Wireshark mailing list archives

Re: epan_t and capture_file

From: Simon Barber <simon.barber () meraki net>
Date: Fri, 14 Apr 2017 14:02:23 -0700

The timeline needs to know whether every packet includes timing
information. If not, the timeline should be hidden. This is only determined
after all the packets have been through a first dissection pass.

On Thu, Apr 13, 2017 at 5:21 PM, Guy Harris <guy () alum mit edu> wrote:

On Apr 13, 2017, at 4:40 PM, Simon Barber <simon.barber () meraki net> wrote:

I ask because I am working out how to connect the wlan_radio dissector

with the wireless timeline UI code.

The answer to "how do I connect the XXX dissector with the YYY UI code?"
is "very indirectly", as in "the XXX dissector is not guaranteed to have
any particular UI code to depend on, so it can only throw out some data in
the hopes that the UI code will capture it".

That's what taps are for.  They provide data to a tap listener, which is
what does UI stuff with it (printing it, displaying it in a window, handing
it to a server, whatever).

Right now the only use of the data field in epan_t that I can find is as

a link to the capture_file. Also the only link from the
capture_file->window field is to the QT MainWindow, so in theory I can from
the dissector test if the window is set,

No, you can't.  You are not even guaranteed that there are any windows
other than the glass tube of the VT100 connected to the box on which you're
running TShark. :-)

(If I still had my VT100, I'd get a USB-to-serial converter, plug it into
my MacBook Pro, fire up a getty on the resulting serial port, hook up the
VT100, log in, and run TShark from it, just for the lulz.  Doing it with a
Model 33 Teletype would be even more fun, except that macOS's terminal
driver doesn't support all the delay options that a Model 33 requires.)

OK

No.

or should I find another way?


Yes.  What is it you're *really* trying to do (described at a high level
of the UI)?  What information does the timeline code need from the
dissector that's not currently supplied through the tap mechanism?
____________________________________________________________
_______________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=
unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

epan_t and capture_file Simon Barber (Apr 13)
- Re: epan_t and capture_file Guy Harris (Apr 13)
  - Re: epan_t and capture_file Simon Barber (Apr 13)
    - Re: epan_t and capture_file Guy Harris (Apr 13)
    - Re: epan_t and capture_file Simon Barber (Apr 14)
    - Re: epan_t and capture_file Guy Harris (Apr 14)
    - Re: epan_t and capture_file Guy Harris (Apr 14)
    - Re: epan_t and capture_file Michael Mann (Apr 14)
    - Re: epan_t and capture_file Guy Harris (Apr 14)
    - Re: epan_t and capture_file Michael Mann (Apr 14)