Age | Commit message (Collapse) | Author | Files | Lines |
|
Return value "-1" means that more data is requested. The dissector
actually doesn't have any idea what to do with the data, so just return
the data dissected so far.
tcp stream 3182 from c05-http-reply-r1.pcap (SampleCaptures) was
incorrectly detected as MIKEY, it was actually HTTP...
Change-Id: Idca3d3e2f85e821df70436a675699b5834236f89
Reviewed-on: https://code.wireshark.org/review/2887
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
uint16 & 0xFF00 will always equal 0. Use tvb_get_guint8 instead. Convert
from tvb_length to tvb_captured_length.
Fix the return value of dissectors, 0 means reject but that cannot be
combined with reassembly requests.
Change-Id: I5fca66e2e809699392237aff5813eecdfb15857f
Reviewed-on: https://code.wireshark.org/review/2885
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
Change-Id: Idc1a85851a01b5b675465b659871cdf750845ace
Reviewed-on: https://code.wireshark.org/review/2890
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Fixes a good 80-90KB of leaks in certain cases.
Bug: 10261
Change-Id: I81d57ac67219e730b03649b9fdfc2306807bdb97
Reviewed-on: https://code.wireshark.org/review/2879
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: Ia2567695ffed30c990eda3740b08bfab101cea96
Reviewed-on: https://code.wireshark.org/review/2883
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
The pStr argument to dissect_mq_charv() isn't modified (and always
points to a character string), so make it a "const char *", and
eliminate the casts to "guint8 *" in calls to it.
Change-Id: I21dad38c41324528be297a8ddc1854beff2276db
Reviewed-on: https://code.wireshark.org/review/2877
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
BYTE2WORD() doesn't modify what its argument points to, so make that
argument a const unsigned char *.
This lets us get rid of casts that cast away constness.
Change-Id: I44a58bd3d75fc77a022b7e8f7fa9b43990bcf81c
Reviewed-on: https://code.wireshark.org/review/2876
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Instead of calling the grep/sed pipelines for each file, build the
list of files in the beginning and call each pipeline only once,
passing the list to the first grep.
This results in a massive speedup in Cygwin; in my test, the time
it takes to run make-dissector-reg . dissectors packet-*.c in dissectors/epan
is reduced from ~116 to ~3 seconds. I also tried it on NetBSD, where
the time do to the same goes from ~6 to ~0.5 seconds.
Amend makefile comments to elide mentions of invoking multiple processes
per file.
Change-Id: Iad441e7d2b6cc3669dada57646e2f8f6b987fd34
Reviewed-on: https://code.wireshark.org/review/2826
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I7b4476cb0a06362941ef81707a9686f5546a4a54
Reviewed-on: https://code.wireshark.org/review/2868
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: Ib28af874cbac0623ed94e7558f3711e9a1b03a2d
Reviewed-on: https://code.wireshark.org/review/2874
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: Id27a6447dba9b6eda07933139a3f07edd71c8fd6
Reviewed-on: https://code.wireshark.org/review/2872
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Pull the "cast this to a pointer to an __m128i" idiom into a macro, and
use the macro; have that macro use "const" in the casts.
Change-Id: Ife90b7daef2f09368790f3b2ffbb227d6d794dea
Reviewed-on: https://code.wireshark.org/review/2871
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
That combines more common code from the read and seek-read code
paths.
Also, separate out the individual metadata record types, with a comment
for each, to simplify the process of supporting some or all of them in
the future.
Change-Id: Ic8ded397d9550ec6013c1f5f138333b1ef5c37e5
Reviewed-on: https://code.wireshark.org/review/2869
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I66f0bffb987568c3d4c14a06bdc90465c877b27f
Reviewed-on: https://code.wireshark.org/review/2867
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
(Strong typing is for weak minds.
Human minds are weak.
Therefore, strong typing is for human minds.)
Change-Id: I099b85e98f3b9742b1addd8d260b3e94ca7add31
Reviewed-on: https://code.wireshark.org/review/2866
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
This has several implications:
- we match user expectations that a ring-buffered tshark capture will run
forever without running out of resources (except where we still have leaks)
- we lose reassembly and request/response matching when the relevant packets
are split across files, but this actually makes our output more consistent
with dissecting those files after-the-fact
I have not made it configurable in this change because I'm not really sure
there's a use case for the old behaviour - if you're running a ring-buffer
capture in the first place it's because you're willing to discard old data to
limit resource usage. If you want the full dissection without breaks, just don't
use a ring buffer at all and take the resource hit in both disk and memory.
Change-Id: I7d8f84b2e6040b430b7112a45538041f2c30f489
Reviewed-on: https://code.wireshark.org/review/2669
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
Fix version detection (detect against full string instead of prefix),
properly dissect Tcreate extension field (9p2000.u only), dissect
Tunlinkat flags (9p2000.L).
Refactor pattern to dissect string[s] types for DRY.
Convert to use tcp_dissect_pdus. I have not seen a fragmented case, but
maybe that may happen in the future.
The main motivation for touching 9p was that it returns bogus values
for some types. This has been fixed by properly increasing offset, and
always return the captured length.
Change-Id: If2184204ae9c853b94aca8ade3763d7fe523fa86
Reviewed-on: https://code.wireshark.org/review/2836
Reviewed-by: Christopher Maynard <Christopher.Maynard@gtech.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
Change-Id: I8df48b25de784a48a25f0e48aac1e1545ed92c35
Reviewed-on: https://code.wireshark.org/review/2865
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
(Strong typing is for weak minds.
Human minds are weak.
Therefore, strong typing is for human minds.)
Change-Id: I2a973b6168235d5d1c7f2a5f8ac79b97b963d846
Reviewed-on: https://code.wireshark.org/review/2863
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I69f84ca8b947be8e06005c82526559e3bc8f6387
Reviewed-on: https://code.wireshark.org/review/2861
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
This addresses part of, but not all of, the issues in bug ten thousand,
one hundred, and ninety:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10190
(I'm spelling it out to make sure Gerrit doesn't think this change
*does* address all the issues in that bug, and mark it as RESOLVED
FIXED; I feel like I have to treat Gerrit as a dog or small child from
whom I'm trying to keep a secret - "honey, I'm taking the dog to the
vee eee tee".)
Change-Id: Ic234130c1ea84cfaf47901485dca775e168f71d0
Reviewed-on: https://code.wireshark.org/review/2859
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Bug:10256
Change-Id: I24275f1b67120f69cfd673f7e5598a50b3c7566f
Reviewed-on: https://code.wireshark.org/review/2145
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Fixes an overflow leading to infinite loop.
Bug: 10259
Change-Id: Ie76c5a810af927ba092f4067268bd789b3a7d7bf
Reviewed-on: https://code.wireshark.org/review/2856
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
Change-Id: Id1988551ca94a862195eb1de1de399e428132b21
Reviewed-on: https://code.wireshark.org/review/2855
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Change-Id: Ic1a64252e913f668676a3d8b69c10cc4789156b3
Reviewed-on: https://code.wireshark.org/review/2854
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I621f2e2cad9403449cb78f45302388f0c874d3bc
Reviewed-on: https://code.wireshark.org/review/2852
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Idd1b20ab32c0960ea52c6f3bc5346462c37c5684
Reviewed-on: https://code.wireshark.org/review/2853
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
stream.RFC 2626 In the interest of robustness, servers SHOULD ignore any empty line(s) received where a Request-Line is expected. In other words, if the server is reading the protocol stream at the beginning of a message and receives a CRLF first, it should ignore the CRLF.
Change-Id: I97ba94f451463c8facd2c20bf6b7364f095119e7
Reviewed-on: https://code.wireshark.org/review/2808
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I84758200bce592f84547bff84f02d743327baa03
Reviewed-on: https://code.wireshark.org/review/2848
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I38409f5ceef1c906dccb13284d2fe2dfd2383b67
Reviewed-on: https://code.wireshark.org/review/2845
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I55108e39d9d5a3fc5e1e3e0ec0040c08c92cc576
Reviewed-on: https://code.wireshark.org/review/2844
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I2443ab22d423508641ac199262238e5fbafc95df
Reviewed-on: https://code.wireshark.org/review/2843
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Bug: 10257
Change-Id: Ia36c03b2be727a37f91eca38af4faf48d1d65436
Reviewed-on: https://code.wireshark.org/review/2840
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: Id313fa6d0510ece7d13c6ffe941374ba0873e574
Reviewed-on: https://code.wireshark.org/review/2842
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Some of those routines are used only in dumpcap; others are used in
TShark and Wireshark as well.
Change-Id: I9d92483f2fcff57a7d8b6bf6bdf2870505d19fb7
Reviewed-on: https://code.wireshark.org/review/2841
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I84e6aa71e31528b2949e68f0f07778fb9e26379e
Reviewed-on: https://code.wireshark.org/review/2839
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
fix also indent (use spaces)
Change-Id: I06234936c3128f7aa21a345415d7e420135dd601
Reviewed-on: https://code.wireshark.org/review/2824
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
Bug: 10248
Change-Id: I630bc1ab2520c2861b817ba5813f5f7680e96056
Reviewed-on: https://code.wireshark.org/review/2820
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
USB Addresses are now in the format of: bus_id.device_address.endpoint
This makes it much easier to read traces that captured traffic on
more than one bus.
Change-Id: I264db2ceea712d94632d5d08d05d3af22a4a03fe
Reviewed-on: https://code.wireshark.org/review/2833
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
Change-Id: I759f64920284a35ea55bc68624570def51dfd72a
Reviewed-on: https://code.wireshark.org/review/2832
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
by checkAPIs).
Change-Id: Ie5252d20db5826f3e48aba11da1bf85d00630db2
Reviewed-on: https://code.wireshark.org/review/2838
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
|
in gdf6bdcc
These changes were originally done in g971ffd6
Change-Id: I9de28ba7089f99e8058207f3b6d34de931decf76
Reviewed-on: https://code.wireshark.org/review/2835
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
|
- Properly dissect multiple VNC PDUs in one (or more) TCP segment(s).
- Dissect additional message types ('Fence' and 'Enable Continuous Updates').
- Handle "num_rects" field = 0xFFFF (TightVNC).
- Add some more info as to sources of information about the VNC protocol.
- Add an XXX note as to the (incorrect) reassembly method being used.
- Add some notes as to possible ToDo's.
Change-Id: Id4942c50b3d1373bd2e72c0131614835dc39ba90
Reviewed-on: https://code.wireshark.org/review/2834
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
|
This reverts commit b136182ad41b0552421992f36f3b70fa497fd658
This function are already marked inline, and profiler don't show much difference in performance,
revert as previous version is cleaner.
Change-Id: I1ac2c30a91b46278730ceee127efa086c7fbc6d6
Reviewed-on: https://code.wireshark.org/review/2828
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: Ib93575d9977162b468f171038915c1eb8a612660
Reviewed-on: https://code.wireshark.org/review/2831
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
The groups are, technically, independent of the notion of a menu, and,
if we have mechanisms by which taps that are not only GUI
toolkit-independent but independent of the *existence* of a GUI can be
registered, they might want to register themselves in a group just in
case they're running in a program that has a GUI.
Also, this might fix the Debian package build.
Change-Id: I29435681e79748fd4f2e0c5ac872cd11f831d172
Reviewed-on: https://code.wireshark.org/review/2830
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I09227699afa8306d4a699dad5e12efc11f6597ea
Reviewed-on: https://code.wireshark.org/review/2827
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
wsutil contains the only code that uses version.h; make the dependency
explicit, to see whether that fixes the current build issues with Debian
packaging.
Also, get rid of all *other* dependencies on gitversion.
Change-Id: I89fa5e4112633b83a1a7dfa349bc337e3688575f
Reviewed-on: https://code.wireshark.org/review/2823
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
It's no longer used in version_info.c, but is used in the main source
files of TShark and Wireshark (it's already included in dumpcap).
Change-Id: I2169a2bbed678baf26fc8711d7c13d95cce3ee2a
Reviewed-on: https://code.wireshark.org/review/2819
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I1013ad9a0a98bcbf07fe597f9e932f2ea1a5cd28
Reviewed-on: https://code.wireshark.org/review/2818
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|