Wireshark mailing list archives
Re: Problem writing a file dissector for vwr capture files
From: Michal Labedzki <michal.labedzki () tieto com>
Date: Wed, 2 Sep 2015 18:51:13 +0200
I have a plan to improve support of file-dissectors. Next step for me is change "Open" option to support both Capture (high priority) and Files-formats. Nothing new here, just add files support as captures are supported right now, something like Type in Open dialogs contains "All, All captures files, All file-format types, {capture with magic}, {capture heur}, {file with magic /* Aka "MIME File..."... now */}, {file heur}". I am back from holiday, so I will start work on that soon. PS. After Next step (aka Step #2), there is a plan for Step #3 and #4. On 30 August 2015 at 15:39, Hadriel Kaplan <the.real.hadriel () gmail com> wrote:
When you say "properly", you mean like so it can be submitted into master? I think the *right* thing is a much bigger change, and involves creating wiretype subtypes for each file-format reader type. But in the meantime you could wrap all your code in #ifdef so it's not normally compiled in, but when it is compiled in it's the last magic value and always succeeds. I believe (or at least hope) that the way the MIME files thing works right now is only a temporary hack. Ultimately we're not really opening a file as a MIME container, shouldn't be seeing the file's records inside of one big "MIME" frame but instead as independent frames, and shouldn't need magic values to match up at all. I should be able to tell wireshark to display a file in Format X, and it should do it or die trying. :) -hadriel On Sun, Aug 30, 2015 at 8:41 AM, Joerg Mayer <jmayer () loplof de> wrote:On Sun, Aug 30, 2015 at 07:53:09AM -0400, Hadriel Kaplan wrote:Did you add the magic info into the magic_files array in wiretap/mime_file.c? It looks like it's necessary.Ah, that was the part I was missing. Thanks! Of course now that I did look at it, it doesn't help me because the fileformatdoesn't really have a magic value. So how do I go about it properly? Thanks JörgOn Sun, Aug 30, 2015 at 4:22 AM, Joerg Mayer <jmayer () loplof de> wrote:I'm trying to write a file dissector for the IxVeriWave (.vwr)capture files(without loosing the ability to open said capture files normally ofcourse)and am failing: Running "tshark -X 'read_format:MIME Files Format' -V -rtestfile.vwr" (orthe equivalent steps in wireshark) results in tshark: The file "testfile.vwr" isn't a capture file in a formatTShark understands.Trying to just take over the complete capture file was alsounsuccessful.I've attached the current source of the dissector. Simple question:What amI missing ;-) In case you want to test, use the capture attached to bug 11464.-- Joerg Mayer <jmayer () loplof de> We are stuck with technology when what we really want is just stuff that works. Some say that should read Microsoft instead of technology.___________________________________________________________________________Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org ?subject=unsubscribe
-- Pozdrawiam / Best regards ------------------------------------------------------------------------------------------------------------- Michał Łabędzki, Software Engineer Tieto Corporation Product Development Services http://www.tieto.com / http://www.tieto.pl --- ASCII: Michal Labedzki location: Swobodna 1 Street, 50-088 Wrocław, Poland room: 5.01 (desk next to 5.08) --- Please note: The information contained in this message may be legally privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorised use, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank You. --- Please consider the environment before printing this e-mail. --- Tieto Poland spółka z ograniczoną odpowiedzialnością z siedzibą w Szczecinie, ul. Malczewskiego 26. Zarejestrowana w Sądzie Rejonowym Szczecin-Centrum w Szczecinie, XIII Wydział Gospodarczy Krajowego Rejestru Sądowego pod numerem 0000124858. NIP: 8542085557. REGON: 812023656. Kapitał zakładowy: 4 271500 PLN
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Re: Problem writing a file dissector for vwr capture files Michal Labedzki (Sep 02)