Wireshark-dev: Re: [Wireshark-dev] Adding libxml2 to my dissector
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: Fam Dijns <dijns@xxxxxxx>
Date: Mon, 10 May 2010 23:05:59 +0200
I tried to use the existing XML package. I started at square 1 for the XML
dissector. When looking to the wiki page of the XML dissector, I took this
DTD

<?wireshark:protocol protocol_name="this" media="application/this"
hierarchy="yes" ?>
<!DOCTYPE this [
  <!ELEMENT that (other|another|#PCDATA) >
  <!-- #PCDATA is assumed to be there even it isn't -->

  <!ATTLIST that 
     one CDATA #REQUIRED
     two CDATA #IMPLIED  >
  <!-- we don't care of #REQUIRED, #IMPLIED or other #THINGS  -->

  <!ELEMENT other (#PCDATA) >
  <!ELEMENT another (#PCDATA) >
]>

The Wiki says that it will create these filters

this
this.that
this.that.one
this.that.two
this.that.other
this.that.another

which is correct. But I got additional filters as well called “this.other”
and “this.anothor” which is not valid for the xml expected

<this>
   aaa
   <that one="bbb">
      ccc
      <other>ddd</other>
   </that>
   eee
</this>

As I understand the DTD correctly, the elements “other” and  “another” are
always a child of the element “that”.

In this case there are just two extra filters, but in my case it ends up
with a lot of unnecessary filters, which is confusing for the users.

And this is just filtering, the wiki says that not data checking is
available

Richard

-----Oorspronkelijk bericht-----
Van: luis.ontanon@xxxxxxxxx [mailto:luis.ontanon@xxxxxxxxx] Namens Luis EG
Ontanon
Verzonden: maandag 10 mei 2010 22:51
Aan: dijns@xxxxxxx
Onderwerp: Re: [Wireshark-dev] Adding libxml2 to my dissector

Why not you pass the buffer containing XML to wireshark's own xml dissector.
If you add the DTDs to the .../dtds directory the contents of the xml
will be filterable.


On Mon, May 10, 2010 at 10:42 PM, Fam Dijns <dijns@xxxxxxx> wrote:
> Hi
>
> I am developing my own dissector and it is going well till I am stocked by
> this problem. My protocol has XML in it and I want to check the XML data
> against a XSD.
>
> The dissector is a developed as a plugin and runs fine till I added the
> limxml2 library. Since I am running on the windows platform, I took the
> binary from ftp://ftp.zlatkovic.com/libxml/ and updated the nmake file. I
> added the include directory and the linking to the xmllib2.lib. The
> dissector compiles nicely and the dissector compiled dll is copied to the
> wireshark plugin directory.
> Now when I try to start wireshark I get the message 'couldn't load module
> ...'
>
> Is there anything to debug this, or does somebody know what I am doing
> wrong?
>
> Thanks in advance
>
> Richard
>
>
>
___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
>



-- 
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan