Create capture dissector tables.

They are modeled after dissection dissector tables, but for the moment, don't have/need the flexibility.  They are intended to be much simpler/faster than full dissection.
The two most used/needed are "wtap_encap" and "ethertype", so they were the basis of starting to use and test capture dissector table API.  Others may be added in the future.

The "capture dissector" function signature needed a bit of tweeking to handling "claiming" of a packet.
The current application of this is capture functions returning TRUE if they affected a "type" of packet count.  Returning FALSE ends up considering the packet an "other" type.

Change-Id: I81d06a6ccb2c03665f087258a46b9d78d513d6cd
Reviewed-on: https://code.wireshark.org/review/12607
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>

1 files changed, 10 insertions, 11 deletions

diff --git a/epan/dissectors/packet-raw.c b/epan/dissectors/packet-raw.c
index f4faf407d9..87655ede01 100644
--- a/epan/dissectors/packet-raw.c
+++ b/epan/dissectors/packet-raw.c
@@ -43,7 +43,7 @@ static dissector_handle_t ipv6_handle;
 static dissector_handle_t data_handle;
 static dissector_handle_t ppp_hdlc_handle;
 
-static void
+static gboolean
 capture_raw(const guchar *pd, int offset _U_, int len, packet_counts *ld, const union wtap_pseudo_header *pseudo_header _U_)
 {
   /* So far, the only time we get raw connection types are with Linux and
@@ -55,21 +55,21 @@ capture_raw(const guchar *pd, int offset _U_, int len, packet_counts *ld, const
    * sometimes.  This check should be removed when 2.2 is out.
    */
   if (BYTES_ARE_IN_FRAME(0,len,2) && pd[0] == 0xff && pd[1] == 0x03) {
-    capture_ppp_hdlc(pd, 0, len, ld, pseudo_header);
+    return capture_ppp_hdlc(pd, 0, len, ld, pseudo_header);
   }
   /* The Linux ISDN driver sends a fake MAC address before the PPP header
    * on its ippp interfaces... */
   else if (BYTES_ARE_IN_FRAME(0,len,8) && pd[6] == 0xff && pd[7] == 0x03) {
-    capture_ppp_hdlc(pd, 6, len, ld, pseudo_header);
+    return capture_ppp_hdlc(pd, 6, len, ld, pseudo_header);
   }
   /* ...except when it just puts out one byte before the PPP header... */
   else if (BYTES_ARE_IN_FRAME(0,len,3) && pd[1] == 0xff && pd[2] == 0x03) {
-    capture_ppp_hdlc(pd, 1, len, ld, pseudo_header);
+    return capture_ppp_hdlc(pd, 1, len, ld, pseudo_header);
   }
   /* ...and if the connection is currently down, it sends 10 bytes of zeroes
    * instead of a fake MAC address and PPP header. */
   else if (BYTES_ARE_IN_FRAME(0,len,10) && memcmp(pd, zeroes, 10) == 0) {
-    capture_ip(pd, 10, len, ld, pseudo_header);
+    return capture_ip(pd, 10, len, ld, pseudo_header);
   }
   else {
     /*
@@ -80,18 +80,18 @@ capture_raw(const guchar *pd, int offset _U_, int len, packet_counts *ld, const
 
       case 0x40:
         /* IPv4 */
-        capture_ip(pd, 0, len, ld, pseudo_header);
-        break;
+        return capture_ip(pd, 0, len, ld, pseudo_header);
 
 #if 0
       case 0x60:
         /* IPv6 */
-        capture_ipv6(pd, 0, len, ld, pseudo_header);
-        break;
+        return capture_ipv6(pd, 0, len, ld, pseudo_header);
 #endif
       }
     }
   }
+
+  return FALSE;
 }
 
 static int
@@ -172,8 +172,6 @@ proto_register_raw(void)
 
   proto_raw = proto_register_protocol("Raw packet data", "Raw", "raw");
   proto_register_subtree_array(ett, array_length(ett));
-
-  register_capture_dissector(WTAP_ENCAP_RAW_IP, capture_raw, proto_raw);
 }
 
 void
@@ -191,6 +189,7 @@ proto_reg_handoff_raw(void)
   ppp_hdlc_handle = find_dissector("ppp_hdlc");
   raw_handle = create_dissector_handle(dissect_raw, proto_raw);
   dissector_add_uint("wtap_encap", WTAP_ENCAP_RAW_IP, raw_handle);
+  register_capture_dissector("wtap_encap", WTAP_ENCAP_RAW_IP, capture_raw, proto_raw);
 }
 
 /*