Re: Extending PCLI payload decoding

[Luke Mewburn <luke () mewburn net>]

On Tue, May 26, 2015 at 10:32:06AM -0400, mmann78 () netscape net wrote:
  |    Do you want to post your current progress to the existing review and I
  |    can take a look at it from there?  That's probably the easiest way to
  |    look at the "rough edges".  You definitely want a dissector table with
  |    type FT_UINT32 (not a string)

Done!

With what's in changeset 2, I can at least use the decode as
in Wireshark (with the aforementioned Qt issues on my Mac),
as well as in tshark if I specific pcli.payload==0. 
E.g. the pcap in bug 9266 can be decoded with:
  ./tshark -V -d udp.port==5001,pcli -d pcli.payload==0,eth -r bug9266.pcapng


As an aside, is it possible/sensible to match/couple the 'PCLI payload'
decode choice with the udp.port that selected PCLI?
I.e. use the udp.(dst)port as the pcli.payload choice in dissector_try_uint(),
so allowing different UDP ports be decoded as different PCLI payloads.
If a file has PCLI-as-Ethernet on port 3000 and PCLI-as-IP on port 4000;
  ./tshark \
        -d udp.port==3000,pcli -d pcli.payload==3000,eth \
        -d udp.port==4000,pcli -d pcli.payload==4000,ip ...

Or is that a silly idea?


thanks,
Luke.

Attachment: _bin
Description:

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe