Wireshark-dev: Re: [Wireshark-dev] Dissecting pcapng local block types

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Martin Mathieson <martin.r.mathieson@xxxxxxxxxxxxxx>
Date: Thu, 2 Feb 2023 15:10:35 +0000
I am aiming to try, maybe this weekend.  My plan is to leave the 'darwin process' type in file-pcapng.c but make it register in the table, and also convert and move to a separate file one that I've written for the most complicated example (i.e. involves options) that I have.

Regards,
Martin

On Wed, Feb 1, 2023 at 8:58 AM Joakim <oakimk@xxxxxxxxx> wrote:
Hi,

if you manage to add a dissector table that would be great! I believe my company too will implement non-standard blocks so it would be very convenient to have it available.

//Joakim

On Sun, 29 Jan 2023 at 00:19, Martin Mathieson via Wireshark-dev <wireshark-dev@xxxxxxxxxxxxx> wrote:
I have 5 non-standardised/local block types that are in-use within my company, that are in the 'local' range  0x80000000-0xFFFFFFFF.

My first thought was to add a dissector table (pcapng.block-types ?) by 'Block Type Code' in file-pcapng.c, then have dissectors register by adding themselves to the table.

However, looking at the dissector code, it appears that just registering a dissector would not work well, and that there are several points where file-pcapng needs to reference block-type-specific information:

- a name to show for the block (currently fixed vals[] for standard block types)
- a callback function for handling the body of the block type
- options handling (another dissector callback and maybe vals[] ?)

So maybe the dissector for these types could register this information (per block id) in its handoff function, and file-pcapng.c would look up a table when handling entries in the 'local' range.  I do notice handling for BLOCK_DARWIN_PROCESS (0x80000001) is already built-in to file-pcapng.c...

Does this sound reasonable?

Regards,
Martin

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe