On 04/19/2011 05:31 AM, Guy Harris wrote:
On Apr 18, 2011, at 7:27 PM, Alex Lindberg wrote:
The protocol. It is a custom protocol used for some of my companies control equipment.
The structure of the protocol packet varies with the release version of the system. While there are may similarities between versions, the structures are different enough to have different sizes and makeup etc.
I could create separate dissectors for each version, but that seems like a lot of duplicate effort. By using an over loaded pointer, the coding would be much easier. I cannot create different complied version of the protocol, one for each version.
Or is it possible to delay the typing of a variable to runtime? In that case the type could be control by changing the "version" variable via the preferences during dissector initialization.
Many Wireshark dissectors don't use structures to dissect the packet - they just pull each field out with a proto_tree_add_item() call and/or fetch the value with tvb_get_ calls and put them into the tree with other proto_tree_add_ calls. A dissector written in that fashion could use common code for the common parts and use an if statement or a switch, and different code, for the parts that differ.
If I were writing the dissector, that's how I'd do it.
... and the main reason to do it like this is that wire encoding may be
different from the memory layout your compiler may create from the structures
you define in your C code. Endianness and alignment may all influence the way
you access data in memory, and may differ per platform you compile for. The wire
encoding OTOH must be the same all over, otherwise different platforms can't
communicate amongst themselves.
Thanks,
Jaap
