diff options
| author | Hadriel Kaplan <hadrielk@yahoo.com> | 2014-03-10 01:54:51 -0400 |
|---|---|---|
| committer | Anders Broman <a.broman58@gmail.com> | 2014-03-14 07:29:15 +0000 |
| commit | 04c39bb0972bac1f95eb9394b5ca1086f19c0d93 (patch) | |
| tree | 62171e4584b86bb746d6a73181eb7627a15b9e44 /doc/README.heuristic | |
| parent | a59ac1bd10d29d05ca5cd657b7c64ab13a08670d (diff) | |
Add Lua heuristic dissector support
This adds the ability for Lua scripts to register heuristic dissectors
for any protocol that has registered a heuristic dissector list, such
as UDP, TCP, and ~50 others. The Lua function can also establish a
conversation tied to its Proto dissector, to avoid having to check the
heuristics for the same flow. The example dissector in the testsuite
has also been enhanced to include a heuristic dissector, to verify
the functionality and provide an example implementation.
Change-Id: Ie232602779f43d3418fe8db09c61d5fc0b59597a
Reviewed-on: https://code.wireshark.org/review/576
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Diffstat (limited to 'doc/README.heuristic')
| -rw-r--r-- | doc/README.heuristic | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/doc/README.heuristic b/doc/README.heuristic index 544a64d484..c2830a82c6 100644 --- a/doc/README.heuristic +++ b/doc/README.heuristic @@ -103,7 +103,7 @@ Heuristic Code Example ---------------------- You can find a lot of code examples in the Wireshark sources, e.g.: grep -l heur_dissector_add epan/dissectors/*.c -returns 132 files (Feb 2013). +returns 150 files (March 2014). For the above example criteria, the following code example might do the work (combine this with the dissector skeleton in README.developer): @@ -150,7 +150,10 @@ dissect_PROTOABBREV_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, vo /* Assume it's your packet ... */ - /* specify that dissect_PROTOABBREV is to be called directly from now on for packets for this "connection" ... */ + /* specify that dissect_PROTOABBREV is to be called directly from now on for packets for this "connection" ... + * but ONLY do this if your heuristic sits directly on top of UDP or TCP (ie, you did heur_dissector_add("tcp",...)), + * otherwise you'll be overriding the dissector that called your heuristic dissector. + */ conversation = find_or_create_conversation(pinfo); conversation_set_dissector(conversation, PROTOABBREV_handle); @@ -188,5 +191,4 @@ tendency to reuse known port numbers for new protocols. But TCP and UDP are not the only dissectors that provide support for HDs. You can find more examples by searching the Wireshark sources as follows: grep -l register_heur_dissector_list epan/dissectors/packet-*.c -returns 38 files (Feb 2013). - +returns 43 files (March 2014). |