Greetings,
I'm creating a Firebird (and Interbase) dissector, the current
dissector only tells me the opcode, but I need it for some automated
query logging, without capturing the complete packets. (And without
the hassle of looking up the query in the hex view)
The current dissector calls the protocol 'ib', but I wondered if this
is the best/preffered name. The name IANA gives it is 'gds_db', I use
it for my new dissector, but really, I don't know what it even stands
for ;) Possible other names are 'fb' or 'ib/fb', that give more credit
to the shared protocol between the 2 spinoffs.
I tend to go for gds_db, but I suppose others might not recognize the
packets when called this way.
Also I wonder about how to best display the information in the packets.
The first 4 bytes are the opcode for the packet, and it pretty much
describes the contents of the remaining packet. The packet is mostly a
flat binary list of information, and I wonder where to put that
information on the packet tree.
1. I might put the information in a flat style after the opcode.
2. I might make a subtree on the opcode, and put the information in there.
3. I might make a subtree on a node beneath the opcode.
The problem with 1 is that the packet tree for the firebird packet
looks almost completely different every time there is another opcode.
The problem with 2 is that the firebird packet tree has 1 node, witch
is a subtree, with more nodes.
And the problem with 3 is that the information in the opcode is
duplicated somewhat.
What is the best/preffered way to handle this?
--
Mvg
Môshe van der Sterre
http://www.moshe.nl/
http://www.coecu.nl/
