Wireshark-dev: Re: [Wireshark-dev] Dissector pipelines suggestion

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Tue, 6 Feb 2007 18:21:20 -0800

On Feb 6, 2007, at 3:56 PM, Shehjar Tikoo wrote:

Hi all

With regards to the NFS anonymizer that I am working on currently, I was
wondering, whether a feature like multiple dissectors for single
protocol would be a good idea.

Mainly, the idea is that there can be a pipeline or a queue of
dissectors for the same protocol but only one of them has the
capability/right/priority to update or access the wireshark/tshark UI.

No dissector has any right to do anything directly with the *shark UI; they only have the right to construct summary display information and protocol trees, and to register preferences and dissectors.

This particular UI-attached dissector could then either be
user-selectable or selected from the pipeline based on some other
conditions.

Why would you want to choose from one of multiple dissectors, instead of having a single dissector that does the right thing, or that has preferences to control what it does?

Note: anonymizing packets isn't what a dissector does; a dissector dissects packets. If you want hooks to do anonymization that understands particular protocols, the way to do that would be to add hooks for anonymization, rather than trying to abuse the protocol dissection mechanism and being then forced into adding more mechanism to all ow that sort of abuse.

So what sort of hooks into the *existing* dissectors do you need in order to do anonymization?