diff options
author | Michael Mann <mmann78@netscape.net> | 2015-12-13 16:54:16 -0500 |
---|---|---|
committer | Michael Mann <mmann78@netscape.net> | 2015-12-14 12:17:49 +0000 |
commit | 0960ac4dfdbfba5a81c56a49cfc6201ecd8f48e3 (patch) | |
tree | 3d88cd321da2fade206b9ccddff22b70ecdfae28 /epan/dissectors/packet-llc.c | |
parent | 9319357f5e27c10f2d29e78fcdf9d323c2af36b0 (diff) |
Create capture dissector tables.
They are modeled after dissection dissector tables, but for the moment, don't have/need the flexibility. They are intended to be much simpler/faster than full dissection.
The two most used/needed are "wtap_encap" and "ethertype", so they were the basis of starting to use and test capture dissector table API. Others may be added in the future.
The "capture dissector" function signature needed a bit of tweeking to handling "claiming" of a packet.
The current application of this is capture functions returning TRUE if they affected a "type" of packet count. Returning FALSE ends up considering the packet an "other" type.
Change-Id: I81d06a6ccb2c03665f087258a46b9d78d513d6cd
Reviewed-on: https://code.wireshark.org/review/12607
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Diffstat (limited to 'epan/dissectors/packet-llc.c')
-rw-r--r-- | epan/dissectors/packet-llc.c | 84 |
1 files changed, 34 insertions, 50 deletions
diff --git a/epan/dissectors/packet-llc.c b/epan/dissectors/packet-llc.c index 402fa94f76..0c226894bc 100644 --- a/epan/dissectors/packet-llc.c +++ b/epan/dissectors/packet-llc.c @@ -24,6 +24,7 @@ #include "config.h" #include <epan/packet.h> +#include <epan/capture_dissectors.h> #include <wiretap/wtap.h> #include <wsutil/pint.h> #include <epan/oui.h> @@ -250,17 +251,16 @@ llc_add_oui(guint32 oui, const char *table_name, const char *table_ui_name, g_hash_table_insert(oui_info_table, GUINT_TO_POINTER(oui), new_info); } -void +gboolean capture_llc(const guchar *pd, int offset, int len, packet_counts *ld, const union wtap_pseudo_header *pseudo_header _U_) { int is_snap; guint16 control; int llc_header_len; - if (!BYTES_ARE_IN_FRAME(offset, len, 2)) { - ld->other++; - return; - } + if (!BYTES_ARE_IN_FRAME(offset, len, 2)) + return FALSE; + is_snap = (pd[offset] == SAP_SNAP) && (pd[offset+1] == SAP_SNAP); llc_header_len = 2; /* DSAP + SSAP */ @@ -272,56 +272,43 @@ capture_llc(const guchar *pd, int offset, int len, packet_counts *ld, const unio */ control = get_xdlc_control(pd, offset+2, pd[offset+1] & SSAP_CR_BIT); llc_header_len += XDLC_CONTROL_LEN(control, TRUE); - if (!BYTES_ARE_IN_FRAME(offset, len, llc_header_len)) { - ld->other++; - return; - } + if (!BYTES_ARE_IN_FRAME(offset, len, llc_header_len)) + return FALSE; + + if (!XDLC_IS_INFORMATION(control)) + return FALSE; - if (!XDLC_IS_INFORMATION(control)) { - ld->other++; - return; - } if (is_snap) - capture_snap(pd, offset+llc_header_len, len, ld, pseudo_header); - else { - /* non-SNAP */ - switch (pd[offset]) { + return capture_snap(pd, offset+llc_header_len, len, ld, pseudo_header); - case SAP_IP: - capture_ip(pd, offset + llc_header_len, len, ld, pseudo_header); - break; + /* non-SNAP */ + switch (pd[offset]) { - case SAP_NETWARE1: - case SAP_NETWARE2: - capture_ipx(pd, offset + llc_header_len, len, ld, pseudo_header); - break; + case SAP_IP: + return capture_ip(pd, offset + llc_header_len, len, ld, pseudo_header); - case SAP_NETBIOS: - capture_netbios(pd, offset + llc_header_len, len, ld, pseudo_header); - break; + case SAP_NETWARE1: + case SAP_NETWARE2: + return capture_ipx(pd, offset + llc_header_len, len, ld, pseudo_header); - case SAP_VINES1: - case SAP_VINES2: - capture_vines(pd, offset + llc_header_len, len, ld, pseudo_header); - break; + case SAP_NETBIOS: + return capture_netbios(pd, offset + llc_header_len, len, ld, pseudo_header); - default: - ld->other++; - break; - } + case SAP_VINES1: + case SAP_VINES2: + return capture_vines(pd, offset + llc_header_len, len, ld, pseudo_header); } + return FALSE; } -void +gboolean capture_snap(const guchar *pd, int offset, int len, packet_counts *ld, const union wtap_pseudo_header *pseudo_header _U_) { guint32 oui; guint16 etype; - if (!BYTES_ARE_IN_FRAME(offset, len, 5)) { - ld->other++; - return; - } + if (!BYTES_ARE_IN_FRAME(offset, len, 5)) + return FALSE; oui = pd[offset] << 16 | pd[offset+1] << 8 | pd[offset+2]; etype = pntoh16(&pd[offset+3]); @@ -337,12 +324,10 @@ capture_snap(const guchar *pd, int offset, int len, packet_counts *ld, const uni AppleTalk data packets - but used OUI_ENCAP_ETHER and an Ethernet packet type for AARP packets. */ - capture_ethertype(etype, pd, offset+5, len, ld, pseudo_header); - break; + return try_capture_dissector("ethertype", etype, pd, offset+5, len, ld, pseudo_header); case OUI_CISCO: - capture_ethertype(etype, pd, offset+5, len, ld, pseudo_header); - break; + return try_capture_dissector("ethertype", etype, pd, offset+5, len, ld, pseudo_header); case OUI_MARVELL: /* @@ -351,13 +336,10 @@ capture_snap(const guchar *pd, int offset, int len, packet_counts *ld, const uni * the payload. (We assume the header is * 5 bytes, for now). */ - capture_ethertype(etype, pd, offset+5+5, len, ld, pseudo_header); - break; - - default: - ld->other++; - break; + return try_capture_dissector("ethertype", etype, pd, offset+5+5, len, ld, pseudo_header); } + + return FALSE; } /* Used only for U frames */ @@ -945,6 +927,8 @@ proto_reg_handoff_llc(void) dissector_add_uint("juniper.proto", JUNIPER_PROTO_LLC, llc_handle); dissector_add_uint("juniper.proto", JUNIPER_PROTO_LLC_SNAP, llc_handle); + register_capture_dissector("ethertype", ETHERTYPE_JUMBO_LLC, capture_llc, proto_llc); + /* * Register all the fields for PIDs for various OUIs. */ |