Re: [Wireshark-dev] please close issue 12805

Done, thanks for pointing it out! On Wed, Oct 13, 2021 at 3:53 PM Eugène Adell wrote: > Hello, > > anyone with sufficient rights please close : > > https://gitlab.com/wireshark/wireshark/-/issues/12805 > > I didn't pay attention but it's in fact the very same than 16919 that > was solved some

Re: [Wireshark-dev] 3.6.0 release schedule

On Wed., Oct. 6, 2021, 14:43 Jaap Keuter, wrote: > Hi, > > Are those wmem / pinfo->pool changes completed? Would be nice if that was > consistent before branching. I have three things left on my list: - a few last changes in to_str macros - small and easy - figure out what to do with

[Wireshark-dev] SCTP Reassembly Question

I've been poking at the bug in https://gitlab.com/wireshark/wireshark/-/issues/15584 but I've hit the limit of what I can glean from the SCTP RFC on reassembly. If anybody is familiar with the protocol and could provide some guidance as to the correct behaviour when given nested begin/end data

Re: [Wireshark-dev] Replacing wmem_packet_scope() with pinfo->pool?

ore method signatures as needed. Thanks, Evan On Mon, Jul 12, 2021 at 11:52 Evan Huus wrote: > I've been thinking recently about starting the process of getting rid > of the "global" wmem scope methods (wmem_packet_scope, > wmem_file_scope, etc) in favour of passing th

Re: [Wireshark-dev] Replacing wmem_packet_scope() with pinfo->pool?

On Mon, Jul 12, 2021 at 14:42 João Valverde via Wireshark-dev < wireshark-dev@wireshark.org> wrote: > > > On 12/07/21 19:13, Evan Huus wrote: > > On Mon, Jul 12, 2021 at 2:05 PM João Valverde via Wireshark-dev > > wrote: > >> > >> > >> &g

Re: [Wireshark-dev] Replacing wmem_packet_scope() with pinfo->pool?

On Mon, Jul 12, 2021 at 2:05 PM João Valverde via Wireshark-dev wrote: > > > > On 12/07/21 16:52, Evan Huus wrote: > > I've been thinking recently about starting the process of getting rid > > of the "global" wmem scope methods (wmem_packet_scope, > > wm

[Wireshark-dev] Replacing wmem_packet_scope() with pinfo->pool?

I've been thinking recently about starting the process of getting rid of the "global" wmem scope methods (wmem_packet_scope, wmem_file_scope, etc) in favour of passing them around in arguments (or in pinfo, or something). This would let us drop a bunch of in-scope/out-of-scope tracking and

Re: [Wireshark-dev] RTP-MIDI strange field masks?

I haven’t actually looked at the code, so it’s possible we’re doing the masking but not actually combining the bits into a single 14-bit value properly still. I wouldn’t expect a simple mask value to accomplish that. Evan On Thu, Jul 8, 2021 at 14:32 Evan Huus wrote: > Based on the 0

Re: [Wireshark-dev] RTP-MIDI strange field masks?

Based on the 0xxx of your example and references like [1], I believe the masks are correct. MIDI seems to mostly use seven bit bytes schmucked together for some reason, so ignoring the high bit of each byte seems correct to me. Evan [1] http://midi.teragonaudio.com/tech/midispec/wheel.htm

Re: [Wireshark-dev] allocator->in_scope

Hi Paul, that’s an interesting case you’ve found. The file scope was definitely intended for file-scoped dissection memory (which is why it is enabled in init_dissection() and not earlier in the file lifecycle) but I can definitely see the use for it in writing a block reader too. I think it is

Re: [Wireshark-dev] XXXX: avoid appending xxxx multiple times to frame.protocols field

It sounds to me like it shouldn’t be a set or a list, but a tree? Evan On Fri, Oct 6, 2017 at 08:17 Michael Mann via Wireshark-dev < wireshark-dev@wireshark.org> wrote: > There's also this explanation: > https://www.wireshark.org/lists/wireshark-dev/201701/msg5.html > > > -Original

Re: [Wireshark-dev] Crash in epan/geoip_db.c

On Wed, Feb 22, 2017 at 09:50 Dario Lombardo wrote: > On Tue, Feb 21, 2017 at 11:38 PM, João Valverde < > joao.valve...@tecnico.ulisboa.pt> wrote: > > > Fixes 850393b57bdd7011780f4cf897d4a2467f58a673. Please push to Gerrit. > Bonus points for fixing the cast too. > >

Re: [Wireshark-dev] Checking address in WMEM

On Thu, Jan 26, 2017 at 8:48 AM, Dario Lombardo <dario.lombardo...@gmail.com> wrote: > On Thu, Jan 26, 2017 at 2:11 PM, Evan Huus <eapa...@gmail.com> wrote: >> - your code will fail any time wmem chooses a different allocator >> (this happens in CI, and occasionally

Re: [Wireshark-dev] Checking address in WMEM

On Thu, Jan 26, 2017 at 4:06 AM, Dario Lombardo <dario.lombardo...@gmail.com> wrote: > > > On Wed, Jan 25, 2017 at 6:50 PM, Evan Huus <eapa...@gmail.com> wrote: >> >> On my phone, but the short version is that there's no way to check this, >> and n

Re: [Wireshark-dev] Checking address in WMEM

On my phone, but the short version is that there's no way to check this, and no efficient way to build it. Evan On Jan 25, 2017 8:17 AM, "Dario Lombardo" wrote: I want to check if an address belongs to a wmem scope. Basically I want to do func(allocator, address)

Re: [Wireshark-dev] Linking on OSX Sierra

On Wed, Oct 12, 2016 at 3:04 PM, Guy Harris wrote: > On Oct 12, 2016, at 11:41 AM, Jeff Morriss wrote: > >> Just for fun I did a quick search for that Usage output (minus the >> "Wireshark" prefix which is clearly $0) and found this program which

Re: [Wireshark-dev] Linking on OSX Sierra

On Fri, Oct 7, 2016 at 7:14 PM, Guy Harris <g...@alum.mit.edu> wrote: > On Oct 7, 2016, at 4:03 PM, Gerald Combs <ger...@wireshark.org> wrote: > >> On 10/7/16 7:45 AM, Evan Huus wrote: >>> Hey all, recently upgrade my mac to Sierra and tried to revive my >&

[Wireshark-dev] Linking on OSX Sierra

Hey all, recently upgrade my mac to Sierra and tried to revive my wireshark build environment. I got it compiling (out-of-tree cmake) and most of the tools (tshark) etc seem to work, but: $ ./run/wireshark Listening on en0 155 packets seen, 155 packets counted after pcap_dispatch returns ... No

Re: [Wireshark-dev] Correct procedure for pushing a new dissector to Gerrit

The relevant error is: > ERROR: missing Change-Id in commit message footer and the solution is also included in the message: > Hint: To automatically insert Change-Id, install the hook: > gitdir=$(git rev-parse --git-dir); scp -p -P 29418 > pauloff...@code.wireshark.org:hooks/commit-msg

Re: [Wireshark-dev] I need wmem_alloc advice please

Based on the name, this looks like memory that is only ever needed in the scope of dissection for a single packet. If that is the case, it should allocated in packet-scope when needed and not be global at all. Evan On Thu, Sep 15, 2016 at 12:48 PM, Pascal Quantin

Re: [Wireshark-dev] checkapi

On Fri, Apr 22, 2016 at 10:24 AM, Jeff Morriss wrote: > > > On Fri, Apr 22, 2016 at 3:28 AM, Graham Bloice > wrote: >> >> Just thinking for this for about 30 secs, is there another way? checkAPIs >> seems to be a very rudimentary (not

Re: [Wireshark-dev] Limiting amount of memory used to analyze TCP (HTTP) traffic. Questions about tcp dissector.

Another article worth reading is https://blog.wireshark.org/2014/07/to-infinity-and-beyond-capturing-forever-with-tshark/ It doesn't solve your problem, but it contains some good information on surrounding issues. Evan On Thu, Feb 25, 2016 at 5:58 PM, Jeff Morriss

Re: [Wireshark-dev] Wireshark Performance

The only recent change to conversation_match_exact was the conversion from address macros to functions, but in all cases the macros were just pointing to the functions anyways so I can't imagine that would have a huge effect on performance? On Wed, Dec 2, 2015 at 9:45 AM, Anders Broman

Re: [Wireshark-dev] Wireshark Performance

16:08 >> >> >> *To:* Developer support list for Wireshark >> *Subject:* Re: [Wireshark-dev] Wireshark Performance >> >> >> >> Hi, >> >> It’s probably deeper down, dissect_stun_heur has gone from 3.51 to 14.06. >> >> @ Gloria c

Re: [Wireshark-dev] Wireshark Performance

https://code.wireshark.org/review/12389 A mistake in the macro->method conversion caused the addresses to not actually be added to the hash, leading to hash collision for most addresses and the extreme slowdown. On Wed, Dec 2, 2015 at 4:42 PM, Evan Huus <eapa...@gmail.com> wrote:

Re: [Wireshark-dev] Wireshark Performance

Figured it out, the macro and the method are not identical. Patch incoming. On Wed, Dec 2, 2015 at 4:37 PM, Jim Young wrote: > My tests point to v2.1.0rc0-228-g4f39c60 on master as the big one in terms of > capture file load performance hit, but there is an earlier commit that

Re: [Wireshark-dev] Unix compiling errors

On Tue, Dec 1, 2015 at 10:25 AM, POZUELO Gloria (BCS/PSD) wrote: > Hi all, > > > > I’d like to ask you, how could I fix this error, since I’m working on a > Windows environment and this error only appears by compiling for Unix. > > > > error: request for implicit

Re: [Wireshark-dev] Is it better to have dissected and lost than never to have dissected at all?

