From: "Brad Hards"
Sent: Sunday, September 29, 2002 8:24 PM
Subject: Re: [Ethereal-dev] SLPv2 support
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I've got some stylistic questions.
>
> It looks like the SLP support in ethereal has accumulated a lot of
bit-rot. I
> cannot test the SLPv1 support - don't know it currently works well, or
not.
> However if I convert SLPv2 across to the newer routines, it'd generally be
> better to make the SLPv1 stuff the same. Except that I can't test, and
might
> destablise the SLPv1 support. Is this OK with the current state of
ethereal?
>
> Do people normally in-line the dissector, or is considered better to write
> smallish parser routines and call them as needed?
Use your own judgement.
Bitmasks are almost always broken out as separate routines.
> > There are a lot of proto_tree_add_text() that just prints some text and
a
> > value from tvb_get_ntoh?().
> > It would be much better if these fields got their own hf_field of type
> > FT_UINT??,
> > then you could use proto_tree_add_item() instead and the fields could
also
> > be used in display filters since then they have names.
> > Please consider replacing all the proto_tree_add_text() with appropriate
> > hf_ and proto_tree_add_item() instead.
> Hmmm. Lots of work. What advantage does this provide to the user?
Display filter capability. For some it is a major win.
Click on a field in the ip layer, look at the bottom right text-box.
It puts a small blurb with an explanation for the field there and also the
display filter name of the field inside the ().
hf_fields makes it possible to filter for these fields as well as a short
explanation of the field.
click on a field which is generated by proto_tree_add_text(), no blurb text,
no filter name.
Yes it is a lot of work, but for someone that needs to filter it is the
difference between being able to filter or not.
>
> > At at least one place you extract a value in seconds in unix epoch and
then
> > use gmtime() to break it up before you use proto_tree_add_text() to
display
> > it.
> > A much nicer way is to use a FT_ABSOLUTE_TIME hf_field and use tha
> > appropriate function which will do all this for you.
> > Please see packet-smb.c or any other dissector using FT_ABSOLUTE_TIME
for
> > how to use it.
> Still to look at this.
Same as above, if you use FT_ABSOLUTE_TIME (which is a minor change since it
is only one field in the entire patch)
people can filter on this field,
they can do something like 'slp.boot_time>"1 Jan 2000 14:22"'
>
> Is there some "hackers guide to ethereal"? Or is just by example?
By example and the READMEs in the doc directory.