Wireshark
the world's foremost network protocol analyzer
Wireshark-dev: Re: [Wireshark-dev] [PATCH] Dissector hooks: Small and Simple additions
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Mon, 5 Mar 2007 15:12:08 -0800
On Mar 4, 2007, at 6:44 PM, Shehjar Tikoo wrote:
Thanks. I've been looking at the tap mechanism as a mechanism for the anonymizer and I see that we'll have to add calls to tap_queue_packet(..) in every packet-nfs.c:dissect_nfs_<messagetype> call to queue the message for the tap listener.
No, we won't.See, for example, the protocol hierarchy tap in tap-protohierstat.c. It attaches to the "frame" tap, which gets called after the "frame" dissector is finished; as that's the top-level dissector that "dissects" the packet time stamp and lengths, it's not finished until all dissection is complete, so the protocol tree is completely constructed at that point.
That tap's "packet" routine walks through the protocol tree.
- References:
- Re: [Wireshark-dev] [PATCH] Dissector hooks: Small and Simple additions
- From: Shehjar Tikoo
- Re: [Wireshark-dev] [PATCH] Dissector hooks: Small and Simple additions
- From: Guy Harris
- Re: [Wireshark-dev] [PATCH] Dissector hooks: Small and Simple additions
- From: Shehjar Tikoo
- Re: [Wireshark-dev] [PATCH] Dissector hooks: Small and Simple additions
- Prev by Date: Re: [Wireshark-dev] Plugin?
- Next by Date: Re: [Wireshark-dev] [patch] SDP key-mgmt + MIKEY dissectors
- Previous by thread: Re: [Wireshark-dev] [PATCH] Dissector hooks: Small and Simple additions
- Next by thread: Re: [Wireshark-dev] [PATCH] Dissector hooks: Small and Simple additions
- Index(es):