Wireshark-dev: Re: [Wireshark-dev] Duplicate entries in tap output

Date Prev · Date Next · Thread Prev · Thread Next
From: Michael Mann <mmann78@xxxxxxxxxxxx>
Date: Sat, 3 Dec 2016 08:09:39 -0500
Moshe,
 
Did you ever find a solution for this?  When I was working on the Export Object refactoring, I also saw this (duplicate entries) in the GUI (for SMB, not IMF), but now I can't duplicate the issue.  I've even tried switching between commits that have the new Export Object refactoring and don't (in case it was "accidentally" fixed in the refactor).   Still no luck.
If you can still duplicate it, please open a ticket in Bugzilla with the steps.
 
Michael
 
 
-----Original Message-----
From: Moshe <me@xxxxxxxxxxxxxxx>
To: wireshark-dev <wireshark-dev@xxxxxxxxxxxxx>
Sent: Tue, Nov 1, 2016 10:36 am
Subject: [Wireshark-dev] Duplicate entries in tap output

Hey folks,

I'm working on a new feature for Wireshark - to export IMF data as EML filse. I was able to create the menu entries, the tap, and the output EML files. But I'm having one issue: When I have the export objects dialog open (by clicking on the newly-created "Export Objects -> IMF" menu) and modify the display filter in Wireshark, the EML entries are duplicated in the export objects window.

How can I modify the dissector or tap code to avoid the duplicate entries in the export object window?

Thanks,
Moshe

Full diff below.

diff --git a/epan/dissectors/packet-imf.c b/epan/dissectors/packet-imf.c
index 66a335c..85bf402 100644
--- a/epan/dissectors/packet-imf.c
+++ b/epan/dissectors/packet-imf.c
@@ -30,6 +30,8 @@
 #include <epan/expert.h>
 #include <wsutil/str_util.h>
 
+#include <epan/tap.h>
+
 #include "packet-ber.h"
 #include "packet-http.h"
 #include "packet-imf.h"
@@ -39,6 +41,8 @@
 void proto_register_imf(void);
 void proto_reg_handoff_imf(void);
 
+static int imf_eo_tap = -1;
+
 #define PNAME  "Internet Message Format"
 #define PSNAME "IMF"
 #define PFNAME "imf"
@@ -692,6 +696,17 @@ dissect_imf(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
   gboolean last_field = FALSE;
   tvbuff_t *next_tvb;
   struct imf_field *f_info;
+  imf_eo_t *eo_info;
+
+
+  /* create the imf tap data unconditionally to avoid compiler warnings*/
+  eo_info = wmem_new(wmem_packet_scope(), imf_eo_t);
+
+  if (have_tap_listener(imf_eo_tap)) {
+    /* Create the eo_info to pass to the listener */
+    eo_info->sender_data = "\0";
+    eo_info->subject_data = "\0";
+  }
 
   col_set_str(pinfo->cinfo, COL_PROTOCOL, PSNAME);
   col_clear(pinfo->cinfo, COL_INFO);
@@ -775,10 +790,21 @@ dissect_imf(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
         /* remove 2 bytes to take off the final CRLF to make things a little prettier */
         item = proto_tree_add_item(tree, hf_id, tvb, value_offset, end_offset - value_offset - 2, ENC_ASCII|ENC_NA);
       }
+
       if(f_info->add_to_col_info) {
 
         col_append_fstr(pinfo->cinfo, COL_INFO, "%s: %s, ", f_info->name,
                         tvb_format_text(tvb, value_offset, end_offset - value_offset - 2));
+
+        // if sender or subject, store for tap
+        if(have_tap_listener(imf_eo_tap)) {
+          if(*f_info->hf_id == hf_imf_from){
+            eo_info->sender_data = g_strdup((gchar *) tvb_memdup(wmem_packet_scope(), tvb, value_offset, end_offset - value_offset - 2));
+          }
+          else if(*f_info->hf_id == hf_imf_subject){
+              eo_info->subject_data = g_strdup((gchar *) tvb_memdup(wmem_packet_scope(), tvb, value_offset, end_offset - value_offset - 2));
+          }
+        }
       }
 
       if(hf_id == hf_imf_content_type) {
@@ -857,6 +883,16 @@ dissect_imf(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
       start_offset = end_offset;
     }
   }
+
+  if (have_tap_listener(imf_eo_tap)) {
+      /* Set filename */
+      eo_info->pkt_num = 0;
+      eo_info->payload_len = max_length;
+      eo_info->payload_data = g_strdup((gchar *) tvb_memdup(wmem_packet_scope(), tvb, 0, max_length));
+
+      /* Send to tap */
+      tap_queue_packet(imf_eo_tap, pinfo, eo_info);
+    }
   return tvb_captured_length(tvb);
 }
 
