Wireshark-dev: [Wireshark-dev] Advice on how to implement a dissector
From: Marc Petit-Huguenin <marc@xxxxxxxxxxxxxxxxxx>
Date: Fri, 06 May 2011 17:29:22 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I am currently working on improving the RELOAD dissector.

There is some parts of the protocol that cannot be parsed without knowing some
parameters (like the size of the Node-Id or the Kind-Id definitions).  One way
to solve this problem would be to add some parameters to the dissector (like we
did for the Node-ID), but it is cumbersome for the user of the dissector, as
there is a lot of these parameters, and anyway will not work in all cases (see
below).

On the other hand, there is a good chance that all these parameters are already
available in the data been dissected, as they are carried in an XML document.
This document can be found in an HTTP response (with a soon to be assigned MIME
type) or can be sent in a RELOAD ConfigUpdateReq message.

So what I would like to do is to automatically prefill these parameters in the
dissector whenever this XML document is dissected.  Note that this is kind of
required by the RELOAD protocol, as the ConfigUpdateReq is in fact requesting a
RELOAD node to change these parameters dynamically (for example if the current
Node-ID is 16 bytes, but a ConfigUpdateReq is received ith a Node-Id length
equals to say 20, then all the subsequent message must be dissected with a
Node-Id length of 20).  Obviously if such mechanism is working, it would be then
easy to add a parameter in the dissector configuration page containing the path
to the initial configuration file, in case it is not provided in the packets to
dissect.

So my question is: What is the best way to do this?

Thanks.

- -- 
Marc Petit-Huguenin
Personal email: marc@xxxxxxxxxxxxxxxxxx
Professional email: petithug@xxxxxxx
Blog: http://blog.marc.petit-huguenin.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk3EkmAACgkQ9RoMZyVa61fJAwCfdjaWK24Sk5XTdLc2x539GKgP
WVEAn1jvHZQ8aKiNvvr82QQq9240E8Xy
=OpH8
-----END PGP SIGNATURE-----