Wireshark
the world's foremost network protocol analyzer
Wireshark-dev: Re: [Wireshark-dev] Generic Dissector
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Mon, 1 Dec 2008 21:44:35 -0800
On Nov 12, 2008, at 12:10 PM, wsgd wrote:
If you are interested, tell me.
It's definitely interesting, but it should ultimately not be a dissector - it should be a mechanism built into libwireshark, so that it's a standard feature of Wireshark and TShark.
The code to read and interpret those files should be in libwireshark, and, when Wireshark or TShark start up, they should scan a subdirectory of the Wireshark data directory, reading in the dissector files (for example, it should look for all .fdesc files and, for each file, try to open that file and the corresponding .wsgd file and read them).
The dissector_handle structure defined in epan/packet.h would have the "is_new" Boolean replaced by an enumerated type, with values for old- style compiled dissectors, new-style compiled dissectors, and interpreted dissectors; a new element in the "dissector" union would be added, which would point to a data structure that refers to all of the information read in from the .fdesc and .wsgd files.
call_dissector_work(), in epan/packet.h, would, for handles that refer to interpreted dissectors, run the interpreter.
- Follow-Ups:
- Re: [Wireshark-dev] Generic Dissector
- From: wsgd
- Re: [Wireshark-dev] Generic Dissector
- Prev by Date: [Wireshark-dev] buildbot failure in Wireshark (development) on Ubuntu-7.10-x86-64
- Next by Date: Re: [Wireshark-dev] Wireshark Menu development
- Previous by thread: [Wireshark-dev] Thoughts on Bug #2533: EBCDIC display for TN3270 packet
- Next by thread: Re: [Wireshark-dev] Generic Dissector
- Index(es):