Comment # 6
on bug 9607
from Michael Mann
(In reply to comment #3)
> As discussed in the first and second links you provide,
> wiretap isn't the right way of loading files for
> fileshark/docshark/whatever. Different file formats will have totally
> different record types, sizes, layouts; some might not even have a
> record-based structure at all.
> For this reason, I think architecturally the
> right thing to do is to present the entire file as a single frame/tvb to
> libepan. This involves:
- implementing a really dumb file-backed TVB so the
> above doesn't require copying the whole file into memory
- replacing all the
> current wiretap stuff in tfshark with just new_file_based_tvb(filename) and
> dummy values for pretty much everything else
- creating some file-base.c or
> file-file.c to play the role packet-frame.c plays for packets (ie
> "dissecting" universal fields like the filename, providing a root heuristic
> dissector table etc.)
I like the idea of file-file.c as the "base dissector" for file dissection.
Trying to take the current patch farther, I tried to remove the dissector
source from "libepan" and link it with fileshark, but I'm not having much luck
(doing it quickly/easily). Some of the issues have been outlined in
http://www.wireshark.org/lists/wireshark-dev/201312/msg00288.html. Taking a
different approach of just trying to get the "minimum epan functionality" to
link with fileshark, there are still "dissector dependencies" in epan_init
(wslua needs register_frame_end_routine in packet-frame.c for starters)
Any suggestions on direction to take "libepan" to make this work? Move
wslua_init (or anything else with dissector dependencies) outside of epan_init
(and probably epan_cleanup)? Replace current calls to epan_init with
dissector_epan_init that wraps "common" epan_init with dissector specific epan
modules (for everything but fileshark)?
You are receiving this mail because:
- You are watching all bug changes.
