Wireshark-dev: Re: [Wireshark-dev] Registering protocol details

From: Paul Offord <Paul.Offord@xxxxxxxxxxxx>
Date: Sun, 7 Aug 2016 16:42:22 +0000

Hi Anders,

 

Ah – I understand.  I had asked Gerald about that at SF16 and he mentioned the ability to use other pcap-ng block types.  I’d like to do that in the future, but I don’t want to tackle it yet.  This wouldn’t overcome the problem I have anyway.

 

So going back to the original question, can I call function calls like proto_register_add_subtree and proto_register_add_item from with the dissect_foo function or do I have to make them from proto_register_foo?

 

Thanks and regards…Paul

 

From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Anders Broman
Sent: 07 August 2016 15:28
To: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
Subject: Re: [Wireshark-dev] Registering protocol details

 

Den 7 aug. 2016 1:11 em skrev "Paul Offord" <Paul.Offord@xxxxxxxxxxxx>:
>
> Hi Anders,
>
>  
>
> Thanks for the prompt reply.  I’ve read through exported_pdu.h and I don’t understand how this helps me.  Is there somewhere I can read more about using exported_pdu functions?
>
>  
>
> Thanks and regards…Paul

Instead of writing a fake Ethernet header You could write an exported pdu header.
I'm not sure that would help you but it gets rid of the faked layer and you can add meta data in the exported pdu section should you want to.

>
>  
>
> From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Anders Broman
> Sent: 07 August 2016 11:02
> To: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
> Subject: Re: [Wireshark-dev] Registering protocol details
>
>  
>
> Den 7 aug. 2016 11:25 fm skrev "Paul Offord" <Paul.Offord@xxxxxxxxxxxx>:
> >
> > Hi,
> >
> >  
> >
> > I’ve written a small program that converts web logs into pcap-ng files with a dummy Ethernet header
>
> You could use the exported pdu format
> See exported_pdu.h in epan directory. Should you need new tags for meta information those could be added.
> Regards
> Anders
>
> I’m now writing a dissector for the resulting pcap-ng file.  The problem is that the number and meaning of the “columns” in the log is not predictable – it depends on the web log format settings.  Therefore the first entry in the pcap-ng file contains the name of the field, a definition of the data type and the column position.  In the dissector, I read this first record and then set up an hf_register_info array.  That’s the background, now my question.
> >
> >  
> >
> > Can I make calls to proto_register_xxx functions in my dissector, or must they be made from proto_register_xxxx?
> >
> >  
> >
> > Thanks and regards…Paul
> >
> >
> > ______________________________________________________________________
> >
> > This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.
> >
> > Any views or opinions expressed are solely those of the author and do not necessarily represent those of Advance Seven Ltd. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission.
> >
> > Advance Seven Ltd. Registered in England & Wales numbered 2373877 at Endeavour House, Coopers End Lane, Stansted, Essex CM24 1SJ
> >
> > ______________________________________________________________________
> > This email has been scanned by the Symantec Email Security.cloud service.
> > For more information please visit http://www.symanteccloud.com
> > ______________________________________________________________________
> >
> > ___________________________________________________________________________
> > Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> > Archives:    https://www.wireshark.org/lists/wireshark-dev
> > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> >              mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
>
>
> ______________________________________________________________________
>
> This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.
>
> Any views or opinions expressed are solely those of the author and do not necessarily represent those of Advance Seven Ltd. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission.
>
> Advance Seven Ltd. Registered in England & Wales numbered 2373877 at Endeavour House, Coopers End Lane, Stansted, Essex CM24 1SJ
>
> ______________________________________________________________________
> This email has been scanned by the Symantec Email Security.cloud service.
> For more information please visit http://www.symanteccloud.com
> ______________________________________________________________________
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives:    https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe


______________________________________________________________________

This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.

Any views or opinions expressed are solely those of the author and do not necessarily represent those of Advance Seven Ltd. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission.

Advance Seven Ltd. Registered in England & Wales numbered 2373877 at Endeavour House, Coopers End Lane, Stansted, Essex CM24 1SJ

______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
______________________________________________________________________