Wireshark-dev: [Wireshark-dev] Advice on how to implement a dissector
From: Marc Petit-Huguenin <[email protected]>
Date: Fri, 06 May 2011 17:29:22 -0700
Hash: SHA1

I am currently working on improving the RELOAD dissector.

There is some parts of the protocol that cannot be parsed without knowing some
parameters (like the size of the Node-Id or the Kind-Id definitions).  One way
to solve this problem would be to add some parameters to the dissector (like we
did for the Node-ID), but it is cumbersome for the user of the dissector, as
there is a lot of these parameters, and anyway will not work in all cases (see

On the other hand, there is a good chance that all these parameters are already
available in the data been dissected, as they are carried in an XML document.
This document can be found in an HTTP response (with a soon to be assigned MIME
type) or can be sent in a RELOAD ConfigUpdateReq message.

So what I would like to do is to automatically prefill these parameters in the
dissector whenever this XML document is dissected.  Note that this is kind of
required by the RELOAD protocol, as the ConfigUpdateReq is in fact requesting a
RELOAD node to change these parameters dynamically (for example if the current
Node-ID is 16 bytes, but a ConfigUpdateReq is received ith a Node-Id length
equals to say 20, then all the subsequent message must be dissected with a
Node-Id length of 20).  Obviously if such mechanism is working, it would be then
easy to add a parameter in the dissector configuration page containing the path
to the initial configuration file, in case it is not provided in the packets to

So my question is: What is the best way to do this?


- -- 
Marc Petit-Huguenin
Personal email: [email protected]
Professional email: [email protected]
Blog: http://blog.marc.petit-huguenin.org
Version: GnuPG v1.4.11 (GNU/Linux)