From f09710965a358317bd0df8791b058eedfcf576b5 Mon Sep 17 00:00:00 2001 From: David Perry Date: Tue, 16 Jan 2024 10:35:06 -0500 Subject: [PATCH] [#19584] show heur dissectors in `tshark -G` report Expand `tshark -G dissector-tables` to also list heuristic dissector tables. Parallels the output for standard dissector tables with the following changes: * Field 3 (ftenum type) is shown as "heuristic" * Field 4 (base) is omitted, as it always was for non-integer dissector tables * Field 6 (decode as) is omitted, since heuristic tables can't be used with "decode as" Update the tshark man page to reflect this change. Also clarify that the first field output from `-G heuristic-decodes` is the heuristic table name. Implementation detail: heuristic dissector tables are listed after all other dissector tables, since they are stored in a separate structure from the other tables. This results in simpler code than attempting to commingle the entries for both types in strict alphabetical order. Add descriptive table name --- doc/tshark.adoc | 6 +++--- epan/packet.c | 29 +++++++++++++++++++++++++++++ 2 files changed, 32 insertions(+), 3 deletions(-) diff --git a/doc/tshark.adoc b/doc/tshark.adoc index 408408ab41..bbb07cbf41 100644 --- a/doc/tshark.adoc +++ b/doc/tshark.adoc @@ -451,10 +451,10 @@ is one record per line. The fields are tab-delimited. [horizontal] Field 1:: dissector table name, e.g. "tcp.port" Field 2:: name used for the dissector table in the GUI -Field 3:: type (textual representation of the ftenum type) +Field 3:: type (textual representation of the ftenum type, or "heuristic") Field 4:: base for display (for integer types) Field 5:: protocol name -Field 6:: "decode as" support +Field 6:: "decode as" support (for non-heuristic tables) *elastic-mapping* Dumps the ElasticSearch mapping file to stdout. Fields falling in the default case (string) won't be mapped. @@ -514,7 +514,7 @@ Field 2:: text description of type (e.g. "IPv6 address") There is one record per line. The fields are tab-delimited. [horizontal] -Field 1:: underlying dissector (e.g. "tcp") +Field 1:: heuristic dissector table name (e.g. "tcp") Field 2:: name of heuristic decoder (e.g. "ucp") Field 3:: heuristic enabled (e.g. "T" or "F") Field 4:: heuristic enabled by default (e.g. "T" or "F") diff --git a/epan/packet.c b/epan/packet.c index 066a532428..57bfaa044e 100644 --- a/epan/packet.c +++ b/epan/packet.c @@ -3787,6 +3787,30 @@ dissector_dump_dissector_tables_display (gpointer key, gpointer user_data _U_) printf("\n"); } +/** The output format of this function is meant to parallel + * that of dissector_dump_dissector_tables_display(). + * Field 3 is shown as "heuristic". + * Field 4 is omitted, as it is for FT_STRING dissector tables above. + * Field 6 is omitted since "Decode As" doesn't apply. + */ + +static void +dissector_dump_heur_dissector_tables_display (gpointer key, gpointer user_data _U_) +{ + const char *list_name = (const char *)key; + heur_dissector_list_t list; + + list = (heur_dissector_list_t)g_hash_table_lookup(heur_dissector_lists, key); + printf("%s\t%s\theuristic", list_name, list->ui_name ? list->ui_name : list_name); + + if (list->protocol != NULL) { + printf("\t%s", + proto_get_protocol_short_name(list->protocol)); + } else + printf("\t(no protocol)"); + printf("\n"); +} + static gint compare_dissector_key_name(gconstpointer dissector_a, gconstpointer dissector_b) { @@ -3802,6 +3826,11 @@ dissector_dump_dissector_tables(void) list = g_list_sort(list, compare_dissector_key_name); g_list_foreach(list, dissector_dump_dissector_tables_display, NULL); g_list_free(list); + + list = g_hash_table_get_keys(heur_dissector_lists); + list = g_list_sort(list, compare_dissector_key_name); + g_list_foreach(list, dissector_dump_heur_dissector_tables_display, NULL); + g_list_free(list); } /*