Hi all,
Shehjar Tikoo wrote:
Guy Harris wrote:
On Feb 6, 2007, at 3:56 PM, Shehjar Tikoo wrote:
Note: anonymizing packets isn't what a dissector does; a dissector
dissects packets. If you want hooks to do anonymization that
understands particular protocols, the way to do that would be to add
hooks for anonymization, rather than trying to abuse the protocol
dissection mechanism and being then forced into adding more mechanism
to all ow that sort of abuse.
Yes, its true that I was trying to abuse the dissector mechanism but
hooks sound like a cleaner idea.
So what sort of hooks into the *existing* dissectors do you need in
order to do anonymization?
Right now I am basically diverting each RPC message into a function that
calls tcp_dissect_pdus to ensure my anonymizer gets a desegmented
message, so in general a per-message hook sounds like what I need.
One issue is, how to handle hooks which need desegmented messages but
corresponding dissectors which can do without desegmentation. Though I
can see this being resolved by executing the hook after the dissector
with desegmentation pref enabled, in the case of RPC. That should ensure
that the hook gets a desegmented message.
The problem with this, is that the hook will not get called each time a
dissector gets called, because the dissector has requested
desegmentation and needs to return(..to the caller from the transport
layer..), before it can hand over the tvbuff to the hook. I am not sure
if such a behaviour will be acceptable in wireshark?
Or this could be divided into a pre- and post-dissector hook and let the
coder choose.
Shehjar
I haven't thought much about how these hooks will effect other layers
and dissectors because I haven't looked into them much.
Thanks again
Shehjar
