Re: [Wireshark-dev] Create dissctor groups to easily dissable unneded protocols.
From: Wireshark-dev On Behalf Of chuck c Sent: den 21 oktober 2020 17:52 To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Create dissctor groups to easily dissable unneded protocols. >The Frame protocol (and a dozen others) can not be disabled: > /* You can't disable dissection of "Frame", as that would be > tantamount to not doing any dissection whatsoever. */ >proto_set_cant_toggle(proto_frame); > >Would there be a group that lists these? I think it could be done – not sure what the use case would be, other than creating a list. /Anders On Wed, Oct 21, 2020 at 9:34 AM Anders Broman via Wireshark-dev mailto:wireshark-dev@wireshark.org> > wrote: Hi, In the developers den we discussed the possibility of disabling unneeded protocols and I brought up the idea of protocol groups. If there is interest in this feature I would need help with the GUI part – volunteers? As a PoC I was thinking of something along these lines. Turn all protocols of – enable the group “basic” which would then be the basic protocols you would need in most cases like Ethernet -VLAN-IP4/IPv6-TCP UDP SCTP ICMP ICMP6 ARP more? We don’t need a comprehensive list here and now these might do for the PoC. Once the basic group is there we might start to look at large groups of specialized protocols most people would want to turn off like USB Bluetooth ZigeBee, telco(?) might be candidates. This would be the API to register in a group, only allowed group names(we make list) to be accepted at registry time, possibly Have a register group name routine? But the poc may not have to be more complicated than this. --- a/epan/proto.c +++ b/epan/proto.c @@ -343,21 +343,22 @@ static header_field_info hfi_text_only = { "Text item", "text", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }; int hf_text_only = -1; -/* Structure for information about a protocol */ +/** Structure for information about a protocol */ struct _protocol { - const char *name; /* long description */ - const char *short_name; /* short description */ - const char *filter_name;/* name of this protocol in filters */ - GPtrArray *fields; /* fields for this protocol */ - int proto_id; /* field ID for this protocol */ - gbooleanis_enabled; /* TRUE if protocol is enabled */ - gbooleanenabled_by_default; /* TRUE if protocol is enabled by default */ - gbooleancan_toggle; /* TRUE if is_enabled can be changed */ - int parent_proto_id;/* Used to identify "pino"s (Protocol In Name Only). + const char *name; /**< long description */ + const char *short_name; /**< short description */ + const char *filter_name;/**< name of this protocol in filters */ + const char* group_name; /**< name of the "group" this protocol belongs to */ + GPtrArray *fields; /**< fields for this protocol */ + int proto_id; /**< field ID for this protocol */ + gbooleanis_enabled; /**< TRUE if protocol is enabled */ + gbooleanenabled_by_default; /**< TRUE if protocol is enabled by default */ + gbooleancan_toggle; /**< TRUE if is_enabled can be changed */ + int parent_proto_id;/**< Used to identify "pino"s (Protocol In Name Only). For dissectors that need a protocol name so they can be added to a dissector table, but use the parent_proto_id for things like enable/disable */ - GList *heur_list; /* Heuristic dissectors associated with this protocol */ + GList *heur_list; /**< Heuristic dissectors associated with this protocol */ }; /* List of all protocols */ @@ -7208,8 +7209,14 @@ check_valid_filter_name_or_fail(const char *filter_name) } int -proto_register_protocol(const char *name, const char *short_name, - const char *filter_name) +proto_register_protocol(const char* name, const char* short_name, const char* filter_name) +{ + return proto_register_protocol_and_group(name, short_name, filter_name, NULL); +} + +int +proto_register_protocol_and_group(const char *name, const char *short_name, + const char *filter_name, const char* group_name) { protocol_t *protocol; header_field_info *hfinfo; @@ -7248,6 +7255,7 @@ proto_register_protocol(const char *name, const char *short_name, protocol->name = name; protocol->short_name = short_name; protocol->filter_name = filter_name; + protocol->group_name = group_name; protocol->fields = NULL; /* Delegate until actually needed */ protocol->is_enabled = T
Re: [Wireshark-dev] lua decoder accessing info from layers above
Thus wrote Maynard, Chris via Wireshark-dev (wireshark-dev@wireshark.org): > > From: Wireshark-dev On Behalf Of > > chuck c > > Sent: Wednesday, October 14, 2020 10:33 AM > > To: Developer support list for Wireshark > > Subject: Re: [Wireshark-dev] lua decoder accessing info from layers above > > local p_foo = Proto.new("foo", "foo") > > local f_frame_protocols = Field.new("frame.protocols") > > function p_foo.dissector(buf, pinfo, tree) > >print(pinfo.number, "Protocols: " .. (f_frame_protocols() and > > f_frame_protocols().value or "Unknown")) > > --print(pinfo.number, f_frame_protocols().value) > > end > > register_postdissector(p_foo) > > Script above prints to the Lua console. > > What was the situation where it doesn't work? > It works as a post-dissector, but not as a registered dissector. For > example, replace: > register_postdissector(p_foo) > with something like so, replacing the port number with whatever you can > easily test with: > local udp_table = DissectorTable.get("udp.port") > udp_table:add(3, p_foo) > Yet you can access and print other frame fields such as "frame.len" and > "frame.cap_len". frame.protocols is added to the tree by the frame dissector after all upper-layer protocols were running, i.e. after the big try-catch block in packet-frame.c and before the try-catch block for postdissectors. This makes sense to me. We have to dissect the packet completely before we can compile the list of all protocols that got to see the packet. Thus, by the time p_foo.dissector runs, there's no frame.protocols field in the tree yet. f_frame_protocols() is nil. Field__call() calls proto_get_finfo_ptr_array() which doesn't find a frame.protocols entry in the tree. This is different for frame.len and frame.cap_len. These fields are added to the tree before packet-frame.c passes control to other dissectors. When postdissectors are called, frame.protocols is also present in the tree and visible to postdissectors. Best regards, Martin ___ Sent via:Wireshark-dev mailing list Archives:https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Create dissctor groups to easily dissable unneded protocols.
The Frame protocol (and a dozen others) can not be disabled: /* You can't disable dissection of "Frame", as that would be tantamount to not doing any dissection whatsoever. */ proto_set_cant_toggle(proto_frame); Would there be a group that lists these? On Wed, Oct 21, 2020 at 9:34 AM Anders Broman via Wireshark-dev < wireshark-dev@wireshark.org> wrote: > Hi, > > In the developers den we discussed the possibility of disabling unneeded > protocols and I brought up the idea of protocol groups. If there is > interest in this feature > > I would need help with the GUI part – volunteers? As a PoC I was thinking > of something along these lines. > > Turn all protocols of – enable the group “basic” which would then be the > basic protocols you would need in most cases like > > Ethernet -VLAN-IP4/IPv6-TCP UDP SCTP ICMP ICMP6 ARP more? We don’t need a > comprehensive list here and now these might do for the PoC. > > Once the basic group is there we might start to look at large groups of > specialized protocols most people would want to turn off like > > USB Bluetooth ZigeBee, telco(?) might be candidates. > > > > This would be the API to register in a group, only allowed group names(we > make list) to be accepted at registry time, possibly > > Have a register group name routine? But the poc may not have to be more > complicated than this. > > --- a/epan/proto.c > > +++ b/epan/proto.c > > @@ -343,21 +343,22 @@ static header_field_info hfi_text_only = > > { "Text item", "text", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL > }; > > int hf_text_only = -1; > > > > -/* Structure for information about a protocol */ > > +/** Structure for information about a protocol */ > > struct _protocol { > > - const char *name; /* long description */ > > - const char *short_name; /* short description */ > > - const char *filter_name;/* name of this protocol in > filters */ > > - GPtrArray *fields; /* fields for this protocol */ > > - int proto_id; /* field ID for this protocol */ > > - gbooleanis_enabled; /* TRUE if protocol is enabled */ > > - gbooleanenabled_by_default; /* TRUE if protocol is enabled by > default */ > > - gbooleancan_toggle; /* TRUE if is_enabled can be > changed */ > > - int parent_proto_id;/* Used to identify "pino"s > (Protocol In Name Only). > > + const char *name; /**< long description */ > > + const char *short_name; /**< short description */ > > + const char *filter_name;/**< name of this protocol in > filters */ > > + const char* group_name; /**< name of the "group" this > protocol belongs to */ > > + GPtrArray *fields; /**< fields for this protocol */ > > + int proto_id; /**< field ID for this protocol */ > > + gbooleanis_enabled; /**< TRUE if protocol is enabled */ > > + gbooleanenabled_by_default; /**< TRUE if protocol is enabled > by default */ > > + gbooleancan_toggle; /**< TRUE if is_enabled can be > changed */ > > + int parent_proto_id;/**< Used to identify "pino"s > (Protocol In Name Only). > > For dissectors that need a > protocol name so they > > can be added to a dissector table, > but use the > > parent_proto_id for things like > enable/disable */ > > - GList *heur_list; /* Heuristic dissectors associated > with this protocol */ > > + GList *heur_list; /**< Heuristic dissectors > associated with this protocol */ > > }; > > > > /* List of all protocols */ > > @@ -7208,8 +7209,14 @@ check_valid_filter_name_or_fail(const char > *filter_name) > > } > > > > int > > -proto_register_protocol(const char *name, const char *short_name, > > - const char *filter_name) > > +proto_register_protocol(const char* name, const char* short_name, const > char* filter_name) > > +{ > > + return proto_register_protocol_and_group(name, short_name, > filter_name, NULL); > > +} > > + > > +int > > +proto_register_protocol_and_group(const char *name, const char > *short_name, > > + const char *filter_name, const char* group_name) > > { > > protocol_t *protocol; > > header_field_info *hfinfo; > > @@ -7248,6 +7255,7 @@ proto_register_protocol(const char *name, const char > *short_name, > >protocol->name = name; > > protocol->short_name = short_name; > > protocol->filter_name = filter_name; > > + protocol->group_name = group_name; > > protocol->fields = NULL; /* Delegate until actually needed */ > > protocol->is_enabled = TRUE; /* protocol is enabled by default */ > > protocol->enabled_by_default = TRUE; /* see previous com
[Wireshark-dev] Create dissctor groups to easily dissable unneded protocols.
Hi, In the developers den we discussed the possibility of disabling unneeded protocols and I brought up the idea of protocol groups. If there is interest in this feature I would need help with the GUI part - volunteers? As a PoC I was thinking of something along these lines. Turn all protocols of - enable the group "basic" which would then be the basic protocols you would need in most cases like Ethernet -VLAN-IP4/IPv6-TCP UDP SCTP ICMP ICMP6 ARP more? We don't need a comprehensive list here and now these might do for the PoC. Once the basic group is there we might start to look at large groups of specialized protocols most people would want to turn off like USB Bluetooth ZigeBee, telco(?) might be candidates. This would be the API to register in a group, only allowed group names(we make list) to be accepted at registry time, possibly Have a register group name routine? But the poc may not have to be more complicated than this. --- a/epan/proto.c +++ b/epan/proto.c @@ -343,21 +343,22 @@ static header_field_info hfi_text_only = { "Text item", "text", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }; int hf_text_only = -1; -/* Structure for information about a protocol */ +/** Structure for information about a protocol */ struct _protocol { - const char *name; /* long description */ - const char *short_name; /* short description */ - const char *filter_name;/* name of this protocol in filters */ - GPtrArray *fields; /* fields for this protocol */ - int proto_id; /* field ID for this protocol */ - gbooleanis_enabled; /* TRUE if protocol is enabled */ - gbooleanenabled_by_default; /* TRUE if protocol is enabled by default */ - gbooleancan_toggle; /* TRUE if is_enabled can be changed */ - int parent_proto_id;/* Used to identify "pino"s (Protocol In Name Only). + const char *name; /**< long description */ + const char *short_name; /**< short description */ + const char *filter_name;/**< name of this protocol in filters */ + const char* group_name; /**< name of the "group" this protocol belongs to */ + GPtrArray *fields; /**< fields for this protocol */ + int proto_id; /**< field ID for this protocol */ + gbooleanis_enabled; /**< TRUE if protocol is enabled */ + gbooleanenabled_by_default; /**< TRUE if protocol is enabled by default */ + gbooleancan_toggle; /**< TRUE if is_enabled can be changed */ + int parent_proto_id;/**< Used to identify "pino"s (Protocol In Name Only). For dissectors that need a protocol name so they can be added to a dissector table, but use the parent_proto_id for things like enable/disable */ - GList *heur_list; /* Heuristic dissectors associated with this protocol */ + GList *heur_list; /**< Heuristic dissectors associated with this protocol */ }; /* List of all protocols */ @@ -7208,8 +7209,14 @@ check_valid_filter_name_or_fail(const char *filter_name) } int -proto_register_protocol(const char *name, const char *short_name, - const char *filter_name) +proto_register_protocol(const char* name, const char* short_name, const char* filter_name) +{ + return proto_register_protocol_and_group(name, short_name, filter_name, NULL); +} + +int +proto_register_protocol_and_group(const char *name, const char *short_name, + const char *filter_name, const char* group_name) { protocol_t *protocol; header_field_info *hfinfo; @@ -7248,6 +7255,7 @@ proto_register_protocol(const char *name, const char *short_name, protocol->name = name; protocol->short_name = short_name; protocol->filter_name = filter_name; + protocol->group_name = group_name; protocol->fields = NULL; /* Delegate until actually needed */ protocol->is_enabled = TRUE; /* protocol is enabled by default */ protocol->enabled_by_default = TRUE; /* see previous comment */ diff --git a/epan/proto.h b/epan/proto.h index 679cb6989c..fa63c9d9de 100644 --- a/epan/proto.h +++ b/epan/proto.h @@ -2371,6 +2371,14 @@ proto_item_fill_label(field_info *fi, gchar *label_str); WS_DLL_PUBLIC int proto_register_protocol(const char *name, const char *short_name, const char *filter_name); +/** Register a new protocol with group association. + @param name the full name of the new protocol + @param short_name abbreviated name of the new protocol + @param filter_name protocol name used for a display filter string + @param group_name the group the protocol belongs to. Grops are u