Wireshark · Ethereal-dev: Re: [ethereal-dev] idea for a 'standard' way of handling unknown data

Ethereal-dev: Re: [ethereal-dev] idea for a 'standard' way of handling unknown data

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Gilbert Ramirez <gram@xxxxxxxxxx>

Date: Wed, 8 Dec 1999 17:53:28 -0600

On Wed, Dec 08, 1999 at 05:07:22PM -0600, Neulinger, Nathan R. wrote:
> 
> 
> What I would love to be able to do (for development purposes) is do a 
> filter
> of "unknown" and have it filter out all the packets that are deemed to be
> fully and correctly decoded.
> 
> It could be done by having a dissect_unknown() routine, or always adding a
> proto_tree item for "unknown". This would allow someone to quickly see what
> needs work. Things like unknown subprotocols, unknown ipx sockets (outside
> the dynamic ranges of course), etc. Just a thought.

Yes, that sounds very useful. Perhaps get rid of dissect_data() and provide
dissect_data_known() and dissect_data_unknown() for the new functionality, and
to find all the cases in the dissectors where dissect_data is used.

The print routines check for proto_data to determine where to start printing
a hex dump, so either both dissect_data_known() and dissect_data_unknown()
hav eto use proto_data and differentiate the "knownness" via another field,
or we'll have print.c hceck for a "proto_data_known" and "proto_data_unknown"
protocols.

--gilbert

Follow-Ups:
- Re: [ethereal-dev] idea for a 'standard' way of handling unknown data
  - From: Nathan Neulinger

Prev by Date: RE: [ethereal-dev] wiretap request - if it's not too much trouble
Next by Date: Re: [ethereal-dev] idea for a 'standard' way of handling unknown data
Previous by thread: [ethereal-dev] idea for a 'standard' way of handling unknown data
Next by thread: Re: [ethereal-dev] idea for a 'standard' way of handling unknown data
Index(es):
- Date
- Thread