Wireshark
the world's foremost network protocol analyzer
Wireshark-dev: Re: [Wireshark-dev] [PATCH] Dissector hooks: Small and Simple additions
From: Shehjar Tikoo <shehjart@xxxxxxxxxxxxxxx>
Date: Fri, 02 Mar 2007 15:09:39 +1100
Hi Guy Harris wrote:
On Mar 1, 2007, at 4:57 PM, Shehjar Tikoo wrote:One drawback of a per-field hook could be that hooks which need a global view or state of the full message might not get access to the needed fields.Couldn't the private data passed to the hook be used to store the kind of state needed for that?
See my previous post in reply to Sebastien's message for this.
Also, can this be done with the existing tap mechanism, by searching for particular fields in the generated protocol tree?
hmmm..it seems possible since the edt passed to the tap callback does contain the tvbuff and pinfo which contain most of the state required here.
Note that the NFS dissector does not have a tap, which will have to be added there with the starting offset of the NFS request/reply as the tap specific data.
I'll look more into this approach. Regards Shehjar
- References:
- Re: [Wireshark-dev] [PATCH] Dissector hooks: Small and Simple additions
- From: Shehjar Tikoo
- Re: [Wireshark-dev] [PATCH] Dissector hooks: Small and Simple additions
- From: Guy Harris
- Re: [Wireshark-dev] [PATCH] Dissector hooks: Small and Simple additions
- Prev by Date: Re: [Wireshark-dev] [PATCH] Dissector hooks: Small and Simple additions
- Next by Date: [Wireshark-dev] User information in the packet
- Previous by thread: Re: [Wireshark-dev] [PATCH] Dissector hooks: Small and Simple additions
- Next by thread: Re: [Wireshark-dev] [PATCH] Dissector hooks: Small and Simple additions
- Index(es):