On Dec 18, 2009, at 2:11 AM, Jan Gerbecks wrote: > ------------------------------------------------------------------------------------------------------------------------------------------------------------- > | FieldID 8bit | Length 16 bit | Data as specified in FieldId and > described by length | FieldID | Length | Data|--- | > -------------------------------------------------------------------------------------------------------------------------------------------------------------
This looks just like the common Type-Length-Value (TLV) format (http://en.wikipedia.org/wiki/Type-length-value ) used in protocols such as Cisco Discovery Protocol (CDP) and many others. Unfortunately, Wireshark does not have built-in routines for easily handling TLV data right now. Try looking at how the CDP dissector handles it (epan/dissectors/packet-cdp.c). Maybe others can suggest a better example dissector. > To dissect this correctly, I could obviously try to define the > maximum number of PNRP Ids in the hf_register_info hf[] Array but > that doesn't seem like a very elegant solution. > I had a look at the vnc dissector but it didn't quite solved the > same problem. Yeah.. As the writer of a lot of the VNC dissector, I would say that it's probably not a good example as the total length of the nested messages in VNC usually isn't known at the beginning of the message, so it's kind of a hack to get it to work at all :). Steve ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
