Wireshark · Wireshark-dev: Re: [Wireshark-dev] [PATCH] User can select dissector based on packet matching display filter

["Douglas Pratley" <Douglas.pratley@xxxxxxxxxx>]

Hi guys

 

Has anyone had a chance to look at this - I know it's a biggish chunk of new code.

 

I ask because I'm sorry to say that I have found some (non-fatal) bugs that I'd like to correct.

 

(a) The code causes a GLib assert on start-up (but then goes on working fine, as this causes NULL to be returned which is the desired semantics

(b) The new header files have not been added to a section of Makefile.am that is required when building the Wireshark RPM package.

(c) A slightly nasty (although clearly labelled) hack that creates a handle based on a heuristic dissector as if it were a "new" non-heuristic dissector works, but only because of the limited contexts in which these handles then get called (they only get called from inside various "dissector_try_<x>" functions that only care about whether the dissector returned 0 or not). It would be better to add a third element to the handle union and do this properly.

 

I'd rather not redo the entire patch unless I have to - it would be easier to patch the altered code base with the corrections if these changes are likely to be committed any time soon.

 

Cheers

 

Doug

---

From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Douglas Pratley
Sent: 31 January 2007 18:27
To: Developer support list for Wireshark
Subject: [Wireshark-dev] [PATCH] User can select dissector based on packet matching display filter

Hi

 

This patch adds features allowing the user to:

 

a) Add arbitrary dissectors to the available lists in the “Decode As” dialog; basically puts a UI on adding a dissector to the available list in a dissector table.

b) Adds functionality analogous to dissector tables, but instead of directing by field values, there is a list of display-filter / sub-dissector pairs. A sub-dissector is called if the display filter is matched by the packet.

c) Implements this new functionality for several “parent” dissectors – IP, TCP, UDP, HTTP.

d) Implements this functionality for the data dissector, giving a “last chance” to direct any unrecognised data.

e) Puts a UI on this, as well as a minimal Lua interface.

 

In short, this patch aims at giving the user a lot of power to work with in odd cases; I guess it should be considered “expert”, as some arbitrary combinations of dissectors may be fatal (e.g. forcing non-IP data through TCP).

 

This is a biggish patch, so I have divided it into three:

 

Epan

-------

Adds the core display-filter / sub-dissector functionality and exposes some of it through Lua.

 

UI

---

Extends the existing “Decode As” dialog, and adds new dialogs for adding arbitrary dissectors to the “Decode As” dialog, and setting up filter-based dissection. This patch depends on the “epan” patch.

 

Doc

----

Updates to the user guide for this functionality.

 

Cheers

 

Doug

__________________________________________
Douglas Pratley
t +44 845 050 7640 | f +44 845 644 5436
a Detica | PO Box 383 | Horley | Surrey | RH6 7WX | UK
______________________________________________
www.detica.com

 

This message should be regarded as confidential. If you have received this email in error please notify the sender and destroy it immediately.
Statements of intent shall only become binding when confirmed in hard copy by an authorised signatory. The contents of this email may relate to dealings with other companies within the Detica Group plc group of companies.

Detica Limited is registered in England under No: 1337451.

Registered offices: Surrey Research Park, Guildford, Surrey, GU2 7YP, England.