Re: [Wireshark-dev] XML parsing

[Abhik Sarkar]

Ah, thanks Jeff; I understand now. I checked (
http://library.gnome.org/devel/glib/unstable/glib-Simple-XML-Subset-Parser.html)
and it suggests it has been around since version 2.16... so I guess it is OK
to use it.

Thanks for your help!
Abhik.

On Sat, Mar 21, 2009 at 1:25 AM, Jeff Morriss jeff.morriss...@gmail.comwrote:


 Hi Abhik,

 Sorry, I guess I mean: what is the earliest version of glib that
 supports the APIs you're talking about?

 For Windows we don't have a problem because we distribute glib with
 Wireshark, but all other OS's rely on the currently-installed glib.
 configure.in currently enforces glib  2.4 .  Increasing that may be
 OK but of course it means some number of people will have to go upgrade
 their glib (so doing it shouldn't be taken lightly).

 Regards,
 Jeff


 Abhik Sarkar wrote:
  Hi Jeff,
 
  I meant version of glib which is part of the current set of libraries
  used to build the SVN version (in particular wireshark-win32-libs).
  There are a few different ways of parsing XML used in various parts of
  WS, and I wanted to use an existing API without having to introduce a
  new dependency (but also without having to use any parser generators)
  and it seems to be possible using the mentioned functionality.
 
  Thanks,
  Abhik.
 
  On Thu, Mar 19, 2009 at 6:52 PM, Jeff Morriss jeff.morriss.ws
  http://jeff.morriss.ws@gmail.com http://gmail.com wrote:
 
 
 
  Abhik Sarkar wrote:
Hi Everyone,
   
This is a question specifically to the core developers. Would it
  be OK
to use the GMarkupParser facility which is provided by the latest
  glib
that is part of the required libraries for the development
 version? I
want to use it to read XML configuration files for a generally
  available
dissector.
 
  Define latest.  (I looked through the GLIB documentation and their
  list of symbols new to each release and at least some of the markup
  functions have been around for a while.)
 
 ___
  Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
  mailto:wireshark-dev@wireshark.org
  Archives:http://www.wireshark.org/lists/wireshark-dev
  Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
  mailto:wireshark-dev-requ...@wireshark.org
  mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
 
 
 
  
 
 
 ___
  Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
  Archives:http://www.wireshark.org/lists/wireshark-dev
  Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
   mailto:wireshark-dev-requ...@wireshark.org
 ?subject=unsubscribe
 ___
 Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
 Archives:http://www.wireshark.org/lists/wireshark-dev
 Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] XML parsing

[Bill Meier]

Abhik Sarkar wrote:
 Ah, thanks Jeff; I understand now. I checked 
 (http://library.gnome.org/devel/glib/unstable/glib-Simple-XML-Subset-Parser.html)
  
 and it suggests it has been around since version 2.16... so I guess it 
 is OK to use it.
 

Actually:

configure.in requiring GTK to be 2.4 or greater means that Wireshark 
tries to support any version of GTK starting with 2.4.

(Any code requiring a feature only available in later GTK versions is 
#ifdef'd to be compiled only if Wireshark is being built with that 
version or newer. In general, if this is done, alternative code should 
be provided which compiles and works with the earlier GTK version).

So: if a function was implemented as of GTK 2.16, that means that any 
Wireshark build on a system with an earlier GTK version will fail trying 
to use that function. (Note that GTK 2.4 is [much] older than Gtk 2.16).

For example: my fairly up-to-date Fedora 10 system has Gtk2 2.14.7




___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] XML parsing

[Bill Meier]

Bill Meier wrote:
 Abhik Sarkar wrote:
 Ah, thanks Jeff; I understand now. I checked 
 (http://library.gnome.org/devel/glib/unstable/glib-Simple-XML-Subset-Parser.html)
  
 and it suggests it has been around since version 2.16... so I guess it 
 is OK to use it.

 
 Actually:
 
 configure.in requiring GTK to be 2.4 or greater means that Wireshark 
 tries to support any version of GTK starting with 2.4.
 
 (Any code requiring a feature only available in later GTK versions is 
 #ifdef'd to be compiled only if Wireshark is being built with that 
 version or newer. In general, if this is done, alternative code should 
 be provided which compiles and works with the earlier GTK version).
 
 So: if a function was implemented as of GTK 2.16, that means that any 
 Wireshark build on a system with an earlier GTK version will fail trying 
 to use that function. (Note that GTK 2.4 is [much] older than Gtk 2.16).
 
 For example: my fairly up-to-date Fedora 10 system has Gtk2 2.14.7
 

Ooops: We're talking Glib not Gtk in this case.

  The principle remains the same: Wireshark currently supports Glib 
versions starting with 2.4.



(
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Unable to Display Simple Protocol Tree

[Dix, Steven E]

I've been trying to get dissector plugin that I'm coding to display
subtree information that it has parsed.  I can get it to look through
the tvb buffer and extract the data, but I can't get it to display even
the top level protocol name beneath the UDP line.  As a debugging aid, I
dropped in code lifted and slightly modified from the AMIN protocol
CodeProject web article (link:
http://www.codeproject.com/KB/IP/custom_dissector.aspx).

I macroed the code so that if macro AMIN is defined, the AMIN code runs.
Otherwise, my dissector runs.  The AMIN code does display the protocol
name.  With what looks like an identical proto_tree_add_item call, my
dissector won't display the protocol name.

I don't understand why the code doesn't work.  I've stepped through it
in the debugger, and verified that the structure pointed to by the tree
has a new last_child as a result of the proto_tree_add_item call, and
its finfo element has reasonable looking contents that match what I
expected for this protocol.  The tree's last_child appears to be changed
identically for the AMIN dissector (which works) and for my dissector
(which doesn't) when I flip the #define AMIN macro to #undef AMIN and
rebuild the plugin.

I've included a code snippet from the dissector below.

#ifndef AMIN
static void
dissect_x2d(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
static guint32 packetCounter = 0;
static proto_item* x2d_item = NULL;
proto_item* x2d_sub_item = NULL;
static proto_tree* x2d_tree = NULL;
static proto_tree* x2d_header_tree = NULL;
ParserNode* topClonePtr = 0;

ParseInfo* regPtr; /* To retain the result of the parse
operation */

guint32 ofst = 0; /* Tracks through tvb */
/* Debug only */
#ifdef DBG
if (bailoutPacket = ++packetCounter)
{
return;
}
#endif
/* Debug only */

if (check_col(pinfo-cinfo, COL_PROTOCOL))
{
col_set_str(pinfo-cinfo, COL_PROTOCOL, x2d);
}
/* Clear out stuff in the info column */
if (check_col(pinfo-cinfo,COL_INFO))
{
col_clear(pinfo-cinfo,COL_INFO);
}

if (tree)
{
x2d_item = proto_tree_add_item(tree, proto_x2d, tvb, 0,
-1, FALSE);
return;
}

I'd appreciate any help possible on this.



Steve Dix
407-399-5578, Fax 407-249-3599
steven.e@boeing.com

___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] one possible way to speed up filtering

[yami]

Hi Didier,

Thank you for trying the patch :) and all the good comments given.

I've attached a new patch to the wiki. Please see my detailed reply below.


On Fri, Mar 20, 2009 at 6:30 AM, didier dgauthe...@magic.fr wrote:

 Hi,

 Le mercredi 18 mars 2009 à 23:05 +0800, yami a écrit :
  Thanks, I've written a page in Wiki:
http://wiki.wireshark.org/Development/FastFiltering
 Nice work.

 - If compiled without NDEBUG defined I get a failed assert:
 epan/dfilter/wslimmat.c :1680 : fix_variables:  v-assignment == v

It seems like a 'bug' of gcc optimization. We can simply remove this
assertion, see explanations below.

The assertion fails, but the 'real' value of v-assignment and v are equal.
I came to this conclusion by following experiments (is there any better
way?):

experiment 1. without NDEBUG defined, but using '-O0' to compile, not
assertion failure occurs.
experiment 2. no change to Makefile, simply add printf(v-assignment, v) to
fix_pointer(), no assertion failure
experiment 3. no change to Makefile, add following to fix_variables() after
the assert line:
  if (v-assignment != v)
  printf(not hold v-assignment=%p, v=%p\n, v-assignment, v);
  else
  printf(hold v-assignment=%p, v=%p\n, v-assignment, v);

The assertion fails (simply print, no abort), however output is:
 hold v-assignment=0x8070508, v=0x8070508

which just says the opposite.


 valgrind doesn't complain and it seems to work with NDEBUG but only for
 simple stuff ie udp  dns, something like !(tcp.stream eq 1)
  !(tcp.stream eq 2) doesn't return the right result.
 ie:
 follow TCP stream, filter out this stream, follow TCP this stream, and
 so on.
 Does it work for you?


This is a bug, I've fixed '!' (TEST_OP_NOT) part at least. I'll test the
patch more.



 - stupid but Limmat uses the original BSD license which is incompatible
 with the GPL.


Really? I've thought BSD license is looser than GPL (can you give me more
details?).
On the other hand, I find Wireshark code has already contains similar
licenses (am I right?), for example,
Menu - Help - About Wireshark - License - Part III has metioned some.


 - On the other hand if expressions are made incrementally via popup
 menus is a full SAT solver need?


Perhaps you are right, but I'm not sure.

However using a SAT solver (even if it is a simple one) is the most
generalized way, which requires no special handling. And it is also a good
example of how math is applied in real life :)

Cons are
1. SAT solvers are complicated. (But we may use a simple algorithm)
2. Public available SAT solvers are mainly wrote by researchers, which may
not have time to maintain the software.


 eg:
 Something like
 tcp.stream eq 1 -- H1

 !(tcp.stream eq 1) -- !H1 -- H2

 tcp.stream eq 2 -- H3

 !(tcp.stream eq 1)  !(tcp.stream eq 2) -- H2  !H3

 may be good enough.

 Didier



 ___
 Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
 Archives:http://www.wireshark.org/lists/wireshark-dev
 Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe