On 04/19/2011 05:31 AM, Guy Harris wrote:
On Apr 18, 2011, at 7:27 PM, Alex Lindberg wrote:
The protocol. It is a custom protocol used for some of my companies control
equipment.
The structure of the protocol packet varies with the release version of the
system. While there are may similarities between versions, the structures are
different enough to have different sizes and makeup etc.
I could create separate dissectors for each version, but that seems like a lot
of duplicate effort. By using an over loaded pointer, the coding would be much
easier. I cannot create different complied version of the protocol, one for
each version.
Or is it possible to delay the typing of a variable to runtime? In that case the type
could be control by changing the "version" variable via the preferences during
dissector initialization.
Many Wireshark dissectors don't use structures to dissect the packet - they
just pull each field out with a proto_tree_add_item() call and/or fetch the
value with tvb_get_ calls and put them into the tree with other proto_tree_add_
calls. A dissector written in that fashion could use common code for the
common parts and use an if statement or a switch, and different code, for the
parts that differ.
If I were writing the dissector, that's how I'd do it.
... and the main reason to do it like this is that wire encoding may be
different from the memory layout your compiler may create from the structures
you define in your C code. Endianness and alignment may all influence the way
you access data in memory, and may differ per platform you compile for. The wire
encoding OTOH must be the same all over, otherwise different platforms can't
communicate amongst themselves.
Thanks,
Jaap
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <[email protected]>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
