Age | Commit message (Collapse) | Author | Files | Lines |
|
Change-Id: Ia7014003a3cff5181295172978d6c613c3b83b0b
Reviewed-on: https://code.wireshark.org/review/2676
Tested-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
ep_address_to_str() doesn't crash if called outside packet scope, but
it's still not correct to use outside packet scope. Use
address_to_str(NULL, ...) to allocate those strings, and then explicitly
free them when we're done; exceptions don't get thrown between the
allocate and free, so there's no risk of a leak.
Change-Id: Iea2af93b0757e648d399e2ba64249224eb7e9e3c
Reviewed-on: https://code.wireshark.org/review/2438
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Most (all?) of these functions are being called within GUI, so they can't have packet_scope, which is why they weren't already converted (I made this mistake once already)
This reverts commit 7fea55a0541bcc5059f767970b6f6291f81d7b9c.
Change-Id: I4bf29b206e5e1f5daefcec131309a8f6e78e1eb1
Reviewed-on: https://code.wireshark.org/review/2428
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
https://www.wireshark.org/lists/wireshark-dev/201406/msg00131.html
This reverts commit 246fe2ca4c67d8c98caa84e2f57694f6322e2f96.
Change-Id: Ib24bae0198c13a84bd7f731bf4af921212109a8f
Reviewed-on: https://code.wireshark.org/review/2430
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
tvb_ensure_captured_length_remaining"
See https://www.wireshark.org/lists/wireshark-dev/201406/msg00131.html
This reverts commit 021e7afc9fcba09094d0e2143cc434a34e3b09dc.
Change-Id: I0640eabce5ce8c4ff3a88ebf848b499f8bb8ed2f
Reviewed-on: https://code.wireshark.org/review/2429
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Id49ba07e32a71357b50b32de7cecfd80e412d508
Reviewed-on: https://code.wireshark.org/review/2379
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I0228f3b6b7067bc0ce51f9d359f99fd18feb2b66
Reviewed-on: https://code.wireshark.org/review/2378
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I9209c1271967405c34c1b6fa43e1726a4d3a5a3f
Reviewed-on: https://code.wireshark.org/review/2377
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I63a3704effe3fcab01a193dc39b6a22e9f1cf3fe
Reviewed-on: https://code.wireshark.org/review/2376
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
tvb_new_subset -> tvb_new_subset_remaining it appears that's what the intention is.
Change-Id: I2334bbf3f10475b3c22391392fc8b6864454de2d
Reviewed-on: https://code.wireshark.org/review/1999
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Strndup adds +1 for the null-terminator itself, no need to do it in the caller.
This was causing us to go past the end of the buffer when the HTTP header line
didn't have any spaces in it. Caught by Alexis using ASAN.
Bug:10135
Change-Id: Iee1b26da4740b774581ca6ec784ee40f7b920832
Reviewed-on: https://code.wireshark.org/review/1806
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
which can be used to call the found heuristic dissector on the next pass.
Introduce call_heur_dissector_direct() to be used to call a heuristic
dissector which accepted the frame on the first pass.
Change-Id: I524edd717b7d92b510bd60acfeea686d5f2b4582
Reviewed-on: https://code.wireshark.org/review/1697
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
There are lot of text dissectors which want just to add escaped (not filtrable) text,
add new function proto_tree_add_format_text() which just do this in optimized way.
Change-Id: Ia0e189b620cc0a5b74cfdaef1ad4571d766bb2ab
Reviewed-on: https://code.wireshark.org/review/1678
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
HTTP1 Protocol (with XX number of draft)
Change-Id: I7b6394e1a84db34e34b4a05245414b81a62292af
Partial-Bug:10054
Reviewed-on: https://code.wireshark.org/review/1409
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
Change-Id: I75aa99b020c92e7caf7efebe34cd1af3763cf592
Reviewed-on: https://code.wireshark.org/review/1397
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
packet-http.c:2629: warning: implicit conversion shortens 64-bit value into a 32-bit value
Change-Id: I6a423639a53c24431fcfd79e0a235f2885ea86c2
Reviewed-on: https://code.wireshark.org/review/1389
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Using value_is_in_range is making quite some assumptions, namely (1) the
proxy server is always run on a registered HTTP port, and (2) the
source (client) port is always not HTTP. The former is quite a strong
assertion which fails to hold when using a custom port (8008) that got
detected through heuristics.
Fix this by recording the source address and port pair for the server
and then check this against the current packet.
This fixes detection of a SSL conversation where two conversations got
detected instead of one. Example: 8008 is proxy, 443 is target server.
Now the proxied conversation got detected as 443 --> "client port"
(server to client, ok) and 443 --> 8008 (client to server, not ok,
should be "client port" --> 443).
bug:7717
Change-Id: I05113ec2aca6c9296184759a8a62eb32cbfcbb4f
Reviewed-on: https://code.wireshark.org/review/1380
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
For long cookies, the label "[truncated] Cookie: foo=v..." is not really
helpful. Add a new subtree to display individual cookies, this makes
copying values much easier.
A new "http.cookie_pair" field was added instead of re-using
"http.cookie". This has the advantage that `tshark -Tfields -e
http.cookie` does not end up with duplicates. At the same time, one can
match against individual cookie values.
I also considered to limit the number of cookies to be split, but as
there is no limit on the number of headers, I decided not to be
restrictive for cookies either.
Change-Id: I98d9522867811278ade3e04aab02e517f997928b
Reviewed-on: https://code.wireshark.org/review/1186
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
From Martin Mathieson.
In a profiled run with FTP traffic, the HTTP dissector looking for the end of a line of data (which was binary) was taking around 3% of runtime.
bug:8822
Change-Id: I2617d1e49030bd5ad85b0e818c48c01dc6fae075
Reviewed-on: https://code.wireshark.org/review/1373
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
"line" is used only in the main loop processing the lines.
Change-Id: I370c6516867a9c972f9673b3362141f0f42d178a
Reviewed-on: https://code.wireshark.org/review/1360
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Also, shuffle some comments around to make them better describe what's
happening.
Change-Id: Ie4d71e7c64b68a7f02b4ec6cd2d8601a796a9867
Reviewed-on: https://code.wireshark.org/review/1359
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I8f82630f59304149293680f742d490767b88179e
Reviewed-on: https://code.wireshark.org/review/1358
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Always need to initialize "firstline" when "line" is initialized.
Bug:10041
Change-Id: Iecee2e387e4a35f0d7126f8f14aa5bd34449a5d3
Reviewed-on: https://code.wireshark.org/review/1351
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I304960a0d1c8e64947a7f35e90da279e43051aac
Reviewed-on: https://code.wireshark.org/review/1338
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Otherwise a bogus tree is created when HTTP2 traffic is found. Also, COL_PROTOCOL and COL_INFO can be prematurely populated.
Change-Id: I9f1c736baaeb86f9fab61601d79e79b4e3a16c38
Reviewed-on: https://code.wireshark.org/review/1334
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
bogus tree is created when HTTP2 traffic is found."
It causes the DTLS decryption test suite to fail for some reason, and I don't have time/energy to investigate further, so we should probably revert it until that gets resolved.
This reverts commit fc5d8db74dc473610b9fc6c0c4b571d4aa65264a.
Change-Id: Iac9a7592047d2e080e380a70752efa076303e442
Reviewed-on: https://code.wireshark.org/review/1297
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
is created when HTTP2 traffic is found.
Change-Id: Ic315ed9b7d65fe70401945cb0cceda4af863d140
Reviewed-on: https://code.wireshark.org/review/1215
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
wmem_packet_scope() cannot be used outside of a packet treatment
Change-Id: I6e545bbb51f325b366288f17358f9d2347a7d7c4
Reviewed-on: https://code.wireshark.org/review/977
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
dissectors
Change-Id: I7489e2fb3a1f2630ca17b0a5fe1aa873992f1061
Reviewed-on: https://code.wireshark.org/review/975
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
The majority of the fixes are for calls to uat_new(). Instead of
having each caller cast its private data to (void**), we use void*
in the uat_new() API itself. Inside uat_new(), we cast the void*
to void**.
Some dissectors use val64_string arrays, so a VALS64() macro was
added for those, to avoid using VALS(), which is useful only for
value_string arrays.
packet-mq.c was changed because dissect_nt_sid() requires
a char**, not a guint**. All other callers of dissect_nt_sid() use
char*'s (and take the address of it) for their local storage. So,
this was changed to follow the other practices.
A confusion between gint and absolute_time_display_e in packet-time.c
was cleared up.
The ugliest fix is the addition of ip6_guint8_to_str(), for exactly
one caller. The caller uses one type of ip6 address byte array,
while ip6_to_str() expects another. This new function is in place
until the various address implementations can be consolidated.
Add VALS64() to the developer documentation.
Change-Id: If93ff5c6c8c7cc3c9510d7fb78fa9108e4552805
Reviewed-on: https://code.wireshark.org/review/48
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
svn path=/trunk/; revision=54440
|
|
svn path=/trunk/; revision=54332
|
|
svn path=/trunk/; revision=54326
|
|
svn path=/trunk/; revision=54266
|
|
so emacs doesn't complainab 'unsafe value'.
svn path=/trunk/; revision=54153
|
|
svn path=/trunk/; revision=54135
|
|
svn path=/trunk/; revision=53975
|
|
(https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9470)
I'm not sold on the name or module the proto_data functions live in, but I believe the function arguments are solid and gives us the most flexibility for the future. And search/replace of a function name is easy enough to do.
The big driving force for getting this in sooner rather than later is the saved memory on ethernet packets (and IP packets soon), that used to have file_scope() proto data when all it needed was packet_scope() data (technically packet_info->pool scoped), strictly for Decode As.
All dissectors that use p_add_proto_data() only for Decode As functionality have been converted to using packet_scope(). All other dissectors were converted to using file_scope() which was the original scope for "proto" data.
svn path=/trunk/; revision=53520
|
|
conversions aren't valid.
svn path=/trunk/; revision=53037
|
|
pinfo->private_data.
svn path=/trunk/; revision=53036
|
|
proto_tree_set_text - the string was not the important part, the formatting was.
We were passing the string directly from tvb_get_ptr, but this meant that if the
packet didn't contain a null-terminator we would run off the end. Since the
string comes straight from the packet, just let _add_item handle the length
calculations etc efficiently, and set the display later.
Fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9323
I'm a bit confused honestly why most of these are being set hidden after being
added and formatted, but at least there are no memory errors anymore.
svn path=/trunk/; revision=52979
|
|
convert all existing UAT update callbacks to use glib memory instead of
ephemeral memory for that string.
UAT code paths are entirely distinct from packet dissection, so using ephemeral
memory was the wrong choice, because there was no guarantees about when it would
be freed.
The move away from emem still needs to be propogated deeper into the UAT code
itself at some point.
Net effect: remove another bunch of emem calls from dissectors, where replacing
with wmem would have caused assertions.
svn path=/trunk/; revision=52854
|
|
(https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9134)
From Edwin Groothuis
svn path=/trunk/; revision=52656
|
|
- ep_tvb_get_bits() -> wmem_packet_tvb_get_bits()
- tvb_g_memdup()/ep_tvb_memdup() -> tvb_memdup()
- tvb_fake_unicode()/tvb_get_ephemeral_faked_unicode() -> tvb_get_faked_unicode()
- tvb_get_g_string()/tvb_get_ephemeral_string()/tvb_get_seasonal_string() -> tvb_get_string()
- tvb_get_g_unicode_string()/tvb_get_ephemeral_unicode_string() -> tvb_get_unicode_string()
- tvb_get_ephemeral_string_enc() -> tvb_get_string_enc()
- update docs accordingly
svn path=/trunk/; revision=52172
|
|
svn path=/trunk/; revision=52053
|
|
!= 0. While in these cases, I don't see any actual bugs due to other protections, I don't think it hurts to make this change and should help avoid others from copying/pasting this code elsewhere, where similar protections may not be in place.
svn path=/trunk/; revision=51959
|
|
svn path=/trunk/; revision=51852
|
|
together.
The other part of https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9101
Also fix modelines.
svn path=/trunk/; revision=51786
|
|
svn path=/trunk/; revision=51596
|