I have a plan to improve support of file-dissectors. Next step for me is
change "Open" option to support both Capture (high priority) and
Files-formats. Nothing new here, just add files support as captures are
supported right now, something like Type in Open dialogs contains "All, All
captures files, All file-format types, {capture with magic}, {capture
heur}, {file with magic /* Aka "MIME File..."... now */}, {file heur}". I
am back from holiday, so I will start work on that soon.PS. After Next step (aka Step #2), there is a plan for Step #3 and #4. On 30 August 2015 at 15:39, Hadriel Kaplan <the.real.hadr...@gmail.com> wrote: > When you say "properly", you mean like so it can be submitted into > master? I think the *right* thing is a much bigger change, and > involves creating wiretype subtypes for each file-format reader type. > But in the meantime you could wrap all your code in #ifdef so it's not > normally compiled in, but when it is compiled in it's the last magic > value and always succeeds. > > I believe (or at least hope) that the way the MIME files thing works > right now is only a temporary hack. Ultimately we're not really > opening a file as a MIME container, shouldn't be seeing the file's > records inside of one big "MIME" frame but instead as independent > frames, and shouldn't need magic values to match up at all. I should > be able to tell wireshark to display a file in Format X, and it should > do it or die trying. :) > > -hadriel > > > On Sun, Aug 30, 2015 at 8:41 AM, Joerg Mayer <jma...@loplof.de> wrote: > > On Sun, Aug 30, 2015 at 07:53:09AM -0400, Hadriel Kaplan wrote: > >> Did you add the magic info into the magic_files array in > >> wiretap/mime_file.c? It looks like it's necessary. > > > > Ah, that was the part I was missing. Thanks! > > Of course now that I did look at it, it doesn't help me because the file > format > > doesn't really have a magic value. So how do I go about it properly? > > > > Thanks > > Jörg > > > >> On Sun, Aug 30, 2015 at 4:22 AM, Joerg Mayer <jma...@loplof.de> wrote: > >> > I'm trying to write a file dissector for the IxVeriWave (.vwr) > capture files > >> > (without loosing the ability to open said capture files normally of > course) > >> > and am failing: > >> > Running "tshark -X 'read_format:MIME Files Format' -V -r > testfile.vwr" (or > >> > the equivalent steps in wireshark) results in > >> > tshark: The file "testfile.vwr" isn't a capture file in a format > TShark understands. > >> > Trying to just take over the complete capture file was also > unsuccessful. > >> > I've attached the current source of the dissector. Simple question: > What am > >> > I missing ;-) > >> > In case you want to test, use the capture attached to bug 11464. > > > > -- > > Joerg Mayer <jma...@loplof.de> > > We are stuck with technology when what we really want is just stuff that > > works. Some say that should read Microsoft instead of technology. > > > ___________________________________________________________________________ > > Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> > > Archives: https://www.wireshark.org/lists/wireshark-dev > > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > > mailto:wireshark-dev-requ...@wireshark.org > ?subject=unsubscribe > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> > Archives: https://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-requ...@wireshark.org > ?subject=unsubscribe > -- Pozdrawiam / Best regards ------------------------------------------------------------------------------------------------------------- Michał Łabędzki, Software Engineer Tieto Corporation Product Development Services http://www.tieto.com / http://www.tieto.pl --- ASCII: Michal Labedzki location: Swobodna 1 Street, 50-088 Wrocław, Poland room: 5.01 (desk next to 5.08) --- Please note: The information contained in this message may be legally privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorised use, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank You. --- Please consider the environment before printing this e-mail. --- Tieto Poland spółka z ograniczoną odpowiedzialnością z siedzibą w Szczecinie, ul. Malczewskiego 26. Zarejestrowana w Sądzie Rejonowym Szczecin-Centrum w Szczecinie, XIII Wydział Gospodarczy Krajowego Rejestru Sądowego pod numerem 0000124858. NIP: 8542085557. REGON: 812023656. Kapitał zakładowy: 4 271500 PLN
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
