Reviewed-on: https://code.wireshark.org/review/20903
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|