Wireshark-dev: Re: [Wireshark-dev] [Wireshark] Data bit by bit

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Wed, 22 Apr 2009 01:14:27 -0700

On Apr 22, 2009, at 1:07 AM, Guy Harris wrote:

...you would have a way in which, instead of the dissector handoff
calling a dissector procedure, it'd call your code, which would use
the parsed XML to control what to do.  Your code would be handed a
tvbuff containing the payload for your protocol (not the entire frame,
just the payload for your protocol).  You should then fetch individual
values from the protocol, under the control of the parsed XML, using
the existing tvb_get_ routines, or perhaps just the
proto_tree_add_item() routine.

You might want to look at the Wireshark Generic Dissector:

	http://wsgd.free.fr/

for an example of a mechanism to allow protocols to be described in Wireshark by a description language.

See also

	http://www.nbee.org/doku.php?id=netpdl:index

for an XML-based packet description language.