diff options
-rw-r--r-- | docbook/release-notes.asciidoc | 3 | ||||
-rw-r--r-- | docbook/wsug_src/WSUG_chapter_customize.asciidoc | 3 | ||||
-rw-r--r-- | tfshark.c | 418 | ||||
-rw-r--r-- | tshark.c | 420 | ||||
-rw-r--r-- | ui/commandline.c | 12 | ||||
-rw-r--r-- | ui/decode_as_utils.c | 410 | ||||
-rw-r--r-- | ui/decode_as_utils.h | 8 |
7 files changed, 438 insertions, 836 deletions
diff --git a/docbook/release-notes.asciidoc b/docbook/release-notes.asciidoc index c9b37d2671..313f921b53 100644 --- a/docbook/release-notes.asciidoc +++ b/docbook/release-notes.asciidoc @@ -26,7 +26,8 @@ used for troubleshooting, analysis, development and education. The following features are new (or have been significantly updated) since version 2.1.0: -* +* Added -d option for Decode As support in Wireshark (mimics TShark + functionality) The following features are new (or have been significantly updated) since version 2.0.0: diff --git a/docbook/wsug_src/WSUG_chapter_customize.asciidoc b/docbook/wsug_src/WSUG_chapter_customize.asciidoc index 9e0dd1a89f..abcbf17948 100644 --- a/docbook/wsug_src/WSUG_chapter_customize.asciidoc +++ b/docbook/wsug_src/WSUG_chapter_customize.asciidoc @@ -77,6 +77,9 @@ Processing: -R <read filter> packet filter in Wireshark display filter syntax -n disable all name resolutions (def: all enabled) -N <name resolve flags> enable specific name resolution(s): "mnNtCd" + -d <layer_type>==<selector>,<decode_as_protocol> ... + "Decode As", see the man page for details + Example: tcp.port==8888,http --disable-protocol <proto_name> disable dissection of proto_name --enable-heuristic <short_name> @@ -68,6 +68,7 @@ #include <epan/print.h> #include <epan/addr_resolv.h> #include "ui/util.h" +#include "ui/decode_as_utils.h" #include "register.h" #include <epan/epan_dissect.h> #include <epan/tap.h> @@ -93,12 +94,6 @@ #include <wsutil/plugins.h> #endif -/* - * This is the template for the decode as option; it is shared between the - * various functions that output the usage for this parameter. - */ -static const gchar decode_as_arg_template[] = "<layer_type>==<selector>,<decode_as_protocol>"; - static guint32 cum_bytes; static const frame_data *ref; static frame_data ref_frame; @@ -198,7 +193,7 @@ print_usage(FILE *output) fprintf(output, " -R <read filter> packet Read filter in Wireshark display filter syntax\n"); fprintf(output, " -Y <display filter> packet displaY filter in Wireshark display filter\n"); fprintf(output, " syntax\n"); - fprintf(output, " -d %s ...\n", decode_as_arg_template); + fprintf(output, " -d %s ...\n", DECODE_AS_ARG_TEMPLATE); fprintf(output, " \"Decode As\", see the man page for details\n"); fprintf(output, " Example: tcp.port==8888,http\n"); @@ -270,413 +265,6 @@ glossary_option_help(void) fprintf(output, "\n"); } -/* - * For a dissector table, print on the stream described by output, - * its short name (which is what's used in the "-d" option) and its - * descriptive name. - */ -static void -display_dissector_table_names(const char *table_name, const char *ui_name, - gpointer output) -{ - if ((prev_display_dissector_name == NULL) || - (strcmp(prev_display_dissector_name, table_name) != 0)) { - fprintf((FILE *)output, "\t%s (%s)\n", table_name, ui_name); - prev_display_dissector_name = table_name; - } -} - -/* - * For a dissector handle, print on the stream described by output, - * the filter name (which is what's used in the "-d" option) and the full - * name for the protocol that corresponds to this handle. - */ -static void -display_dissector_names(const gchar *table _U_, gpointer handle, gpointer output) -{ - int proto_id; - const gchar *proto_filter_name; - const gchar *proto_ui_name; - - proto_id = dissector_handle_get_protocol_index((dissector_handle_t)handle); - - if (proto_id != -1) { - proto_filter_name = proto_get_protocol_filter_name(proto_id); - proto_ui_name = proto_get_protocol_name(proto_id); - g_assert(proto_filter_name != NULL); - g_assert(proto_ui_name != NULL); - - if ((prev_display_dissector_name == NULL) || - (strcmp(prev_display_dissector_name, proto_filter_name) != 0)) { - fprintf((FILE *)output, "\t%s (%s)\n", - proto_filter_name, - proto_ui_name); - prev_display_dissector_name = proto_filter_name; - } - } -} - -/* - * The protocol_name_search structure is used by find_protocol_name_func() - * to pass parameters and store results - */ -struct protocol_name_search{ - gchar *searched_name; /* Protocol filter name we are looking for */ - dissector_handle_t matched_handle; /* Handle for a dissector whose protocol has the specified filter name */ - guint nb_match; /* How many dissectors matched searched_name */ -}; -typedef struct protocol_name_search *protocol_name_search_t; - -/* - * This function parses all dissectors associated with a table to find the - * one whose protocol has the specified filter name. It is called - * as a reference function in a call to dissector_table_foreach_handle. - * The name we are looking for, as well as the results, are stored in the - * protocol_name_search struct pointed to by user_data. - * If called using dissector_table_foreach_handle, we actually parse the - * whole list of dissectors. - */ -static void -find_protocol_name_func(const gchar *table _U_, gpointer handle, gpointer user_data) - -{ - int proto_id; - const gchar *protocol_filter_name; - protocol_name_search_t search_info; - - g_assert(handle); - - search_info = (protocol_name_search_t)user_data; - - proto_id = dissector_handle_get_protocol_index((dissector_handle_t)handle); - if (proto_id != -1) { - protocol_filter_name = proto_get_protocol_filter_name(proto_id); - g_assert(protocol_filter_name != NULL); - if (strcmp(protocol_filter_name, search_info->searched_name) == 0) { - /* Found a match */ - if (search_info->nb_match == 0) { - /* Record this handle only if this is the first match */ - search_info->matched_handle = (dissector_handle_t)handle; /* Record the handle for this matching dissector */ - } - search_info->nb_match++; - } - } -} - -/* - * Allow dissector key names to be sorted alphabetically - */ - -static gint -compare_dissector_key_name(gconstpointer dissector_a, gconstpointer dissector_b) -{ - return strcmp((const char*)dissector_a, (const char*)dissector_b); -} - -/* - * Print all layer type names supported. - * We send the output to the stream described by the handle output. - */ - -static void -fprint_all_layer_types(FILE *output) - -{ - prev_display_dissector_name = NULL; - dissector_all_tables_foreach_table(display_dissector_table_names, (gpointer)output, (GCompareFunc)compare_dissector_key_name); -} - -/* - * Print all protocol names supported for a specific layer type. - * table_name contains the layer type name in which the search is performed. - * We send the output to the stream described by the handle output. - */ - -static void -fprint_all_protocols_for_layer_types(FILE *output, gchar *table_name) - -{ - prev_display_dissector_name = NULL; - dissector_table_foreach_handle(table_name, - display_dissector_names, - (gpointer)output); -} - -/* - * The function below parses the command-line parameters for the decode as - * feature (a string pointer by cl_param). - * It checks the format of the command-line, searches for a matching table - * and dissector. If a table/dissector match is not found, we display a - * summary of the available tables/dissectors (on stderr) and return FALSE. - * If everything is fine, we get the "Decode as" preference activated, - * then we return TRUE. - */ -static gboolean -add_decode_as(const gchar *cl_param) -{ - gchar *table_name; - guint32 selector, selector2; - gchar *decoded_param; - gchar *remaining_param; - gchar *selector_str; - gchar *dissector_str; - dissector_handle_t dissector_matching; - dissector_table_t table_matching; - ftenum_t dissector_table_selector_type; - struct protocol_name_search user_protocol_name; - guint64 i; - char op; - - /* The following code will allocate and copy the command-line options in a string pointed by decoded_param */ - - g_assert(cl_param); - decoded_param = g_strdup(cl_param); - g_assert(decoded_param); - - - /* The lines below will parse this string (modifying it) to extract all - necessary information. Note that decoded_param is still needed since - strings are not copied - we just save pointers. */ - - /* This section extracts a layer type (table_name) from decoded_param */ - table_name = decoded_param; /* Layer type string starts from beginning */ - - remaining_param = strchr(table_name, '='); - if (remaining_param == NULL) { - cmdarg_err("Parameter \"%s\" doesn't follow the template \"%s\"", cl_param, decode_as_arg_template); - /* If the argument does not follow the template, carry on anyway to check - if the table name is at least correct. If remaining_param is NULL, - we'll exit anyway further down */ - } - else { - *remaining_param = '\0'; /* Terminate the layer type string (table_name) where '=' was detected */ - } - - /* Remove leading and trailing spaces from the table name */ - while ( table_name[0] == ' ' ) - table_name++; - while ( table_name[strlen(table_name) - 1] == ' ' ) - table_name[strlen(table_name) - 1] = '\0'; /* Note: if empty string, while loop will eventually exit */ - -/* The following part searches a table matching with the layer type specified */ - table_matching = NULL; - -/* Look for the requested table */ - if ( !(*(table_name)) ) { /* Is the table name empty, if so, don't even search for anything, display a message */ - cmdarg_err("No layer type specified"); /* Note, we don't exit here, but table_matching will remain NULL, so we exit below */ - } - else { - table_matching = find_dissector_table(table_name); - if (!table_matching) { - cmdarg_err("Unknown layer type -- %s", table_name); /* Note, we don't exit here, but table_matching will remain NULL, so we exit below */ - } - } - - if (!table_matching) { - /* Display a list of supported layer types to help the user, if the - specified layer type was not found */ - cmdarg_err("Valid layer types are:"); - fprint_all_layer_types(stderr); - } - if (remaining_param == NULL || !table_matching) { - /* Exit if the layer type was not found, or if no '=' separator was found - (see above) */ - g_free(decoded_param); - return FALSE; - } - - if (*(remaining_param + 1) != '=') { /* Check for "==" and not only '=' */ - cmdarg_err("WARNING: -d requires \"==\" instead of \"=\". Option will be treated as \"%s==%s\"", table_name, remaining_param + 1); - } - else { - remaining_param++; /* Move to the second '=' */ - *remaining_param = '\0'; /* Remove the second '=' */ - } - remaining_param++; /* Position after the layer type string */ - - /* This section extracts a selector value (selector_str) from decoded_param */ - - selector_str = remaining_param; /* Next part starts with the selector number */ - - remaining_param = strchr(selector_str, ','); - if (remaining_param == NULL) { - cmdarg_err("Parameter \"%s\" doesn't follow the template \"%s\"", cl_param, decode_as_arg_template); - /* If the argument does not follow the template, carry on anyway to check - if the selector value is at least correct. If remaining_param is NULL, - we'll exit anyway further down */ - } - else { - *remaining_param = '\0'; /* Terminate the selector number string (selector_str) where ',' was detected */ - } - - dissector_table_selector_type = get_dissector_table_selector_type(table_name); - - switch (dissector_table_selector_type) { - - case FT_UINT8: - case FT_UINT16: - case FT_UINT24: - case FT_UINT32: - /* The selector for this table is an unsigned number. Parse it as such. - There's no need to remove leading and trailing spaces from the - selector number string, because sscanf will do that for us. */ - switch (sscanf(selector_str, "%u%c%u", &selector, &op, &selector2)) { - case 1: - op = '\0'; - break; - case 3: - if (op != ':' && op != '-') { - cmdarg_err("Invalid selector numeric range \"%s\"", selector_str); - g_free(decoded_param); - return FALSE; - } - if (op == ':') { - if ((selector2 == 0) || ((guint64)selector + selector2 - 1) > G_MAXUINT32) { - cmdarg_err("Invalid selector numeric range \"%s\"", selector_str); - g_free(decoded_param); - return FALSE; - } - } - else if (selector2 < selector) { - /* We could swap them for the user, but maybe it's better to call - * this out as an error in case it's not what was intended? */ - cmdarg_err("Invalid selector numeric range \"%s\"", selector_str); - g_free(decoded_param); - return FALSE; - } - break; - default: - cmdarg_err("Invalid selector number \"%s\"", selector_str); - g_free(decoded_param); - return FALSE; - } - break; - - case FT_STRING: - case FT_STRINGZ: - case FT_UINT_STRING: - case FT_STRINGZPAD: - /* The selector for this table is a string. */ - break; - - default: - /* There are currently no dissector tables with any types other - than the ones listed above. */ - g_assert_not_reached(); - } - - if (remaining_param == NULL) { - /* Exit if no ',' separator was found (see above) */ - cmdarg_err("Valid protocols for layer type \"%s\" are:", table_name); - fprint_all_protocols_for_layer_types(stderr, table_name); - g_free(decoded_param); - return FALSE; - } - - remaining_param++; /* Position after the selector number string */ - - /* This section extracts a protocol filter name (dissector_str) from decoded_param */ - - dissector_str = remaining_param; /* All the rest of the string is the dissector (decode as protocol) name */ - - /* Remove leading and trailing spaces from the dissector name */ - while ( dissector_str[0] == ' ' ) - dissector_str++; - while ( dissector_str[strlen(dissector_str) - 1] == ' ' ) - dissector_str[strlen(dissector_str) - 1] = '\0'; /* Note: if empty string, while loop will eventually exit */ - - dissector_matching = NULL; - - /* We now have a pointer to the handle for the requested table inside the variable table_matching */ - if ( ! (*dissector_str) ) { /* Is the dissector name empty, if so, don't even search for a matching dissector and display all dissectors found for the selected table */ - cmdarg_err("No protocol name specified"); /* Note, we don't exit here, but dissector_matching will remain NULL, so we exit below */ - } - else { - user_protocol_name.nb_match = 0; - user_protocol_name.searched_name = dissector_str; - user_protocol_name.matched_handle = NULL; - - dissector_table_foreach_handle(table_name, find_protocol_name_func, &user_protocol_name); /* Go and perform the search for this dissector in the this table's dissectors' names and shortnames */ - - if (user_protocol_name.nb_match != 0) { - dissector_matching = user_protocol_name.matched_handle; - if (user_protocol_name.nb_match > 1) { - cmdarg_err("WARNING: Protocol \"%s\" matched %u dissectors, first one will be used", dissector_str, user_protocol_name.nb_match); - } - } - else { - /* OK, check whether the problem is that there isn't any such - protocol, or that there is but it's not specified as a protocol - that's valid for that dissector table. - Note, we don't exit here, but dissector_matching will remain NULL, - so we exit below */ - if (proto_get_id_by_filter_name(dissector_str) == -1) { - /* No such protocol */ - cmdarg_err("Unknown protocol -- \"%s\"", dissector_str); - } else { - cmdarg_err("Protocol \"%s\" isn't valid for layer type \"%s\"", - dissector_str, table_name); - } - } - } - - if (!dissector_matching) { - cmdarg_err("Valid protocols for layer type \"%s\" are:", table_name); - fprint_all_protocols_for_layer_types(stderr, table_name); - g_free(decoded_param); - return FALSE; - } - -/* This is the end of the code that parses the command-line options. - All information is now stored in the variables: - table_name - selector - dissector_matching - The above variables that are strings are still pointing to areas within - decoded_parm. decoded_parm thus still needs to be kept allocated in - until we stop needing these variables - decoded_param will be deallocated at each exit point of this function */ - - - /* We now have a pointer to the handle for the requested dissector - (requested protocol) inside the variable dissector_matching */ - switch (dissector_table_selector_type) { - - case FT_UINT8: - case FT_UINT16: - case FT_UINT24: - case FT_UINT32: - /* The selector for this table is an unsigned number. */ - if (op == '\0') { - dissector_change_uint(table_name, selector, dissector_matching); - } else if (op == ':') { - for (i = selector; i < (guint64)selector + selector2; i++) { - dissector_change_uint(table_name, (guint32)i, dissector_matching); - } - } else { /* op == '-' */ - for (i = selector; i <= selector2; i++) { - dissector_change_uint(table_name, (guint32)i, dissector_matching); - } - } - break; - - case FT_STRING: - case FT_STRINGZ: - case FT_UINT_STRING: - case FT_STRINGZPAD: - /* The selector for this table is a string. */ - dissector_change_string(table_name, selector_str, dissector_matching); - break; - - default: - /* There are currently no dissector tables with any types other - than the ones listed above. */ - g_assert_not_reached(); - } - g_free(decoded_param); /* "Decode As" rule has been successfully added */ - return TRUE; -} - static void tfshark_log_handler (const gchar *log_domain, GLogLevelFlags log_level, const gchar *message, gpointer user_data) @@ -1097,7 +685,7 @@ main(int argc, char *argv[]) /* already processed; just ignore it now */ break; case 'd': /* Decode as rule */ - if (!add_decode_as(optarg)) + if (!decode_as_command_option(optarg)) return 1; break; #if defined(HAVE_HEIMDAL_KERBEROS) || defined(HAVE_MIT_KERBEROS) @@ -133,13 +133,6 @@ #define tshark_debug(...) #endif - -/* - * This is the template for the decode as option; it is shared between the - * various functions that output the usage for this parameter. - */ -static const gchar decode_as_arg_template[] = "<layer_type>==<selector>,<decode_as_protocol>"; - static guint32 cum_bytes; static const frame_data *ref; static frame_data ref_frame; @@ -148,8 +141,6 @@ static frame_data prev_dis_frame; static frame_data *prev_cap; static frame_data prev_cap_frame; -static const char* prev_display_dissector_name = NULL; - static gboolean perform_two_pass_analysis; /* @@ -350,7 +341,7 @@ print_usage(FILE *output) fprintf(output, " syntax\n"); fprintf(output, " -n disable all name resolutions (def: all enabled)\n"); fprintf(output, " -N <name resolve flags> enable specific name resolution(s): \"mnNtCd\"\n"); - fprintf(output, " -d %s ...\n", decode_as_arg_template); + fprintf(output, " -d %s ...