Fabiano Ricci <fabiano.ricci@...> writes: > > You can let the user configure the filter by preferences.
A preference is a good idea; however, it does require that the user manually change it to match the packets, and it doesn't allow for both big-endian and little-endian packets to be analyzed within the same capture file, which may or may not be important to you. Heuristics are sometimes unreliable though and sometimes [nearly to totally] impossible. If that's the case, then a preference is the way to go. On the other hand, if there is a more-or-less sure way to determine endian-ness by examining the data in the packets, then you remove the burden from the user as well as allow for the possibility of both big-endian and little-endian packets to be successfully analyzed in the same capture file without any problems. Of course, even if you do add heuristics to determine endian-ness, you could add a preference too, which could override the heuristics in the event that the heuristics got it wrong. Read more about heuristics in doc/README.heuristic. There are plenty of examples in the Wireshark sources too. - Chris ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
