我有一个基本的Wireshark插件,最初是为Wireshark V1编写的,我目前正在尝试将其移植到V2。
我目前遇到的问题是,当插件在wireshark-qt-release中运行时,插件启动正常并显示所有必要的信息但是一旦设置了过滤器,信息列中包含的信息就会得到清除。清除过滤器后,info列仍为空。
用于设置在info列中找到的字符串的数据包类型变量也会添加到正在解析的数据包的Header树中。无论是否设置过滤器,都会保持此设置。
基于分支机构master-2.0,分支机构是最新的。 使用MSVC 2013构建,我没有错误或警告。
还启用了Wireshark中的调试控制台但没有得到任何结果,但这可能是因为我无法调整当前设置为28的调试级别。
在同一个结账中构建的wireshark-gtk2中可以正常工作。
任何帮助表示感谢。
/* packet-trcp.c
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#include "config.h"
#include <stdio.h>
#include <epan/dissectors/packet-tcp.h>
#define PROTO_TAG_TRCP "TRCP"
#define MAGIC_NUMBER 0x111111
#define FRAME_HEADER_LEN 8
#define TRCP_PORT 1111
static int proto_trcp = -1;
static dissector_handle_t data_handle = NULL;
static dissector_handle_t trcp_handle = NULL;
static void dissect_trcp(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree);
static int dissect_trcp_message(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree, void *);
static const value_string packet_type_names[] =
{
{ 0, "Invalid message" },
{ 1, "Connection Request" },
{ 2, "Connection Response" },
{ 3, "Disconnect" },
{ 4, "File Header" },
{ 5, "File Chunk" },
{ 6, "Cancel File Transfer" },
{ 7, "Firmware Imported" },
{ 8, "Alert Message" },
{ 9, "Restore Factory Settings" },
{ 10, "Format Internal Storage" },
{ 11, "Beacon" },
{ 12, "Shutdown" },
{ 0, NULL }
};
static gint hf_trcp_header = -1;
static gint hf_trcp_magic = -1;
static gint hf_trcp_length = -1;
static gint hf_trcp_type = -1;
static gint hf_trcp_data = -1;
static gint ett_trcp = -1;
static gint ett_trcp_header = -1;
static gint ett_trcp_data = -1;
//-----------------------------------------------------------------------------------------------------------------------
void proto_reg_handoff_trcp(void)
{
static gboolean initialized = FALSE;
if (!initialized)
{
data_handle = find_dissector("data");
trcp_handle = create_dissector_handle(dissect_trcp, proto_trcp);
dissector_add_uint("tcp.port", TRCP_PORT, trcp_handle);
initialized = TRUE;
}
}
//-----------------------------------------------------------------------------------------------------------------------
void proto_register_trcp (void)
{
static hf_register_info hf[] =
{
{&hf_trcp_header,
{"Header", "trcp.header", FT_NONE, BASE_NONE, NULL, 0x0, "TRCP Header", HFILL }},
{&hf_trcp_magic,
{"Magic", "trcp.magic", FT_UINT32, BASE_HEX, NULL, 0x0, "Magic Bytes", HFILL }},
{&hf_trcp_length,
{"Package Length", "trcp.len", FT_UINT16, BASE_DEC, NULL, 0x0, "Package Length", HFILL }},
{&hf_trcp_type,
{"Type", "trcp.type", FT_UINT16, BASE_DEC, VALS(packet_type_names), 0x0, "Package Type", HFILL }},
{&hf_trcp_data,
{"Data", "trcp.data", FT_NONE, BASE_NONE, NULL, 0x0, "Data", HFILL }}
};
static gint *ett[] =
{
&ett_trcp,
&ett_trcp_header,
&ett_trcp_data
};
proto_trcp = proto_register_protocol ("TRCP Protocol", "TRCP", "trcp");
proto_register_field_array (proto_trcp, hf, array_length (hf));
proto_register_subtree_array (ett, array_length (ett));
register_dissector("trcp", dissect_trcp, proto_trcp);
}
//-----------------------------------------------------------------------------------------------------------------------
static guint get_trcp_message_len(packet_info * pinfo, tvbuff_t * tvb, int offset)
{
guint plen;
plen = tvb_get_ntohs(tvb, offset + 6);
// Add the header length to the data length to get the total packet length
plen += FRAME_HEADER_LEN;
return plen;
}
//-----------------------------------------------------------------------------------------------------------------------
static void dissect_trcp(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree)
{
// According to - 9.4.2. How to reassemble split TCP Packets
tcp_dissect_pdus(tvb, pinfo, tree, // Hand over from above
TRUE, // Reassemble packet or not
FRAME_HEADER_LEN, // Smallest amount of data required to determine message length (8 bytes)
get_trcp_message_len, // Function pointer to a method that returns message length
dissect_trcp_message, // Function pointer to real message dissector
NULL);
}
//-----------------------------------------------------------------------------------------------------------------------
static int dissect_trcp_message(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree, void * data)
{
proto_item * trcp_item = NULL;
proto_item * trcp_sub_item_header = NULL;
proto_item * trcp_sub_item_data = NULL;
proto_tree * trcp_tree = NULL;
proto_tree * trcp_header_tree = NULL;
proto_tree * trcp_data_tree = NULL;
guint32 magic = 0;
guint32 offset = 0;
guint32 length_tvb = 0;
guint16 type = 0;
guint16 length = 0;
col_set_str(pinfo->cinfo, COL_PROTOCOL, PROTO_TAG_TRCP);
col_clear(pinfo->cinfo, COL_INFO);
if (tree)
{
trcp_item = proto_tree_add_item(tree, proto_trcp, tvb, 0, -1, FALSE);
trcp_tree = proto_item_add_subtree(trcp_item, ett_trcp);
trcp_sub_item_header = proto_tree_add_item(trcp_tree, hf_trcp_header, tvb, offset, -1, FALSE);
trcp_header_tree = proto_item_add_subtree(trcp_sub_item_header, ett_trcp_header);
/*
4 bytes for magic number
2 bytes for packet type
2 bytes for data length
*/
// Add Magic to header tree
proto_tree_add_item(trcp_header_tree, hf_trcp_magic, tvb, offset, 4, FALSE);
offset += 4;
// Get the type byte
type = tvb_get_ntohs(tvb, offset);
// Add Type to header tree
proto_tree_add_uint(trcp_header_tree, hf_trcp_type, tvb, offset, 2, type);
offset += 2;
col_append_fstr(pinfo->cinfo, COL_INFO, "%s", val_to_str(type, packet_type_names, "Unknown Type:0x%02x"));
col_set_fence(pinfo->cinfo, COL_INFO);
// Add Length to header tree
length = tvb_get_ntohs(tvb, offset);
proto_tree_add_uint(trcp_header_tree, hf_trcp_length, tvb, offset, 2, length);
offset += 2;
if (length)
{
// Data
trcp_sub_item_data = proto_tree_add_item(trcp_tree, hf_trcp_data, tvb, offset, -1, FALSE);
trcp_data_tree = proto_item_add_subtree(trcp_sub_item_data, ett_trcp_data);
}
}
return tvb_captured_length(tvb);
}
答案 0 :(得分:1)
仅当tree参数为非NULL时才设置列。
不要这样做。
始终设置它,无论是否tree为空。有没有保证,如果为了提供列信息而调用解剖器,tree将为非空;我们从未提供过这样的保证,我们永远不会提供这样的保证。