[#19584] show heur dissectors in `tshark -G` report
Expand `tshark -G dissector-tables` to also list heuristic dissector tables. Parallels the output for standard dissector tables with the following changes: * Field 3 (ftenum type) is shown as "heuristic" * Field 4 (base) is omitted, as it always was for non-integer dissector tables * Field 6 (decode as) is omitted, since heuristic tables can't be used with "decode as" Update the tshark man page to reflect this change. Also clarify that the first field output from `-G heuristic-decodes` is the heuristic table name. Implementation detail: heuristic dissector tables are listed after all other dissector tables, since they are stored in a separate structure from the other tables. This results in simpler code than attempting to commingle the entries for both types in strict alphabetical order. Add descriptive table name
This commit is contained in:
David Perry
AndersBroman
parent
56292dc522
commit
f09710965a
|
|
@ -451,10 +451,10 @@ is one record per line. The fields are tab-delimited.
|
|||
[horizontal]
|
||||
Field 1:: dissector table name, e.g. "tcp.port"
|
||||
Field 2:: name used for the dissector table in the GUI
|
||||
Field 3:: type (textual representation of the ftenum type)
|
||||
Field 3:: type (textual representation of the ftenum type, or "heuristic")
|
||||
Field 4:: base for display (for integer types)
|
||||
Field 5:: protocol name
|
||||
Field 6:: "decode as" support
|
||||
Field 6:: "decode as" support (for non-heuristic tables)
|
||||
|
||||
*elastic-mapping* Dumps the ElasticSearch mapping file to stdout. Fields
|
||||
falling in the default case (string) won't be mapped.
|
||||
|
|
@ -514,7 +514,7 @@ Field 2:: text description of type (e.g. "IPv6 address")
|
|||
There is one record per line. The fields are tab-delimited.
|
||||
|
||||
[horizontal]
|
||||
Field 1:: underlying dissector (e.g. "tcp")
|
||||
Field 1:: heuristic dissector table name (e.g. "tcp")
|
||||
Field 2:: name of heuristic decoder (e.g. "ucp")
|
||||
Field 3:: heuristic enabled (e.g. "T" or "F")
|
||||
Field 4:: heuristic enabled by default (e.g. "T" or "F")
|
||||
|
|
|
|||
|
|
@ -3787,6 +3787,30 @@ dissector_dump_dissector_tables_display (gpointer key, gpointer user_data _U_)
|
|||
printf("\n");
|
||||
}
|
||||
|
||||
/** The output format of this function is meant to parallel
|
||||
* that of dissector_dump_dissector_tables_display().
|
||||
* Field 3 is shown as "heuristic".
|
||||
* Field 4 is omitted, as it is for FT_STRING dissector tables above.
|
||||
* Field 6 is omitted since "Decode As" doesn't apply.
|
||||
*/
|
||||
|
||||
static void
|
||||
dissector_dump_heur_dissector_tables_display (gpointer key, gpointer user_data _U_)
|
||||
{
|
||||
const char *list_name = (const char *)key;
|
||||
heur_dissector_list_t list;
|
||||
|
||||
list = (heur_dissector_list_t)g_hash_table_lookup(heur_dissector_lists, key);
|
||||
printf("%s\t%s\theuristic", list_name, list->ui_name ? list->ui_name : list_name);
|
||||
|
||||
if (list->protocol != NULL) {
|
||||
printf("\t%s",
|
||||
proto_get_protocol_short_name(list->protocol));
|
||||
} else
|
||||
printf("\t(no protocol)");
|
||||
printf("\n");
|
||||
}
|
||||
|
||||
static gint
|
||||
compare_dissector_key_name(gconstpointer dissector_a, gconstpointer dissector_b)
|
||||
{
|
||||
|
|
@ -3802,6 +3826,11 @@ dissector_dump_dissector_tables(void)
|
|||
list = g_list_sort(list, compare_dissector_key_name);
|
||||
g_list_foreach(list, dissector_dump_dissector_tables_display, NULL);
|
||||
g_list_free(list);
|
||||
|
||||
list = g_hash_table_get_keys(heur_dissector_lists);
|
||||
list = g_list_sort(list, compare_dissector_key_name);
|
||||
g_list_foreach(list, dissector_dump_heur_dissector_tables_display, NULL);
|
||||
g_list_free(list);
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
|
|||
Loading…
Reference in New Issue