Age | Commit message (Collapse) | Author | Files | Lines |
|
HTTP1 Protocol (with XX number of draft)
Change-Id: I7b6394e1a84db34e34b4a05245414b81a62292af
Partial-Bug:10054
Reviewed-on: https://code.wireshark.org/review/1409
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
Change-Id: I75aa99b020c92e7caf7efebe34cd1af3763cf592
Reviewed-on: https://code.wireshark.org/review/1397
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
packet-http.c:2629: warning: implicit conversion shortens 64-bit value into a 32-bit value
Change-Id: I6a423639a53c24431fcfd79e0a235f2885ea86c2
Reviewed-on: https://code.wireshark.org/review/1389
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Using value_is_in_range is making quite some assumptions, namely (1) the
proxy server is always run on a registered HTTP port, and (2) the
source (client) port is always not HTTP. The former is quite a strong
assertion which fails to hold when using a custom port (8008) that got
detected through heuristics.
Fix this by recording the source address and port pair for the server
and then check this against the current packet.
This fixes detection of a SSL conversation where two conversations got
detected instead of one. Example: 8008 is proxy, 443 is target server.
Now the proxied conversation got detected as 443 --> "client port"
(server to client, ok) and 443 --> 8008 (client to server, not ok,
should be "client port" --> 443).
bug:7717
Change-Id: I05113ec2aca6c9296184759a8a62eb32cbfcbb4f
Reviewed-on: https://code.wireshark.org/review/1380
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
For long cookies, the label "[truncated] Cookie: foo=v..." is not really
helpful. Add a new subtree to display individual cookies, this makes
copying values much easier.
A new "http.cookie_pair" field was added instead of re-using
"http.cookie". This has the advantage that `tshark -Tfields -e
http.cookie` does not end up with duplicates. At the same time, one can
match against individual cookie values.
I also considered to limit the number of cookies to be split, but as
there is no limit on the number of headers, I decided not to be
restrictive for cookies either.
Change-Id: I98d9522867811278ade3e04aab02e517f997928b
Reviewed-on: https://code.wireshark.org/review/1186
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
From Martin Mathieson.
In a profiled run with FTP traffic, the HTTP dissector looking for the end of a line of data (which was binary) was taking around 3% of runtime.
bug:8822
Change-Id: I2617d1e49030bd5ad85b0e818c48c01dc6fae075
Reviewed-on: https://code.wireshark.org/review/1373
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
"line" is used only in the main loop processing the lines.
Change-Id: I370c6516867a9c972f9673b3362141f0f42d178a
Reviewed-on: https://code.wireshark.org/review/1360
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Also, shuffle some comments around to make them better describe what's
happening.
Change-Id: Ie4d71e7c64b68a7f02b4ec6cd2d8601a796a9867
Reviewed-on: https://code.wireshark.org/review/1359
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I8f82630f59304149293680f742d490767b88179e
Reviewed-on: https://code.wireshark.org/review/1358
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Always need to initialize "firstline" when "line" is initialized.
Bug:10041
Change-Id: Iecee2e387e4a35f0d7126f8f14aa5bd34449a5d3
Reviewed-on: https://code.wireshark.org/review/1351
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I304960a0d1c8e64947a7f35e90da279e43051aac
Reviewed-on: https://code.wireshark.org/review/1338
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Otherwise a bogus tree is created when HTTP2 traffic is found. Also, COL_PROTOCOL and COL_INFO can be prematurely populated.
Change-Id: I9f1c736baaeb86f9fab61601d79e79b4e3a16c38
Reviewed-on: https://code.wireshark.org/review/1334
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
bogus tree is created when HTTP2 traffic is found."
It causes the DTLS decryption test suite to fail for some reason, and I don't have time/energy to investigate further, so we should probably revert it until that gets resolved.
This reverts commit fc5d8db74dc473610b9fc6c0c4b571d4aa65264a.
Change-Id: Iac9a7592047d2e080e380a70752efa076303e442
Reviewed-on: https://code.wireshark.org/review/1297
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
is created when HTTP2 traffic is found.
Change-Id: Ic315ed9b7d65fe70401945cb0cceda4af863d140
Reviewed-on: https://code.wireshark.org/review/1215
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
wmem_packet_scope() cannot be used outside of a packet treatment
Change-Id: I6e545bbb51f325b366288f17358f9d2347a7d7c4
Reviewed-on: https://code.wireshark.org/review/977
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
dissectors
Change-Id: I7489e2fb3a1f2630ca17b0a5fe1aa873992f1061
Reviewed-on: https://code.wireshark.org/review/975
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
The majority of the fixes are for calls to uat_new(). Instead of
having each caller cast its private data to (void**), we use void*
in the uat_new() API itself. Inside uat_new(), we cast the void*
to void**.
Some dissectors use val64_string arrays, so a VALS64() macro was
added for those, to avoid using VALS(), which is useful only for
value_string arrays.
packet-mq.c was changed because dissect_nt_sid() requires
a char**, not a guint**. All other callers of dissect_nt_sid() use
char*'s (and take the address of it) for their local storage. So,
this was changed to follow the other practices.
A confusion between gint and absolute_time_display_e in packet-time.c
was cleared up.
The ugliest fix is the addition of ip6_guint8_to_str(), for exactly
one caller. The caller uses one type of ip6 address byte array,
while ip6_to_str() expects another. This new function is in place
until the various address implementations can be consolidated.
