Wireshark · Ethereal-dev: Re: [Ethereal-dev] RFC: Feature candidate: Generic "Decode As..."

[Guy Harris <guy@xxxxxxxxxxxx>]

On Tuesday, July 1, 2003, at 3:53 PM, Guy Harris wrote:
> The GUI would change somewhat, as, instead of offering "Link", 
> "Network", and "Transport" tabs, it would have to offer each of the 
> dissector table/port pairs, along with a list of dissectors that can 
> be used with that table.  It also wouldn't allow specifying the source 
> *or* destination port or both for TCP or UDP unless we, for example, 
> had a "dissector_try_ports()" routine, taking two ports and checking 
> both (in the same way "decode_tcp_ports()" and "decode_udp_ports()" 
> do).

Note also that a dissector might have more than one protocol table, 
e.g. SCTP has dissector tables for the port numbers and the PPI (it 
first tries the PPI and then the port), and the IPX dissector has 
dissector tables for the socket number and the IPX packet type (it 
first tries the socket numbers and then the IPX type).

Perhaps we should have "dissector_try_port()" not actually call the 
subdissector, but record either a null pointer if no match is found or 
a dissector handle if one is found, and then have another routine that 
goes through the list of recorded matches and uses the first one, so 
that all possible matches get recorded in the stack mentioned in my 
previous message (at the same level) for the benefit of the GUI, and 
then another routine takes the first match from the list at the topmost 
level of the stack and uses it.