diff options
author | Guy Harris <guy@alum.mit.edu> | 2014-05-24 17:35:08 -0700 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 2014-05-25 00:36:23 +0000 |
commit | 088b06418ad945ab417a661402c142d09b25b532 (patch) | |
tree | b2aab93b15404c20a6c572013bfe71f850bb9f30 /epan/dissectors/packet-pcapng_block.c | |
parent | 318cf8a6782d8911c7c2891c395062f98eb0a316 (diff) |
Add support for dissecting pcap-ng file-type-specific blocks.
Add a dissector for pcap-ng file-type-specific blocks; it creates a
dissector table using the block type as the key, attempts to call the
appropriate dissector using that table, and does a minimal dissection if
that fails.
Change-Id: I67e139f06ba88d40faa5b4ab169e8df08f5bfe7b
Reviewed-on: https://code.wireshark.org/review/1784
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Diffstat (limited to 'epan/dissectors/packet-pcapng_block.c')
-rw-r--r-- | epan/dissectors/packet-pcapng_block.c | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/epan/dissectors/packet-pcapng_block.c b/epan/dissectors/packet-pcapng_block.c new file mode 100644 index 0000000000..24aac2e2ca --- /dev/null +++ b/epan/dissectors/packet-pcapng_block.c @@ -0,0 +1,70 @@ +/* packet-pcapng.c + * Dissector to handle pcap-ng file-type-specific blocks. + * + * Wireshark - Network traffic analyzer + * By Gerald Combs <gerald@wireshark.org> + * Copyright 1998 Gerald Combs + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "config.h" + +#include <epan/packet.h> + +#include <wiretap/wtap.h> + +static int proto_pcapng_block = -1; + +static dissector_table_t pcapng_block_type_dissector_table; + +static void +dissect_pcapng_block(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) +{ + /* + * Call the dissector for the block type of this block, if there + * is one. + */ + if (!dissector_try_uint(pcapng_block_type_dissector_table, + pinfo->pseudo_header->ftsrec.record_type, tvb, pinfo, tree)) { + /* + * There isn't one; just do a minimal display. + */ + col_set_str(pinfo->cinfo, COL_PROTOCOL, "PCAP-NG"); + col_add_fstr(pinfo->cinfo, COL_INFO, "PCAP-NG block, type %u", + pinfo->pseudo_header->ftsrec.record_type); + + proto_tree_add_item(tree, proto_pcapng_block, tvb, 0, -1, ENC_NA); + } +} + +void proto_register_pcapng_block(void) +{ + proto_pcapng_block = proto_register_protocol("PCAP-NG block", + "PCAP-NG", "pcapng"); + pcapng_block_type_dissector_table = register_dissector_table("pcapng.block_type", + "pcap-ng block type", FT_UINT32, BASE_DEC); +} + +void +proto_reg_handoff_pcapng_block(void) +{ + dissector_handle_t pcapng_block_handle; + + pcapng_block_handle = create_dissector_handle(dissect_pcapng_block, + proto_pcapng_block); + dissector_add_uint("wtap_fts_rec", WTAP_FILE_TYPE_SUBTYPE_PCAPNG, + pcapng_block_handle); +} |