On Thu, Nov 19, 2015 at 9:57 PM, Michael Mann wrote: > This question has probably been asked before, so I thought I'd at least put > a Tennyson twist on it. > > I started getting more serious about converting dissectors to the "new > style". I submitted a bunch of patches

Re: [Wireshark-dev] Buildbots

As you said, petri-dish is triggered by core devs for unmerged gerrit changes to test them before merging. Master is triggered on every merge to build the actual git master branch. On Thu, Nov 19, 2015 at 11:45 AM, Dario Lombardo < dario.lombardo...@gmail.com> wrote: > I've found 2 different

Re: [Wireshark-dev] NEW_PROTO_TREE_API status

If I remember correctly, Jakub added the new API because it is marginally more efficient in binary size and start-up cost per field. Given we have many thousands of fields at this point, the savings of converting the entire code base would be non-trivial. That said, I'm not sure if conversion

Re: [Wireshark-dev] Send comments in Gerrit

Hit the "Reply..." button on the review page, and then hit "Post" in the popup that appears. Evan On Thu, Oct 29, 2015 at 1:53 PM, Juan Jose Martin Carrascosa wrote: > Hi guys, > > I don't remember how to send the answers to the comments I got in a > Code-Review. They are all

Re: [Wireshark-dev] Do we still need/want -Wc++-compat?

On Fri, Oct 9, 2015 at 1:40 PM, Guy Harris <g...@alum.mit.edu> wrote: > > On Sep 30, 2015, at 9:59 PM, Evan Huus <eapa...@gmail.com> wrote: > >> On Thu, Oct 1, 2015 at 12:38 AM, Guy Harris <g...@alum.mit.edu> wrote: >>> >>> On Sep 30, 201

Re: [Wireshark-dev] Best algorithmic way to implement MPTCP sequence number space analysis ?

You should just be able to call `epan_get_frame_ts` and pass it `pinfo->epan` plus your frame number. On Thu, Oct 8, 2015 at 4:26 PM, Matt wrote: > I managed to get the interval tree working with only a few > modifications to the core R/B tree. > > I now would like to compute

Re: [Wireshark-dev] Best algorithmic way to implement MPTCP sequence number space analysis ?

On Fri, Oct 2, 2015 at 12:11 PM, Matt wrote: > Hi, > > (Question is at the end, I start with an Multipath TCP introduction (MPTCP) ). > I would be interested in adding MPTCP sequence number analysis to > wireshark, similar to what is done with TCP but taking into account >

Re: [Wireshark-dev] Should an IPv4 netmask be its own fieldtype?

rible, > but I find no precedent for doing so. >> On Sep 30, 2015 11:03 PM, "Guy Harris" <g...@alum.mit.edu> wrote: >> >> On Sep 30, 2015, at 9:00 PM, Evan Huus <eapa...@gmail.com> wrote: >> >> > A pure netmask (without an associated address) is r

Re: [Wireshark-dev] Should an IPv4 netmask be its own fieldtype?

A pure netmask (without an associated address) is representable as just a UINT8. Would it be terrible to write `protocolXYZ.netmask == 24`? On Wed, Sep 30, 2015 at 10:59 PM, wrote: > There's a discussion in a patch review > (https://code.wireshark.org/review/10438/), that

Re: [Wireshark-dev] Do we still need/want -Wc++-compat?

On Thu, Oct 1, 2015 at 12:38 AM, Guy Harris wrote: > > On Sep 30, 2015, at 6:53 PM, Guy Harris wrote: > >> I think the intent was to be able to run Wireshark's C code through C++ >> compilers; I can't find the mail where this was discussed, but, as I >>

Re: [Wireshark-dev] Should an IPv4 netmask be its own fieldtype?

On Thu, Oct 1, 2015 at 12:03 AM, Guy Harris <g...@alum.mit.edu> wrote: > > On Sep 30, 2015, at 9:00 PM, Evan Huus <eapa...@gmail.com> wrote: > >> A pure netmask (without an associated address) is representable as >> just a UINT8. Would it be terrible to wr

Re: [Wireshark-dev] Should we require Flex with reentrant scanner support?

On Sun, Sep 20, 2015 at 11:20 PM, Guy Harris wrote: > Currently, we require Flex, rather than Lex, but we don't require a version > of Flex sufficiently new to support reentrant scanners. > > That's not a major issue yet, but it could potentially be an issue if we make > more

Re: [Wireshark-dev] [Wireshark-commits] master f50ff01: Squelch 64-bit-to-32-bit warnings by just casting to int.

On Sun, Sep 13, 2015 at 4:28 PM, Wireshark code review wrote: > URL: > https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f50ff0149e32158b11413715acaeef77478d3fd9 > Submitter: Guy Harris (g...@alum.mit.edu) > Changed: branch: master >

Re: [Wireshark-dev] tvb_captured_length or tvb_reported_length?

Many systems support packet capture such that only the first n bytes of each captured packet is saved, as this is far more efficient and frequently enough if you're only interested in the headers. When that occurs, "captured" is the number of bytes actually captured, while "reported" is the

Re: [Wireshark-dev] RFC: Internally Generated Records

Knall rkn...@gmail.com wrote: Yes, that it what I was saying. Cool, you can look forward to the openSAFETY patch, the minute the change hit the official repo ;-) regards, Roland On Mon, Aug 4, 2014 at 11:51 PM, Evan Huus eapa...@gmail.com wrote: On Aug 4, 2014, at 17:21, Roland Knall rkn

Re: [Wireshark-dev] unicode replacement character in online docs

On Wed, Aug 5, 2015 at 9:49 AM, Hadriel Kaplan the.real.hadr...@gmail.com wrote: Anyone else seeing the unicode replacement character all over the online auto-generated docs? (user guide and developer guide) Yup, and that's new AFAIK. Anybody know if something's change on the server or on the

Re: [Wireshark-dev] mailing list test

On Jul 22, 2015, at 02:38, Martin Mathieson martin.r.mathie...@googlemail.com wrote: Got this, and didn't need to fish it out of spam this time (where is where your yahoo mails live for me). Ya, something about the way you send from your yahoo account ruins the DKIM header so most mail

[Wireshark-dev] Buildbot Lua Init Tests

The buildbot test suite is currently failing on the lua step, I believe because Peter's recent init/cleanup split has changed the number of times the init function is called, which is breaking expectations in the lua bindings somewhere. The fix may be as simple as changing the expected number of

Re: [Wireshark-dev] hadoop dissector

On Fri, Jul 3, 2015 at 11:53 AM, Helge helge.kr...@gmx.net wrote: Am Fri, 3 Jul 2015 11:26:08 +0200 schrieb Pascal Quantin pascal.quan...@gmail.com: if could go into the master: 1) it is written in c++. Would it be acceptable? No for now we are not accepting any C++ dissector. 2) it

[Wireshark-dev] Qt Interface Profiling

I just ran the Qt interface through callgrind while loading a fairly large capture. Stripping out all the dissector-related expenses, the following two UI functions show up as hot spots: qt_blurImage() This is a Qt internal function for blurring, presumably from the fancy start-up screen, but

Re: [Wireshark-dev] Qt Interface Profiling

On Fri, Jun 26, 2015 at 7:03 PM, Guy Harris g...@alum.mit.edu wrote: On Jun 26, 2015, at 2:45 PM, Evan Huus eapa...@gmail.com wrote: I just ran the Qt interface through callgrind while loading a fairly large capture. Stripping out all the dissector-related expenses, the following two UI

Re: [Wireshark-dev] Autogenerated files in source tree [Was: asn2wrs problem]

On Thu, Jun 25, 2015 at 2:36 PM, Joerg Mayer jma...@loplof.de wrote: On Thu, Jun 25, 2015 at 02:24:05PM -0700, Pascal Quantin wrote: Yeah that's my fault: I did some API change yesterday and did not realize that CREDSSP was an autogenerated dissector. I will fix this in a few minutes. OK,

[Wireshark-dev] Cmake on Yosemite can't find Core Foundation

Recently wiped away and tried to rebuild my cmake config on my osx yosemite machine. Build is now failing with: /Users/eapache/src/wireshark.org/wireshark/wsutil/cfutils.c:29:10: fatal error: 'CoreFoundation/CoreFoundation.h' file not found #include CoreFoundation/CoreFoundation.h The complete

Re: [Wireshark-dev] Cmake on Yosemite can't find Core Foundation

Hmm, it seems my xcode install had gotten subtly corrupted somehow. Removing it and re-installing everything made this work. On Fri, Jun 5, 2015 at 10:17 AM, Evan Huus eapa...@gmail.com wrote: Recently wiped away and tried to rebuild my cmake config on my osx yosemite machine. Build is now

Re: [Wireshark-dev] master-1.10 out-of-memory fuzz failures

And https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11149 is potentially the same issue for 1.12 although it seems to have only happened the once. On Sat, May 30, 2015 at 10:27 PM, Evan Huus eapa...@gmail.com wrote: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11147 and its many

Re: [Wireshark-dev] master-1.10 out-of-memory fuzz failures

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11147 and its many duplicates suggest a similar issue with the master buildbot. On Sat, May 30, 2015 at 10:22 PM, Jeff Morriss jeff.morriss...@gmail.com wrote: There have been plenty of fuzz failures from the 1.10 branch in the past few

Re: [Wireshark-dev] [Wireshark-commits] master e16500e: Fix check for NUL at the end of a string.

Argh, one of these days I will learn to just put parentheses in rather than taking guesses at C operator precedence :( On Tue, May 12, 2015 at 6:10 PM, Wireshark code review code-review-do-not-re...@wireshark.org wrote: URL:

Re: [Wireshark-dev] proto.h extension

On Fri, May 8, 2015 at 3:09 PM, Guy Harris g...@alum.mit.edu wrote: On May 8, 2015, at 7:06 AM, John Dill john.d...@greenfieldeng.com wrote: Message: 3 Date: Thu, 7 May 2015 11:29:22 -0700 From: Guy Harris g...@alum.mit.edu To: Developer support list for Wireshark

Re: [Wireshark-dev] [Wireshark-commits] master 9b5a09a: [Automatic update for 2015-04-26]

Now that the translation files are being updated every week, we really need to remove the binary files from the repo. I know it's been discussed before, but anybody with a working qt-dev installation should be able to generate the .qm files from the .ts files, yes? On Sun, Apr 26, 2015 at 11:07

Re: [Wireshark-dev] Gerrit upgrade schedule

Hi Gerald, I'm looking forward to the new Gerrit! I note in the 2.9 release notes that the bugzilla integration has been rewritten; hopefully that migration goes smoothly. Evan On Wed, Apr 1, 2015 at 7:06 PM, Gerald Combs ger...@wireshark.org wrote: As was discussed last month, Google's OpenID

Re: [Wireshark-dev] enum preferences vs Go Fish

On Mon, Mar 16, 2015 at 4:19 PM, mman...@netscape.net wrote: The SocketCan dissector has an enumerated preference to pick its subdissector, manually finding all enumerated options through find_dissector(). This doesn't work well for plugins and they are not going to modify enum preference

Re: [Wireshark-dev] My recent build of Wireshark from the master branch consumes 99-100% of the CPU

I believe there is a known issue with the Qt auto-scroll feature that is being investigated. Evan On Tue, Mar 10, 2015 at 11:15 PM, Richard Sharpe realrichardsha...@gmail.com wrote: Hi, Has anyone else experienced this? What causes it? -- Regards, Richard Sharpe (何以解憂？唯有杜康。--曹操)

Re: [Wireshark-dev] Make CMake reuse Makefile.common?

On Wed, Mar 4, 2015 at 2:04 PM, Jeff Morriss jeff.morriss...@gmail.com wrote: On 03/04/15 11:55, Graham Bloice wrote: On 4 March 2015 at 16:44, Jeff Morriss jeff.morriss...@gmail.com mailto:jeff.morriss...@gmail.com wrote: On 03/04/15 04:07, Michal Labedzki wrote: On

Re: [Wireshark-dev] Will there be a 1.99.3 release soon?

P.S. Practically there isn't much real difference between those releases and the ones available via https://www.wireshark.org/download/automated/ - if you need a more recent pre-built version in the mean time that's probably where you should go. On Wed, Mar 4, 2015 at 5:08 PM, Evan Huus eapa

Re: [Wireshark-dev] Will there be a 1.99.3 release soon?

Gerald might have one in mind, but typically we seem to be hitting about 2 months between dev snapshots. 1.99.2 was released at the beginning of February, so that suggests to me around the beginning of April. Evan On Wed, Mar 4, 2015 at 5:06 PM, Richard Sharpe realrichardsha...@gmail.com wrote:

Re: [Wireshark-dev] Menagerie

Sorry, after Chris's concerns I took it down until we could get a final answer there, just to be safe. Gerald would have to be the one to expose it via anything other than a torrent, I think, since he controls the website. He also probably knows more about the privacy restrictions on those

Re: [Wireshark-dev] Menagerie

wrote: Should be supported by your torrent client (maybe create torrent or something). Once you succeded, send us the torrent. How large it is? On Fri, Feb 27, 2015 at 2:42 PM, Evan Huus eapa...@gmail.com wrote: Although it seems it's not working for me to download on my laptop - I need

Re: [Wireshark-dev] Menagerie

Although it seems it's not working for me to download on my laptop - I need to figure out how to properly create/host/seed a torrent I guess... Evan On Fri, Feb 27, 2015 at 8:26 AM, Evan Huus eapa...@gmail.com wrote: I have a local copy that I grabbed by logging into the host server - I've

Re: [Wireshark-dev] Menagerie

The menagerie consists mostly of files uploaded to bugzilla. Captures attached to bug tickets are automatically added to the menagerie, and most files in the menagerie can be downloaded from a bug report somewhere. I'm not sure if there is a more convenient way to download the entire menagerie

Re: [Wireshark-dev] Menagerie

On Fri, Feb 27, 2015 at 10:20 AM, Christopher Maynard christopher.mayn...@gtech.com wrote: Evan Huus eapache@... writes: I have a local copy that I grabbed by logging into the host server - I've created a torrent of it (attached) which I am currently seeding, so you should be able to grab

Re: [Wireshark-dev] Undissected reserved fields

Should Wireshark have an internal _ws.reserved FT_BYTES field and a proto_tree_add_reserved(tvb, offset, len) API? On Fri, Feb 27, 2015 at 2:36 PM, Jeff Morriss jeff.morriss...@gmail.com wrote: +1 On 02/27/15 14:04, mman...@netscape.net wrote: What I've done is usually setup a FT_UINT32

Re: [Wireshark-dev] Google deprecating OpenID 2.0

From the looks of it [1] Gerrit upstream is planning to just drop support for logging in with Google. [1] https://code.google.com/p/gerrit/issues/detail?id=2715 On Sun, Feb 22, 2015 at 9:01 AM, Graham Bloice graham.blo...@trihedral.com wrote: See

Re: [Wireshark-dev] The RSVD dissector and 32-bit builds ...

Create the wmem_map using g_int64_equal instead of g_direct_equal and wmem_int64_hash instead of g_direct_hash. Create a wmem_file_scope() copy of the key, and pass the resulting pointer to the insert function. Evan On Mon, Feb 16, 2015 at 9:31 AM, Richard Sharpe realrichardsha...@gmail.com

Re: [Wireshark-dev] The RSVD dissector and 32-bit builds ...

On Mon, Feb 16, 2015 at 10:08 AM, Richard Sharpe realrichardsha...@gmail.com wrote: On Mon, Feb 16, 2015 at 6:55 AM, Evan Huus eapa...@gmail.com wrote: Create the wmem_map using g_int64_equal instead of g_direct_equal and wmem_int64_hash instead of g_direct_hash. Create a wmem_file_scope

Re: [Wireshark-dev] Making gcc less pedantic

The last time something like this came up (admittedly a while ago) somebody dug up a compiler we still wanted to support that only knew about C90 - we left the current state of things so we'd catch incompatibilities with that toolchain. I'm kind of hoping that's no longer a concern :) On Fri,

Re: [Wireshark-dev] [Wireshark-commits] master 5b62526: OK, try cmake -E copy.

The last few days (possibly correlating with this commit or with some other cmake change) my out-of-tree cmake build on OSX has failed to launch the qt gui: --- Application Specific Information: abort() called Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 libsystem_kernel.dylib

Re: [Wireshark-dev] [Wireshark-commits] master 5b62526: OK, try cmake -E copy.

down the build and leaves wireshark-gtk unusable. [1] Qt loads shared libraries from hard-coded paths. https://bugreports.qt.io/browse/QTBUG-15234. On 2/6/15 7:21 AM, Evan Huus wrote: The last few days (possibly correlating with this commit or with some other cmake change) my out-of-tree cmake

Re: [Wireshark-dev] [Wireshark-commits] out-of-tree plugins (Was: master 2bcd38f: ethercat: add default case in FoeFormatter)

) Changed: branch: master Repository: wireshark Commits: 2bcd38f by Evan Huus (eapa...@gmail.com): ethercat: add default case in FoeFormatter Should probably fix an unintialized memory access caught by valgrind, although I can't reproduce it because out-of-tree plugins are still

Re: [Wireshark-dev] Undissected packet bytes

, Evan Huus eapa...@gmail.com wrote: I suppose you could add a an expert info, but I think that might be overkill, most users probably don't care that much. Expert infos could be added under conditional compilation. If enabled it would allow to filter packets that has expert info set

Re: [Wireshark-dev] Undissected packet bytes

proto_tree_add_item() from a dissector of your choice, and open a packet with wireshark or with tshark -V. Comments are welcome. Dario. On Thu, Feb 5, 2015 at 1:41 PM, Dario Lombardo dario.lombardo...@gmail.com wrote: On Thu, Feb 5, 2015 at 1:19 PM, Evan Huus eapa...@gmail.com wrote: I believe

Re: [Wireshark-dev] Undissected packet bytes

, 2015 at 3:52 PM, Evan Huus eapa...@gmail.com wrote: As a side note, I would expect that method to be *very* slow, since it traverses the entire tree for every byte of the packet. Traversing the tree once and maintaining a set of covered/uncovered ranges would be much more efficient. I can't

Re: [Wireshark-dev] Undissected packet bytes

I suppose you could add a an expert info, but I think that might be overkill, most users probably don't care that much. You could just log it, or dissect it as data, or... On Wed, Feb 4, 2015 at 11:58 AM, Dario Lombardo dario.lombardo...@gmail.com wrote: On Wed, Feb 4, 2015 at 5:25 PM, Evan Huus

Re: [Wireshark-dev] [Wireshark-commits] master 7ced085: emem is dead! Long live wmem!

-Dish: Michael Mann mman...@netscape.net Reviewed-by: Evan Huus eapa...@gmail.com Tested-by: Petri Dish Buildbot buildbot-no-re...@wireshark.org Reviewed-by: Anders Broman a.broma...@gmail.com Actions performed: from 90a76e0 Convert val_to_str - val_to_str_wmem. adds

Re: [Wireshark-dev] Undissected packet bytes

the same values of pointer/offsets. Where should a for routine like the above could be added in the code so it shows every undissected byte in every dissector? Thanks. Dario. On Tue, Feb 3, 2015 at 6:15 PM, Evan Huus eapa...@gmail.com wrote: As far as I know this is not currently available

Re: [Wireshark-dev] Undissected packet bytes

As far as I know this is not currently available, but it would probably be fairly useful and easy. You just need to iterate the proto tree and keep track of which byte ranges are claimed/unclaimed. proto_find_field_from_offset does something related to this (it is used for matching bytes to fields

[Wireshark-dev] American Fuzzy Lop - Menagerie Minimization

Gerald and I have (independently) started playing with the American Fuzzy Lop fuzzer recently [1] as a possibly more intelligent alternative or complement to our current fuzzing set-up. It includes a tool afl-cmin that uses its instrumentation to find unnecessary files in a set of inputs (i.e.

Re: [Wireshark-dev] [Wireshark-commits] master cf142c6: Get Wireshark to compile with afl-gcc.

On Jan 24, 2015, at 17:43, Gerald Combs ger...@wireshark.org wrote: On 1/24/15 1:28 PM, Guy Harris wrote: On Jan 24, 2015, at 11:14 AM, Wireshark code review code-review-do-not-re...@wireshark.org wrote: cf142c6 by Gerald Combs (ger...@wireshark.org): Get Wireshark to compile

Re: [Wireshark-dev] [Wireshark-commits] master 6e6a129: CMake: Set an output directory for plugins.

the symlink (run/wireshark) or via open run/Wireshark.app? We might want to convert the symlink to a shell script that runs the latter. On 1/20/15 8:36 AM, Evan Huus wrote: And if I manually specify WIRESHARK_RUN_FROM_BUILD_DIRECTORY then it looks for plugins in run/plugins which doesn't exist

Re: [Wireshark-dev] [Wireshark-commits] master 6e6a129: CMake: Set an output directory for plugins.

Plugins still aren't loaded on my out-of-tree MacOSX build, but I'm interested in getting this working (not that I really know how)... On Tue, Jan 20, 2015 at 11:12 AM, Wireshark code review code-review-do-not-re...@wireshark.org wrote: URL:

Re: [Wireshark-dev] [Wireshark-commits] master 6e6a129: CMake: Set an output directory for plugins.

And if I manually specify WIRESHARK_RUN_FROM_BUILD_DIRECTORY then it looks for plugins in run/plugins which doesn't exist. On Tue, Jan 20, 2015 at 11:34 AM, Evan Huus eapa...@gmail.com wrote: They are there, but I don't think Wireshark is detecting that it's running from a build dir at all. My

Re: [Wireshark-dev] [Wireshark-commits] master 6e6a129: CMake: Set an output directory for plugins.

plugins end up? They should be in run/Wireshark.app/Contents/PlugIns/wireshark assuming that ENABLE_APPLICATION_BUNDLE is ON. On 1/20/15 8:21 AM, Evan Huus wrote: Plugins still aren't loaded on my out-of-tree MacOSX build, but I'm interested in getting this working (not that I really know how

