Clarification about Pdml output
Aurélien Aptel
aaptel at suse.com
Mon Jul 1 13:49:19 UTC 2019
(this is regarding this year GSoC project on my smbcmp tool)
"P Mairo via samba-technical" <samba-technical at lists.samba.org> writes:
> Hello,
> I am working on using the tshark XML output to do better and deeper diffs
> (basically adding ways to let users add ignore rules). and I wonder if I
> may delete some fields by default mainly :
> pos - the starting offset within the packet data where this
> protocol starts
> size - the number of octets in the packet data that this protocol
> covers.
For now you can ignore those fields yes. Ideally if we implement a
mechanism to use user-provided rules to add/ignore things it can made as
a default ignore rule.
To dump the SMB packet tree to text from the XML structure you can
either:
- dump everything within the SMB node and have ignore rules (black
list approach)
- explicitely dump specific fields (white list approach)
Given the amount of fields to handle to cover all of SMB the black list
approach seems better to me. But it could also be a mix of both
e.g. dump everything for the header but for this sub-field only select
some things.
Depending on how what you use to parse the XML tree you might be able to
use XPath to select specific tags (to access the SMB node or specific
fields in it). XPath expressions are compact strings you can use to
access and return things in an XML tree. Think regex for XML.
https://en.wikipedia.org/wiki/XPath
Cheers,
--
Aurélien Aptel / SUSE Labs Samba Team
GPG: 1839 CB5F 9F5B FB9B AA97 8C99 03C8 A49B 521B D5D3
SUSE Linux GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany
GF: Felix Imendörffer, Mary Higgins, Sri Rasiah HRB 21284 (AG Nürnberg)
More information about the samba-technical
mailing list