Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-dev: Re: [Ethereal-dev] Registering filter fields during dissection time

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Gerald Combs <gerald@xxxxxxxxxxxx>
Date: Wed, 06 Jul 2005 10:23:58 -0500
Dynamic filter fields would also make documentation more difficult.  The
ethereal-filter man page and display filter reference on the web site
would be incomplete, at least.

LEGO wrote:
> I discarded the idea of using DTDs from the XML data because it
> presented several security problems.
> 
> It is trivial to flood the dissector making it create tons of fake
> protocols and its hf_s, etts and its value_strings until the program
> crashes.
> 
> Every one able to send packets through the sniffer can easily add new
> fields with the older names and send packets that would match or avoid
> matching a specified filter.
> 
> And more...
> 
> The issue is do you realy want the behaviour of your dissector to
> change based on what people writes to the network?
> 
> For me, the answer is no, I don't. 
> 
> On 7/6/05, Fabrizio Bertocci <fabrizio@xxxxxxx> wrote:
> 
>>Senthil,
>>Probably I'm not the best person to answer this, but from my personal
>>experience the answer is NO.
>>The dissection routine is called several time, by registering several
>>times the field, you end up exhausting the memory pretty quick. The
>>registration phase need to be done only once.
>>I think what you should do is to register all the possible fields that
>>can appear in your protocol, then the dissector routine will fill up
>>only the one that will find in the dissected packet.
>>I've worked on the RTPS packet dissector and the RTPS packet doesn't
>>have all the fields registered, dynamically the dissector understand the
>>content and create the protocol tree. Not all the leaves are filled up.
>>
>>Fabrizio
>>
>>
>>Senthil Sundaram wrote:
>>
>>
>>>Hi,
>>>
>>>Is it possible to register filter fields from within your dissection
>>>routine?
>>>
>>>i.e proto_register_field_array() - can this be called from the
>>>dissection routines? Reason being, I dont know all the fields during
>>>the protocol registration time. I know most of the fields for my
>>>protocol during dissection time only. The payload for my protocol is
>>>in the form of type-length-value form, so the fields are discovered
>>>during dissection.
>>>
>>>This means the display filters have to be refreshed after the
>>>dissection is complete
>>>
>>>Is this possible?
>>>
>>>Thanks
>>>Senthil
>>>
>>>_______________________________________________
>>>Ethereal-dev mailing list
>>>Ethereal-dev@xxxxxxxxxxxx
>>>http://www.ethereal.com/mailman/listinfo/ethereal-dev
>>
>>
>>_______________________________________________
>>Ethereal-dev mailing list
>>Ethereal-dev@xxxxxxxxxxxx
>>http://www.ethereal.com/mailman/listinfo/ethereal-dev
>>
> 
> 
>
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube