> I built an icq dissector, just to see if it was easy. And, yes it
> is. Maybe you can add this to the tree, or you can just throw it away.
I chose the first of those two alternatives.
> It does the decoding of client v5 packets so far, but it does not yet
> display the different message formats (like CMD_LOGIN). That's for the
> time when I (or someone else) has an idea how to handle a
> zero-terminated string somewhere in the middle of a
> structure... <Sigh>
I.e., the structure has something like
fixed-length field A
fixed-length field B
variable-length '\0'-terminated string
fixed-length field D
in it?
If so, I'd be inclined to extract A and B, update the offset into the
packet to point to the first byte of the string, scan forward in the
packet for the '\0' (making sure that you don't run off the end of the
captured data in the packet), update the offset to refer to the first
byte after the '\0', and extract D from that offset.
I.e., don't overlay a structure on top of the packet (which probably
isn't a good idea anyway, given that the packet's payload isn't
guaranteed to be aligned on a nice boundary, so casting a pointer to
some offset into the packet to a pointer to a structure, and using that
pointer to extract stuff from the packet, can cause alignment faults
with processors that care about alignment, compilers that don't
generate paranoid code, and OSes that don't trap the alignment fault and
compensate - and even if you have one or more of those, there may be a
performance hit).
