Wireshark-bugs: [Wireshark-bugs] [Bug 9607] TFShark (Terminal FileShark)

Date: Tue, 31 Dec 2013 04:19:53 +0000

Comment # 6 on bug 9607 from
(In reply to comment #3)
> As discussed in the first and second links you provide,
> wiretap isn't the right way of loading files for
> fileshark/docshark/whatever. Different file formats will have totally
> different record types, sizes, layouts; some might not even have a
> record-based structure at all.

> For this reason, I think architecturally the
> right thing to do is to present the entire file as a single frame/tvb to
> libepan. This involves:
- implementing a really dumb file-backed TVB so the
> above doesn't require copying the whole file into memory
- replacing all the
> current wiretap stuff in tfshark with just new_file_based_tvb(filename) and
> dummy values for pretty much everything else
- creating some file-base.c or
> file-file.c to play the role packet-frame.c plays for packets (ie
> "dissecting" universal fields like the filename, providing a root heuristic
> dissector table etc.)

I like the idea of file-file.c as the "base dissector" for file dissection.

Trying to take the current patch farther, I tried to remove the dissector
source from "libepan" and link it with fileshark, but I'm not having much luck
(doing it quickly/easily).  Some of the issues have been outlined in
http://www.wireshark.org/lists/wireshark-dev/201312/msg00288.html.  Taking a
different approach of just trying to get the "minimum epan functionality" to
link with fileshark, there are still "dissector dependencies" in epan_init
(wslua needs register_frame_end_routine in packet-frame.c for starters)

Any suggestions on direction to take "libepan" to make this work?  Move
wslua_init (or anything else with dissector dependencies) outside of epan_init
(and probably epan_cleanup)?  Replace current calls to epan_init with
dissector_epan_init that wraps "common" epan_init with dissector specific epan
modules (for everything but fileshark)?


You are receiving this mail because:
  • You are watching all bug changes.