Wireshark mailing list archives

Re: Parsing variable length protocol trailer

From: "Maynard, Chris" <Christopher.Maynard () GTECH COM>
Date: Wed, 28 Apr 2010 15:30:32 -0400

Rather than allow the "Katamari" (as Guy once fittingly referred to pinfo as) to grow even more by my earlier quick 
suggestion of adding a field to indicate the number of bytes consumed by the sub-dissector, might there instead be some 
value in adding some new-style dissector_try_port/heuristic() functions that return the number of bytes dissected 
rather than simply TRUE or FALSE?

- Chris

-----Original Message-----
From: wireshark-dev-bounces () wireshark org [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of Stephen Fisher
Sent: Tuesday, April 27, 2010 8:09 PM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Parsing variable length protocol trailer

On Tue, Apr 27, 2010 at 12:22:14PM -0700, Edgar, Thomas wrote:

Is there a way to determine how many bytes the subdissectors actually 
used or how many bytes are left unused after a return from 
dissector_try_port/heuristic?


If you were using call_dissector(), which lets you call a 
(sub-)dissector after looking up its handle by name, it will return the 
number of bytes dissected for new style dissectors (see 
call_dissector_work in epan/packet.c) or the length of the tvbuff for 
old style dissectors.  New style dissectors are registered with 
new_create_dissector_handle().

As for dissector_try_port(), it only returns TRUE if the dissector was 
found and FALSE if it wasn't.  The dissector_try_heuristic() function 
works in a similar fashion, returning TRUE if the packet was accepted by 
a dissector and FALSE if not.


-- 
Steve
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
CONFIDENTIALITY NOTICE: The contents of this email are confidential
and for the exclusive use of the intended recipient. If you receive this
email in error, please delete it from your system immediately and 
notify us either by email, telephone or fax. You should not copy,
forward, or otherwise disclose the content of the email.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Parsing variable length protocol trailer Edgar, Thomas (Apr 27)
- Re: Parsing variable length protocol trailer Maynard, Chris (Apr 27)
- Re: Parsing variable length protocol trailer Stephen Fisher (Apr 27)
  - Re: Parsing variable length protocol trailer Maynard, Chris (Apr 28)
    - Re: Parsing variable length protocol trailer Guy Harris (Apr 28)