On Tue, May 26, 2015 at 10:32:06AM -0400, mmann78@xxxxxxxxxxxx wrote:
| Do you want to post your current progress to the existing review and I
| can take a look at it from there? That's probably the easiest way to
| look at the "rough edges". You definitely want a dissector table with
| type FT_UINT32 (not a string)
Done!
With what's in changeset 2, I can at least use the decode as
in Wireshark (with the aforementioned Qt issues on my Mac),
as well as in tshark if I specific pcli.payload==0.
E.g. the pcap in bug 9266 can be decoded with:
./tshark -V -d udp.port==5001,pcli -d pcli.payload==0,eth -r bug9266.pcapng
As an aside, is it possible/sensible to match/couple the 'PCLI payload'
decode choice with the udp.port that selected PCLI?
I.e. use the udp.(dst)port as the pcli.payload choice in dissector_try_uint(),
so allowing different UDP ports be decoded as different PCLI payloads.
If a file has PCLI-as-Ethernet on port 3000 and PCLI-as-IP on port 4000;
./tshark \
-d udp.port==3000,pcli -d pcli.payload==3000,eth \
-d udp.port==4000,pcli -d pcli.payload==4000,ip ...
Or is that a silly idea?
thanks,
Luke.
Attachment:
pgp4IQPFzOlY4.pgp
Description: PGP signature