osmith/wireshark
1
0
Fork 0
forked from osmocom/wireshark
Code Pull requests Releases Wiki Activity
wireshark/doc/packet-PROTOABBREV.c
Michael Mann 268841f3e0 Combine Decode As and port preferences for tcp.port dissector table. 
This patch introduces new APIs to allow dissectors to have a preference for
a (TCP) port, but the underlying data is actually part of Decode As functionality.
For now the APIs are intentionally separate from the regular APIs that register a
dissector within a dissector table.  It may be possible to eventually combine the
two so that all dissectors that register with a dissector table have an opportunity
to "automatically" have a preference to adjust the "table value" through the
preferences dialog.

The tcp.port dissector table was used as the guinea pig.  This will eventually be
expanded to other dissector tables as well (most notably UDP ports).  Some
dissectors that "shared" a TCP/UDP port preference were also converted. It also
removed the need for some preference callback functions (mostly when the callback
function was the proto_reg_handoff function) so there is cleanup around that.

Dissectors that has a port preference whose default was 0 were switched to using
the dissector_add_for_decode_as_with_preference API rather than dissector_add_uint_with_preference

Also added comments for TCP ports used that aren't IANA registered.

Change-Id: I99604f95d426ad345f4b494598d94178b886eb67
Reviewed-on: https://code.wireshark.org/review/17724
Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-10-08 02:44:53 +00:00

361 lines
14 KiB
C
Raw Blame History

/* packet-PROTOABBREV.c
* Routines for PROTONAME dissection
* Copyright 201x, YOUR_NAME <YOUR_EMAIL_ADDRESS>
*
* Wireshark - Network traffic analyzer
* By Gerald Combs <gerald@wireshark.org>
* Copyright 1998 Gerald Combs
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
/*
* (A short description of the protocol including links to specifications,
* detailed documentation, etc.)
*/
#include <config.h>
#if 0
/* "System" includes used only as needed */
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
...
#endif
#include <epan/packet.h> /* Should be first Wireshark include (other than config.h) */
#include <epan/expert.h> /* Include only as needed */
#include <epan/prefs.h> /* Include only as needed */
#if 0
/* IF AND ONLY IF your protocol dissector exposes code to other dissectors
* (which most dissectors don't need to do) then the 'public' prototypes and
* data structures can go in the header file packet-PROTOABBREV.h. If not, then
* a header file is not needed at all and this #include statement can be
* removed. */
#include "packet-PROTOABBREV.h"
#endif
/* Prototypes */
/* (Required to prevent [-Wmissing-prototypes] warnings */
void proto_reg_handoff_PROTOABBREV(void);
void proto_register_PROTOABBREV(void);
/* Initialize the protocol and registered fields */
static int proto_PROTOABBREV = -1;
static int hf_PROTOABBREV_FIELDABBREV = -1;
static expert_field ei_PROTOABBREV_EXPERTABBREV = EI_INIT;
/* Global sample preference ("controls" display of numbers) */
static gboolean pref_hex = FALSE;
/* Global sample port preference - real port preferences should generally
* default to 0 unless there is an IANA-registered (or equivalent) port for your
* protocol. */
#define PROTOABBREV_TCP_PORT 1234
static guint tcp_port_pref = PROTOABBREV_TCP_PORT;
/* Initialize the subtree pointers */
static gint ett_PROTOABBREV = -1;
/* A sample #define of the minimum length (in bytes) of the protocol data.
* If data is received with fewer than this many bytes it is rejected by
* the current dissector. */
#define PROTOABBREV_MIN_LENGTH 8
/* Code to actually dissect the packets */
static int
dissect_PROTOABBREV(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
void *data _U_)
{
/* Set up structures needed to add the protocol subtree and manage it */
proto_item *ti, *expert_ti;
proto_tree *PROTOABBREV_tree;
/* Other misc. local variables. */
guint offset = 0;
int len = 0;
/*** HEURISTICS ***/
/* First, if at all possible, do some heuristics to check if the packet
* cannot possibly belong to your protocol. This is especially important
* for protocols directly on top of TCP or UDP where port collisions are
* common place (e.g., even though your protocol uses a well known port,
* someone else may set up, for example, a web server on that port which,
* if someone analyzed that web server's traffic in Wireshark, would result
* in Wireshark handing an HTTP packet to your dissector).
*
* For example:
*/
/* Check that the packet is long enough for it to belong to us. */
if (tvb_reported_length(tvb) < PROTOABBREV_MIN_LENGTH)
return 0;
/* Check that there's enough data present to run the heuristics. If there
* isn't, reject the packet; it will probably be dissected as data and if
* the user wants it dissected despite it being short they can use the
* "Decode-As" functionality. If your heuristic needs to look very deep into
* the packet you may not want to require *all* data to be present, but you
* should ensure that the heuristic does not access beyond the captured
* length of the packet regardless. */
if (tvb_captured_length(tvb) < MAX_NEEDED_FOR_HEURISTICS)
return 0;
/* Fetch some values from the packet header using tvb_get_*(). If these
* values are not valid/possible in your protocol then return 0 to give
* some other dissector a chance to dissect it. */
if ( TEST_HEURISTICS_FAIL )
return 0;
/*** COLUMN DATA ***/
/* There are two normal columns to fill in: the 'Protocol' column which
* is narrow and generally just contains the constant string 'PROTOABBREV',
* and the 'Info' column which can be much wider and contain misc. summary
* information (for example, the port number for TCP packets).
*
* If you are setting the column to a constant string, use "col_set_str()",
* as it's more efficient than the other "col_set_XXX()" calls.
*
* If
* - you may be appending to the column later OR
* - you have constructed the string locally OR
* - the string was returned from a call to val_to_str()
* then use "col_add_str()" instead, as that takes a copy of the string.
*
* The function "col_add_fstr()" can be used instead of "col_add_str()"; it
* takes "printf()"-like arguments. Don't use "col_add_fstr()" with a format
* string of "%s" - just use "col_add_str()" or "col_set_str()", as it's
* more efficient than "col_add_fstr()".
*
* For full details see section 1.4 of README.dissector.
*/
/* Set the Protocol column to the constant string of PROTOABBREV */
col_set_str(pinfo->cinfo, COL_PROTOCOL, "PROTOABBREV");
#if 0
/* If you will be fetching any data from the packet before filling in
* the Info column, clear that column first in case the calls to fetch
* data from the packet throw an exception so that the Info column doesn't
* contain data left over from the previous dissector: */
col_clear(pinfo->cinfo, COL_INFO);
#endif
col_set_str(pinfo->cinfo, COL_INFO, "XXX Request");
/*** PROTOCOL TREE ***/
/* Now we will create a sub-tree for our protocol and start adding fields
* to display under that sub-tree. Most of the time the only functions you
* will need are proto_tree_add_item() and proto_item_add_subtree().
*
* NOTE: The offset and length values in the call to proto_tree_add_item()
* define what data bytes to highlight in the hex display window when the
* line in the protocol tree display corresponding to that item is selected.
*
* Supplying a length of -1 tells Wireshark to highlight all data from the
* offset to the end of the packet.
*/
/* create display subtree for the protocol */
ti = proto_tree_add_item(tree, proto_PROTOABBREV, tvb, 0, -1, ENC_NA);
PROTOABBREV_tree = proto_item_add_subtree(ti, ett_PROTOABBREV);
/* Add an item to the subtree, see section 1.5 of README.dissector for more
* information. */
expert_ti = proto_tree_add_item(PROTOABBREV_tree, hf_PROTOABBREV_FIELDABBREV, tvb,
offset, len, ENC_xxx);
offset += len;
/* Some fields or situations may require "expert" analysis that can be
* specifically highlighted. */
if ( TEST_EXPERT_condition )
/* value of hf_PROTOABBREV_FIELDABBREV isn't what's expected */
expert_add_info(pinfo, expert_ti, &ei_PROTOABBREV_EXPERTABBREV);
/* Continue adding tree items to process the packet here... */
/* If this protocol has a sub-dissector call it here, see section 1.8 of
* README.dissector for more information. */
/* Return the amount of data this dissector was able to dissect (which may
* or may not be the total captured packet as we return here). */
return tvb_captured_length(tvb);
}
/* Register the protocol with Wireshark.
*
* This format is require because a script is used to build the C function that
* calls all the protocol registration.
*/
void
proto_register_PROTOABBREV(void)
{
module_t *PROTOABBREV_module;
expert_module_t *expert_PROTOABBREV;
/* Setup list of header fields See Section 1.5 of README.dissector for
* details. */
static hf_register_info hf[] = {
{ &hf_PROTOABBREV_FIELDABBREV,
{ "FIELDNAME", "PROTOABBREV.FIELDABBREV",
FT_FIELDTYPE, FIELDDISPLAY, FIELDCONVERT, BITMASK,
"FIELDDESCR", HFILL }
}
};
/* Setup protocol subtree array */
static gint *ett[] = {
&ett_PROTOABBREV
};
/* Setup protocol expert items */
static ei_register_info ei[] = {
{ &ei_PROTOABBREV_EXPERTABBREV,
{ "PROTOABBREV.EXPERTABBREV", PI_SEVERITY, PI_GROUP,
"EXPERTDESCR", EXPFILL }
}
};
/* Register the protocol name and description */
proto_PROTOABBREV = proto_register_protocol("PROTONAME",
"PROTOSHORTNAME", "PROTOABBREV");
/* Required function calls to register the header fields and subtrees */
proto_register_field_array(proto_PROTOABBREV, hf, array_length(hf));
proto_register_subtree_array(ett, array_length(ett));
/* Required function calls to register expert items */
expert_PROTOABBREV = expert_register_protocol(proto_PROTOABBREV);
expert_register_field_array(expert_PROTOABBREV, ei, array_length(ei));
/* Register a preferences module (see section 2.6 of README.dissector
* for more details). Registration of a prefs callback is not required
* if there are no preferences that affect protocol registration (an example
* of a preference that would affect registration is a port preference).
* If the prefs callback is not needed, use NULL instead of
* proto_reg_handoff_PROTOABBREV in the following.
*/
PROTOABBREV_module = prefs_register_protocol(proto_PROTOABBREV,
proto_reg_handoff_PROTOABBREV);
/* Register a preferences module under the preferences subtree.
* Only use this function instead of prefs_register_protocol (above) if you
* want to group preferences of several protocols under one preferences
* subtree.
*
* Argument subtree identifies grouping tree node name, several subnodes can
* be specified using slash '/' (e.g. "OSI/X.500" - protocol preferences
* will be accessible under Protocols->OSI->X.500-><PROTOSHORTNAME>
* preferences node.
*/
PROTOABBREV_module = prefs_register_protocol_subtree(const char *subtree,
proto_PROTOABBREV, proto_reg_handoff_PROTOABBREV);
/* Register a simple example preference */
prefs_register_bool_preference(PROTOABBREV_module, "show_hex",
"Display numbers in Hex",
"Enable to display numerical values in hexadecimal.",
&pref_hex);
/* Register an example port preference */
prefs_register_uint_preference(PROTOABBREV_module, "tcp.port", "PROTOABBREV TCP Port",
" PROTOABBREV TCP port if other than the default",
10, &tcp_port_pref);
}
/* If this dissector uses sub-dissector registration add a registration routine.
* This exact format is required because a script is used to find these
* routines and create the code that calls these routines.
*
* If this function is registered as a prefs callback (see
* prefs_register_protocol above) this function is also called by Wireshark's
* preferences manager whenever "Apply" or "OK" are pressed. In that case, it
* should accommodate being called more than once by use of the static
* 'initialized' variable included below.
*
* This form of the reg_handoff function is used if if you perform registration
* functions which are dependent upon prefs. See below this function for a
* simpler form which can be used if there are no prefs-dependent registration
* functions.
*/
void
proto_reg_handoff_PROTOABBREV(void)
{
static gboolean initialized = FALSE;
static dissector_handle_t PROTOABBREV_handle;
static int current_port;
if (!initialized) {
/* Use create_dissector_handle() to indicate that
* dissect_PROTOABBREV() returns the number of bytes it dissected (or 0
* if it thinks the packet does not belong to PROTONAME).
*/
PROTOABBREV_handle = create_dissector_handle(dissect_PROTOABBREV,
proto_PROTOABBREV);
initialized = TRUE;
} else {
/* If you perform registration functions which are dependent upon
* prefs then you should de-register everything which was associated
* with the previous settings and re-register using the new prefs
* settings here. In general this means you need to keep track of
* the PROTOABBREV_handle and the value the preference had at the time
* you registered. The PROTOABBREV_handle value and the value of the
* preference can be saved using local statics in this
* function (proto_reg_handoff).
*/
dissector_delete_uint("tcp.port", current_port, PROTOABBREV_handle);
}
current_port = tcp_port_pref;
dissector_add_uint("tcp.port", current_port, PROTOABBREV_handle);
}
#if 0
/* Simpler form of proto_reg_handoff_PROTOABBREV which can be used if there are
* no prefs-dependent registration function calls. */
void
proto_reg_handoff_PROTOABBREV(void)
{
dissector_handle_t PROTOABBREV_handle;
/* Use create_dissector_handle() to indicate that dissect_PROTOABBREV()
* returns the number of bytes it dissected (or 0 if it thinks the packet
* does not belong to PROTONAME).
*/
PROTOABBREV_handle = create_dissector_handle(dissect_PROTOABBREV,
proto_PROTOABBREV);
dissector_add_uint_with_preference("tcp.port", PROTOABBREV_TCP_PORT, PROTOABBREV_handle);
}
#endif
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*
* Local variables:
* c-basic-offset: 4
* tab-width: 8
* indent-tabs-mode: nil
* End:
*
* vi: set shiftwidth=4 tabstop=8 expandtab:
* :indentSize=4:tabSize=8:noTabs=true:
*/
View git blame Copy permalink