| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
crash."
This reverts commit fa3aa6781797dc8d838d1a1311555a3d5c342ed1.
Change-Id: I974606b2c7963d92832b74e05681431442542202
Reviewed-on: https://code.wireshark.org/review/22200
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I867c1f78554fc6fabd2579107fe679a6f6033c0c
Reviewed-on: https://code.wireshark.org/review/22199
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Windows."
This reverts commit 573a4c9cd59d7a14e4ab305284a287c705d6b945.
Change-Id: Ia967e1e7ae617556cb2d0247fa45026f610bafa8
Reviewed-on: https://code.wireshark.org/review/22198
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I837a1e724f58f3e85ae4d7c77715e185a4b1ebeb
Reviewed-on: https://code.wireshark.org/review/22197
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I67616d3ea6d325000c22c550c4d20c320b1c51db
Reviewed-on: https://code.wireshark.org/review/22195
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
proto.c’s proto_custom_set() was missing a test for
BASE_UNIT_STRING under the 64 bit based integer case. Any
custom columns sourced from a field stored in a 64 bit integer
and having the BASE_UNIT_STRING attribute would only display the
units but not the actual number.
With this patch 64 bit based integer fields having the
BASE_UNIT_STRING attribute will now properly display both
their value and units when added to the packet list as a
custom column.
Change-Id: Icb9532771eb2f4098891dedd82886fd6223ce7a6
Reviewed-on: https://code.wireshark.org/review/21771
Petri-Dish: Jim Young <jim.young.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
v2.3.0rc0-3618-gd962e7ae71 tried to simplify logic, but missed
use of TRY_TO_FAKE_THIS_REPR. Create a "friendlier" version
TRY_TO_FAKE_THIS_REPR_NESTED which allows for the "base"
proto_tree_add_xxx to be called in proto_tree_add_xxx_format[_value]
functions.
Bug: 13736
Change-Id: I98883ad4581d2327edb8da5efd8ef8a89b55e3d0
Reviewed-on: https://code.wireshark.org/review/21764
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Ib2f9b7bee59d6fa60972df7adf7caaaf9921d975
Reviewed-on: https://code.wireshark.org/review/21776
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Call proto_tree_add_bytes first so it can do all of the basic
field checks that were being duplicated.
Change-Id: Idc9a3cbf9498aa612a39cc80e3381eba52ce9fa4
Reviewed-on: https://code.wireshark.org/review/21750
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Bug: 13705
Change-Id: I6bd006f216440d071e5c1eeb6b1f996b4a364c62
Reviewed-on: https://code.wireshark.org/review/21629
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
It should be allowed to have an FT_UINT_BYTES hf entry with
BASE_NONE|BASE_ALLOW_ZERO. At the moment, this triggers an assert:
Err Field 'Data block' (image-gif.data_block) is an FT_UINT_BYTES
but is being displayed as (Bit count: 2048) instead of BASE_NONE
For FT_UINT_BYTES entries, we should make the same checks as for
FT_BYTES. Don't fall through to the default case.
Change-Id: I986a9b779d130919d17595f08b3b63306b3956f2
Reviewed-on: https://code.wireshark.org/review/21606
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I36469fad59d28a1fbf15d3fd99544a3a6b0ef015
Reviewed-on: https://code.wireshark.org/review/21569
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
|
|
It does what it says on the label. You get back TRUE or FALSE in a
gboolean.
While we're at it, remove a copied-and-pasted comment that doesn't
apply, and update another comment.
Change-Id: I117391d2ffe44124a614a7f64dad1b389c1ebc6a
Reviewed-on: https://code.wireshark.org/review/21394
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Just like proto_tree_add_item_ret_uint, but with 64-bit support
Change-Id: Ie0cbfda9e63bf21e85df2d674e391a6c0abe92f7
Reviewed-on: https://code.wireshark.org/review/21355
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
It makes it a bit clearer what its purpose is - to allow a value_string
to be used for numeric rather than enumerated fields, giving certain
values of the field a special meaning.
