From ad1b785fe80df6ecffee396a617960e1af390274 Mon Sep 17 00:00:00 2001 From: Michael Mann Date: Tue, 18 Aug 2015 23:14:09 -0400 Subject: udp_dissect_pdus follow-up Add heuristic support Better documentation Change-Id: I236c1f4d3613aa58d608aee0e5edc40c3b158d25 Reviewed-on: https://code.wireshark.org/review/10120 Petri-Dish: Michael Mann Tested-by: Petri Dish Buildbot Reviewed-by: Michael Mann --- doc/README.heuristic | 35 +++++++++++++++-------------------- 1 file changed, 15 insertions(+), 20 deletions(-) (limited to 'doc/README.heuristic') diff --git a/doc/README.heuristic b/doc/README.heuristic index 2c4c8db56d..bac71b5677 100644 --- a/doc/README.heuristic +++ b/doc/README.heuristic @@ -103,7 +103,7 @@ Heuristic Code Example ---------------------- You can find a lot of code examples in the Wireshark sources, e.g.: grep -l heur_dissector_add epan/dissectors/*.c -returns 163 files (November 2014). +returns 177 files (October 2015). For the above example criteria, the following code example might do the work (combine this with the dissector skeleton in README.developer): @@ -118,7 +118,7 @@ static dissector_handle_t PROTOABBREV_pdu_handle; /* Heuristics test */ static gboolean -test_PROTOABBREV(tvbuff_t *tvb) +test_PROTOABBREV(packet_info *pinfo _U_, tvbuff_t *tvb, int offset _U_, void *data _U_) { /* 0) Verify needed bytes available in tvb so tvb_get...() doesn't cause exception. if (tvb_captured_length(tvb) < 5) @@ -172,7 +172,7 @@ dissect_PROTOABBREV_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, voi static gboolean dissect_PROTOABBREV_heur_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) { - if (!test_PROTOABBREV(tvb)) + if (!test_PROTOABBREV(pinfo, tvb, 0, data)) return FALSE; /* specify that dissect_PROTOABBREV is to be called directly from now on for @@ -190,26 +190,21 @@ dissect_PROTOABBREV_heur_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree return (TRUE); } +static int +dissect_PROTOABBREV_udp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) +{ + udp_dissect_pdus(tvb, pinfo, tree, TRUE, 5, NULL, + get_PROTOABBREV_len, dissect_PROTOABBREV_pdu, data); + return tvb_reported_length(tvb); +} + static gboolean dissect_PROTOABBREV_heur_udp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) { ... - If (!test_PROTOABBREV(tvb)) - return FALSE; - - /* specify that dissect_PROTOABBREV is to be called directly from now on for - * packets for this "connection" ... but only do this if your heuristic sits directly - * on top of (was called by) a dissector which established a conversation for the - * protocol "port type". In other words: only directly over TCP, UDP, DCCP, ... - * otherwise you'll be overriding the dissector that called your heuristic dissector. - */ - conversation = find_or_create_conversation(pinfo); - conversation_set_dissector(conversation, PROTOABBREV_pdu_handle); - /* and do the dissection */ - dissect_PROTOABBREV_pdu(tvb, pinfo, tree, data); - - return (TRUE); + return (udp_dissect_pdus(tvb, pinfo, tree, TRUE, 5, test_PROTOABBREV, + get_PROTOABBREV_len, dissect_PROTOABBREV_pdu, data) != 0); } void @@ -221,9 +216,9 @@ proto_reg_handoff_PROTOABBREV(void) proto_PROTOABBREV); /* register as heuristic dissector for both TCP and UDP */ - heur_dissector_add("tcp", dissect_PROTOABBREV_tcp_heur, "PROTOABBREV over TCP", + heur_dissector_add("tcp", dissect_PROTOABBREV_heur_tcp, "PROTOABBREV over TCP", "PROTOABBREV_tcp", proto_PROTOABBREV, HEURISTIC_ENABLE); - heur_dissector_add("udp", dissect_PROTOABBREV_udp_heur, "PROTOABBREV over UDP", + heur_dissector_add("udp", dissect_PROTOABBREV_heur_udp, "PROTOABBREV over UDP", "PROTOABBREV_udp", proto_PROTOABBREV, HEURISTIC_ENABLE); #ifdef OPTIONAL -- cgit v1.2.1