Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] tools/check[hf|APIs|filtername].pl need updating?

From: Peter Wu <peter@xxxxxxxxxxxxx>
Date: Wed, 26 Sep 2018 11:24:11 +0200
tools/checkhf.pl still needs an update. Its current logic only matches
"g?int hf_.... = -1;" (find_remove_hf_defs) and then looks for missing
entries in the hf array (using find_remove_hf_array_entries). To make it
work for the new API, some code must be added to:

 1. Detect the "header_field_info" definitions.
 2. Find the array of "header_field_info" items.
 3. Diff those.

tools/checkfiltername.pl tries to check the filter name (matching it
against the file name). This tool does not seem as essential as the
others although it would be nice to update it eventually I guess.

Let's keep the API, it does have some benefits (less boilerplate like
"gint hf_blablabla = -1;") while the disadvantages are not that bad
(less tool support, less commonly used).

I am considering moving the (D)TLS dissectors to use the new API.
Due to common fields shared between DTLS and TLS, it is currently
implemented as an ugly big macro in epan/dissectors/packet-tls-utils.h.
Adding new fields requires (1) adding the field variable as struct
member, (2) adding the field definition to a big macro and (3) adding -1
to another macro. Alexis noticed that merging concurrent changes is
complicated by (3) as manual action is required to correctly merge them.
Note that due to this macro approach, existing tools already fail to
check these dissectors. If the preprocessor expands the contents first,
in theory it should be able to handle it after fixups for HFILL.

Kind regards,
Peter

On Mon, Sep 24, 2018 at 06:03:33PM -0400, Jeff Morriss wrote:
> [For completeness of this thread] Peter took care of checkAPIs in
> https://code.wireshark.org/review/#/c/29754/ .
> 
> On Thu, Sep 20, 2018 at 11:03 AM Maynard, Chris <Christopher.Maynard@xxxxxxx>
> wrote:
> 
> > I'm not sure if anyone is waiting for my feedback, but just in case ...
> >
> > I'm not against Jakub's changes.  There are benefits as he mentioned,
> > particularly with the idea of auto-registration.  The current problem as I
> > see it is that in its current state, the check*.pl tools won't catch
> > problems (such as the one I illustrated) like they used to be able to do.
> >
> > It would be great if all dissectors were converted to use the new API and
> > then fields were auto-registered and  then all #ifndef
> > HAVE_HFI_SECTION_INIT ... #endif blocks could be removed.  Of course that's
> > a large task, so in the interim, maybe it's possible for the check*.pl
> > tools to be updated to catch missing/duplicate/etc. entries in the hfi[]
> > arrays?  Otherwise, the more dissectors that are written this way, the
> > greater the chance of errors being introduced but not being caught by the
> > tools.
> >
> > Thoughts?
> > - Chris
> >
> > -----Original Message-----
> > From: Wireshark-dev [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On
> > Behalf Of Michal Labedzki
> > Sent: Wednesday, September 19, 2018 8:39 AM
> > To: Alexis La Goutte <alexis.lagoutte@xxxxxxxxx>; Developer support list
> > for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
> > Subject: Re: [Wireshark-dev] tools/check[hf|APIs|filtername].pl need
> > updating?
> >
> > I want to convert all Bluetooth dissectors to new proto tree API. Is it a
> > good idea?
> >
> > wt., 18 wrz 2018 o 18:23 Alexis La Goutte <alexis.lagoutte@xxxxxxxxx>
> > napisał(a):
> > >
> > > Thanks Jakub for historic
> > >
> > > I think a good idea is revert to use "standard" API or write a tools
> > > for convert old dissector to new API...
> > >
> > > Cheers
> > >
> > > On Tue, Sep 18, 2018 at 6:05 PM Jakub Zawadzki <
> > darkjames-ws@xxxxxxxxxxxx> wrote:
> > >>
> > >> Hi,
> > >>
> > >> W dniu 2018-09-18 16:56, Maynard, Chris napisał(a):
> > >> > While investigating the transum-related crash, I had suspected some
> > >> > unregistered hf's and ran the various tools like checkhf.pl.  I
> > >> > then noticed that a number of dissectors seemed to have changed a
> > >> > bit from what I was used to before (...)
> > >>
> > >> These changes are quite old. For udp I did it in Aug 2013
> > >> (88eaebaedf2e19c493ea696f633463e4f2a9a757).
> > >>
> > >> some wireshark-dev threads:
> > >>   - https://www.wireshark.org/lists/wireshark-dev/201307/msg00222.html
> > >>   - thread continuation:
> > >> https://www.wireshark.org/lists/wireshark-dev/201308/msg00035.html
> > >>
> > >> Nobody stopped me that time.
> > >>
> > >> > And I guess I missed the reasoning behind the restructuring, but
> > >> > what is the purpose/benefit of this restructuring
> > >>
> > >> To sum up:
> > >>
> > >> Restructuring idea was to remove usage of int hf_foo, so you would
> > >> need only to declare header_field_info hfi_foo (unfortunate, you
> > >> still need to do it on top of file).
> > >>
> > >> Benefit is no more ints, so:
> > >>   - proto_tree_ api checks if you passed header_field_info structure,
> > >>   - You don't need to declare int hf_foo = -1; (bonus: binary size
> > >> smaller 4 bytes per hf),
> > >>   - no need for table lookup in proto_tree_add_*
> > >>
> > >> > and use of HAVE_HFI_SECTION_INIT?
> > >>
> > >> Idea was that HFI_INIT(proto_bar) would put all protocol hfi's into
> > >> single binary section. This way wireshark could auto-register these
> > >> fields without need of some indirect array (bonus: binary size
> > >> smaller by sizeof(void *) per hfi).
> > >>
> > >>
> > >> After 5 years simple grep shows that only 36 dissectors are using
> > >> NEW_PROTO_TREE_API, so it seems that this API is not well known or
> > >> not liked.
> > >> If it makes problem I would suggest to drop it.
> > >>
> > >> Alexis suggested the same in 2015:
> > >> https://www.wireshark.org/lists/wireshark-dev/201508/msg00087.html
> > >>
> > >>
> > >> Jakub.