diff options
| author | Michael Mann <mmann78@netscape.net> | 2015-12-13 16:54:16 -0500 |
|---|---|---|
| committer | Michael Mann <mmann78@netscape.net> | 2015-12-14 12:17:49 +0000 |
| commit | 0960ac4dfdbfba5a81c56a49cfc6201ecd8f48e3 (patch) | |
| tree | 3d88cd321da2fade206b9ccddff22b70ecdfae28 /epan/dissectors/packet-ip.c | |
| parent | 9319357f5e27c10f2d29e78fcdf9d323c2af36b0 (diff) | |
| download | wireshark-0960ac4dfdbfba5a81c56a49cfc6201ecd8f48e3.tar.gz | |
Create capture dissector tables.
They are modeled after dissection dissector tables, but for the moment, don't have/need the flexibility. They are intended to be much simpler/faster than full dissection.
The two most used/needed are "wtap_encap" and "ethertype", so they were the basis of starting to use and test capture dissector table API. Others may be added in the future.
The "capture dissector" function signature needed a bit of tweeking to handling "claiming" of a packet.
The current application of this is capture functions returning TRUE if they affected a "type" of packet count. Returning FALSE ends up considering the packet an "other" type.
Change-Id: I81d06a6ccb2c03665f087258a46b9d78d513d6cd
Reviewed-on: https://code.wireshark.org/review/12607
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Diffstat (limited to 'epan/dissectors/packet-ip.c')
| -rw-r--r-- | epan/dissectors/packet-ip.c | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/epan/dissectors/packet-ip.c b/epan/dissectors/packet-ip.c index 894a461409..77debead48 100644 --- a/epan/dissectors/packet-ip.c +++ b/epan/dissectors/packet-ip.c @@ -28,6 +28,7 @@ #include "config.h" #include <epan/packet.h> +#include <epan/capture_dissectors.h> #include <epan/addr_resolv.h> #include <epan/ipproto.h> #include <epan/expert.h> @@ -566,12 +567,11 @@ ip_defragment_cleanup(void) reassembly_table_destroy(&ip_reassembly_table); } -void +gboolean capture_ip(const guchar *pd, int offset, int len, packet_counts *ld, const union wtap_pseudo_header *pseudo_header _U_) { - if (!BYTES_ARE_IN_FRAME(offset, len, IPH_MIN_LEN)) { - ld->other++; - return; - } + if (!BYTES_ARE_IN_FRAME(offset, len, IPH_MIN_LEN)) + return FALSE; + switch (pd[offset + 9]) { case IP_PROTO_TCP: ld->tcp++; @@ -599,6 +599,9 @@ capture_ip(const guchar *pd, int offset, int len, packet_counts *ld, const union default: ld->other++; } + + /* We're incrementing "other", so consider this our packet */ + return TRUE; } #ifdef HAVE_GEOIP @@ -3215,6 +3218,7 @@ proto_reg_handoff_ip(void) dissector_add_uint("wtap_encap", WTAP_ENCAP_RAW_IP4, ip_handle); heur_dissector_add("tipc", dissect_ip_heur, "IP over TIPC", "ip_tipc", proto_ip, HEURISTIC_ENABLE); + register_capture_dissector("ethertype", ETHERTYPE_IP, capture_ip, proto_ip); } /* |