Ethereal-dev: Re: [ethereal-dev] Table-driven packet dissection?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: "Gilbert Ramirez Jr." <gram@xxxxxxxxxxxxxxxxxxx>
Date: Mon, 8 Feb 1999 15:54:32 -0600 (CST)
As Guy Harris said:
> 
> Is the idea that the offset into the packet, and the length, specifies a
> field in the packet, and the values are values for that field, with the
> dissect routine being the dissect routine to use if the field has that
> value?
> 
> If so, note that there may need to be a way to look at more than one
> field, and to do multiple tests ANDed or ORed together, to handle some
> heuristics (I suspect you'd have to do that for ONC RPC; I don't know
> what heuristic Sun's "snoop" uses to detect ONC RPC requests and
> replies, but the one I used in another program was:

yes, it is needed. Look at dissect_eth() and how it decides which dissect_ routines to
call.  It's a bit complicated. So are dissect_udp() and dissect_ipx().

--gilbert

-- 
Gilbert Ramirez                Voice:  +1 210 358 4032
Technical Services             Fax:    +1 210 358 1122
University Health System       San Antonio, Texas, USA