Abhik Sarkar wrote:
I have also been trying to find out a way to get the syslog dissector
to tells all subsequent dissectors that the byte array was generated
and not present in the actual capture and hence to mark their protocol
tree items using the PROTO_ITEM_SET_GENERATED macro, but have so far
been unsuccessful. Perhaps you have some ideas on this.
Thanks for the sample capture file.
I reworked the code and checked it in as rev 20665. Here are some of
the changes (and in some cases why I made them) in case you're interested:
- put all the MSU functionality in a separate function in the syslog
dissector
- don't bother looking for the MSU unless the facility is LOCAL0 and the
level is DEBUG (since syslog messages for most of the world aren't going
to be from the ITP we can save some CPU time). Please let me know if
you find that other facilities or levels are used by the ITP and I can
adjust it as necessary.
- don't use g_ascii_xdigit_value() as it's not available in Glib 1.2,
instead use Wireshark's internal convert_string_to_hex() routine
- call g_strfreev() on the result of g_strsplit() (the entire array
needs to be freed)
- don't use g_string_new() since gstrsplit() is already allocating new
space for the string(s)
- don't use ep_alloc_array() to allocate the backing data for the tvb
but rather use the g_malloc()'d result from convert_string_to_hex().
Use tvb_set_free_cb() to free the backing data whenever Wireshark feels
it's OK to free it. I think that will be a different time than when the
ep_ memory would have been freed.
- don't make the syslog dissector waste its time filling in the Info
column if there's an MSU there (it would just be overwritten by MTP3 anyway)
- added a (marked as generated) boolean to the syslog tree that shows
that we found an SS7 MSU in the message. That's about all that can be
done, I think.
Thanks for your contribution!
