Wireshark-dev: Re: [Wireshark-dev] Dissecting Objects

From: Stephen Fisher <stephentfisher@xxxxxxxxx>
Date: Tue, 30 Jan 2007 11:55:16 -0800
On Thu, Jan 25, 2007 at 02:30:43AM -0800, David Dugoujon wrote:

> I am writing a plugin for several protocols (Tier2 architecture) that 
> share common object types. I have to analyse these objects before I 
> can determine their size. I would like to know what is the best method 
> to dissect these objects.
> 
> * Do I need to write another dissectors for these objects? But how can 
> I be sure that the control will come back to the parent dissector and 
> how will I be informed about the new offset in tvb buffer?

How are these protocols different from each other?  If they can be 
differentiated by something like a port number then they can be separate 
dissectors.

> * Can I externalize the decoding function into a common file? But how 
> to handle hf_register_info correctly?

Sure, depending on the protocol format you could have separate 
dissectors and each having its own hf fields defined and registered but 
the common code for dissection shared between them.  I can give you a 
better idea of where to go once I know more about the protocols you're 
working with.


Steve