Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Enabling/disabling ANY heuristic dissector

From: mmann78 () netscape net
Date: Tue, 14 Jul 2015 07:23:21 -0400

I started looking at the long options, but I thought they also needed a corresponding mnemonic letter as well. I'll 
take a look at what you put in Gerrit.  Thanks for the head start!
 
 
-----Original Message-----
From: Jim Young <jyoung () gsu edu>
To: Developer support list for Wireshark <wireshark-dev () wireshark org>
Sent: Tue, Jul 14, 2015 1:13 am
Subject: Re: [Wireshark-dev] Enabling/disabling ANY heuristic dissector


  
Hey Michael, 
  
  
  
  
Are there are any mnemonic option letters available? 
  
  
  
  
   
Would use of long options be the appropriate solution in this case?  
  
  
  
  
  
A few years ago I had a need for some additional options for a hacked up version of tshark.  Because there were not 
enough sensible option letters available I ended up using long options.  This worked out great.   Most of these local 
long options were very specific to the problem at hand but I suspect the --disable-protocol <proto_name> option might 
be usable to others.  I've just pushed patch to gerrit (9631) to add --disable-protocol option to tshark.  Perhaps that 
patch might give you some ideas. 
  
  
  
  
Jim Y. 
  
  
  
     
    From: "   mmann78 () netscape net" <   mmann78 () netscape net>   
    Reply-To: "   wireshark-dev () wireshark org" <   wireshark-dev () wireshark org>   
    Date: Monday, July 13, 2015 8:27 PM   
    To: "   wireshark-dev () wireshark org" <   wireshark-dev () wireshark org>   
    Subject: Re: [Wireshark-dev] Enabling/disabling ANY heuristic dissector   
   
   
   
   
   
    
     
            
Command-line option sounds good, but it will probably take longer to figure out the option letter (how many do we have 
left?) than the functionality that does the enable/disable.  Suggestions for option "letter" to use?  Have we gone 
beyond just letters yet?  A letter for each enable and disable sounds a bit greedy, so many comma separate "short name" 
with 0 or 1 for enable/disable?  I also agree that enable/disable protocols for the command line option should be 
ephemeral, however IF they are launched from Wireshark and then the Enabled Protocol dialog is launched and then saved, 
the command line option behavior will then be saved to the heuristic dissector file. TShark never has the opportunity 
to make the change permanent.      
       
       
       
This should obviously be a separate patch from either the dialog or the preference removal.   I think the heuristic 
dialog is now ready for submittal (added the short name), but I have been hesitant about "dropping the hammer down" 
with the preference removal patch.  Having the command-line support before the preferences are removed should at least 
ease the transition.      
       
       
       
       
       
       
       
-----Original Message-----       
 From: Pascal Quantin <       pascal.quantin () gmail com>       
 To: Developer support list for Wireshark <       wireshark-dev () wireshark org>       
 Sent: Mon, Jul 13, 2015 10:03 am       
 Subject: Re: [Wireshark-dev] Enabling/disabling ANY heuristic dissector       
        
        
         
         
 Le 13 juil. 2015 3:32 PM, <         mmann78 () netscape net> a écrit :         

        
I thought somebody might complain about something like this, but I was more focused on the Wireshark (packet) 
context menu, where I was less inclined to make changes.  This however seems like a more valid use case to consider. 
 My question back would be - what "string" should be used by tshark?  The "display name" can have some undesirable 
characters in it from a command line perspective (ie probably require quotes), and the "internal" short name string 
isn't otherwise exposed for users to learn what is.         
Should the "short name" be exposed on the tabbed dialog so users can learn it to apply it to a (new) tshark option?  
       
         

         
I think we should expose the short name to users.          
 Preferences have their internal name displayed in a pop-up. We could either do the same, or have the internal name 
explicitly displayed in a column.          
 Should the enabled / disabled heuristic protocol given in the command line be ephemeral or persistent? I believe it 
should be the former, like the DL mapping value you can indicate manually in the command line and that does not get 
stored.         
         
Pascal.         
         

          
          
-----Original Message-----         
From: Pascal Quantin <         pascal.quantin () gmail com>         
To: Developer support list for Wireshark <         wireshark-dev () wireshark org>         
Sent: Mon, Jul 13, 2015 9:21 am         
Subject: Re: [Wireshark-dev] Enabling/disabling ANY heuristic dissector         
        
        
Le 13 juil. 2015 3:03 AM, <         mmann78 () netscape net> a écrit :         

        
With:         
          
         https://code.wireshark.org/review/9508/         
         https://code.wireshark.org/review/9610/         
(and already submitted           https://code.wireshark.org/review/9602/)         
          
I consider this "feature complete enough for now".  If Qt wants to provide a better "user interface" for 
"heuristics in general", it certainly has some flexibility to do so.  Unless there are major issues/comments, I'll 
submit in a few days (presuming all pass Petri-Dish)         

Hi Michael,         
Sorry I come late in the discussion. I do not have access to a computer right now so I cannot easily look at the 
patch (the latest Gerrit diff page is rather smartphone unfriendly) but is there a way to activate heuristic 
dissectors from tshark / wireshark command line? I use an external tool launching both programs with the right 
command line and it would be a real functionality loss if it could not be done anymore.          
Note that I consider your overall goal as a good achievement (it was frustrating not to be able to deactivate easily 
some weak heuristics) but I would dislike losing the ability to activate on demand a given heuristic that is 
deactivated by default for performance reasons.         
Pascal.         
          
        
___________________________________________________________________________         
Sent via:    Wireshark-dev mailing list <         wireshark-dev () wireshark org>         
Archives:              https://www.wireshark.org/lists/wireshark-dev         
Unsubscribe:           https://wireshark.org/mailman/options/wireshark-dev         
             mailto:         wireshark-dev-request () wireshark org?subject=unsubscribe         

         
        
        
         
___________________________________________________________________________
Sent
via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:   
https://www.wireshark.org/lists/wireshark-dev
Unsubscribe:
https://wireshark.org/mailman/options/wireshark-dev
            
mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
        
       
     
    
   
  

___________________________________________________________________________
Sent
via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:   
https://www.wireshark.org/lists/wireshark-dev
Unsubscribe:
https://wireshark.org/mailman/options/wireshark-dev
            
mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
 

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: