Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] Parsing variable length protocol trailer

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Maynard, Chris" <Christopher.Maynard@xxxxxxxxx>
Date: Wed, 28 Apr 2010 15:30:32 -0400
Rather than allow the "Katamari" (as Guy once fittingly referred to pinfo as) to grow even more by my earlier quick suggestion of adding a field to indicate the number of bytes consumed by the sub-dissector, might there instead be some value in adding some new-style dissector_try_port/heuristic() functions that return the number of bytes dissected rather than simply TRUE or FALSE?

- Chris

-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Stephen Fisher
Sent: Tuesday, April 27, 2010 8:09 PM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Parsing variable length protocol trailer

On Tue, Apr 27, 2010 at 12:22:14PM -0700, Edgar, Thomas wrote:

> Is there a way to determine how many bytes the subdissectors actually 
> used or how many bytes are left unused after a return from 
> dissector_try_port/heuristic?

If you were using call_dissector(), which lets you call a 
(sub-)dissector after looking up its handle by name, it will return the 
number of bytes dissected for new style dissectors (see 
call_dissector_work in epan/packet.c) or the length of the tvbuff for 
old style dissectors.  New style dissectors are registered with 
new_create_dissector_handle().

As for dissector_try_port(), it only returns TRUE if the dissector was 
found and FALSE if it wasn't.  The dissector_try_heuristic() function 
works in a similar fashion, returning TRUE if the packet was accepted by 
a dissector and FALSE if not.


-- 
Steve
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
CONFIDENTIALITY NOTICE: The contents of this email are confidential
and for the exclusive use of the intended recipient. If you receive this
email in error, please delete it from your system immediately and 
notify us either by email, telephone or fax. You should not copy,
forward, or otherwise disclose the content of the email.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube