Ethereal

Re: [ethereal-dev] Table-driven packet dissection?
Google
 
Web Ethereal.com

Home | Introduction | Documentation | Lists | FAQ | Development | Wiki | Bugs

Main Index | Thread Index | Mailing Lists | | Date Prev | Date Next | Thread Prev | Thread Next

Ethereal-dev: February 1999

 

As Guy Harris said:
> 
> Is the idea that the offset into the packet, and the length, specifies a
> field in the packet, and the values are values for that field, with the
> dissect routine being the dissect routine to use if the field has that
> value?
> 
> If so, note that there may need to be a way to look at more than one
> field, and to do multiple tests ANDed or ORed together, to handle some
> heuristics (I suspect you'd have to do that for ONC RPC; I don't know
> what heuristic Sun's "snoop" uses to detect ONC RPC requests and
> replies, but the one I used in another program was:

yes, it is needed. Look at dissect_eth() and how it decides which dissect_ routines to
call.  It's a bit complicated. So are dissect_udp() and dissect_ipx().

--gilbert

-- 
Gilbert Ramirez                Voice:  +1 210 358 4032
Technical Services             Fax:    +1 210 358 1122
University Health System       San Antonio, Texas, USA

Powered by MHonArc 2.6.10

Please send support questions about Ethereal to the ethereal-users[AT]ethereal.com mailing list.
For corrections/additions/suggestions for this web page (and not Ethereal support questions), please send email to ethereal-web[AT]ethereal.com.
Last modified: Fri, November 10 2006.
"Ethereal" and the "e" logo are registered trademarks of Ethereal, Inc.