["Simon Berthiaume" <zen_job@xxxxxxxxxxx>]

Hi, I was planning of building a dissector for a school project, but the (crappy) protocol I want to dissect has (at least) a little issue: it has not explicit "version" field. To determine the version the application has to guess based on the "type" and "length" fields. How should that be handled by the dissector if I wanted to display this version and/or allow filtering based on version? I quickly read through the whole readme.developer file, but found nothing for this specific kind of issue. Is there some kind of trick I could do using the proto_tree_add_XXX_hidden() functions and some "fake tvb" containing only the version number? Any ideas?

 

Another question, is there a way to make a dissector be called only when multiple conditions are met? This way I could make separate dissectors for each version/type combo of the variable length body part of the protocol I want to dissect. It would make each source file much less "crowded" and perhaps easier to extend the thing later-on than if I had to put everything in the same one (I know this is mostly cosmetic concern). Anyone has comments for or against this idea?

 

Thank you for your time, your understanding and your inputs.

 

 

Simon B.