Re: Problem writing a file dissector for vwr capture files

[Michal Labedzki <michal.labedzki () tieto com>]

I have a plan to improve support of file-dissectors. Next step for me is
change "Open" option to support both Capture (high priority) and
Files-formats. Nothing new here, just add files support as captures are
supported right now, something like Type in Open dialogs contains "All, All
captures files, All file-format types, {capture with magic}, {capture
heur}, {file with magic /* Aka "MIME File..."... now */}, {file heur}". I
am back from holiday, so I will start work on that soon.

PS. After Next step (aka Step #2), there is a plan for Step #3 and #4.

On 30 August 2015 at 15:39, Hadriel Kaplan <the.real.hadriel () gmail com>
wrote:

> When you say "properly", you mean like so it can be submitted into
> master? I think the *right* thing is a much bigger change, and
> involves creating wiretype subtypes for each file-format reader type.
> But in the meantime you could wrap all your code in #ifdef so it's not
> normally compiled in, but when it is compiled in it's the last magic
> value and always succeeds.
>
> I believe (or at least hope) that the way the MIME files thing works
> right now is only a temporary hack. Ultimately we're not really
> opening a file as a MIME container, shouldn't be seeing the file's
> records inside of one big "MIME" frame but instead as independent
> frames, and shouldn't need magic values to match up at all. I should
> be able to tell wireshark to display a file in Format X, and it should
> do it or die trying. :)
>
> -hadriel
>
>
> On Sun, Aug 30, 2015 at 8:41 AM, Joerg Mayer <jmayer () loplof de> wrote:
> > On Sun, Aug 30, 2015 at 07:53:09AM -0400, Hadriel Kaplan wrote:
> > > Did you add the magic info into the magic_files array in
> > > wiretap/mime_file.c?  It looks like it's necessary.
> >
> > Ah, that was the part I was missing. Thanks!
> > Of course now that I did look at it, it doesn't help me because the file
> format
> > doesn't really have a magic value. So how do I go about it properly?
> >
> > Thanks
> >    Jörg
> >
> > > On Sun, Aug 30, 2015 at 4:22 AM, Joerg Mayer <jmayer () loplof de> wrote:
> > > > I'm trying to write a file dissector for the IxVeriWave (.vwr)
> capture files
> > > > (without loosing the ability to open said capture files normally of
> course)
> > > > and am failing:
> > > > Running  "tshark -X 'read_format:MIME Files Format' -V -r
> testfile.vwr" (or
> > > > the equivalent steps in wireshark) results in
> > > > tshark: The file "testfile.vwr" isn't a capture file in a format
> TShark understands.
> > > > Trying to just take over the complete capture file was also
> unsuccessful.
> > > > I've attached the current source of the dissector. Simple question:
> What am
> > > > I missing ;-)
> > > > In case you want to test, use the capture attached to bug 11464.
> >
> > --
> > Joerg Mayer                                           <jmayer () loplof de>
> > We are stuck with technology when what we really want is just stuff that
> > works. Some say that should read Microsoft instead of technology.
> ___________________________________________________________________________
> > Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> > Archives:    https://www.wireshark.org/lists/wireshark-dev
> > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> >              mailto:wireshark-dev-request () wireshark org
> ?subject=unsubscribe
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> Archives:    https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request () wireshark org
> ?subject=unsubscribe



-- 

Pozdrawiam / Best regards
-------------------------------------------------------------------------------------------------------------
Michał Łabędzki, Software Engineer
Tieto Corporation

Product Development Services
http://www.tieto.com / http://www.tieto.pl
---
ASCII: Michal Labedzki
location: Swobodna 1 Street, 50-088 Wrocław, Poland
room: 5.01 (desk next to 5.08)
---
Please note: The information contained in this message may be legally
privileged and confidential and protected from disclosure. If the reader of
this message is not the intended recipient, you are hereby notified that
any unauthorised use, distribution or copying of this communication is
strictly prohibited. If you have received this communication in error,
please notify us immediately by replying to the message and deleting it
from your computer. Thank You.
---
Please consider the environment before printing this e-mail.
---
Tieto Poland spółka z ograniczoną odpowiedzialnością z siedzibą w
Szczecinie, ul. Malczewskiego 26. Zarejestrowana w Sądzie Rejonowym
Szczecin-Centrum w Szczecinie, XIII Wydział Gospodarczy Krajowego Rejestru
Sądowego pod numerem 0000124858. NIP: 8542085557. REGON: 812023656. Kapitał
zakładowy: 4 271500 PLN

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe