On Sat, Aug 26, 2000 at 05:19:17PM +0930, Glen Turner wrote:
> Gilbert_Ramirez@xxxxxxxxxx wrote:
> >
> > There needs to be a singular dialogue for all port assignments for all
> > protocols. It's beyond the scope of an individual dissector or set of
> > dissectors.
>
> A lot of packet decoders do this through the packet filtering
> interface.
>
> Condition: ip.tcp.port == 80
> Action: Accept
> Decoder: HTTP
No, only the tcp and udp dissector utilize the display filter interface
for calling plugins.
> Under the hood, the code for TCP decoding also contains the
> pointers to the (common) filtering modules. For sparse scalars
> like port, that tends to be implemented as an ordered array of
> { port, *action, *decoder }
> which is searched using a binary search. The decoder can select
> the filtering module that is the best fit for each variable.
Theese "hand-off" routines (based on "port", or whatever concept the
particular protocol has) are handled in packet.c. When a protocol registers
itself with the handoff routines (proto_reg_handof_*()), they use a
string which *resembles* the parent protocol's field name as represented
by our display filter syntax, but it's actually not the same namespace.
This is best seen via the registration functions for packet-vlan.c,
packet-snmp.c, and others. They use a string called "ethertype" which is
not tied to any particual protocol field, but to various protocol's fields
which represent "ethertype" (like in ethernet, llc, null, and vlan).
Anyway, it's these "hand-off" tables which should be manipulated by a GUI.
--gilbert