Hi, if you manage to add a dissector table that would be great! I believe my company too will implement non-standard blocks so it would be very convenient to have it available.
//Joakim On Sun, 29 Jan 2023 at 00:19, Martin Mathieson via Wireshark-dev < wireshark-dev@wireshark.org> wrote: > I have 5 non-standardised/local block types that are in-use within my > company, that are in the 'local' range 0x80000000-0xFFFFFFFF. > > My first thought was to add a dissector table (pcapng.block-types ?) by > 'Block Type Code' in file-pcapng.c, then have dissectors register by adding > themselves to the table. > > However, looking at the dissector code, it appears that just registering a > dissector would not work well, and that there are several points where > file-pcapng needs to reference block-type-specific information: > > - a name to show for the block (currently fixed vals[] for standard block > types) > - a callback function for handling the body of the block type > - options handling (another dissector callback and maybe vals[] ?) > > So maybe the dissector for these types could register this information > (per block id) in its handoff function, and file-pcapng.c would look up a > table when handling entries in the 'local' range. I do notice handling for > BLOCK_DARWIN_PROCESS (0x80000001) is already built-in to file-pcapng.c... > > Does this sound reasonable? > > Regards, > Martin > > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> > Archives: https://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-requ...@wireshark.org > ?subject=unsubscribe >
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
