Hi Abhik, Abhik Sarkar wrote: > Thanks for your help with this, for the explanation of the changes and > for including it in the code. I still have a lot to learn.
So did I, that's why it took me a while to rework your patch ;-) > I have just on concern... The Cisco allows the user to set the syslog > facility and severity when starting the debug. The values you saw were > the default values. Therefore, checking for LOCAL0/DEBUG only might > cause problems if the user chooses to select non-default values. > However, like you said, most syslog packets will not contain MSUs, so > it is important that we don't waste CPU cycles. I think it is best we > leave this check in, until someone complains :-) Hmm, well, it's not really saving that much CPU time, but I also suspect that the vast majority of people will leave the default value there so hopefully it won't matter. As you said, if it does, we can always change it later. (The only problem with that is if someone doesn't even know the feature is there because it doesn't automatically show up: in that case they won't know that they could complain and have it changed.) Anyway, we'll see... -J > On 2/1/07, Jeff Morriss <[EMAIL PROTECTED]> wrote: >> >> Abhik Sarkar wrote: >>>> I have also been trying to find out a way to get the syslog dissector >>>> to tells all subsequent dissectors that the byte array was generated >>>> and not present in the actual capture and hence to mark their protocol >>>> tree items using the PROTO_ITEM_SET_GENERATED macro, but have so far >>>> been unsuccessful. Perhaps you have some ideas on this. >> Thanks for the sample capture file. >> >> I reworked the code and checked it in as rev 20665. Here are some of >> the changes (and in some cases why I made them) in case you're interested: >> >> - put all the MSU functionality in a separate function in the syslog >> dissector >> - don't bother looking for the MSU unless the facility is LOCAL0 and the >> level is DEBUG (since syslog messages for most of the world aren't going >> to be from the ITP we can save some CPU time). Please let me know if >> you find that other facilities or levels are used by the ITP and I can >> adjust it as necessary. >> - don't use g_ascii_xdigit_value() as it's not available in Glib 1.2, >> instead use Wireshark's internal convert_string_to_hex() routine >> - call g_strfreev() on the result of g_strsplit() (the entire array >> needs to be freed) >> - don't use g_string_new() since gstrsplit() is already allocating new >> space for the string(s) >> - don't use ep_alloc_array() to allocate the backing data for the tvb >> but rather use the g_malloc()'d result from convert_string_to_hex(). >> Use tvb_set_free_cb() to free the backing data whenever Wireshark feels >> it's OK to free it. I think that will be a different time than when the >> ep_ memory would have been freed. >> - don't make the syslog dissector waste its time filling in the Info >> column if there's an MSU there (it would just be overwritten by MTP3 anyway) >> - added a (marked as generated) boolean to the syslog tree that shows >> that we found an SS7 MSU in the message. That's about all that can be >> done, I think. >> >> Thanks for your contribution! >> >> _______________________________________________ >> Wireshark-dev mailing list >> [email protected] >> http://www.wireshark.org/mailman/listinfo/wireshark-dev >> > _______________________________________________ > Wireshark-dev mailing list > [email protected] > http://www.wireshark.org/mailman/listinfo/wireshark-dev > > _______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev
