Ethereal-dev: [Ethereal-dev] Re: -Tpdml segmentation fault

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <gharris@xxxxxxxxx>
Date: Sun, 17 Oct 2004 18:13:10 -0700
Michael Geisberger wrote:


With text format this works fine,
tethereal -T text -l -n -r\test\input -R "(gtp.message==0x10) and (frame.time)" -z proto,colinfo,ip,frame.time >>output but when I change the -T text to -T pdml, I get this segmentation error. 

The same thing happens if you replace it with "-V".
The problem is that, if we're not generating the columns - which we don't do in verbose mode ("-V") and which we don't do if we're generating PDML - taps such as the "proto,colinfo" tap that modify the columns won't work.
We'd need to have a way for a tap to specify that it requires that the columns be generated. 

Note, however, that
tethereal -T pdml -l -n -r\test\input -R "(gtp.message==0x10) and (frame.time)" -z proto,colinfo,ip,frame.time >>output
probably wouldn't do what you want - the "proto,colinfo" tap modifies the columns in non-verbose text mode, it has *NO* effect whatsoever on XML output, so if you want to "filter certain values and save them in XML format", that won't do it.
There's no mechanism in Ethereal to selectively write out, in XML format, only selected fields of a packet.
Perhaps we should, instead, have a way for a tap to ask whether the columns will be generated and written, and have the "proto,colinfo" tap report an error and exit if the user hasn't requested that the columns be generated, as the "colinfo" part of "proto,colinfo" indicates that the tap modifies the columns and is thus useless if the columns aren't being written.
If somebody wants a way to have selected fields written out in PDML format (rather than actually writing out PDML, which is specified: 

	http://analyzer.polito.it/30alpha/docs/dissectors/PDMLSpec.htm
to contain "all the most important information related to the protocols and the fields that are contained into the packet (e.g. the protocols, all the field names and their values, and more)."), that might be a useful option - but it's not "-z proto,colinfo", which is intended for other purposes. It might well be a useful replacement for many (most? all?) uses of "-z proto,colinfo", but that's another matter.