\n", DECODE_AS_ARG_TEMPLATE); fprintf(output, " \"Decode As\", see the man page for details\n"); fprintf(output, " Example: tcp.port==8888,http\n"); fprintf(output, " -H <hosts file> read a list of entries from a hosts file, which will\n"); @@ -454,413 +445,6 @@ glossary_option_help(void) fprintf(output, "\n"); } -/* - * For a dissector table, print on the stream described by output, - * its short name (which is what's used in the "-d" option) and its - * descriptive name. - */ -static void -display_dissector_table_names(const char *table_name, const char *ui_name, - gpointer output) -{ - if ((prev_display_dissector_name == NULL) || - (strcmp(prev_display_dissector_name, table_name) != 0)) { - fprintf((FILE *)output, "\t%s (%s)\n", table_name, ui_name); - prev_display_dissector_name = table_name; - } -} - -/* - * For a dissector handle, print on the stream described by output, - * the filter name (which is what's used in the "-d" option) and the full - * name for the protocol that corresponds to this handle. - */ -static void -display_dissector_names(const gchar *table _U_, gpointer handle, gpointer output) -{ - int proto_id; - const gchar *proto_filter_name; - const gchar *proto_ui_name; - - proto_id = dissector_handle_get_protocol_index((dissector_handle_t)handle); - - if (proto_id != -1) { - proto_filter_name = proto_get_protocol_filter_name(proto_id); - proto_ui_name = proto_get_protocol_name(proto_id); - g_assert(proto_filter_name != NULL); - g_assert(proto_ui_name != NULL); - - if ((prev_display_dissector_name == NULL) || - (strcmp(prev_display_dissector_name, proto_filter_name) != 0)) { - fprintf((FILE *)output, "\t%s (%s)\n", - proto_filter_name, - proto_ui_name); - prev_display_dissector_name = proto_filter_name; - } - } -} - -/* - * The protocol_name_search structure is used by find_protocol_name_func() - * to pass parameters and store results - */ -struct protocol_name_search{ - gchar *searched_name; /* Protocol filter name we are looking for */ - dissector_handle_t matched_handle; /* Handle for a dissector whose protocol has the specified filter name */ - guint nb_match; /* How many dissectors matched searched_name */ -}; -typedef struct protocol_name_search *protocol_name_search_t; - -/* - * This function parses all dissectors associated with a table to find the - * one whose protocol has the specified filter name. It is called - * as a reference function in a call to dissector_table_foreach_handle. - * The name we are looking for, as well as the results, are stored in the - * protocol_name_search struct pointed to by user_data. - * If called using dissector_table_foreach_handle, we actually parse the - * whole list of dissectors. - */ -static void -find_protocol_name_func(const gchar *table _U_, gpointer handle, gpointer user_data) - -{ - int proto_id; - const gchar *protocol_filter_name; - protocol_name_search_t search_info; - - g_assert(handle); - - search_info = (protocol_name_search_t)user_data; - - proto_id = dissector_handle_get_protocol_index((dissector_handle_t)handle); - if (proto_id != -1) { - protocol_filter_name = proto_get_protocol_filter_name(proto_id); - g_assert(protocol_filter_name != NULL); - if (strcmp(protocol_filter_name, search_info->searched_name) == 0) { - /* Found a match */ - if (search_info->nb_match == 0) { - /* Record this handle only if this is the first match */ - search_info->matched_handle = (dissector_handle_t)handle; /* Record the handle for this matching dissector */ - } - search_info->nb_match++; - } - } -} - -/* - * Allow dissector key names to be sorted alphabetically - */ - -static gint -compare_dissector_key_name(gconstpointer dissector_a, gconstpointer dissector_b) -{ - return strcmp((const char*)dissector_a, (const char*)dissector_b); -} - -/* - * Print all layer type names supported. - * We send the output to the stream described by the handle output. - */ - -static void -fprint_all_layer_types(FILE *output) - -{ - prev_display_dissector_name = NULL; - dissector_all_tables_foreach_table(display_dissector_table_names, (gpointer)output, (GCompareFunc)compare_dissector_key_name); -} - -/* - * Print all protocol names supported for a specific layer type. - * table_name contains the layer type name in which the search is performed. - * We send the output to the stream described by the handle output. - */ - -static void -fprint_all_protocols_for_layer_types(FILE *output, gchar *table_name) - -{ - prev_display_dissector_name = NULL; - dissector_table_foreach_handle(table_name, - display_dissector_names, - (gpointer)output); -} - -/* - * The function below parses the command-line parameters for the decode as - * feature (a string pointer by cl_param). - * It checks the format of the command-line, searches for a matching table - * and dissector. If a table/dissector match is not found, we display a - * summary of the available tables/dissectors (on stderr) and return FALSE. - * If everything is fine, we get the "Decode as" preference activated, - * then we return TRUE. - */ -static gboolean -add_decode_as(const gchar *cl_param) -{ - gchar *table_name; - guint32 selector, selector2; - gchar *decoded_param; - gchar *remaining_param; - gchar *selector_str; - gchar *dissector_str; - dissector_handle_t dissector_matching; - dissector_table_t table_matching; - ftenum_t dissector_table_selector_type; - struct protocol_name_search user_protocol_name; - guint64 i; - char op; - - /* The following code will allocate and copy the command-line options in a string pointed by decoded_param */ - - g_assert(cl_param); - decoded_param = g_strdup(cl_param); - g_assert(decoded_param); - - - /* The lines below will parse this string (modifying it) to extract all - necessary information. Note that decoded_param is still needed since - strings are not copied - we just save pointers. */ - - /* This section extracts a layer type (table_name) from decoded_param */ - table_name = decoded_param; /* Layer type string starts from beginning */ - - remaining_param = strchr(table_name, '='); - if (remaining_param == NULL) { - cmdarg_err("Parameter \"%s\" doesn't follow the template \"%s\"", cl_param, decode_as_arg_template); - /* If the argument does not follow the template, carry on anyway to check - if the table name is at least correct. If remaining_param is NULL, - we'll exit anyway further down */ - } - else { - *remaining_param = '\0'; /* Terminate the layer type string (table_name) where '=' was detected */ - } - - /* Remove leading and trailing spaces from the table name */ - while ( table_name[0] == ' ' ) - table_name++; - while ( table_name[strlen(table_name) - 1] == ' ' ) - table_name[strlen(table_name) - 1] = '\0'; /* Note: if empty string, while loop will eventually exit */ - -/* The following part searches a table matching with the layer type specified */ - table_matching = NULL; - -/* Look for the requested table */ - if ( !(*(table_name)) ) { /* Is the table name empty, if so, don't even search for anything, display a message */ - cmdarg_err("No layer type specified"); /* Note, we don't exit here, but table_matching will remain NULL, so we exit below */ - } - else { - table_matching = find_dissector_table(table_name); - if (!table_matching) { - cmdarg_err("Unknown layer type -- %s", table_name); /* Note, we don't exit here, but table_matching will remain NULL, so we exit below */ - } - } - - if (!table_matching) { - /* Display a list of supported layer types to help the user, if the - specified layer type was not found */ - cmdarg_err("Valid layer types are:"); - fprint_all_layer_types(stderr); - } - if (remaining_param == NULL || !table_matching) { - /* Exit if the layer type was not found, or if no '=' separator was found - (see above) */ - g_free(decoded_param); - return FALSE; - } - - if (*(remaining_param + 1) != '=') { /* Check for "==" and not only '=' */ - cmdarg_err("WARNING: -d requires \"==\" instead of \"=\". Option will be treated as \"%s==%s\"", table_name, remaining_param + 1); - } - else { - remaining_param++; /* Move to the second '=' */ - *remaining_param = '\0'; /* Remove the second '=' */ - } - remaining_param++; /* Position after the layer type string */ - - /* This section extracts a selector value (selector_str) from decoded_param */ - - selector_str = remaining_param; /* Next part starts with the selector number */ - - remaining_param = strchr(selector_str, ','); - if (remaining_param == NULL) { - cmdarg_err("Parameter \"%s\" doesn't follow the template \"%s\"", cl_param, decode_as_arg_template); - /* If the argument does not follow the template, carry on anyway to check - if the selector value is at least correct. If remaining_param is NULL, - we'll exit anyway further down */ - } - else { - *remaining_param = '\0'; /* Terminate the selector number string (selector_str) where ',' was detected */ - } - - dissector_table_selector_type = get_dissector_table_selector_type(table_name); - - switch (dissector_table_selector_type) { - - case FT_UINT8: - case FT_UINT16: - case FT_UINT24: - case FT_UINT32: - /* The selector for this table is an unsigned number. Parse it as such. - There's no need to remove leading and trailing spaces from the - selector number string, because sscanf will do that for us. */ - switch (sscanf(selector_str, "%u%c%u", &selector, &op, &selector2)) { - case 1: - op = '\0'; - break; - case 3: - if (op != ':' && op != '-') { - cmdarg_err("Invalid selector numeric range \"%s\"", selector_str); - g_free(decoded_param); - return FALSE; - } - if (op == ':') { - if ((selector2 == 0) || ((guint64)selector + selector2 - 1) > G_MAXUINT32) { - cmdarg_err("Invalid selector numeric range \"%s\"", selector_str); - g_free(decoded_param); - return FALSE; - } - } - else if (selector2 < selector) { - /* We could swap them for the user, but maybe it's better to call - * this out as an error in case it's not what was intended? */ - cmdarg_err("Invalid selector numeric range \"%s\"", selector_str); - g_free(decoded_param); - return FALSE; - } - break; - default: - cmdarg_err("Invalid selector number \"%s\"", selector_str); - g_free(decoded_param); - return FALSE; - } - break; - - case FT_STRING: - case FT_STRINGZ: - case FT_UINT_STRING: - case FT_STRINGZPAD: - /* The selector for this table is a string. */ - break; - - default: - /* There are currently no dissector tables with any types other - than the ones listed above. */ - g_assert_not_reached(); - } - - if (remaining_param == NULL) { - /* Exit if no ',' separator was found (see above) */ - cmdarg_err("Valid protocols for layer type \"%s\" are:", table_name); - fprint_all_protocols_for_layer_types(stderr, table_name); - g_free(decoded_param); - return FALSE; - } - - remaining_param++; /* Position after the selector number string */ - - /* This section extracts a protocol filter name (dissector_str) from decoded_param */ - - dissector_str = remaining_param; /* All the rest of the string is the dissector (decode as protocol) name */ - - /* Remove leading and trailing spaces from the dissector name */ - while ( dissector_str[0] == ' ' ) - dissector_str++; - while ( dissector_str[strlen(dissector_str) - 1] == ' ' ) - dissector_str[strlen(dissector_str) - 1] = '\0'; /* Note: if empty string, while loop will eventually exit */ - - dissector_matching = NULL; - - /* We now have a pointer to the handle for the requested table inside the variable table_matching */ - if ( ! (*dissector_str) ) { /* Is the dissector name empty, if so, don't even search for a matching dissector and display all dissectors found for the selected table */ - cmdarg_err("No protocol name specified"); /* Note, we don't exit here, but dissector_matching will remain NULL, so we exit below */ - } - else { - user_protocol_name.nb_match = 0; - user_protocol_name.searched_name = dissector_str; - user_protocol_name.matched_handle = NULL; - - dissector_table_foreach_handle(table_name, find_protocol_name_func, &user_protocol_name); /* Go and perform the search for this dissector in the this table's dissectors' names and shortnames */ - - if (user_protocol_name.nb_match != 0) { - dissector_matching = user_protocol_name.matched_handle; - if (user_protocol_name.nb_match > 1) { - cmdarg_err("WARNING: Protocol \"%s\" matched %u dissectors, first one will be used", dissector_str, user_protocol_name.nb_match); - } - } - else { - /* OK, check whether the problem is that there isn't any such - protocol, or that there is but it's not specified as a protocol - that's valid for that dissector table. - Note, we don't exit here, but dissector_matching will remain NULL, - so we exit below */ - if (proto_get_id_by_filter_name(dissector_str) == -1) { - /* No such protocol */ - cmdarg_err("Unknown protocol -- \"%s\"", dissector_str); - } else { - cmdarg_err("Protocol \"%s\" isn't valid for layer type \"%s\"", - dissector_str, table_name); - } - } - } - - if (!dissector_matching) { - cmdarg_err("Valid protocols for layer type \"%s\" are:", table_name); - fprint_all_protocols_for_layer_types(stderr, table_name); - g_free(decoded_param); - return FALSE; - } - -/* This is the end of the code that parses the command-line options. - All information is now stored in the variables: - table_name - selector - dissector_matching - The above variables that are strings are still pointing to areas within - decoded_parm. decoded_parm thus still needs