[Wireshark-dev] Status of Emem Removal

As of commit e333e4c90f0aca41b0a56cef22fd80d0b0e73e14 by Michael this evening, the deprecated 'emem' API has exactly one remaining usage in the wireshark core codebase, which is a pretty huge accomplishment considering how widespread it was a few years ago. Big thanks to Michael and everybody else

Re: [Wireshark-dev] [Wireshark-commits] master 1e1d96f: Modify the errorcode defenition to suit ANSI MAP, this is (probably) OK as ANSI MAP is currently the only user of ANSI TCAP. Bug: 6112

Public service announcement, since I've gotten a few emails from people confused why bugzilla integration seems flaky: The bugzilla integration will not automatically pick up on the Bug: line unless it is part of the footer (i.e. not separated by blank lines from the rest of the Change-Id:

[Wireshark-dev] Ubuntu Petri-Dish Stuck?

It has five pending builds and doesn't appear to be processing anything, not sure what's up... ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev

Re: [Wireshark-dev] [Wireshark-commits] master b0e6fbf: umts_fp: Replace se_new0(...) by wmem_new0(wmem_file_scope(), ...)

This is an init routine, which can be called when no file is in scope, so wmem_file_scope() is incorrect (and se_* was also incorrect). I'm actually not sure what this routine is doing, since it deals with conversations but there will never be any conversations e.g. on startup when the init

Re: [Wireshark-dev] [Wireshark-commits] master b0e6fbf: umts_fp: Replace se_new0(...) by wmem_new0(wmem_file_scope(), ...)

On Wed, Dec 31, 2014 at 1:17 PM, Bill Meier wme...@newsguy.com wrote: On 12/31/2014 12:52 PM, Bill Meier wrote: On 12/31/2014 11:31 AM, Evan Huus wrote: This is an init routine, which can be called when no file is in scope, so wmem_file_scope() is incorrect (and se_* was also incorrect

Re: [Wireshark-dev] [Wireshark-commits] master f412c9a: Use ENC_BIG_ENDIAN when fetching FT_U?INT8 fields ...

On Dec 14, 2014 3:04 PM, Bill Meier wme...@newsguy.com wrote: On 12/14/2014 2:22 PM, Stephen Fisher wrote: On Sun, Dec 14, 2014 at 01:44:19PM -0500, Bill Meier wrote: That being said, the convention (certainly not enforced) seems to be to use ENC_..._ENDIAN for fetching all integral types.

Re: [Wireshark-dev] Ubuntu PPA for Wireshark stable branch

Very cool, thanks Balint! Also on the topic of Ubuntu and Wireshark, it looks like the packages that ship with Ubuntu are finally getting some security love: https://bugs.launchpad.net/ubuntu/+source/wireshark/+bug/1397091 Evan On Fri, Dec 12, 2014 at 4:53 PM, Bálint Réczey

Re: [Wireshark-dev] PSA: QString.toUtf8().constData() pattern is unsafe

I'm a bit confused - wouldn't the new instance of QByteArray simply be leaked in the example code, as opposed to destructed? C++ doesn't have automatic garbage collection... Evan On Fri, Nov 28, 2014 at 2:13 PM, Peter Wu pe...@lekensteyn.nl wrote: Hi all, I mostly use Wireshark GTK, but just

Re: [Wireshark-dev] Is this a bug in the ipv6 dissector?

On Thu, Nov 27, 2014 at 10:21 AM, Alexis La Goutte alexis.lagou...@gmail.com wrote: Hi, On Thu, Nov 27, 2014 at 4:13 AM, 蓝常珍 lanc...@gmail.com wrote: In the function dissect_ipv6 of the ipv6 dissector(packet-ipv6.c),the ip6_hdr struct is allocated on the stack,then it's address is passed to

Re: [Wireshark-dev] Backporting policy for protocols that are under construction

...@gmail.com: On Thu, Nov 20, 2014 at 5:03 AM, Evan Huus eapa...@gmail.com wrote: There is currently a change pending backport to the 1.12 branch (long since committed to master) that is a non-trivial dissector upgrade. Normally we don't backport this kind of change, to keep the regression

[Wireshark-dev] Backporting policy for protocols that are under construction

There is currently a change pending backport to the 1.12 branch (long since committed to master) that is a non-trivial dissector upgrade. Normally we don't backport this kind of change, to keep the regression potential to a minimum for stable releases, but this situation is somewhat unusual. The

Re: [Wireshark-dev] Petri Dish update

This is awesome Alexis, thank you! On Wed, Nov 19, 2014 at 4:40 PM, mman...@netscape.net wrote: So for the Windows build is there nmake + cmake or cmake only? I thought I saw some Petri-Dish runs with failed (cmake) Windows builds, but then some others with successful (cmake?) builds. So is

  1   2   3   4   5   6   7   8   9   >