Wireshark-dev: Re: [Wireshark-dev] X11/GLX dissector
From: Max Lapan <[email protected]>
Date: Mon, 7 Aug 2006 19:46:43 +0400
On Sun, Aug 06, 2006 at 11:59:51PM -0700, Guy Harris wrote:
> Max Lapan wrote:
> > I'm intending to implement dissector for GLX protocol which is an
> > extension of X11. Could you give an advise how to better implement it
> > -- as a separate plugin or a patch to existing X11 dissector?
> As a separate dissector, regardless of whether it's a plugin or builtin 
> dissector.
> The best way to do it, in theory, would be to have the X11 dissector 
> export a dissector table for extensions.

Sorry, I'm new to wireshark internal interfaces, so, maybe, asking
newbie question. Did I guess right that to force heur_dissector_add()
to work, parent dissector must call register_dissector_table() at the
dissector registration stage and dissector_try_heruistic() during the
analisys stage?

If this is true, I don't think that it would be too complicated to add
such calls to existing X11 dissector when it catches unknown request
> Unfortunately, the only identifier for an extension that's global, 
> rather than, at least in theory, per-session (or per X server) is the 
> name of the extension, which is used only in the QueryExtension request; 
> that request returns a major opcode for the extension, used in requests 
> for that extension, but there's no guarantee that queries with the same 
> name will return the same major opcode in all requests.
> How were you proposing to recognize GLX requests (especially if your 
> network capture doesn't include the QueryExtension request)?

Yes, you're absolutely right. I didn't thought about that. Major
opcode returned by XQueryExtension is a dynamic value and depends from
load order of X11 server extension modules.

So, there is no solution 'in general'. But X11 dissector maintains
extensions table (which built according XQueryExtions replies).  Is
there standard way in Wireshark to 'publish' such table from dissector
module to others?

As you've noted, X11 extensions have more or less standard names, so
my module can query X11 dissector for GLX major_opcode value.

Max Lapan <[email protected]>, +7(0855)296471, ICQ: 233841810
PGP Fingerprint: 0C47 91E3 35BA 3E6D 64D5  5740 6F3C A37F C112 4765
HPC Architect/Administrator, Engineering Analysis Systems Department
JSC Saturn http://www.npo-saturn.ru

Attachment: signature.asc
Description: Digital signature