Hi Thanks for the response.
Guy Harris wrote: > On Feb 6, 2007, at 3:56 PM, Shehjar Tikoo wrote: > Note: anonymizing packets isn't what a dissector does; a dissector > dissects packets. If you want hooks to do anonymization that > understands particular protocols, the way to do that would be to add > hooks for anonymization, rather than trying to abuse the protocol > dissection mechanism and being then forced into adding more mechanism > to all ow that sort of abuse. Yes, its true that I was trying to abuse the dissector mechanism but hooks sound like a cleaner idea. > So what sort of hooks into the *existing* dissectors do you need in > order to do anonymization? Right now I am basically diverting each RPC message into a function that calls tcp_dissect_pdus to ensure my anonymizer gets a desegmented message, so in general a per-message hook sounds like what I need. One issue is, how to handle hooks which need desegmented messages but corresponding dissectors which can do without desegmentation. Though I can see this being resolved by executing the hook after the dissector with desegmentation pref enabled, in the case of RPC. That should ensure that the hook gets a desegmented message. The problem with this, is that the hook will not get called each time a dissector gets called, because the dissector has requested desegmentation and needs to return(..to the caller from the transport layer..), before it can hand over the tvbuff to the hook. I am not sure if such a behaviour will be acceptable in wireshark? I haven't thought much about how these hooks will effect other layers and dissectors because I haven't looked into them much. Thanks again Shehjar _______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev
