On Apr 28, 2010, at 12:30 PM, Maynard, Chris wrote:
> Rather than allow the "Katamari" (as Guy once fittingly referred to pinfo as) to grow even more by my earlier quick suggestion of adding a field to indicate the number of bytes consumed by the sub-dissector, might there instead be some value in adding some new-style dissector_try_port/heuristic() functions that return the number of bytes dissected rather than simply TRUE or FALSE?
Unfortunately, as I discovered when investigating having dissectors return number of bytes dissected *and* have that be an accepted/rejected indication, there are some cases where a dissector dissects zero bytes of packet data *but* accepts the packet. I'd have to dig a bit to remember when that happened. It might not matter with heuristic dissectors.