Change the explanation in the documentation to match as well.
Change-Id: Id07b22eee996b79ea5f3473928d29adcabe09bf3
Reviewed-on: https://code.wireshark.org/review/21209
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
XXX_prime_with_YYY makes it a bit clearer than does XXX_prime_YYY that
we're not priming YYY, we're priming XXX *using* YYY.
Change-Id: I1686b8b5469bc0f0bd6db8551fb6301776a1b133
Reviewed-on: https://code.wireshark.org/review/21031
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
BASE_VALS_NO_UNKNOWN is a special value_string value for only a single
(maybe 2) numerical value(s). If a field has the numerical value
that doesn't match anything in the value_string, just the number
is supplied for the field (no "Unknown")
Dissectors that had this use case have been converted in the patch.
Change-Id: Ie63a36cceec2fe4436938ec7e3d7f9e690d2b8d9
Reviewed-on: https://code.wireshark.org/review/20736
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Add a "report a warning message" routine to the "report_err" code in
libwsutil, and rename files and routines appropriately, as they don't
only handle errors any more.
Have a routine read_enabled_and_disabled_protos() that reads all the
files that enable or disable protocols or heuristic dissectors, enables
and disables them based on the contents of those files, and reports
errors itself (as warnings) using the new "report a warning message"
routine. Fix that error reporting to report separately on the disabled
protocols, enabled protocols, and heuristic dissectors files.
Have a routine to set up the enabled and disabled protocols and
heuristic dissectors from the command-line arguments, so it's done the
same way in all programs.
If we try to enable or disable an unknown heuristic dissector via a
command-line argument, report an error.
Update a bunch of comments.
Update the name of disabled_protos_cleanup(), as it cleans up
information for disabled *and* enabled protocols and for heuristic
dissectors.
Support the command-line flags to enable and disable protocols and
heuristic dissectors in tfshark.
Change-Id: I9b8bd29947cccdf6dc34a0540b5509ef941391df
Reviewed-on: https://code.wireshark.org/review/20966
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Don't force display of BASE_DEC
Change-Id: Id6f115c074f0d4b1bd277dcbf6c523ffaa295edb
Reviewed-on: https://code.wireshark.org/review/20918
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Don't just report an assertion failure with a line in proto.c; give the
name of the field with the wrong type, and a list of the types that are
valid for the routine in question.
Change-Id: Id3ed7c376fdc72bf6cff69c647833946cfa99ee6
Reviewed-on: https://code.wireshark.org/review/20824
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
While at it fix expert info a typo and an calculation.
Change-Id: I071a36edb7eed5f58708b98aebcb24bc6c34f2a8
Reviewed-on: https://code.wireshark.org/review/20766
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I1ad46df006976c052ff42baf6415e18b488b215f
Reviewed-on: https://code.wireshark.org/review/20780
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Add some new encodings for absolute time stamps, and use them as
appropriate; this fixes some cases where the time stamps in question
were being dissected incorrectly.
For the encodings with seconds and 1/2^32s of a second, don't
arbitrarily give only microsecond resolution; 2^32 is greater than 1
million, and, in fact, at least some NTP RFCs explicitly talk about time
resolution greater than 1 microsecond.
Update references in the RELOAD dissector to reflect the documents in
question having been updated and published as RFCs.
Change-Id: Icbe0b696d65eb622978eb71e99ddf699b84e4fca
Reviewed-on: https://code.wireshark.org/review/20759
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
It's some weird hybrid of UN*X time and NTP time stamps, using UN*X's
epoch and NTP's seconds/fractions split. I'm sure they had their
reasons for not using something like struct timespec or regular NTP
time, and instead inventing something that's halfway in between them.
Change-Id: I1f39ec1368af52b82adfa2a22677dfa6e9341309
Reviewed-on: https://code.wireshark.org/review/20711
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
From a look at the libosmocom code, time stamps in
GSMTAP_TYPE_OSMOCORE_LOG messages appear to be UN*X struct timevals with
a 4-byte tv_sec, not anything NTP-like with the fraction-of-a-second
part in units of 1/2^32s of a second.
Add ENC_TIME_TIMEVAL to handle time stamps like that, and use it rather
than ENC_TIME_NTP_BASE_ZERO.
Change-Id: Ia1511527ee292fb7725b2a64c0af16d23ff10a6d
Reviewed-on: https://code.wireshark.org/review/20710
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
[-Werror=duplicated-branches] found by gcc7
Change-Id: Ie8590d6c94b19697cff33874c5bc0b76024d337f
Reviewed-on: https://code.wireshark.org/review/20693
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I30b44cb0145f76c3929cac92337756a4164df1d2
Reviewed-on: https://code.wireshark.org/review/20609
Reviewed-by: Juan Jose Martin Carrascosa <juanjo@rti.com>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
In proto_get_first_protocol_field() we must check for an empty
protocol->fields because Lua scripts may have protocols without
fields and g_ptr_array_index() does not perform bounds checking
on the given index.
Bug: 13223
Change-Id: Ib2f6286d0799541243450348dcf345a965b2825c
Reviewed-on: https://code.wireshark.org/review/20455
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
older glibs.
Change-Id: I3eb7e178dcb844ddbac47f53f221a98e2d32f413
Reviewed-on: https://code.wireshark.org/review/20334
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I6526d799447a3b6c0b9bb42f8d0f8c3415299ed0
Reviewed-on: https://code.wireshark.org/review/20158
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
A user reported that the TNS dissector would show "Malformed Packet" in
the Info column in Qt. The actual packet details and Expert Info dialog
however had no trace of the issue.
It turns out that proto_tree_add_item_new_ret_length did not correctly
set the length. Test case (based on pcap from SampleCaptures wiki):
tshark -r TNS_Oracle1.pcap -w 19.pcap -Y frame.number==19
tshark -r 19.pcap -Y tcp
Change-Id: I82cb1ccbc7c3b33d2bcdb22f89a1754c1a4575e7
Fixes: v2.1.0rc0-1394-gc67c6e8f30 ("Add routines to add an item and return the item's real length.")
Reviewed-on: https://code.wireshark.org/review/20098
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I4f9ce7f65da0349b962f6be317635c5acb2daf73
Reviewed-on: https://code.wireshark.org/review/20148
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
proto.c:667:6: error: ‘dissector_plugins’ undeclared (first use in this function)
tap.c:773:20: error: ‘tap_plugins’ undeclared (first use in this function)
Change-Id: I8feaec4219dc97202bdb79d72399c5fd1d383e27
Reviewed-on: https://code.wireshark.org/review/20081
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jakub Zawadzki <darkjames-ws@darkjames.pl>
|
|
Change-Id: Icc46f1078cda4597f5a70760c96b866659092006
Reviewed-on: https://code.wireshark.org/review/20022
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Ia6cb39cbf6d5b50d39746f38758433a7541219a2
Reviewed-on: https://code.wireshark.org/review/19896
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
All cases of the "original" format_text have been handled to add the
proper wmem allocator scope. Remove the "original" format_text
and replace it with one that has a wmem allocator as a parameter.
Change-Id: I278b93bcb4a17ff396413b75cd332f5fc2666719
Reviewed-on: https://code.wireshark.org/review/19884
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Use NULL scope to be safe.
Change-Id: I1967737cf6a1c90cc2e0476d3f2ace63aa0c9153
Reviewed-on: https://code.wireshark.org/review/19857
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
format_text_wsp is fed into by tvb_format_text_wsp and tvb_format_stringzpad_wsp
so those functions need to add a wmem allocated parameter as well.
Most of the changes came from tvb_format_text_wsp and tvb_format_stringzpad_wsp
being changed more so than format_text_wsp.
Change-Id: I52214ca107016f0e96371a9a8430aa89336f91d7
Reviewed-on: https://code.wireshark.org/review/19851
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This is for dissectors that need distinguishing names either for registering
multiple dissection functions in a single dissector table or for "internal"
dissectors whose just need a name associated with the dissection function.
Features like enable/disable are handled by the "parent" protocol.
This avoids clutter in the "official" protocol list.
Change-Id: I69e7d27d332ae85286f254e95e8d79920da7a9e2
Reviewed-on: https://code.wireshark.org/review/19464
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
There are times when byte arrays don't want to show their value
in the packet tree or there is a field that is the "header" of
a subtree where showing the field value distracts from the tree
display. For these cases, BASE_NO_DISPLAY_VALUE can be used
to not display the value.
Change-Id: I8c9f1f57cd2e663dbee07e2289e7f5e1f22d1e32
Reviewed-on: https://code.wireshark.org/review/19479
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
We save a list of dissectors that are disabled through the Enabled Protocols
dialog. This is because we assume dissectors are enabled by default.
For dissectors that are disabled by default, we have no way to keep them
enabled through the Enabled Protocols dialog. A dissector that defaults
to being disabled has to be reset to enabled each time Wireshark is launched.
Add a list similar to the disabled list for enabling dissectors that are
disabled by default.
This mostly applies to post-dissectors.
Change-Id: I31a8d97a9fdbc472fe2a8666384e0f8786bb8e9f
Reviewed-on: https://code.wireshark.org/review/19405
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
proto_tree_add_bitmask_value_with_flags() eventually calls
proto_tree_add_XXX() for the main hf and for the field elements.
These functions work for tvb==NULL if the length is also set to 0.
Otherwise, we'll end up in proto_tree_add_pi(), get_hfi_length() and
run into the DISSECTOR_ASSERT() there.
proto_tree_add_bitmask_value...() are meant for cases where the data is
passed directly and not read from a tvb. If tvb==NULL, set our length to
0 instead of using the field length from the main hf.
Change-Id: Ia55b068e9842ba4a1ae8be8692320a8e93ea8631
Reviewed-on: https://code.wireshark.org/review/19394
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This was inspired by the https://www.wireshark.org/lists/wireshark-dev/201505/msg00029.html thread.
Used TCP and NTP dissectors as the guinea pig with sample use.
Documentation updates includes some unrelated cleanup just because it was noticed.
Change-Id: I59b26e1ca3b95e3473e4757f1759d7ad82976965
Reviewed-on: https://code.wireshark.org/review/19211
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I55f9303624471d09b446c10939e5c22bf8e21511
Reviewed-on: https://code.wireshark.org/review/18894
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Currently, when passing a -1 length to proto_tree_add_item_ret_string_and_length() or
proto_tree_add_item_ret_string(), the -1 length will be passed directly
to the field info. The calculated length should be used instead.
Bug: 13159
Change-Id: I980d18fb9bde3c452e64a8735e62d4830ce53b64
Reviewed-on: https://code.wireshark.org/review/18904
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Change-Id: I33459aabf059e1dc746e7e5f9d5ca28095e056f4
Reviewed-on: https://code.wireshark.org/review/18880
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Allows to use negative values (FT_INT) in a bitmask field.
If a field type greater or equal (FT_(U)INT40) is used then also
a 64 bit value string and 64 bit format function must be used.
Change-Id: Ib86d45bee73a71a784068ab717d35810c6f48017
Reviewed-on: https://code.wireshark.org/review/18601
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: Ia9cb54431c8c274c46e299b6a6da8cac14bda88e
Reviewed-on: https://code.wireshark.org/review/18591
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Change-Id: I8c5506b746f16e5b79d024be5594cb71f95eced1
Reviewed-on: https://code.wireshark.org/review/18584
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: If55938f0bad556a002fc85466c0b4f0e904991dc
Reviewed-on: https://code.wireshark.org/review/17981
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