Add VALS64() to the developer documentation.
Change-Id: If93ff5c6c8c7cc3c9510d7fb78fa9108e4552805
Reviewed-on: https://code.wireshark.org/review/48
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
svn path=/trunk/; revision=54440
|
|
svn path=/trunk/; revision=54332
|
|
svn path=/trunk/; revision=54326
|
|
svn path=/trunk/; revision=54266
|
|
so emacs doesn't complainab 'unsafe value'.
svn path=/trunk/; revision=54153
|
|
svn path=/trunk/; revision=54135
|
|
svn path=/trunk/; revision=53975
|
|
(https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9470)
I'm not sold on the name or module the proto_data functions live in, but I believe the function arguments are solid and gives us the most flexibility for the future. And search/replace of a function name is easy enough to do.
The big driving force for getting this in sooner rather than later is the saved memory on ethernet packets (and IP packets soon), that used to have file_scope() proto data when all it needed was packet_scope() data (technically packet_info->pool scoped), strictly for Decode As.
All dissectors that use p_add_proto_data() only for Decode As functionality have been converted to using packet_scope(). All other dissectors were converted to using file_scope() which was the original scope for "proto" data.
svn path=/trunk/; revision=53520
|
|
conversions aren't valid.
svn path=/trunk/; revision=53037
|
|
pinfo->private_data.
svn path=/trunk/; revision=53036
|
|
proto_tree_set_text - the string was not the important part, the formatting was.
We were passing the string directly from tvb_get_ptr, but this meant that if the
packet didn't contain a null-terminator we would run off the end. Since the
string comes straight from the packet, just let _add_item handle the length
calculations etc efficiently, and set the display later.
Fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9323
I'm a bit confused honestly why most of these are being set hidden after being
added and formatted, but at least there are no memory errors anymore.
svn path=/trunk/; revision=52979
|
|
convert all existing UAT update callbacks to use glib memory instead of
ephemeral memory for that string.
UAT code paths are entirely distinct from packet dissection, so using ephemeral
memory was the wrong choice, because there was no guarantees about when it would
be freed.
The move away from emem still needs to be propogated deeper into the UAT code
itself at some point.
Net effect: remove another bunch of emem calls from dissectors, where replacing
with wmem would have caused assertions.
svn path=/trunk/; revision=52854
|
|
(https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9134)
From Edwin Groothuis
svn path=/trunk/; revision=52656
|
|
- ep_tvb_get_bits() -> wmem_packet_tvb_get_bits()
- tvb_g_memdup()/ep_tvb_memdup() -> tvb_memdup()
- tvb_fake_unicode()/tvb_get_ephemeral_faked_unicode() -> tvb_get_faked_unicode()
- tvb_get_g_string()/tvb_get_ephemeral_string()/tvb_get_seasonal_string() -> tvb_get_string()
- tvb_get_g_unicode_string()/tvb_get_ephemeral_unicode_string() -> tvb_get_unicode_string()
- tvb_get_ephemeral_string_enc() -> tvb_get_string_enc()
- update docs accordingly
svn path=/trunk/; revision=52172
|
|
svn path=/trunk/; revision=52053
|
|
!= 0. While in these cases, I don't see any actual bugs due to other protections, I don't think it hurts to make this change and should help avoid others from copying/pasting this code elsewhere, where similar protections may not be in place.
svn path=/trunk/; revision=51959
|
|
svn path=/trunk/; revision=51852
|
|
together.
The other part of https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9101
Also fix modelines.
svn path=/trunk/; revision=51786
|
|
svn path=/trunk/; revision=51596
|
|
svn path=/trunk/; revision=51592
|
|
svn path=/trunk/; revision=51567
|
|
trigger an exception between between buffer allocation and tvb_set_free_cb call
svn path=/trunk/; revision=51427
|
|
svn path=/trunk/; revision=51175
|
|
svn path=/trunk/; revision=51156
|
|
svn path=/trunk/; revision=49920
|
|
time fiels (like dns.time and smb.time etc)
svn path=/trunk/; revision=49630
|
|
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8733 :
We can't solely rely on the port in the URI to determine whether we will be
recursively called by decode_tcp_ports(). Instead also check the conversation
entry too: if we find that we are the subdissector for this conversation
(which we might be--without the port being in our list of ports--if we
heuristically picked up the conversation or the user did Decode-As),
just bail out and dissect the payload as data.
svn path=/trunk/; revision=49623
|
|
svn path=/trunk/; revision=49584
|
|
svn path=/trunk/; revision=49259
|
|
least one fuzzed capture contains them, and using ep_strndup() to copy
the line means that the actual amount of memory allocated for the copy
will be less than the length of the line, and code that parses the line
assuming that there are value_len+1 bytes in the buffer (including the
terminating NUL), such as the current parsing code, will break.
We should really have code in Wireshark to handle counted strings, and
have those be what we extract from packets. (And we should handle
non-UTF-8/non-UTF-16 encodings, and octet sequences that aren't valid
strings for their encoding, and handle display of invalid strings and
non-printable characters, and....).
Use g_ascii_ versions of various isXXX() and to{upper,lower}(), so we
don't get surprised by the behavior of the user's locale.
svn path=/trunk/; revision=48490
|
|
remove C++ incompatibilities
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8416
svn path=/trunk/; revision=48355
|
|
svn path=/trunk/; revision=48263
|