Rather than allow the "Katamari" (as Guy once fittingly referred to pinfo as) to grow even more by my earlier quick suggestion of adding a field to indicate the number of bytes consumed by the sub-dissector, might there instead be some value in adding some new-style dissector_try_port/heuristic() functions that return the number of bytes dissected rather than simply TRUE or FALSE?
- Chris -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Stephen Fisher Sent: Tuesday, April 27, 2010 8:09 PM To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Parsing variable length protocol trailer On Tue, Apr 27, 2010 at 12:22:14PM -0700, Edgar, Thomas wrote: > Is there a way to determine how many bytes the subdissectors actually > used or how many bytes are left unused after a return from > dissector_try_port/heuristic? If you were using call_dissector(), which lets you call a (sub-)dissector after looking up its handle by name, it will return the number of bytes dissected for new style dissectors (see call_dissector_work in epan/packet.c) or the length of the tvbuff for old style dissectors. New style dissectors are registered with new_create_dissector_handle(). As for dissector_try_port(), it only returns TRUE if the dissector was found and FALSE if it wasn't. The dissector_try_heuristic() function works in a similar fashion, returning TRUE if the packet was accepted by a dissector and FALSE if not. -- Steve ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe CONFIDENTIALITY NOTICE: The contents of this email are confidential and for the exclusive use of the intended recipient. If you receive this email in error, please delete it from your system immediately and notify us either by email, telephone or fax. You should not copy, forward, or otherwise disclose the content of the email. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
