I'm most of the way (I hope) through a tn3270 dissector. However I'm not
sure of the most acceptable way of doing a couple of things:
- Should I just make TN3270 a sub-dissector of telnet? So users
select 'decode as telnet' and get the tn3270 dissected implicitly? Or
should it have a separate 'decode as' entry? If the latter, I'm not sure
how I can call telnet as a 'super-dissector' or alternatively, avoid
duplicating code.
- The best way of recognizing a tn3270 session is through the 'terminal
type' telnet option at session negotiation. Browsing through other
dissector code I can't find a canonical way of storing information about a
given stream, other than possibly misusing the conversation api. I'm sure
I'm missing a trick. What is the standard way of recognizing that a packet
is from a stream previously identified as requiring a specific
sub-dissector?
Thanks!
Robert
