Wireshark · Wireshark-dev: Re: [Wireshark-dev] supporting multiple versions of a protocol in one dissector (Was: (no subject))

Wireshark-dev: Re: [Wireshark-dev] supporting multiple versions of a protocol in one dissector

From: Jeff Morriss <jeff.morriss.ws@xxxxxxxxx>

Date: Fri, 25 Jul 2008 13:02:04 -0400



samyc@xxxxxxx wrote:

Hi all,
I'm trying to figure out if it is possible for wireshark to handle many versions
of the same protocol. Ex I wrote a plugin handling v1 of foo protocol, now this
protocol has evolved and I need to write a v2 plugin. is it possible for
wireshark to handle both version in the same session? that is without replacing
the fooPluginv1.dll fooPluginV2.dll?

This is most commonly done by updating the plugin/dissector to handleboth v1 and v2. The choice as to which version to decode a particularpacket as can be done heuristically (if you're so inclined) or by apreference. For an example see the M2PA dissector(epan/dissectors/packet-m2pa.c): it dissects versions 2, 6, and 12 ofthe M2PA draft based on a preference.

References:
- [Wireshark-dev] (no subject)
  - From: samyc

Prev by Date: [Wireshark-dev] (no subject)
Next by Date: Re: [Wireshark-dev] packet-dcm.c:960: warning: pointer type mismatch in conditional expression
Previous by thread: [Wireshark-dev] (no subject)
Next by thread: Re: [Wireshark-dev] (no subject)
Index(es):
- Date
- Thread