to be kept allocated in - until we stop needing these variables - decoded_param will be deallocated at each exit point of this function */ - - - /* We now have a pointer to the handle for the requested dissector - (requested protocol) inside the variable dissector_matching */ - switch (dissector_table_selector_type) { - - case FT_UINT8: - case FT_UINT16: - case FT_UINT24: - case FT_UINT32: - /* The selector for this table is an unsigned number. */ - if (op == '\0') { - dissector_change_uint(table_name, selector, dissector_matching); - } else if (op == ':') { - for (i = selector; i < (guint64)selector + selector2; i++) { - dissector_change_uint(table_name, (guint32)i, dissector_matching); - } - } else { /* op == '-' */ - for (i = selector; i <= selector2; i++) { - dissector_change_uint(table_name, (guint32)i, dissector_matching); - } - } - break; - - case FT_STRING: - case FT_STRINGZ: - case FT_UINT_STRING: - case FT_STRINGZPAD: - /* The selector for this table is a string. */ - dissector_change_string(table_name, selector_str, dissector_matching); - break; - - default: - /* There are currently no dissector tables with any types other - than the ones listed above. */ - g_assert_not_reached(); - } - g_free(decoded_param); /* "Decode As" rule has been successfully added */ - return TRUE; -} - static void tshark_log_handler (const gchar *log_domain, GLogLevelFlags log_level, const gchar *message, gpointer user_data) @@ -1436,7 +1020,7 @@ main(int argc, char *argv[]) /* already processed; just ignore it now */ break; case 'd': /* Decode as rule */ - if (!add_decode_as(optarg)) + if (!decode_as_command_option(optarg)) return 1; break; #if defined(HAVE_HEIMDAL_KERBEROS) || defined(HAVE_MIT_KERBEROS) diff --git a/ui/commandline.c b/ui/commandline.c index 4e6f28dba8..04b2d1cab9 100644 --- a/ui/commandline.c +++ b/ui/commandline.c @@ -1,4 +1,4 @@ -/* commandline.h +/* commandline.c * Common command line handling between GUIs * * Wireshark - Network traffic analyzer @@ -56,6 +56,7 @@ #include "preference_utils.h" #include "console.h" #include "recent.h" +#include "decode_as_utils.h" #if defined(HAVE_HEIMDAL_KERBEROS) || defined(HAVE_MIT_KERBEROS) #include <epan/asn1.h> @@ -134,6 +135,9 @@ commandline_print_usage(gboolean for_help_option) { fprintf(output, " -R <read filter> packet filter in Wireshark display filter syntax\n"); fprintf(output, " -n disable all name resolutions (def: all enabled)\n"); fprintf(output, " -N <name resolve flags> enable specific name resolution(s): \"mnNtd\"\n"); + fprintf(output, " -d %s ...\n", DECODE_AS_ARG_TEMPLATE); + fprintf(output, " \"Decode As\", see the man page for details\n"); + fprintf(output, " Example: tcp.port==8888,http\n"); fprintf(output, " --disable-protocol <proto_name>\n"); fprintf(output, " disable dissection of proto_name\n"); fprintf(output, " --enable-heuristic <short_name>\n"); @@ -176,7 +180,7 @@ commandline_print_usage(gboolean for_help_option) { #endif } -#define OPTSTRING OPTSTRING_CAPTURE_COMMON "C:g:Hh" "jJ:kK:lm:nN:o:P:r:R:St:u:vw:X:Y:z:" +#define OPTSTRING OPTSTRING_CAPTURE_COMMON "C:d:g:Hh" "jJ:kK:lm:nN:o:P:r:R:St:u:vw:X:Y:z:" static const struct option long_options[] = { {"help", no_argument, NULL, 'h'}, {"read-file", required_argument, NULL, 'r' }, @@ -400,6 +404,10 @@ void commandline_other_options(int argc, char *argv[], commandline_param_info_t* case 'C': /* Configuration profile settings were already processed just ignore them this time*/ break; + case 'd': /* Decode as rule */ + if (!decode_as_command_option(optarg)) + exit(1); + break; case 'j': /* Search backwards for a matching packet from filter in option J */ param_info->jump_backwards = SD_BACKWARD; break; diff --git a/ui/decode_as_utils.c b/ui/decode_as_utils.c index ce66fd2ecf..aec14d5f8d 100644 --- a/ui/decode_as_utils.c +++ b/ui/decode_as_utils.c @@ -37,6 +37,7 @@ #include "wsutil/file_util.h" #include "wsutil/filesystem.h" +#include "wsutil/cmdarg_err.h" #include "ws_version_info.h" /* XXX - We might want to switch this to a UAT */ @@ -345,6 +346,415 @@ save_decode_as_entries(gchar** err) return 0; } +static const char* prev_display_dissector_name = NULL; + +/* +* For a dissector table, print on the stream described by output, +* its short name (which is what's used in the "-d" option) and its +* descriptive name. +*/ +static void +display_dissector_table_names(const char *table_name, const char *ui_name, +gpointer output) +{ + if ((prev_display_dissector_name == NULL) || + (strcmp(prev_display_dissector_name, table_name) != 0)) { + fprintf((FILE *)output, "\t%s (%s)\n", table_name, ui_name); + prev_display_dissector_name = table_name; + } +} + +/* +* For a dissector handle, print on the stream described by output, +* the filter name (which is what's used in the "-d" option) and the full +* name for the protocol that corresponds to this handle. +*/ +static void +display_dissector_names(const gchar *table _U_, gpointer handle, gpointer output) +{ + int proto_id; + const gchar *proto_filter_name; + const gchar *proto_ui_name; + + proto_id = dissector_handle_get_protocol_index((dissector_handle_t)handle); + + if (proto_id != -1) { + proto_filter_name = proto_get_protocol_filter_name(proto_id); + proto_ui_name = proto_get_protocol_name(proto_id); + g_assert(proto_filter_name != NULL); + g_assert(proto_ui_name != NULL); + + if ((prev_display_dissector_name == NULL) || + (strcmp(prev_display_dissector_name, proto_filter_name) != 0)) { + fprintf((FILE *)output, "\t%s (%s)\n", + proto_filter_name, + proto_ui_name); + prev_display_dissector_name = proto_filter_name; + } + } +} + +/* +* Allow dissector key names to be sorted alphabetically +*/ + +static gint +compare_dissector_key_name(gconstpointer dissector_a, gconstpointer dissector_b) +{ + return strcmp((const char*)dissector_a, (const char*)dissector_b); +} + +/* +* Print all layer type names supported. +* We send the output to the stream described by the handle output. +*/ +static void +fprint_all_layer_types(FILE *output) + +{ + prev_display_dissector_name = NULL; + dissector_all_tables_foreach_table(display_dissector_table_names, (gpointer)output, (GCompareFunc)compare_dissector_key_name); +} + +/* +* Print all protocol names supported for a specific layer type. +* table_name contains the layer type name in which the search is performed. +* We send the output to the stream described by the handle output. +*/ +static void +fprint_all_protocols_for_layer_types(FILE *output, gchar *table_name) + +{ + prev_display_dissector_name = NULL; + dissector_table_foreach_handle(table_name, + display_dissector_names, + (gpointer)output); +} + +/* +* The protocol_name_search structure is used by find_protocol_name_func() +* to pass parameters and store results +*/ +struct protocol_name_search{ + gchar *searched_name; /* Protocol filter name we are looking for */ + dissector_handle_t matched_handle; /* Handle for a dissector whose protocol has the specified filter name */ + guint nb_match; /* How many dissectors matched searched_name */ +}; +typedef struct protocol_name_search *protocol_name_search_t; + +/* +* This function parses all dissectors associated with a table to find the +* one whose protocol has the specified filter name. It is called +* as a reference function in a call to dissector_table_foreach_handle. +* The name we are looking for, as well as the results, are stored in the +* protocol_name_search struct pointed to by user_data. +* If called using dissector_table_foreach_handle, we actually parse the +* whole list of dissectors. +*/ +static void +find_protocol_name_func(const gchar *table _U_, gpointer handle, gpointer user_data) + +{ + int proto_id; + const gchar *protocol_filter_name; + protocol_name_search_t search_info; + + g_assert(handle); + + search_info = (protocol_name_search_t)user_data; + + proto_id = dissector_handle_get_protocol_index((dissector_handle_t)handle); + if (proto_id != -1) { + protocol_filter_name = proto_get_protocol_filter_name(proto_id); + g_assert(protocol_filter_name != NULL); + if (strcmp(protocol_filter_name, search_info->searched_name) == 0) { + /* Found a match */ + if (search_info->nb_match == 0) { + /* Record this handle only if this is the first match */ + search_info->matched_handle = (dissector_handle_t)handle; /* Record the handle for this matching dissector */ + } + search_info->nb_match++; + } + } +} + +/* +* The function below parses the command-line parameters for the decode as +* feature (a string pointer by cl_param). +* It checks the format of the command-line, searches for a matching table +* and dissector. If a table/dissector match is not found, we display a +* summary of the available tables/dissectors (on stderr) and return FALSE. +* If everything is fine, we get the "Decode as" preference activated, +* then we return TRUE. +*/ +gboolean decode_as_command_option(const gchar *cl_param) +{ + gchar *table_name; + guint32 selector, selector2; + gchar *decoded_param; + gchar *remaining_param; + gchar *selector_str; + gchar *dissector_str; + dissector_handle_t dissector_matching; + dissector_table_t table_matching; + ftenum_t dissector_table_selector_type; + struct protocol_name_search user_protocol_name; + guint64 i; + char op; + + /* The following code will allocate and copy the command-line options in a string pointed by decoded_param */ + + g_assert(cl_param); + decoded_param = g_strdup(cl_param); + g_assert(decoded_param); + + + /* The lines below will parse this string (modifying it) to extract all + necessary information. Note that decoded_param is still needed since + strings are not copied - we just save pointers. */ + + /* This section extracts a layer type (table_name) from decoded_param */ + table_name = decoded_param; /* Layer type string starts from beginning */ + + remaining_param = strchr(table_name, '='); + if (remaining_param == NULL) { + cmdarg_err("Parameter \"%s\" doesn't follow the template \"%s\"", cl_param, DECODE_AS_ARG_TEMPLATE); + /* If the argument does not follow the template, carry on anyway to check + if the table name is at least correct. If remaining_param is NULL, + we'll exit anyway further down */ + } + else { + *remaining_param = '\0'; /* Terminate the layer type string (table_name) where '=' was detected */ + } + + /* Remove leading and trailing spaces from the table name */ + while (table_name[0] == ' ') + table_name++; + while (table_name[strlen(table_name) - 1] == ' ') + table_name[strlen(table_name) - 1] = '\0'; /* Note: if empty string, while loop will eventually exit */ + + /* The following part searches a table matching with the layer type specified */ + table_matching = NULL; + + /* Look for the requested table */ + if (!(*(table_name))) { /* Is the table name empty, if so, don't even search for anything, display a message */ + cmdarg_err("No layer type specified"); /* Note, we don't exit here, but table_matching will remain NULL, so we exit below */ + } + else { + table_matching = find_dissector_table(table_name); + if (!table_matching) { + cmdarg_err("Unknown layer type -- %s", table_name); /* Note, we don't exit here, but table_matching will remain NULL, so we exit below */ + } + } + + if (!table_matching) { + /* Display a list of supported layer types to help the user, if the + specified layer type was not found */ + cmdarg_err("Valid layer types are:"); + fprint_all_layer_types(stderr); + } + if (remaining_param == NULL || !table_matching) { + /* Exit if the layer type was not found, or if no '=' separator was found + (see above) */ + g_free(decoded_param); + return FALSE; + } + + if (*(remaining_param + 1) != '=') { /* Check for "==" and not only '=' */ + cmdarg_err("WARNING: -d requires \"==\" instead of \"=\". Option will be treated as \"%s==%s\"", table_name, remaining_param + 1); + } + else { + remaining_param++; /* Move to the second '=' */ + *remaining_param = '\0'; /* Remove the second '=' */ + } + remaining_param++; /* Position after the layer type string */ + + /* This section extracts a selector value (selector_str) from decoded_param */ + + selector_str = remaining_param; /* Next part starts with the selector number */ + + remaining_param = strchr(selector_str, ','); + if (remaining_param == NULL) { + cmdarg_err("Parameter \"%s\" doesn't follow the template \"%s\"", cl_param, DECODE_AS_ARG_TEMPLATE); + /* If the argument does not follow the template, carry on anyway to check + if the selector value is at least correct. If remaining_param is NULL, + we'll exit anyway further down */ + } + else { + *remaining_param = '\0'; /* Terminate the selector number string (selector_str) where ',' was detected */ + } + + dissector_table_selector_type = get_dissector_table_selector_type(table_name); + + switch (dissector_table_selector_type) { + + case FT_UINT8: + case FT_UINT16: + case FT_UINT24: + case FT_UINT32: + /* The selector for this table is an unsigned number. Parse it as such. + There's no need to remove leading and trailing spaces from the + selector number string, because sscanf will do that for us. */ + switch (sscanf(selector_str, "%u%c%u", &selector, &op, &selector2)) { + case 1: + op = '\0'; + break; + case 3: + if (op != ':' && op != '-') { + cmdarg_err("Invalid selector numeric range \"%s\"", selector_str); + g_free(decoded_param); + return FALSE; + } + if (op == ':') { + if ((selector2 == 0) || ((guint64)selector + selector2 - 1) > G_MAXUINT32) { + cmdarg_err("Invalid selector numeric range \"%s\"", selector_str); + g_free(decoded_param); + return FALSE; + } + } + else if (selector2 < selector) { + /* We could swap them for the user, but maybe it's better to call + * this out as an error in case it's not what was intended? */ + cmdarg_err("Invalid selector numeric range \"%s\"", selector_str); + g_free(decoded_param); + return FALSE; + } + break; + default: + cmdarg_err("Invalid selector number \"%s\"", selector_str); + g_free(decoded_param); + return FALSE; + } + break; + + case FT_STRING: + case FT_STRINGZ: + case FT_UINT_STRING: + case FT_STRINGZPAD: + /* The selector for this table is a string. */ + break; + + default: + /* There are currently no dissector tables with any types other + than the ones listed above. */ + g_assert_not_reached(); + } + + if (remaining_param == NULL) { + /* Exit if no ',' separator was found (see above) */ + cmdarg_err("Valid protocols for layer type \"%s\" are:", table_name); + fprint_all_protocols_for_layer_types(stderr, table_name); + g_free(decoded_param); + return FALSE; + } + + remaining_param++; /* Position after the selector number string */ + + /* This section extracts a protocol filter name (dissector_str) from decoded_param */ + + dissector_str = remaining_param; /* All the rest of the string is the dissector (decode as protocol) name */ + + /* Remove leading and trailing spaces from the dissector name */ + while (dissector_str[0] == ' ') + dissector_str++; + while (dissector_str[strlen(dissector_str) - 1] == ' ') + dissector_str[strlen(dissector_str) - 1] = '\0'; /* Note: if empty string, while loop will eventually exit */ + + dissector_matching = NULL; + + /* We now have a pointer to the handle for the requested table inside the variable table_matching */ + if (!(*dissector_str)) { /* Is the dissector name empty, if so, don't even search for a matching dissector and display all dissectors found for the selected table */ + cmdarg_err("No protocol name specified"); /* Note, we don't exit here, but dissector_matching will remain NULL, so we exit below */ + } + else { + user_protocol_name.nb_match = 0; + user_protocol_name.searched_name = dissector_str; + user_protocol_name.matched_handle = NULL; + + dissector_table_foreach_handle(table_name, find_protocol_name_func, &user_protocol_name); /* Go and perform the search for this dissector in the this table's dissectors' names and shortnames */ + + if (user_protocol_name.nb_match != 0) { + dissector_matching = user_protocol_name.matched_handle; + if (user_protocol_name.nb_match > 1) { + cmdarg_err("WARNING: Protocol \"%s\" matched %u dissectors, first one will be used", dissector_str, user_protocol_name.nb_match); + } + } + else { + /* OK, check whether the problem is that there isn't any such + protocol, or that there is but it's not specified as a protocol + that's valid for that dissector table. + Note, we don't exit here, but dissector_matching will remain NULL, + so we exit below */ + if (proto_get_id_by_filter_name(dissector_str) == -1) { + /* No such protocol */ + cmdarg_err("Unknown protocol -- \"%s\"", dissector_str); + } + else { + cmdarg_err("Protocol \"%s\" isn't valid for layer type \"%s\"", + dissector_str, table_name); + } + } + } + + if (!dissector_matching) { + cmdarg_err("Valid protocols for layer type \"%s\" are:", table_name); + fprint_all_protocols_for_layer_types(stderr, table_name); + g_free(decoded_param); + return FALSE; + } + + /* This is the end of the code that parses the command-line options. + All information is now stored in the variables: + table_name + selector + dissector_matching + The above variables that are strings are still pointing to areas within + decoded_parm. decoded_parm thus still needs to be kept allocated in + until we stop needing these variables + decoded_param will be deallocated at each exit point of this function */ + + + /* We now have a pointer to the handle for the requested dissector + (requested protocol) inside the variable dissector_matching */ + switch (dissector_table_selector_type) { + + case FT_UINT8: + case FT_UINT16: + case FT_UINT24: + case FT_UINT32: + /* The selector for this table is an unsigned number. */ + if (op == '\0') { + dissector_change_uint(table_name, selector, dissector_matching); + } + else if (op == ':') { + for (i = selector; i < (guint64)selector + selector2; i++) { + dissector_change_uint(table_name, (guint32)i, dissector_matching); + } + } + else { /* op == '-' */ + for (i = selector; i <= selector2; i++) { + dissector_change_uint(table_name, (guint32)i, dissector_matching); + } + } + break; + + case FT_STRING: + case FT_STRINGZ: + case FT_UINT_STRING: + case FT_STRINGZPAD: + /* The selector for this table is a string. */ + dissector_change_string(table_name, selector_str, dissector_matching); + break; + + default: + /* There are currently no dissector tables with any types other + than the ones listed above. */ + g_assert_not_reached(); + } + g_free(decoded_param); /* "Decode As" rule has been successfully added */ + return TRUE; +} + /* * Editor modelines * diff --git a/ui/decode_as_utils.h b/ui/decode_as_utils.h index a8beadef9c..50008182d4 100644 --- a/ui/decode_as_utils.h +++ b/ui/decode_as_utils.h @@ -73,6 +73,14 @@ void decode_build_reset_list (const gchar *table_name, ftenum_t selector_type, */ void decode_clear_all(void); +/* +* This is the template for the decode as option; it is shared between the +* various functions that output the usage for this parameter. +*/ +#define DECODE_AS_ARG_TEMPLATE "<layer_type>==<selector>,<decode_as_protocol>" + +gboolean decode_as_command_option(const gchar *cl_param); + #ifdef __cplusplus } #endif /* __cplusplus */ |