diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-09-19 04:14:33 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-09-19 04:14:33 +0000 |
commit | 9f153fbfec0fb9c9ce38e749a7c6f4a5e115d4e9 (patch) | |
tree | 2784370cda9bbf2da9114d70f05399c0b229d28c /doc/README.dissector | |
parent | Adding debian version 4.2.6-1. (diff) | |
download | wireshark-9f153fbfec0fb9c9ce38e749a7c6f4a5e115d4e9.tar.xz wireshark-9f153fbfec0fb9c9ce38e749a7c6f4a5e115d4e9.zip |
Merging upstream version 4.4.0.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'doc/README.dissector')
-rw-r--r-- | doc/README.dissector | 333 |
1 files changed, 169 insertions, 164 deletions
diff --git a/doc/README.dissector b/doc/README.dissector index 464bba49..4258f96b 100644 --- a/doc/README.dissector +++ b/doc/README.dissector @@ -84,7 +84,7 @@ In the skeleton sample code the following strings should be substituted with your information. YOUR_NAME Your name, of course. You do want credit, don't you? - It's the only payment you will receive.... + It's the only payment you will receive... YOUR_EMAIL_ADDRESS Keep those cards and letters coming. PROTONAME The name of the protocol; this is displayed in the top-level protocol tree item for that protocol. @@ -273,8 +273,11 @@ uint64_t tvb_get_bits64(tvbuff_t *tvb, unsigned bit_offset, const int no_of_bits Single-byte accessors for 8-bit unsigned integers (uint8_t) and 8-bit signed integers (int8_t): -uint8_t tvb_get_guint8(tvbuff_t *tvb, const int offset); -int8_t tvb_get_gint8(tvbuff_t *tvb, const int offset); +uint8_t tvb_get_uint8(tvbuff_t *tvb, const int offset); +int8_t tvb_get_int8(tvbuff_t *tvb, const int offset); + +These functions were previously named tvb_get_guint8 and tvb_get_gint8. You +can still use the old names but they have been deprecated. Network-to-host-order accessors: @@ -371,38 +374,41 @@ Encoding-to_host-order accessors: 16-bit unsigned (uint16_t) and signed (int16_t) integers: -uint16_t tvb_get_guint16(tvbuff_t *tvb, const int offset, const unsigned encoding); -int16_t tvb_get_gint16(tvbuff_t *tvb, const int offset, const unsigned encoding); +uint16_t tvb_get_uint16(tvbuff_t *tvb, const int offset, const unsigned encoding); +int16_t tvb_get_int16(tvbuff_t *tvb, const int offset, const unsigned encoding); 24-bit unsigned and signed integers: -uint32_t tvb_get_guint24(tvbuff_t *tvb, const int offset, const unsigned encoding); -int32_t tvb_get_gint24(tvbuff_t *tvb, const int offset, const unsigned encoding); +uint32_t tvb_get_uint24(tvbuff_t *tvb, const int offset, const unsigned encoding); +int32_t tvb_get_int24(tvbuff_t *tvb, const int offset, const unsigned encoding); 32-bit unsigned (uint32_t) and signed (int32_t) integers: -uint32_t tvb_get_guint32(tvbuff_t *tvb, const int offset, const unsigned encoding); -int32_t tvb_get_gint32(tvbuff_t *tvb, const int offset, const unsigned encoding); +uint32_t tvb_get_uint32(tvbuff_t *tvb, const int offset, const unsigned encoding); +int32_t tvb_get_int32(tvbuff_t *tvb, const int offset, const unsigned encoding); 40-bit unsigned and signed integers: -uint64_t tvb_get_guint40(tvbuff_t *tvb, const int offset, const unsigned encoding); -int64_t tvb_get_gint40(tvbuff_t *tvb, const int offset, const unsigned encoding); +uint64_t tvb_get_uint40(tvbuff_t *tvb, const int offset, const unsigned encoding); +int64_t tvb_get_int40(tvbuff_t *tvb, const int offset, const unsigned encoding); 48-bit unsigned and signed integers: -uint64_t tvb_get_guint48(tvbuff_t *tvb, const int offset, const unsigned encoding); -int64_t tvb_get_gint48(tvbuff_t *tvb, const int offset, const unsigned encoding); +uint64_t tvb_get_uint48(tvbuff_t *tvb, const int offset, const unsigned encoding); +int64_t tvb_get_int48(tvbuff_t *tvb, const int offset, const unsigned encoding); 56-bit unsigned and signed integers: -uint64_t tvb_get_guint56(tvbuff_t *tvb, const int offset, const unsigned encoding); -int64_t tvb_get_gint56(tvbuff_t *tvb, const int offset, const unsigned encoding); +uint64_t tvb_get_uint56(tvbuff_t *tvb, const int offset, const unsigned encoding); +int64_t tvb_get_int56(tvbuff_t *tvb, const int offset, const unsigned encoding); 64-bit unsigned (uint64_t) and signed (int64_t) integers: -uint64_t tvb_get_guint64(tvbuff_t *tvb, const int offset, const unsigned encoding); -int64_t tvb_get_gint64(tvbuff_t *tvb, const int offset, const unsigned encoding); +uint64_t tvb_get_uint64(tvbuff_t *tvb, const int offset, const unsigned encoding); +int64_t tvb_get_int64(tvbuff_t *tvb, const int offset, const unsigned encoding); + +These functions were previously named tvb_get_guintXX and tvb_get_gintXX. You +can still use the old names but they have been deprecated. Single-precision and double-precision IEEE floating-point numbers: @@ -477,7 +483,7 @@ the string is guaranteed to have a terminating NULL. If the string was truncated when copied into buffer, a NULL is placed at the end of buffer to terminate it. char *tvb_get_ts_23_038_7bits_string(wmem_allocator_t *scope, tvbuff_t *tvb, - const int bit_offset, int no_of_chars); + const int bit_offset, int no_of_chars); tvb_get_ts_23_038_7bits_string() returns a string of a given number of characters and encoded according to 3GPP TS 23.038 7 bits alphabet. @@ -487,17 +493,18 @@ information). Byte Array Accessors: -char *tvb_bytes_to_str(wmem_allocator_t *scope, tvbuff_t *tvb, const int offset, const int len); +char *tvb_bytes_to_str(wmem_allocator_t *scope, tvbuff_t *tvb, + const int offset, const int len); Formats a bunch of data from a tvbuff as bytes, returning a pointer to the string with the data formatted as two hex digits for each byte. The string pointed to is stored in an "wmem_alloc'd" buffer which will be freed -depending on its scope (typically wmem_packet_scope which is freed after the frame). +depending on its scope (typically pinfo->pool which is freed after the frame). The formatted string will contain the hex digits for at most the first 16 bytes of the data. If len is greater than 16 bytes, a trailing "..." will be added to the string. char *tvb_bytes_to_str_punct(wmem_allocator_t *scope, tvbuff_t *tvb, - const int offset, const int len, const char punct); + const int offset, const int len, const char punct); This function is similar to tvb_bytes_to_str(...) except that 'punct' is inserted between the hex representation of each byte. @@ -512,7 +519,8 @@ passed-in 'bytes' array, based on the passed-in encoding. In other words, convert from a hex-ascii string in tvbuff, into the supplied GByteArray. -char *tvb_bcd_dig_to_wmem_packet_str(tvbuff_t *tvb, const int offset, const int len, dgt_set_t *dgt, bool skip_first); +char *tvb_bcd_dig_to_wmem_packet_str(tvbuff_t *tvb, const int offset, + const int len, dgt_set_t *dgt, bool skip_first); Given a tvbuff, an offset into the tvbuff, and a length that starts at that offset (which may be -1 for "all the way to the end of the @@ -523,7 +531,7 @@ A pointer to the packet scope allocated string will be returned. Note: a tvbuff content of 0xf is considered a 'filler' and will end the conversion. Copying memory: -void* tvb_memcpy(tvbuff_t *tvb, void* target, const int offset, size_t length); +void *tvb_memcpy(tvbuff_t *tvb, void *target, const int offset, size_t length); Copies into the specified target the specified length's worth of data from the specified tvbuff, starting at the specified offset. @@ -539,7 +547,7 @@ Pointer-retrieval: * no guarantee that the user will honor the 'length' and not overstep the * boundaries of the buffer. Also see the warning in the Portability section. */ -const uint8_t* tvb_get_ptr(tvbuff_t *tvb, const int offset, const int length); +const uint8_t *tvb_get_ptr(tvbuff_t *tvb, const int offset, const int length); Length query: Get amount of captured data in the buffer (which is *NOT* necessarily the @@ -824,14 +832,14 @@ information about its data type is needed. It helps to look at the header_field_info struct to see what information is expected: struct header_field_info { - const char *name; - const char *abbrev; - enum ftenum type; - int display; - const void *strings; - uint64_t bitmask; - const char *blurb; - ..... + const char *name; + const char *abbrev; + enum ftenum type; + int display; + const void *strings; + uint64_t bitmask; + const char *blurb; + ... }; name (FIELDNAME) @@ -1194,11 +1202,11 @@ one can use a range_string struct. Thus a 'range_string' structure is a way to map ranges to strings. - typedef struct _range_string { - uint32_t value_min; - uint32_t value_max; - const char *strptr; - } range_string; + typedef struct _range_string { + uint32_t value_min; + uint32_t value_max; + const char *strptr; + } range_string; For fields of that type, you would declare an array of "range_string"s: @@ -1304,19 +1312,20 @@ header_field_info struct (or an array of such structs), and calling the registration function along with the registration ID of the protocol that is the parent of the fields. Here is a complete example: - static int proto_eg = -1; - static int hf_field_a = -1; - static int hf_field_b = -1; + static int proto_eg; + static int hf_field_a; + static int hf_field_b; static hf_register_info hf[] = { - { &hf_field_a, - { "Field A", "proto.field_a", FT_UINT8, BASE_HEX, NULL, - 0xf0, "Field A represents Apples", HFILL }}, + { "Field A", "proto.field_a", FT_UINT8, BASE_HEX, NULL, + 0xf0, "Field A represents Apples", HFILL } + }, { &hf_field_b, - { "Field B", "proto.field_b", FT_UINT16, BASE_DEC, VALS(vs), - 0x0, "Field B represents Bananas", HFILL }} + { "Field B", "proto.field_b", FT_UINT16, BASE_DEC, VALS(vs), + 0x0, "Field B represents Bananas", HFILL } + } }; proto_eg = proto_register_protocol("Example Protocol", @@ -1330,8 +1339,8 @@ information that the compiler created inside your array. Here's the layout of the hf_register_info struct: typedef struct hf_register_info { - int *p_id; /* pointer to parent variable */ - header_field_info hfinfo; + int *p_id; /* pointer to parent variable */ + header_field_info hfinfo; } hf_register_info; Also be sure to use the handy array_length() macro found in packet.h @@ -1346,14 +1355,15 @@ It is OK to have header fields with a different format be registered with the same abbreviation. For instance, the following is valid: static hf_register_info hf[] = { - { &hf_field_8bit, /* 8-bit version of proto.field */ - { "Field (8 bit)", "proto.field", FT_UINT8, BASE_DEC, NULL, - 0x00, "Field represents FOO", HFILL }}, + { "Field (8 bit)", "proto.field", FT_UINT8, BASE_DEC, NULL, + 0x00, "Field represents FOO", HFILL } + }, { &hf_field_32bit, /* 32-bit version of proto.field */ - { "Field (32 bit)", "proto.field", FT_UINT32, BASE_DEC, NULL, - 0x00, "Field represents FOO", HFILL }} + { "Field (32 bit)", "proto.field", FT_UINT32, BASE_DEC, NULL, + 0x00, "Field represents FOO", HFILL } + } }; This way a filter expression can match a header field, irrespective of the @@ -1385,7 +1395,7 @@ handful of proto_XXX_DO_YYY() functions. Subtrees can be made with the proto_item_add_subtree() function: - item = proto_tree_add_item(....); + item = proto_tree_add_item(...); new_tree = proto_item_add_subtree(item, tree_type); This will add a subtree under the item in question; a subtree can be @@ -1394,11 +1404,11 @@ so that the tree can be given an arbitrary depth. Subtree types are integers, assigned by "proto_register_subtree_array()". To register subtree types, pass an -array of pointers to "gint" variables to hold the subtree type values to +array of pointers to "int" variables to hold the subtree type values to "proto_register_subtree_array()": - static int ett_eg = -1; - static int ett_field_a = -1; + static int ett_eg; + static int ett_field_a; static int *ett[] = { &ett_eg, @@ -1419,14 +1429,14 @@ you move to another packet. There are many functions that the programmer can use to add either protocol or field labels to the proto_tree, for example: - proto_item* + proto_item * proto_tree_add_item(tree, id, tvb, start, length, encoding); - proto_item* + proto_item * proto_tree_add_item_ret_int(tree, id, tvb, start, length, encoding, *retval); - proto_item* + proto_item * proto_tree_add_subtree(tree, tvb, start, length, idx, tree_item, text); @@ -2016,11 +2026,11 @@ matched string from that value_string will be printed on the expansion line as well. Example: (from the SCSI dissector) - static int hf_scsi_inq_peripheral = -1; - static int hf_scsi_inq_qualifier = -1; - static int hf_scsi_inq_devtype = -1; + static int hf_scsi_inq_peripheral; + static int hf_scsi_inq_qualifier; + static int hf_scsi_inq_devtype; ... - static int ett_scsi_inq_peripheral = -1; + static int ett_scsi_inq_peripheral; ... static int * const peripheral_fields[] = { &hf_scsi_inq_qualifier, @@ -2031,17 +2041,20 @@ Example: (from the SCSI dissector) /* Qualifier and DeviceType */ proto_tree_add_bitmask(tree, tvb, offset, hf_scsi_inq_peripheral, ett_scsi_inq_peripheral, peripheral_fields, ENC_BIG_ENDIAN); - offset+=1; + offset += 1; ... { &hf_scsi_inq_peripheral, {"Peripheral", "scsi.inquiry.peripheral", FT_UINT8, BASE_HEX, - NULL, 0, NULL, HFILL}}, + NULL, 0, NULL, HFILL} + }, { &hf_scsi_inq_qualifier, {"Qualifier", "scsi.inquiry.qualifier", FT_UINT8, BASE_HEX, - VALS (scsi_qualifier_val), 0xE0, NULL, HFILL}}, + VALS (scsi_qualifier_val), 0xE0, NULL, HFILL} + }, { &hf_scsi_inq_devtype, {"Device Type", "scsi.inquiry.devtype", FT_UINT8, BASE_HEX, - VALS (scsi_devtype_val), SCSI_DEV_BITS, NULL, HFILL}}, + VALS (scsi_devtype_val), SCSI_DEV_BITS, NULL, HFILL} + }, ... Which provides very pretty dissection of this one byte bitmask. @@ -2146,18 +2159,16 @@ skeleton of how the programmer might code this. proto_tree_add_none_format(tree, hf_tr_rif_label, ..., "RIF: %s", rif); - for(i = 0; i < num_rings; i++) { + for (i = 0; i < num_rings; i++) { proto_item *pi; - pi = proto_tree_add_item(tree, hf_tr_rif_ring, ..., - ENC_BIG_ENDIAN); + pi = proto_tree_add_item(tree, hf_tr_rif_ring, ..., ENC_BIG_ENDIAN); proto_item_set_hidden(pi); } - for(i = 0; i < num_rings - 1; i++) { + for (i = 0; i < num_rings - 1; i++) { proto_item *pi; - pi = proto_tree_add_item(tree, hf_tr_rif_bridge, ..., - ENC_BIG_ENDIAN); + pi = proto_tree_add_item(tree, hf_tr_rif_bridge, ..., ENC_BIG_ENDIAN); proto_item_set_hidden(pi); } @@ -2196,7 +2207,7 @@ to generate a COL_INFO line for a frame. val_to_str() handles the most common case: - const char* + const char * val_to_str(uint32_t val, const value_string *vs, const char *fmt) If the value 'val' is found in the 'value_string' table pointed to by @@ -2214,7 +2225,7 @@ unmodified when 'val' isn't found. If you need to handle the failure case in some custom way, try_val_to_str() will return NULL if val isn't found: - const char* + const char * try_val_to_str(uint32_t val, const value_string *vs) Note that, you must check whether 'try_val_to_str()' returns NULL, and arrange @@ -2336,13 +2347,13 @@ table using their unique identifier using one of the following APIs: dissector_handle_t handle); void dissector_add_uint_range(const char *abbrev, struct epan_range *range, - dissector_handle_t handle); + dissector_handle_t handle); void dissector_add_string(const char *name, const char *pattern, - dissector_handle_t handle); + dissector_handle_t handle); void dissector_add_for_decode_as(const char *name, - dissector_handle_t handle); + dissector_handle_t handle); dissector_add_for_decode_as doesn't add a unique identifier in the dissector table, but it lets the user add it from the command line or, in Wireshark, @@ -2383,7 +2394,7 @@ section of epan/dissectors/CMakeLists.txt 1.10 Submitting code for your new dissector. See <https://www.wireshark.org/docs/wsdg_html_chunked/ChSrcContribute.html> - and <https://gitlab.com/wireshark/wireshark/-/wikis/Development/SubmittingPatches>. + and <https://wiki.wireshark.org/Development/SubmittingPatches>. - VERIFY that your dissector code does not use prohibited or deprecated APIs as follows: @@ -2404,11 +2415,11 @@ section of epan/dissectors/CMakeLists.txt - TEST YOUR DISSECTOR BEFORE SUBMITTING IT. Use fuzz-test.sh and/or randpkt against your dissector. These are - described at <https://gitlab.com/wireshark/wireshark/-/wikis/FuzzTesting>. + described at <https://wiki.wireshark.org/FuzzTesting>. - Subscribe to <mailto:wireshark-dev[AT]wireshark.org> by sending an email to <mailto:wireshark-dev-request[AT]wireshark.org?body="help"> or visiting - <https://www.wireshark.org/lists/>. + <https://lists.wireshark.org/>. - 'git diff' to verify all your changes look good. @@ -2425,11 +2436,11 @@ section of epan/dissectors/CMakeLists.txt - Create a Wiki page on the protocol at <https://gitlab.com/wireshark/editor-wiki>. (You'll need to request access to https://gitlab.com/wireshark/wiki-editors.) A template is provided so it is easy to setup in a consistent style. - See: <https://gitlab.com/wireshark/wireshark/-/wikis/HowToEdit> - and <https://gitlab.com/wireshark/wireshark/-/wikis/ProtocolReference> + See: <https://wiki.wireshark.org/HowToEdit> + and <https://wiki.wireshark.org/ProtocolReference> - If possible, add sample capture files to the sample captures page at - <https://gitlab.com/wireshark/wireshark/-/wikis/SampleCaptures>. These + <https://wiki.wireshark.org/SampleCaptures>. These files are used by the automated build system for fuzz testing. - If you don't think the wiki is the right place for your sample capture, @@ -2494,12 +2505,12 @@ The conversation_new prototype: Where: uint32_t setup_frame = The lowest numbered frame for this conversation - address* addr1 = first data packet address - address* addr2 = second data packet address - conversation_type ctype = conversation type, defined in conversation.h + address* addr1 = first data packet address + address* addr2 = second data packet address + conversation_type ctype = conversation type, defined in conversation.h uint32_t port1 = first data packet port uint32_t port2 = second data packet port - unsigned options = conversation options, NO_ADDR2 and/or NO_PORT2 + unsigned options = conversation options, NO_ADDR2 and/or NO_PORT2 setup_frame indicates the first frame for this conversation, and is used to distinguish multiple conversations with the same addr1/port1 and addr2/port2 @@ -2533,7 +2544,7 @@ The conversation_new_full prototype: conversation_element_t *elements); Where: - uint32_t setup_frame = The lowest numbered frame for + uint32_t setup_frame = The lowest numbered frame for this conversation conversation_element_t *elements = An array of data types and values which identify this conversation. The array MUST be @@ -2552,12 +2563,12 @@ The find_conversation prototype: Where: uint32_t frame_num = a frame number to match - address* addr_a = first address - address* addr_b = second address - conversation_type ctype = conversation type + address* addr_a = first address + address* addr_b = second address + conversation_type ctype = conversation type uint32_t port_a = first data packet port uint32_t port_b = second data packet port - unsigned options = conversation options, NO_ADDR_B and/or NO_PORT_B + unsigned options = conversation options, NO_ADDR_B and/or NO_PORT_B frame_num is a frame number to match. The conversation returned is where (frame_num >= conversation->setup_frame @@ -2599,7 +2610,7 @@ The find_conversation_full prototype: conversation_element_t *elements); Where: - uint32_t setup_frame = The lowest numbered frame for + uint32_t setup_frame = The lowest numbered frame for this conversation conversation_element_t *elements = An array of data types and values which identify this conversation. The array MUST be @@ -2780,7 +2791,7 @@ typedef struct { } my_entry_t; /* Registered protocol number */ -static int my_proto = -1; +static int my_proto; /********************* in the dissector routine *********************/ @@ -2793,13 +2804,13 @@ my_entry_t *data_ptr; /* look up the conversation */ conversation = find_conversation(pinfo->num, &pinfo->src, &pinfo->dst, - conversation_pt_to_conversation_type(pinfo->ptype), + conversation_pt_to_conversation_type(pinfo->ptype), pinfo->srcport, pinfo->destport, 0); /* if conversation found get the data pointer that you stored */ -if (conversation) +if (conversation) { data_ptr = (my_entry_t*)conversation_get_proto_data(conversation, my_proto); -else { +} else { /* new conversation create local data structure */ @@ -2880,8 +2891,7 @@ upon the conversation index and values inside the request packets. /* only allocate a new hash element when it's a request */ opcode = 0; - if (!request_val && !reply) - { + if (!request_val && !reply) { new_request_key = wmem_alloc(wmem_file_scope(), sizeof(struct afs_request_key)); *new_request_key = request_key; @@ -2889,8 +2899,7 @@ upon the conversation index and values inside the request packets. request_val -> opcode = pntoh32(&afsh->opcode); opcode = request_val->opcode; - g_hash_table_insert(afs_request_hash, new_request_key, - request_val); + g_hash_table_insert(afs_request_hash, new_request_key, request_val); } @@ -2946,36 +2955,33 @@ An example - static dissector_handle_t sub_dissector_handle; /* prototype for the dynamic dissector */ -static void sub_dissector(tvbuff_t *tvb, packet_info *pinfo, - proto_tree *tree); +static void sub_dissector(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree); /* in the main protocol dissector, where the next dissector is setup */ /* if conversation has a data field, create it and load structure */ -/* First check if a conversation already exists for this - socketpair -*/ +/* First check if a conversation already exists for this socketpair */ conversation = find_conversation(pinfo->num, - &pinfo->src, &pinfo->dst, conversation_type, - src_port, dst_port, 0); + &pinfo->src, &pinfo->dst, conversation_type, + src_port, dst_port, 0); /* If there is no such conversation, or if there is one but for someone else's protocol then we just create a new conversation and assign our protocol to it. */ - if ( (conversation == NULL) || - (conversation->dissector_handle != sub_dissector_handle) ) { + if ((conversation == NULL) || + (conversation->dissector_handle != sub_dissector_handle)) { new_conv_info = wmem_alloc(wmem_file_scope(), sizeof(struct _new_conv_info)); new_conv_info->data1 = value1; -/* create the conversation for the dynamic port */ - conversation = conversation_new(pinfo->num, - &pinfo->src, &pinfo->dst, protocol, - src_port, dst_port, new_conv_info, 0); + /* create the conversation for the dynamic port */ + conversation = conversation_new(pinfo->num, + &pinfo->src, &pinfo->dst, protocol, + src_port, dst_port, new_conv_info, 0); -/* set the dissector for the new conversation */ - conversation_set_dissector(conversation, sub_dissector_handle); + /* set the dissector for the new conversation */ + conversation_set_dissector(conversation, sub_dissector_handle); } ... @@ -3019,8 +3025,8 @@ the same socketpair. There are two support routines that will allow the second port and/or address to be set later. -conversation_set_port2( conversation_t *conv, uint32_t port); -conversation_set_addr2( conversation_t *conv, address addr); +conversation_set_port2(conversation_t *conv, uint32_t port); +conversation_set_addr2(conversation_t *conv, address addr); These routines will change the second address or port for the conversation. So, the server port conversation will be converted into a @@ -3051,19 +3057,20 @@ static dissector_handle_t sub_dissector_handle; IP/protocol/port */ conversation = find_conversation(pinfo->num, - &server_src_addr, 0, protocol, - server_src_port, 0, NO_ADDR2 | NO_PORT_B); + &server_src_addr, 0, protocol, + server_src_port, 0, NO_ADDR2 | NO_PORT_B); + /* If there is no such conversation, or if there is one but for someone else's protocol then we just create a new conversation and assign our protocol to it. */ - if ( (conversation == NULL) || - (conversation->dissector_handle != sub_dissector_handle) ) { + if ((conversation == NULL) || + (conversation->dissector_handle != sub_dissector_handle)) { conversation = conversation_new(pinfo->num, - &server_src_addr, 0, conversation_type, - server_src_port, 0, new_conv_info, NO_ADDR2 | NO_PORT2); + &server_src_addr, 0, conversation_type, + server_src_port, 0, new_conv_info, NO_ADDR2 | NO_PORT2); -/* set the dissector for the new conversation */ + /* set the dissector for the new conversation */ conversation_set_dissector(conversation, sub_dissector_handle); } @@ -3210,16 +3217,16 @@ An example from packet-rtpproxy.c - rtpproxy_module = prefs_register_protocol(proto_rtpproxy, proto_reg_handoff_rtpproxy); prefs_register_bool_preference(rtpproxy_module, "establish_conversation", - "Establish Media Conversation", - "Specifies that RTP/RTCP/T.38/MSRP/etc streams are decoded based " - "upon port numbers found in RTPproxy answers", - &rtpproxy_establish_conversation); + "Establish Media Conversation", + "Specifies that RTP/RTCP/T.38/MSRP/etc streams are decoded based " + "upon port numbers found in RTPproxy answers", + &rtpproxy_establish_conversation); prefs_register_uint_preference(rtpproxy_module, "reply.timeout", - "RTPproxy reply timeout", /* Title */ - "Maximum timeout value in waiting for reply from RTPProxy (in milliseconds).", /* Descr */ - 10, - &rtpproxy_timeout); + "RTPproxy reply timeout", /* Title */ + "Maximum timeout value in waiting for reply from RTPProxy (in milliseconds).", /* Descr */ + 10, + &rtpproxy_timeout); This will create preferences "rtpproxy.establish_conversation" and "rtpproxy.reply.timeout", the first of which is an Boolean and the @@ -3231,7 +3238,7 @@ a preference obsolete is to register it as such: /* Register a preference that used to be supported but no longer is. */ void prefs_register_obsolete_preference(module_t *module, - const char *name); + const char *name); 2.7 Reassembly/desegmentation for protocols running atop TCP. @@ -3278,7 +3285,7 @@ reference to a callback which will be called with reassembled data: return 0; tcp_dissect_pdus(tvb, pinfo, tree, hartip_desegment, HARTIP_HEADER_LENGTH, - get_dissect_hartip_len, dissect_hartip_pdu, data); + get_dissect_hartip_len, dissect_hartip_pdu, data); return tvb_reported_length(tvb); } @@ -3345,11 +3352,10 @@ your mind later: once you return a positive value from desegment_len, your PDU boundary is set in stone. static hf_register_info hf[] = { - {&hf_cstring, - {"C String", "c.string", FT_STRING, BASE_NONE, NULL, 0x0, - NULL, HFILL} - } - }; + { &hf_cstring, + { "C String", "c.string", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL } + } +}; /** * Dissect a buffer containing ASCII C strings. @@ -3362,11 +3368,12 @@ static hf_register_info hf[] = { static int dissect_cstr(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree, void *data _U_) { unsigned offset = 0; - while(offset < tvb_reported_length(tvb)) { + + while (offset < tvb_reported_length(tvb)) { int available = tvb_reported_length_remaining(tvb, offset); int len = tvb_strnlen(tvb, offset, available); - if( -1 == len ) { + if (-1 == len) { /* we ran out of data: ask for more */ pinfo->desegment_offset = offset; pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT; @@ -3377,9 +3384,7 @@ static int dissect_cstr(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree, len += 1; /* Add one for the '\0' */ - if (tree) { - proto_tree_add_item(tree, hf_cstring, tvb, offset, len, ENC_ASCII); - } + proto_tree_add_item(tree, hf_cstring, tvb, offset, len, ENC_ASCII); offset += (unsigned)len; } @@ -3425,7 +3430,7 @@ are called to handle PDU data. dissect_dnp3_udp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) { return udp_dissect_pdus(tvb, pinfo, tree, DNP_HDR_LEN, dnp3_udp_check_header, - get_dnp3_message_len, dissect_dnp3_message, data); + get_dnp3_message_len, dissect_dnp3_message, data); } static int @@ -3436,7 +3441,7 @@ are called to handle PDU data. } tcp_dissect_pdus(tvb, pinfo, tree, true, DNP_HDR_LEN, - get_dnp3_message_len, dissect_dnp3_message, data); + get_dnp3_message_len, dissect_dnp3_message, data); return tvb_captured_length(tvb); } @@ -3518,7 +3523,7 @@ Consider the following example using IP dissection, stolen from packet-ip.c: static build_valid_func ip_da_build_value[1] = {ip_value}; static decode_as_value_t ip_da_values = {ip_prompt, 1, ip_da_build_value}; static decode_as_t ip_da = {"ip", "ip.proto", 1, 0, &ip_da_values, NULL, NULL, - decode_as_default_populate_list, decode_as_default_reset, decode_as_default_change, NULL}; + decode_as_default_populate_list, decode_as_default_reset, decode_as_default_change, NULL}; ... ip_dissector_table = register_dissector_table("ip.proto", "IP protocol", ip_proto, FT_UINT8, BASE_DEC); ... @@ -3594,23 +3599,23 @@ the ptvcursor advances its cursor so the next call to ptvcursor_add starts where this call finished. The 'encoding' parameter is relevant for certain type of fields (See above under proto_tree_add_item()). -proto_item* +proto_item * ptvcursor_add_ret_uint(ptvcursor_t* ptvc, int hf, int length, const unsigned encoding, uint32_t *retval); Like ptvcursor_add, but returns uint value retrieved -proto_item* +proto_item * ptvcursor_add_ret_int(ptvcursor_t* ptvc, int hf, int length, const unsigned encoding, int32_t *retval); Like ptvcursor_add, but returns int value retrieved -proto_item* +proto_item * ptvcursor_add_ret_string(ptvcursor_t* ptvc, int hf, int length, const unsigned encoding, wmem_allocator_t *scope, const uint8_t **retval); Like ptvcursor_add, but returns string retrieved -proto_item* +proto_item * ptvcursor_add_ret_boolean(ptvcursor_t* ptvc, int hf, int length, const unsigned encoding, bool *retval); Like ptvcursor_add, but returns boolean value retrieved -proto_item* +proto_item * ptvcursor_add_no_advance(ptvcursor_t* ptvc, int hf, int length, const unsigned encoding) Like ptvcursor_add, but does not advance the internal cursor. @@ -3624,7 +3629,7 @@ ptvcursor_free(ptvcursor_t* ptvc) after your dissection with the ptvcursor API is completed. -proto_tree* +proto_tree * ptvcursor_push_subtree(ptvcursor_t* ptvc, proto_item* it, int ett_subtree) Pushes the current subtree in the tree stack of the cursor, creates a new one and sets this one as the working tree. @@ -3633,7 +3638,7 @@ void ptvcursor_pop_subtree(ptvcursor_t* ptvc); Pops a subtree in the tree stack of the cursor -proto_tree* +proto_tree * ptvcursor_add_with_subtree(ptvcursor_t* ptvc, int hfindex, int length, const unsigned encoding, int ett_subtree); Adds an item to the tree and creates a subtree. @@ -3641,9 +3646,9 @@ If the length is unknown, length may be defined as SUBTREE_UNDEFINED_LENGTH. In this case, at the next pop, the item length will be equal to the advancement of the cursor since the creation of the subtree. -proto_tree* +proto_tree * ptvcursor_add_text_with_subtree(ptvcursor_t* ptvc, int length, - int ett_subtree, const char* format, ...); + int ett_subtree, const char *format, ...); Add a text node to the tree and create a subtree. If the length is unknown, length may be defined as SUBTREE_UNDEFINED_LENGTH. In this case, at the next pop, the item length will be equal to the advancement @@ -3651,7 +3656,7 @@ of the cursor since the creation of the subtree. 2.11.2 Miscellaneous functions. -tvbuff_t* +tvbuff_t * ptvcursor_tvbuff(ptvcursor_t* ptvc) Returns the tvbuff associated with the ptvcursor. @@ -3659,7 +3664,7 @@ int ptvcursor_current_offset(ptvcursor_t* ptvc) Returns the current offset. -proto_tree* +proto_tree * ptvcursor_tree(ptvcursor_t* ptvc) Returns the proto_tree associated with the ptvcursor. @@ -3667,7 +3672,7 @@ void ptvcursor_set_tree(ptvcursor_t* ptvc, proto_tree *tree) Sets a new proto_tree for the ptvcursor. -proto_tree* +proto_tree * ptvcursor_set_subtree(ptvcursor_t* ptvc, proto_item* it, int ett_subtree); Creates a subtree and adds it to the cursor as the working tree but does not save the old working tree. @@ -3714,10 +3719,10 @@ necessary, in either case. * * Local variables: * c-basic-offset: 4 - * tab-width: 8 + * tab-width: 4 * indent-tabs-mode: nil * End: * - * vi: set shiftwidth=4 tabstop=8 expandtab: - * :indentSize=4:tabSize=8:noTabs=true: + * vi: set shiftwidth=4 tabstop=4 expandtab: + * :indentSize=4:tabSize=4:noTabs=true: */ |