@@ -1271,6 +1307,9 @@ proto_register_imf(void)
   for(f = imf_fields; f->name; f++)
     g_hash_table_insert(imf_field_table, (gpointer)f->name, (gpointer)f);
 
+  /* Register for tapping */
+  imf_eo_tap = register_tap("imf_eo"); /* IMF Export Object tap */
+
 }
 
 /* The registration hand-off routine */
diff --git a/epan/dissectors/packet-imf.h b/epan/dissectors/packet-imf.h
index 5688064..0a9095b 100644
--- a/epan/dissectors/packet-imf.h
+++ b/epan/dissectors/packet-imf.h
@@ -22,11 +22,27 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
+#ifndef __PACKET_IMF_H__
+#define __PACKET_IMF_H__
+
+#include <epan/packet.h>
+
 /* Find the end of the next IMF field in the tvb.
  * This is not necessarily the first \r\n as there may be continuation lines.
  *
  * If we have found the last field (terminated by \r\n\r\n) we indicate this in last_field .
  */
-
 int imf_find_field_end(tvbuff_t *tvb, int offset, gint max_length, gboolean *last_field);
 
+/* Used for IMF Export Object feature */
+typedef struct _imf_eo_t {
+	guint32  pkt_num;
+	gchar    *filename;
+  gchar    *sender_data;
+  gchar    *subject_data;
+	guint32  payload_len;
+	gchar    *payload_data;
+
+} imf_eo_t;
+
+#endif /* __PACKET_IMF_H__ */
diff --git a/ui/CMakeLists.txt b/ui/CMakeLists.txt
index 334e5f3..ad38488 100644
--- a/ui/CMakeLists.txt
+++ b/ui/CMakeLists.txt
@@ -30,6 +30,7 @@ set(COMMON_UI_SRC
 	export_object.c
 	export_object_dicom.c
 	export_object_http.c
+	export_object_imf.c
 	export_object_smb.c
 	export_object_tftp.c
 	export_pdu_ui_utils.c
diff --git a/ui/Makefile.am b/ui/Makefile.am
index 91f189b..c06457b 100644
--- a/ui/Makefile.am
+++ b/ui/Makefile.am
@@ -57,6 +57,7 @@ WIRESHARK_UI_SRC = \
 	export_object.c		\
 	export_object_dicom.c	\
 	export_object_http.c	\
+	export_object_imf.c	\
 	export_object_smb.c	\
 	export_object_tftp.c	\
 	export_pdu_ui_utils.c	\
diff --git a/ui/export_object.h b/ui/export_object.h
index b564fff..af71eed 100644
--- a/ui/export_object.h
+++ b/ui/export_object.h
@@ -58,6 +58,8 @@ gboolean eo_dicom_packet(void *tapdata, packet_info *pinfo, epan_dissect_t *edt
         const void *data);
 gboolean eo_http_packet(void *tapdata, packet_info *pinfo, epan_dissect_t *edt _U_,
         const void *data);
+gboolean eo_imf_packet(void *tapdata, packet_info *pinfo, epan_dissect_t *edt _U_,
+        const void *data);
 gboolean eo_smb_packet(void *tapdata, packet_info *pinfo, epan_dissect_t *edt _U_,
         const void *data);
 gboolean eo_tftp_packet(void *tapdata, packet_info *pinfo, epan_dissect_t *edt _U_,
diff --git a/ui/export_object_imf.c b/ui/export_object_imf.c
new file mode 100644
index 0000000..9a3950f
--- /dev/null
+++ b/ui/export_object_imf.c
@@ -0,0 +1,75 @@
+/* export_object_imf.c
+ * Routines for tracking & saving objects found in IMF streams
+ * See also: export_object.c / export_object.h for common code
+ * Copyright 2007, Stephen Fisher (see AUTHORS file)
+ *
+ * Wireshark - Network traffic analyzer
+ * By Gerald Combs <gerald@xxxxxxxxxxxxx>
+ * Copyright 1998 Gerald Combs
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301,
+ * USA.
+ */
+
+#include "config.h"
+
+
+#include <epan/dissectors/packet-imf.h>
+#include <epan/tap.h>
+
+#include "export_object.h"
+
+
+gboolean
+eo_imf_packet(void *tapdata, packet_info *pinfo, epan_dissect_t *edt _U_,
+           const void *data)
+{
+    export_object_list_t *object_list = (export_object_list_t *)tapdata;
+    const imf_eo_t *eo_info = (const imf_eo_t *)data;
+    export_object_entry_t *entry;
+
+    if(eo_info) { /* We have data waiting for us */
+        /* These values will be freed when the Export Object window
+         * is closed. */
+        entry = (export_object_entry_t *)g_malloc(sizeof(export_object_entry_t));
+
+        entry->pkt_num = pinfo->num;
+        entry->hostname = NULL;
+        entry->content_type = g_strdup("EML file");
+        entry->filename = g_strdup_printf("from_%s_subject_%s.eml", eo_info->sender_data, eo_info->subject_data);
+        entry->payload_len = eo_info->payload_len;
+        entry->payload_data = (guint8 *)g_memdup(eo_info->payload_data,
+                           eo_info->payload_len);
+
+        object_list_add_entry(object_list, entry);
+
+        return TRUE; /* State changed - window should be redrawn */
+    } else {
+        return FALSE; /* State unchanged - no window updates needed */
+    }
+}
+
+/*
+ * Editor modelines
+ *
+ * Local Variables:
+ * c-basic-offset: 4
+ * tab-width: 8
+ * indent-tabs-mode: nil
+ * End:
+ *
+ * ex: set shiftwidth=4 tabstop=8 expandtab:
+ * :indentSize=4:tabSize=8:noTabs=true:
+ */
diff --git a/ui/qt/export_object_dialog.cpp b/ui/qt/export_object_dialog.cpp
index 83aac4b..2912633 100644
--- a/ui/qt/export_object_dialog.cpp
+++ b/ui/qt/export_object_dialog.cpp
@@ -93,6 +93,11 @@ ExportObjectDialog::ExportObjectDialog(QWidget &parent, CaptureFile &cf, ObjectT
         name_ = "HTTP";
         tap_packet_ = eo_http_packet;
         break;
+    case Imf:
+        tap_name_ = "imf_eo";
+        name_ = "IMF";
+        tap_packet_ = eo_imf_packet;
+        break;
     case Smb:
         tap_name_ = "smb_eo";
         name_ = "SMB";
diff --git a/ui/qt/export_object_dialog.h b/ui/qt/export_object_dialog.h
index 507bfb9..9084017 100644
--- a/ui/qt/export_object_dialog.h
+++ b/ui/qt/export_object_dialog.h
@@ -57,7 +57,7 @@ class ExportObjectDialog : public WiresharkDialog
     Q_OBJECT
 
 public:
-    enum ObjectType { Dicom, Http, Smb, Tftp };
+    enum ObjectType { Dicom, Http, Imf, Smb, Tftp };
 
     explicit ExportObjectDialog(QWidget &parent, CaptureFile &cf, ObjectType object_type);
     ~ExportObjectDialog();
diff --git a/ui/qt/main_window.h b/ui/qt/main_window.h
index e6ce203..a852bca 100644
--- a/ui/qt/main_window.h
+++ b/ui/qt/main_window.h
@@ -386,6 +386,7 @@ private slots:
     void on_actionFileExportPacketBytes_triggered();
     void on_actionFileExportObjectsDICOM_triggered();
     void on_actionFileExportObjectsHTTP_triggered();
+    void on_actionFileExportObjectsIMF_triggered();
     void on_actionFileExportObjectsSMB_triggered();
     void on_actionFileExportObjectsTFTP_triggered();
     void on_actionFilePrint_triggered();
diff --git a/ui/qt/main_window.ui b/ui/qt/main_window.ui
index 508b70a..7c4085d 100644
--- a/ui/qt/main_window.ui
+++ b/ui/qt/main_window.ui
@@ -180,6 +180,7 @@
      </property>
      <addaction name="actionFileExportObjectsDICOM"/>
      <addaction name="actionFileExportObjectsHTTP"/>
+     <addaction name="actionFileExportObjectsIMF"/>
      <addaction name="actionFileExportObjectsSMB"/>
      <addaction name="actionFileExportObjectsTFTP"/>
     </widget>
@@ -1249,6 +1250,11 @@
     <string>&HTTP…</string>
    </property>
   </action>
+  <action name="actionFileExportObjectsIMF">
+   <property name="text">
+    <string>&IMF…</string>
+   </property>
+  </action>
   <action name="actionFileExportObjectsDICOM">
    <property name="text">
     <string>&DICOM…</string>
diff --git a/ui/qt/main_window_slots.cpp b/ui/qt/main_window_slots.cpp
index 388ab77..f628aef 100644
--- a/ui/qt/main_window_slots.cpp
+++ b/ui/qt/main_window_slots.cpp
@@ -1876,6 +1876,11 @@ void MainWindow::on_actionFileExportObjectsHTTP_triggered()
     new ExportObjectDialog(*this, capture_file_, ExportObjectDialog::Http);
 }
 
+void MainWindow::on_actionFileExportObjectsIMF_triggered()
+{
+    new ExportObjectDialog(*this, capture_file_, ExportObjectDialog::Imf);
+}
+
 void MainWindow::on_actionFileExportObjectsSMB_triggered()
 {
     new ExportObjectDialog(*this, capture_file_, ExportObjectDialog::Smb);
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe