Wireshark · Wireshark-dev: Re: [Wireshark-dev] [PATCH] Dissector hooks: Small and Simple additions

Wireshark-dev: Re: [Wireshark-dev] [PATCH] Dissector hooks: Small and Simple additions

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Mon, 5 Mar 2007 15:12:08 -0800


On Mar 4, 2007, at 6:44 PM, Shehjar Tikoo wrote:

Thanks. I've been looking at the tap mechanism as a mechanism for the
anonymizer and I see that we'll have to add calls to
tap_queue_packet(..) in every packet-nfs.c:dissect_nfs_<messagetype>
call to queue the message for the tap listener.


No, we won't.

See, for example, the protocol hierarchy tap in tap-protohierstat.c.It attaches to the "frame" tap, which gets called after the "frame"dissector is finished; as that's the top-level dissector that"dissects" the packet time stamp and lengths, it's not finished untilall dissection is complete, so the protocol tree is completelyconstructed at that point.


That tap's "packet" routine walks through the protocol tree.

References:
- Re: [Wireshark-dev] [PATCH] Dissector hooks: Small and Simple additions
  - From: Shehjar Tikoo
- Re: [Wireshark-dev] [PATCH] Dissector hooks: Small and Simple additions
  - From: Guy Harris
- Re: [Wireshark-dev] [PATCH] Dissector hooks: Small and Simple additions
  - From: Shehjar Tikoo

Prev by Date: Re: [Wireshark-dev] Plugin?
Next by Date: Re: [Wireshark-dev] [patch] SDP key-mgmt + MIKEY dissectors
Previous by thread: Re: [Wireshark-dev] [PATCH] Dissector hooks: Small and Simple additions
Next by thread: Re: [Wireshark-dev] [PATCH] Dissector hooks: Small and Simple additions
Index(es):
- Date
- Thread