Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] [Wireshark] Data bit by bit

From: yami <yamisoe@xxxxxxxxx>
Date: Thu, 23 Apr 2009 19:51:29 +0800
Microsoft Network Monitor [1] also uses a kind of packet description language. And a lot of such scripts are shipped with the binary.

Perhaps, you can take a look at it too.

[1] http://blogs.technet.com/netmon/

On Wed, Apr 22, 2009 at 4:23 PM, POINTEAU Remy <Remy.POINTEAU@xxxxxxxxxxxxxxxx> wrote:
Thank you for your help, I will try this way. I'll come back later if i've got problems.

Thank you.

Rémy

-----Message d'origine-----
De : wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx]De la part de Guy Harris
Envoyé : mercredi 22 avril 2009 10:07
À : Developer support list for Wireshark
Objet : Re: [Wireshark-dev] [Wireshark] Data bit by bit



On Apr 22, 2009, at 12:25 AM, POINTEAU Remy wrote:

> This project should allow Wireshark to dissect packets whose format
> is defined by an XML file.

I.e., you want a mechanism by which Wireshark can have dissectors that
aren't implemented as compiled C code.

Therefore...

> For the moment, I parse the XML file, I extract the information and
> I create the treeview. Now, I need to get the frame and dissect it
> with my XML.

...you would have a way in which, instead of the dissector handoff
calling a dissector procedure, it'd call your code, which would use
the parsed XML to control what to do.  Your code would be handed a
tvbuff containing the payload for your protocol (not the entire frame,
just the payload for your protocol).  You should then fetch individual
values from the protocol, under the control of the parsed XML, using
the existing tvb_get_ routines, or perhaps just the
proto_tree_add_item() routine.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe