Wireshark · Wireshark-dev: Re: [Wireshark-dev] Problem writing a file dissector for vwr capture files

Wireshark-dev: Re: [Wireshark-dev] Problem writing a file dissector for vwr capture files

From: Michal Labedzki <michal.labedzki@xxxxxxxxx>

Date: Wed, 2 Sep 2015 18:51:13 +0200

I have a plan to improve support of file-dissectors. Next step for me is change "Open" option to support both Capture (high priority) and Files-formats. Nothing new here, just add files support as captures are supported right now, something like Type in Open dialogs contains "All, All captures files, All file-format types, {capture with magic}, {capture heur}, {file with magic /* Aka "MIME File..."... now */}, {file heur}". I am back from holiday, so I will start work on that soon.

PS. After Next step (aka Step #2), there is a plan for Step #3 and #4.

On 30 August 2015 at 15:39, Hadriel Kaplan <the.real.hadriel@xxxxxxxxx> wrote:

When you say "properly", you mean like so it can be submitted into
master? I think the *right* thing is a much bigger change, and
involves creating wiretype subtypes for each file-format reader type.
But in the meantime you could wrap all your code in #ifdef so it's not
normally compiled in, but when it is compiled in it's the last magic
value and always succeeds.

I believe (or at least hope) that the way the MIME files thing works
right now is only a temporary hack. Ultimately we're not really
opening a file as a MIME container, shouldn't be seeing the file's
records inside of one big "MIME" frame but instead as independent
frames, and shouldn't need magic values to match up at all. I should
be able to tell wireshark to display a file in Format X, and it should
do it or die trying. :)

-hadriel

On Sun, Aug 30, 2015 at 8:41 AM, Joerg Mayer <jmayer@xxxxxxxxx> wrote:
> On Sun, Aug 30, 2015 at 07:53:09AM -0400, Hadriel Kaplan wrote:
>> Did you add the magic info into the magic_files array in
>> wiretap/mime_file.c? It looks like it's necessary.
>
> Ah, that was the part I was missing. Thanks!
> Of course now that I did look at it, it doesn't help me because the file format
> doesn't really have a magic value. So how do I go about it properly?
>
> Thanks
> Jörg
>
>> On Sun, Aug 30, 2015 at 4:22 AM, Joerg Mayer <jmayer@xxxxxxxxx> wrote:
>> > I'm trying to write a file dissector for the IxVeriWave (.vwr) capture files
>> > (without loosing the ability to open said capture files normally of course)
>> > and am failing:
>> > Running "tshark -X 'read_format:MIME Files Format' -V -r testfile.vwr" (or
>> > the equivalent steps in wireshark) results in
>> > tshark: The file "testfile.vwr" isn't a capture file in a format TShark understands.
>> > Trying to just take over the complete capture file was also unsuccessful.
>> > I've attached the current source of the dissector. Simple question: What am
>> > I missing ;-)
>> > In case you want to test, use the capture attached to bug 11464.
>
> --
> Joerg Mayer <jmayer@xxxxxxxxx>
> We are stuck with technology when what we really want is just stuff that
> works. Some say that should read Microsoft instead of technology.
> ___________________________________________________________________________
> Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives: https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe


	Pozdrawiam / Best regards ------------------------------------------------------------------------------------------------------------- Michał Łabędzki, Software Engineer Tieto Corporation Product Development Services http://www.tieto.com / http://www.tieto.pl --- ASCII: Michal Labedzki location: Swobodna 1 Street, 50-088 Wrocław, Poland room: 5.01 (desk next to 5.08) --- Please note: The information contained in this message may be legally privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorised use, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank You. --- Please consider the environment before printing this e-mail. --- Tieto Poland spółka z ograniczoną odpowiedzialnością z siedzibą w Szczecinie, ul. Malczewskiego 26. Zarejestrowana w Sądzie Rejonowym Szczecin-Centrum w Szczecinie, XIII Wydział Gospodarczy Krajowego Rejestru Sądowego pod numerem 0000124858. NIP: 8542085557. REGON: 812023656. Kapitał zakładowy: 4 271500 PLN

Prev by Date: Re: [Wireshark-dev] Npcap 0.04 call for test
Next by Date: [Wireshark-dev] tvb_captured_length or tvb_reported_length?
Previous by thread: Re: [Wireshark-dev] Integrating the HAPViewer code.
Next by thread: [Wireshark-dev] tvb_captured_length or tvb_reported_length?
Index(es):
- Date
- Thread