Wireshark · Wireshark-dev: [Wireshark-dev] Duplicate entries in tap output

Wireshark-dev: [Wireshark-dev] Duplicate entries in tap output
Date: Mon, 31 Oct 2016 22:08:41 -0400
Hey folks,
I'm working on a new feature for Wireshark - to export IMF data as EML filse. I was able to create the menu entries, the tap, and the output EML files. But I'm having one issue: When I have the export objects dialog open (by clicking on the newly-created "Export Objects -> IMF" menu) and modify the display filter in Wireshark, the EML entries are duplicated in the export objects window.
How can I modify the dissector or tap code to avoid the duplicate entries in the export object window?
Thanks,
Moshe
Full diff below.
diff --git a/epan/dissectors/packet-imf.c b/epan/dissectors/packet-imf.c
index 66a335c..85bf402 100644
--- a/epan/dissectors/packet-imf.c
+++ b/epan/dissectors/packet-imf.c
@@ -30,6 +30,8 @@
 #include <epan/expert.h>
 #include <wsutil/str_util.h>
 
+#include <epan/tap.h>
+
 #include "packet-ber.h"
 #include "packet-http.h"
 #include "packet-imf.h"
@@ -39,6 +41,8 @@
 void proto_register_imf(void);
 void proto_reg_handoff_imf(void);
 
+static int imf_eo_tap = -1;
+
 #define PNAME  "Internet Message Format"
 #define PSNAME "IMF"
 #define PFNAME "imf"
@@ -692,6 +696,17 @@ dissect_imf(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
   gboolean last_field = FALSE;
   tvbuff_t *next_tvb;
   struct imf_field *f_info;
+  imf_eo_t *eo_info;
+
+
+  /* create the imf tap data unconditionally to avoid compiler warnings*/
+  eo_info = wmem_new(wmem_packet_scope(), imf_eo_t);
+
+  if (have_tap_listener(imf_eo_tap)) {
+    /* Create the eo_info to pass to the listener */
+    eo_info->sender_data = "\0";
+    eo_info->subject_data = "\0";
+  }
 
   col_set_str(pinfo->cinfo, COL_PROTOCOL, PSNAME);
   col_clear(pinfo->cinfo, COL_INFO);
@@ -775,10 +790,21 @@ dissect_imf(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
         /* remove 2 bytes to take off the final CRLF to make things a little prettier */
         item = proto_tree_add_item(tree, hf_id, tvb, value_offset, end_offset - value_offset - 2, ENC_ASCII|ENC_NA);
       }
+
       if(f_info->add_to_col_info) {
 
         col_append_fstr(pinfo->cinfo, COL_INFO, "%s: %s, ", f_info->name,
                         tvb_format_text(tvb, value_offset, end_offset - value_offset - 2));
+
+        // if sender or subject, store for tap
+        if(have_tap_listener(imf_eo_tap)) {
+          if(*f_info->hf_id == hf_imf_from){
+            eo_info->sender_data = g_strdup((gchar *) tvb_memdup(wmem_packet_scope(), tvb, value_offset, end_offset - value_offset - 2));
+          }
+          else if(*f_info->hf_id == hf_imf_subject){
+              eo_info->subject_data = g_strdup((gchar *) tvb_memdup(wmem_packet_scope(), tvb, value_offset, end_offset - value_offset - 2));
+          }
+        }
       }
 
       if(hf_id == hf_imf_content_type) {
@@ -857,6 +883,16 @@ dissect_imf(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
       start_offset = end_offset;
     }
   }
+
+  if (have_tap_listener(imf_eo_tap)) {
+      /* Set filename */
+      eo_info->pkt_num = 0;
+      eo_info->payload_len = max_length;
+      eo_info->payload_data = g_strdup((gchar *) tvb_memdup(wmem_packet_scope(), tvb, 0, max_length));
+
+      /* Send to tap */
+      tap_queue_packet(imf_eo_tap, pinfo, eo_info);
+    }
   return tvb_captured_length(tvb);
 }
 
@@ -1271,6 +1307,9 @@ proto_register_imf(void)
   for(f = imf_fields; f->name; f++)
     g_hash_table_insert(imf_field_table, (gpointer)f->name, (gpointer)f);
 
+  /* Register for tapping */
+  imf_eo_tap = register_tap("imf_eo"); /* IMF Export Object tap */
+
 }
 
 /* The registration hand-off routine */
diff --git a/epan/dissectors/packet-imf.h b/epan/dissectors/packet-imf.h
index 5688064..0a9095b 100644
--- a/epan/dissectors/packet-imf.h
+++ b/epan/dissectors/packet-imf.h
@@ -22,11 +22,27 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
+#ifndef __PACKET_IMF_H__
+#define __PACKET_IMF_H__
+
+#include <epan/packet.h>
+
 /* Find the end of the next IMF field in the tvb.
  * This is not necessarily the first \r\n as there may be continuation lines.
  *
  * If we have found the last field (terminated by \r\n\r\n) we indicate this in last_field .
  */
-
 int imf_find_field_end(tvbuff_t *tvb, int offset, gint max_length, gboolean *last_field);
 
+/* Used for IMF Export Object feature */
+typedef struct _imf_eo_t {
+	guint32  pkt_num;
+	gchar    *filename;
+  gchar    *sender_data;
+  gchar    *subject_data;
+	guint32  payload_len;
+	gchar    *payload_data;
+
+} imf_eo_t;
+
+#endif /* __PACKET_IMF_H__ */
diff --git a/ui/CMakeLists.txt b/ui/CMakeLists.txt
index 334e5f3..ad38488 100644
--- a/ui/CMakeLists.txt
+++ b/ui/CMakeLists.txt
@@ -30,6 +30,7 @@ set(COMMON_UI_SRC
 	export_object.c
 	export_object_dicom.c
 	export_object_http.c
+	export_object_imf.c
 	export_object_smb.c
 	export_object_tftp.c
 	export_pdu_ui_utils.c
diff --git a/ui/Makefile.am b/ui/Makefile.am
index 91f189b..c06457b 100644
--- a/ui/Makefile.am
+++ b/ui/Makefile.am
@@ -57,6 +57,7 @@ WIRESHARK_UI_SRC = \
 	export_object.c		\
 	export_object_dicom.c	\
 	export_object_http.c	\
+	export_object_imf.c	\
 	export_object_smb.c	\
 	export_object_tftp.c	\
 	export_pdu_ui_utils.c	\
diff --git a/ui/export_object.h b/ui/export_object.h
index b564fff..af71eed 100644
--- a/ui/export_object.h
+++ b/ui/export_object.h
@@ -58,6 +58,8 @@ gboolean eo_dicom_packet(void *tapdata, packet_info *pinfo, epan_dissect_t *edt
         const void *data);
 gboolean eo_http_packet(void *tapdata, packet_info *pinfo, epan_dissect_t *edt _U_,
         const void *data);
+gboolean eo_imf_packet(void *tapdata, packet_info *pinfo, epan_dissect_t *edt _U_,
+        const void *data);
 gboolean eo_smb_packet(void *tapdata, packet_info *pinfo, epan_dissect_t *edt _U_,
         const void *data);
 gboolean eo_tftp_packet(void *tapdata, packet_info *pinfo, epan_dissect_t *edt _U_,
diff --git a/ui/export_object_imf.c b/ui/export_object_imf.c
new file mode 100644
index 0000000..9a3950f
--- /dev/null
+++ b/ui/export_object_imf.c
@@ -0,0 +1,75 @@
+/* export_object_imf.c
+ * Routines for tracking & saving objects found in IMF streams
+ * See also: export_object.c / export_object.h for common code
+ * Copyright 2007, Stephen Fisher (see AUTHORS file)
+ *
+ * Wireshark - Network traffic analyzer
+ * By Gerald Combs <gerald@xxxxxxxxxxxxx>
+ * Copyright 1998 Gerald Combs
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301,
+ * USA.
+ */
+
+#include "config.h"
+
+
+#include <epan/dissectors/packet-imf.h>
+#include <epan/tap.h>
+
+#include "export_object.h"
+
+
+gboolean
+eo_imf_packet(void *tapdata, packet_info *pinfo, epan_dissect_t *edt _U_,
+           const void *data)
+{
+    export_object_list_t *object_list = (export_object_list_t *)tapdata;
+    const imf_eo_t *eo_info = (const imf_eo_t *)data;
+    export_object_entry_t *entry;
+
+    if(eo_info) { /* We have data waiting for us */
+        /* These values will be freed when the Export Object window
+         * is closed. */
+        entry = (export_object_entry_t *)g_malloc(sizeof(export_object_entry_t));
+
+        entry->pkt_num = pinfo->num;
+        entry->hostname = NULL;
+        entry->content_type = g_strdup("EML file");
+        entry->filename = g_strdup_printf("from_%s_subject_%s.eml", eo_info->sender_data, eo_info->subject_data);
+        entry->payload_len = eo_info->payload_len;
+        entry->payload_data = (guint8 *)g_memdup(eo_info->payload_data,
+                           eo_info->payload_len);
+
+        object_list_add_entry(object_list, entry);
+
+        return TRUE; /* State changed - window should be redrawn */
+    } else {
+        return FALSE; /* State unchanged - no window updates needed */
+    }
+}
+
+/*
+ * Editor modelines
+ *
+ * Local Variables:
+ * c-basic-offset: 4
+ * tab-width: 8
+ * indent-tabs-mode: nil
+ * End:
+ *
+ * ex: set shiftwidth=4 tabstop=8 expandtab:
+ * :indentSize=4:tabSize=8:noTabs=true:
+ */
diff --git a/ui/qt/export_object_dialog.cpp b/ui/qt/export_object_dialog.cpp
index 83aac4b..2912633 100644
--- a/ui/qt/export_object_dialog.cpp
+++ b/ui/qt/export_object_dialog.cpp
@@ -93,6 +93,11 @@ ExportObjectDialog::ExportObjectDialog(QWidget &parent, CaptureFile &cf, ObjectT
         name_ = "HTTP";
         tap_packet_ = eo_http_packet;
         break;
+    case Imf:
+        tap_name_ = "imf_eo";
+        name_ = "IMF";
+        tap_packet_ = eo_imf_packet;
+        break;
     case Smb:
         tap_name_ = "smb_eo";
         name_ = "SMB";
diff --git a/ui/qt/export_object_dialog.h b/ui/qt/export_object_dialog.h
index 507bfb9..9084017 100644
--- a/ui/qt/export_object_dialog.h
+++ b/ui/qt/export_object_dialog.h
@@ -57,7 +57,7 @@ class ExportObjectDialog : public WiresharkDialog
     Q_OBJECT
 
 public:
-    enum ObjectType { Dicom, Http, Smb, Tftp };
+    enum ObjectType { Dicom, Http, Imf, Smb, Tftp };
 
     explicit ExportObjectDialog(QWidget &parent, CaptureFile &cf, ObjectType object_type);
     ~ExportObjectDialog();
diff --git a/ui/qt/main_window.h b/ui/qt/main_window.h
index e6ce203..a852bca 100644
--- a/ui/qt/main_window.h
+++ b/ui/qt/main_window.h
@@ -386,6 +386,7 @@ private slots:
     void on_actionFileExportPacketBytes_triggered();
     void on_actionFileExportObjectsDICOM_triggered();
     void on_actionFileExportObjectsHTTP_triggered();
+    void on_actionFileExportObjectsIMF_triggered();
     void on_actionFileExportObjectsSMB_triggered();
     void on_actionFileExportObjectsTFTP_triggered();
     void on_actionFilePrint_triggered();
diff --git a/ui/qt/main_window.ui b/ui/qt/main_window.ui
index 508b70a..7c4085d 100644
--- a/ui/qt/main_window.ui
+++ b/ui/qt/main_window.ui
@@ -180,6 +180,7 @@
      </property>
      <addaction name="actionFileExportObjectsDICOM"/>
      <addaction name="actionFileExportObjectsHTTP"/>
+     <addaction name="actionFileExportObjectsIMF"/>
      <addaction name="actionFileExportObjectsSMB"/>
      <addaction name="actionFileExportObjectsTFTP"/>
     </widget>
@@ -1249,6 +1250,11 @@
     <string>&amp;HTTP…</string>
    </property>
   </action>
+  <action name="actionFileExportObjectsIMF">
+   <property name="text">
+    <string>&amp;IMF…</string>
+   </property>
+  </action>
   <action name="actionFileExportObjectsDICOM">
    <property name="text">
     <string>&amp;DICOM…</string>
diff --git a/ui/qt/main_window_slots.cpp b/ui/qt/main_window_slots.cpp
index 388ab77..f628aef 100644
--- a/ui/qt/main_window_slots.cpp
+++ b/ui/qt/main_window_slots.cpp
@@ -1876,6 +1876,11 @@ void MainWindow::on_actionFileExportObjectsHTTP_triggered()
     new ExportObjectDialog(*this, capture_file_, ExportObjectDialog::Http);
 }
 
+void MainWindow::on_actionFileExportObjectsIMF_triggered()
+{
+    new ExportObjectDialog(*this, capture_file_, ExportObjectDialog::Imf);
+}
+
 void MainWindow::on_actionFileExportObjectsSMB_triggered()
 {
     new ExportObjectDialog(*this, capture_file_, ExportObjectDialog::Smb);
Next by Date: Re: [Wireshark-dev] Problems with bitmasks and 64 bit values
Next by thread: Re: [Wireshark-dev] Problems with bitmasks and 64 bit values
Index(es):
- Date
- Thread