After submitting patches for
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6446 (IMAP)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6470 (SMTP)
I started thinking that there probably is a more general solution to
implementing filtering for "line based" protocols (dissectors that look for
/r/n and then display each "line" as an "item") . There are more than a
handful of protocols whose dissector has something close the following pseudo
logic:
while (tvb_offset_exists)
{
tvb_find_line_end(line_string)
if (modern_dissector)
proto_tree_add_item(line_string, ENC_ASCII|ENC_NA)
else
proto_tree_add_text(line_string) /* NOT FILTERABLE */
parse_tokens(tokens[], line_string)
while (tokens[])
{
if (modern_dissector)
proto_tree_add_item(tokens[], ENC_ASCII|ENC_NA)
else
proto_tree_add_text(tokens[]) /* NOT FILTERABLE */
}
}
The protocols use what I consider "low level" tvb_ functions to accomplish all
of the "string manipulation". Is there an easier way to accomplish this and
the protocols (probably around since the Ethereal days) just haven't been
updated? Most of the dissectors aren't big to begin with and obviously vary on
port used (TCP/UDP) and filter names, but otherwise have very similar logic.
Mike
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <[email protected]>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
