Wireshark-bugs: [Wireshark-bugs] [Bug 8279] Add support for Android Logcat logs, text files and
Date: Mon, 21 Oct 2013 01:29:57 +0000

changed bug 8279

What Removed Added
Status UNCONFIRMED INCOMPLETE
Ever confirmed   1

Comment # 36 on bug 8279 from
So as per related discussions (most recently on bug #8818), I think the
approach we settled on for file dissection is to permit the dissectors (as
file-xxx.c), but *not* wiretap changes for files that are not actually related
to packet captures (the architecture for wiretap is a bit in flux but is moving
towards a format that will not be as useful for non-capture files).

Where that leaves this bug I am not sure. I think that adding dissectors for
simple text and binary types is entirely unnecessary, Wireshark's use is
primarily for structured data, so I would NACK those even if we were planning
unlimited support for file dissection.

Logcat appears to be useful structured data however, so a file-logcat.c seems
reasonable. Loading logcat files from wiretap is a NACK though, so you will
probably need to do some minor architectural work to get some sort of
file-dissector off the ground. This is probably as minor as another module in
the GUI (preferably the Qt one) and some simple hook to open raw binary files
and generated unstructured TVBs from them for passing into libwireshark.

To summarize: we are happy to let Wireshark serve as a base for file dissection
since file and packet dissection have many things in common. However, there are
some parts of Wireshark (such as wiretap and parts of the GUI layout) that are
designed specifically for packet dissection, so those components of file
dissection should go somewhere else. Those components can live alongside the
current code in our git/svn, but they need to be structurally separate or else
we will hit conflicts where file dissection needs one thing and packet
dissection needs another.

I hope this makes sense (and lines up with other devs' understandings, it's
been a while since we last discussed this in depth).

Apologies for the delay in communicating this,
Evan


You are receiving this mail because:
  • You are watching all bug changes.