I have a dissector. I dissect the content as delimited text. Sometimes the textual content has further meaning, but I only want to dissect it in further detail on a packet by packet basis and only if the user requests it on a specific packet.
The reason is that the detailed dissection requires extra information to be loaded and extra dissection processing. Is there any mechanism to expand a section only when requested? A trivial example:
v Header
Version: Release (1)
Length: 123
v Text
Prefix: A1
1: PHN001:0:::555-123-4567
2: NAM001:1:Smith:John
> Text Detail
If the “Text Detail” were expanded, then I could dissect the text area something like:
v Text Detail
1: Section: PHN001 Primary Phone
1a: Version: Release (1)
1b: International: false
1c: Country: empty
1d: Phone: 555-123-4567
2: Section: NAM001 Primary Name
2a: Version: Release (1)
2b: Last Name: Smith
2c: First Name: John
This is easy if the detail is simple, but if there are hundreds or thousands of sections and subsections, I would only want to dissect this in detail if the user “really” wanted it. The process could/should/would probably re-dissect the entire packet with a code that says “do depth n dissection”.
I would probably read in section and subsection codes and element names from a file. And whether detail dissection is globally available would be controlled from the Protocol Preferences (Do X, Do, Y, Don’t do Z), but only do detail dissection on a chosen packet.
Thank you,
Jay Turner