Wireshark-bugs: [Wireshark-bugs] [Bug 9607] TFShark (Terminal FileShark)

Date: Wed, 14 May 2014 21:38:06 +0000

changed bug 9607

What Removed Added
CC   [email protected]

Comment # 33 on bug 9607 from
Sorry Michael, I know you have done lot of work, but I don't follow your
filetap idea - and splitting into multiple records.

(File) Dissector must have whole file in tvb, otherwise we can't have common
dissector for files called from other protocol (http, ftp) and filetap.

That's why you can't split ELF file to multiple record and hope it'll still
work.

Unless you want to have multiple elf dissector - elf (entry for http)
elf-header, elf-section, and other.


This would *really* duplicate work (you must split into 'records' both in main
elf dissector & filetap) - and it involes lot of navigating by filetap-code &
dissector-code.



But...  I think we can have frame conception - using proto_tree.

root
|-- record 1 (header)
| |- foo
| \- bar
|- record 2 (segment #1)
|- record 3 (segment #2)
\- record 4 (footer)

wireshark will display it like normal proto tree (single packet).

fileshark UI can split such proto_tree to 4 packets:

- header 
- segment #1
- segment #2
- footer

and after clicking record, it'll display just proto_tree for that node.

It's enough for you?


You are receiving this mail because:
  • You are watching all bug changes.