Wireshark mailing list archives
simpler dissector architecture for "line based" procotols?
From: mmann78 () netscape net
Date: Fri, 21 Oct 2011 15:22:44 -0400 (EDT)
After submitting patches for https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6446 (IMAP) https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6470 (SMTP) I started thinking that there probably is a more general solution to implementing filtering for "line based" protocols (dissectors that look for /r/n and then display each "line" as an "item") . There are more than a handful of protocols whose dissector has something close the following pseudo logic: while (tvb_offset_exists) { tvb_find_line_end(line_string) if (modern_dissector) proto_tree_add_item(line_string, ENC_ASCII|ENC_NA) else proto_tree_add_text(line_string) /* NOT FILTERABLE */ parse_tokens(tokens[], line_string) while (tokens[]) { if (modern_dissector) proto_tree_add_item(tokens[], ENC_ASCII|ENC_NA) else proto_tree_add_text(tokens[]) /* NOT FILTERABLE */ } } The protocols use what I consider "low level" tvb_ functions to accomplish all of the "string manipulation". Is there an easier way to accomplish this and the protocols (probably around since the Ethereal days) just haven't been updated? Most of the dissectors aren't big to begin with and obviously vary on port used (TCP/UDP) and filter names, but otherwise have very similar logic. Mike
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- simpler dissector architecture for "line based" procotols? mmann78 (Oct 21)
- Re: simpler dissector architecture for "line based" procotols? Stephen Fisher (Oct 21)