Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] [PATCH] Dissector hooks: Small and Simple additions

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Shehjar Tikoo <shehjart@xxxxxxxxxxxxxxx>
Date: Fri, 02 Mar 2007 13:11:42 +1100
Hi

Sebastien Tandel wrote:

Couldn't we pass one of the fields in the private data?


Firstly, within the per-field hook/callback, the knowledge about what
the current field is ,will be provided by the hfindex arg, assuming the
hook/callback gets called by one of the proto_tree_add functions and
that is according to my understanding of Guy's reply below.

Secondly, I don't think the hook/callback can be passed any data other
than what is passed as arguments to proto_tree_add_* because a private
data will require initialisation at the dissector level(..before calling
proto_tree_add_*..) and changing dissectors is not considered a good idea.

Regarding the NFS anonymizer, I am thinking of maintaining a global
structure that stores the state about the current Op being dissected. As
and when my per-field hooks are called, I'll keep adding the info from
the current field into this structure.Any other suggestions?

Regards
Shehjar







Regards, Sebastien Tandel




Guy Harris wrote:


On Feb 21, 2007, at 6:53 PM, Shehjar Tikoo wrote:
It brings in the dissector hooks feature discussed here a few weeks back. Its a small patch that includes basic infra for hooks and a sample hook for the NFS dissector.
Right now, the hook gets called(..using call_dissector_hooks()..) only for NFSv3 setattr call/reply but the intention is to call them in every message dissector function.
If so, perhaps the hooks should be attached to fields, rather than inserted into the code of particular dissectors. Having to 
 change *every* dissector would be a lot of work.
One drawback of a per-field hook could be that hooks which need a global view or state of the full message might not get access to the needed fields. For example, when two or more fields inside a single message need to be correlated in some way, though, I can get 
 around this for the NFS anonymizer hook.

Regards Shehjar
My inclination would be to have a list of fields with callback hooks - most of the time, the list would be empty, so this would, 
 I think, minimize the added overhead in the usual case - with an
entry in the list having the field's hf_ value, the callback routine, and the private data pointer to be passed to the callback. Whenever a field is added to the protocol tree, the list would be checked, and the hook called if the field in question is being added. 




There would be routines to register and unregister hooks.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube