Age | Commit message (Collapse) | Author | Files | Lines |
|
Rather than have a bitmask for each desired field, have a dissector
provide a list of structures that represent data that goes into
the PDU.
Change-Id: I125190cbaee489ebffb7d9f5d8bc6f3be2d06353
Reviewed-on: https://code.wireshark.org/review/16122
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
This will copy an address's "byte format" into a buffer. The original
intended design is for export_pdu functionality, which tries to do
this "manually" for many address types (and creates undesired dependencies)
The default functionality if a "byte format function" isn't provided
(currently the case for all address types) is a memcpy of the address
data. Providing "address to byte" functions to aid export PDU
functionality will be provided later.
Change-Id: I3703f9e617a8cef09165ad53a0f98c6372676b9b
Reviewed-on: https://code.wireshark.org/review/16070
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Ran across enough situations that proto_tree_add_bitmask_list couldn't
solve that it seemed necessary.
Change-Id: I6a540ac6efca76cae7c4571a84bb400538652784
Reviewed-on: https://code.wireshark.org/review/15880
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
The formatting of the address type is determined by a preference in
packet-mtp3.c, so just make MTP3 register the address type.
Use address_type_get_by_name in other dissectors (and export_pdu)
to use the address type.
Change-Id: Ifb32d7de27aeaa23cee8e803e25ffb3c905547b5
Reviewed-on: https://code.wireshark.org/review/15856
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
This allows the decoupling of a dissector registering an address type
so it doesn't need to export the returned registered type.
Change-Id: I49c913d042e70bd4b7ea1e964ba9511bb27304f5
Reviewed-on: https://code.wireshark.org/review/15855
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I3f7378ae5c048d3f954238bd04c707f039401ea1
Reviewed-on: https://code.wireshark.org/review/15161
Petri-Dish: Balint Reczey <balint@balintreczey.hu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I8a7a4727b473820d46ee543875f9fb57c5d79928
Reviewed-on: https://code.wireshark.org/review/15786
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: Ib8aab341be406d3c6e9139ae670489bd9e3edcc5
Reviewed-on: https://code.wireshark.org/review/15785
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Change-Id: Ief8ca64391033e84fb37c6a55ec29d32d800920d
Reviewed-on: https://code.wireshark.org/review/15645
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
It requires some "extra work" to get it to work properly. Despite
documenting it, some previous use cases didn't do the extra work.
Let's just see how we get by without it.
Change-Id: I31dba1d5038d793085f6c9e4b4a6eda574e86872
Reviewed-on: https://code.wireshark.org/review/15610
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Also add a length parameter to wtap_optionblock_set_option_string
Change-Id: I8c7bbc48aa96b5c2a91ab9a17980928d6894f1ee
Reviewed-on: https://code.wireshark.org/review/15505
Reviewed-by: Anthony Coddington <anthony.coddington@endace.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
rawshark shouldn't be converting FT_ and BASE_ values into strings on its own, there's a function for that.
Change-Id: Ib4ce1651ee130a03644b5de3ab471333444e19a9
Reviewed-on: https://code.wireshark.org/review/15341
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I0884bf0c06bbb32eb10f0f731461dc6b4586fb32
Reviewed-on: https://code.wireshark.org/review/15327
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I30465f1cd0b725e58f3445813e443521350900a2
Reviewed-on: https://code.wireshark.org/review/15160
Reviewed-by: Balint Reczey <balint@balintreczey.hu>
|
|
Use libSSH 0.7.2 compiled with MinGW(32|64) and linked with zlib and gcrypt support
Change-Id: I7c17d1ba3dd1890e2f83c119f5ea851834807e43
Reviewed-on: https://code.wireshark.org/review/12117
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
This allows keeping the code-sharing with the static linking.
This "fixes" a hypothetical ABI mismatch with wsutil and avoids pulling more
external dependencies to wsutil than strictly necessary.
A nice side-effect is that libwsutil no longer depends on version.h.
Follow up to f95976eefcbeb5d24df383c29d29ef888b503945.
Change-Id: I8f0d6a557ab3f7ce6f0e2c269124c89f29d6ad23
Reviewed-on: https://code.wireshark.org/review/15002
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
|
|
Change-Id: I3aacea5f0e6eb51d8e2dfbac2f699c6fb5014937
Reviewed-on: https://code.wireshark.org/review/14946
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I932c156cbc6883d1d63bf0457fd62cfb67c3340e
Reviewed-on: https://code.wireshark.org/review/14750
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Change-Id: Ia394071710ecda3b0e6686a51fbca45a8ff20317
Reviewed-on: https://code.wireshark.org/review/14749
Petri-Dish: João Valverde <j@v6e.pt>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
|
|
Update manuf, services enterprise-numbers, translations, and other items.
Change-Id: I454d61dea623c65dbe425c8ad3f354452ce0c6a5
Reviewed-on: https://code.wireshark.org/review/14793
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Update manuf, services enterprise-numbers, translations, and other items.
Change-Id: I19f4ffca89acbd207cafe1f29f14aba293b068f4
Reviewed-on: https://code.wireshark.org/review/14650
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
This saves many dissectors the need to find the data dissector and store a handle to it.
There were also some that were finding it, but not using it.
For others this was the only reason for their handoff function, so it could be eliminated.
Change-Id: I5d3f951ee1daa3d30c060d21bd12bbc881a8027b
Reviewed-on: https://code.wireshark.org/review/14530
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Dissector and heuristic tables now setup protocol dependencies.
"Manual" dependencies in separate patch.
Ping-Bug: 1402
Change-Id: I8da1239306de8676dcb05f8807914376816fc44f
Reviewed-on: https://code.wireshark.org/review/14447
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Ide4c177e67a77c5f9495b3b4c0f817f40e6dde30
Reviewed-on: https://code.wireshark.org/review/14425
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Change-Id: I387e893dc5b8b38569f7189d078fdc1853ba012f
Reviewed-on: https://code.wireshark.org/review/14269
Reviewed-by: Balint Reczey <balint@balintreczey.hu>
|
|
Bluetooth Specifications specify properties of every characteristics
(read, write, indicate, notify, write without response, signed write etc.)
Check it and add expert info about invalid usage if detected use of wrong
opcode with the characteristic.
Change-Id: I98ad8280b9ee65b4015a021e732ea748cc9e7a83
Reviewed-on: https://code.wireshark.org/review/14313
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
|
|
Change-Id: I39346deaa9265f9684804688c36ab42ab4eee621
Reviewed-on: https://code.wireshark.org/review/14241
Petri-Dish: Balint Reczey <balint@balintreczey.hu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Balint Reczey <balint@balintreczey.hu>
|
|
Change-Id: Id262cfa7577fe45b360399d5e4a9de0ea002bf67
Reviewed-on: https://code.wireshark.org/review/14155
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Balint Reczey <balint@balintreczey.hu>
Tested-by: Balint Reczey <balint@balintreczey.hu>
|
|
This was inspired by https://code.wireshark.org/review/9729/, but takes it in a different direction where all options are put into an array, regardless of whether they are "standard" or "custom". It should be easier to add "custom" options in this design. Some, but not all blocks have been converted.
Descriptions of some of the block options have been moved from wtap.h to pcapng.h as it seems to be the one that implements the description of the blocks.
Also what could be added/refactored is registering block behavior.
Change-Id: I3dffa38f0bb088f98749a4f97a3b7655baa4aa6a
Reviewed-on: https://code.wireshark.org/review/13667
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I7ca826d247ea7e073ce9454a22b053d90ea8b2fa
Reviewed-on: https://code.wireshark.org/review/13966
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
OTS/OTP is the newset "profile" announced by Bluetooth SIG.
It name describe what it doing: Object Transfer Service/Profile,
so it is something like OPP.
While we are at this move some HID attributes to get right
order in switch-case.
Change-Id: I460963a422c7292b2cabf7e88f32dbd6e8d7051f
Reviewed-on: https://code.wireshark.org/review/13735
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
|
|
The proto tree is needed in several cases when using Lua field extractors,
because they fetch values from the tree. Without a valid field extractor
a Lua plugin may misbehave and display wrong column info.
This fixes column issues when:
- Calling resetColumns() in Qt. This involves adding a display filter,
change time display format, change name resolution and other changes
in UI which requires column updates.
- Print summary lines.
- Export as CSV and PSML.
Change-Id: Ieed6f8578cdf2759f1f836cd8413a4529b7bbd80
Reviewed-on: https://code.wireshark.org/review/13708
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
It adds string-type fields to the protocol tree and returns the value of
the string.
Add the new bitmask-adding routines to the Debian symbol list while
we're at it.
Change-Id: Idaeec44c9cd373588cadce85010f3eaf1f3febb5
Reviewed-on: https://code.wireshark.org/review/13657
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I83ecc7e4f8c827c83c2f6b62918f042d023daee4
Reviewed-on: https://code.wireshark.org/review/13575
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I38d3cc6082436299706c34439b6bc212a9ec5d29
Reviewed-on: https://code.wireshark.org/review/13520
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I2229fb666a838b9d74f70270cbad548ea28dffd2
Reviewed-on: https://code.wireshark.org/review/13519
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Update manuf, services enterprise-numbers, translations, and other items.
Change-Id: Iaac61b4a2f446b99d4600ae8ae56405ae6fb21da
Reviewed-on: https://code.wireshark.org/review/13512
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Change-Id: Ie91477eae534b558106442621224b8da40d5de7b
Reviewed-on: https://code.wireshark.org/review/13276
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Create a "registration" system for Follow functionality so most of the work can be abstracted into a dissector and GUI can just be responsible for "display".
This also removes the global variables in follow.c to open up multithreading possibilities.
TCP, UDP and HTTP all have the same "tap interface" for Follow functionality (passing a tvb with byte data to "follow"). SSL still has it's own behavior, so Follow structures have to take that into account.
TShark through the Follow registration now has support for HTTP.
The only thing possibly missing is dynamic menu generation to further reduce explicit knowledge of Follow "type" (and rely on registration)
Bug: 11988
Change-Id: I559d9ee1312406ad0986d4dce9fa67ea2103b339
Reviewed-on: https://code.wireshark.org/review/13161
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Bug: 11992
Change-Id: Iec525a43e8f1703247213d1d6a139dcabc18fb37
Reviewed-on: https://code.wireshark.org/review/13178
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Balint Reczey <balint@balintreczey.hu>
|
|
proto_item_get_len() is *not* guaranteed to return a correct value.
Even if there's a non-null tree item, it might be pointing to a "faked"
item; it really shouldn't be used.
So add proto_tree_add_item_ret_length() and
proto_tree_add_item_new_ret_length(), which calculate the real length
themselves and return it through a pointer.
Fix as many places as we straightforwardly can to use them rather than
to use proto_item_get_len(). (There's a Lua API for
proto_item_get_len(), so we keep it around, but we should add Lua APIs
for the new routines, and deprecate the old API.)
Fix ptvcursor_add() to do the same thing that
proto_tree_add_item_ret_length() and
proto_tree_add_item_new_ret_length() do.
Split the TRY_TO_FAKE_THIS_ITEM macros into a macro to check for the
tree being null and to try to fake the item. We don't always use the
former macro, as we might need to do more than just return NULL if the
incoming tree is null (for example, calculating the item's real length
and using it...).
new_field_info() never returns NULL; remove checks for it. The check
for a null tree is done before the calls to new_field_info().
Change-Id: I002a218d1f810c73e0de837e0ac6ebcde21bacec
Reviewed-on: https://code.wireshark.org/review/13139
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
[KISS - Keep It Simple, Stupid]
Convert the Follow TCP functionality to use a tap from the TCP dissector that passes the tvb of the payload. This makes things A LOT simpler, but relies on the TCP dissector to make all decisions.
The "tap" logic passes tvb data
1. Before calls to process_tcp_payload
2. Before hf_tcp_segment_data fields (that aren't retransmissions or otherwise handled)
Follow up patches will be necessary to clean up all of the supporting "follow" functionality that is now useless.
Bug: 6925
Bug: 9780
Change-Id: I4e7f5d453519be839de39a109bafa899b9987139
Reviewed-on: https://code.wireshark.org/review/13038
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I9e53a0cd2f1b12717498e158d96d800338e01adf
Reviewed-on: https://code.wireshark.org/review/13047
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Instead, prime the epan_dissect_t's tree to look for rtp.ssrc, and
extract that value with proto_get_finfo_ptr_array().
Also, have the filter used to check whether the packet is a candidate
for RTP analysis to check for RTPv2 (and add a check for IPv4 or IPv6
back to the Qt version), and get rid of an unnecessary extra level of
indirection for that string.
In the Qt version, if findStreams() set the error string, don't
overwrite it with a "No streams found." indication, and fix error
handling for the "filter didn't compile" case.
Change-Id: I09d0ea37ccd4806d99e3b6394f2a8a376e974705
Reviewed-on: https://code.wireshark.org/review/13045
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: Ie008e8c396a3ead44f046ce2ebe4965ad93dae5c
Reviewed-on: https://code.wireshark.org/review/12903
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
This makes RTP Player actually play RTP stream using Qt, too.
Bug: 11918
Change-Id: I9a90f50ceeccc1f298bf1b0a8dcc7a9017107484
Reviewed-on: https://code.wireshark.org/review/12882
Petri-Dish: Balint Reczey <balint@balintreczey.hu>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
directory.
This also moved color.h into color_filters.h
Change-Id: Ic19e27aa1b3ec67e764aa7ee8bbef7b1187bb12e
Reviewed-on: https://code.wireshark.org/review/12831
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
remove redundant HT MCS/rate table. Preparation for duration calculations
that will use this data as well.
Change-Id: Iee4fb2eefb00eaa53a6368eca4ed60f705ff49df
Reviewed-on: https://code.wireshark.org/review/12856
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This new extcap is for testing and educational purpose.
It relies on rankpkt-core functions to generate random packets.
Change-Id: If6890f0673545682995a2079458108edc0913b30
Reviewed-on: https://code.wireshark.org/review/11764
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
GTK already has it, but Qt forgot about it, so multi-field custom column
works ok if previously saved in GTK-shark. Invalid validation prevent from
modifying and saving multi-field custom column in Qt version.
While at it, rename "custom field" to "custom fields" to ensure
we think about multi-field custom column.
Change-Id: I99588150ccb38be11b75f5dd5b0f6443e7055ebb
Reviewed-on: https://code.wireshark.org/review/12685
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|