Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-dev: Re: [Wireshark-dev] How to add one dissector after adding one?

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: wsgd <wsgd@xxxxxxx>
Date: Thu, 01 Jan 2009 23:03:25 +0100

Hello,

foo2 register :

 dissector_add("foo1.<specific_field_for_subdissector>",
<value of foo1.<specific_field_for_subdissector> for which foo2 must be called>, 
               dissector_handle);


foo1 register (before register_dissector) :
dissector_table = register_dissector_table("foo1.<specific_field_for_subdissector>", "FOO1 <specific_field_for_subdissector>", FT_UINT8 or FT_UINT16 or ..., BASE_DEC); 

  register_heur_dissector_list("foo1",
                               &heur_subdissector_list);

foo1 handoff (necessary for decode_udp_ports) :

 data_handle = find_dissector("data");

foo1 dissect :
Call something "like" (you must make some modifications to match you needs) : 
 decode_udp_ports(tvb,
                         <offset of data for subdissector>,
                          pinfo,
                          tree,
                          <1st value of <specific_field_for_subdissector>>,
                          <2nd value of <specific_field_for_subdissector>>,
                          <size of data for subdissector>);

Olivier


Siva.S a écrit :

Hi,


   I have added one dissector (foo1) that comes after UDP. Now, I want
to add another dissector(foo2) that comes after "foo1".
Do "foo1" packets always include "foo2" packets (if they include any packet at all)? Or could they have "foo3" or "foo4" or... packets instead?
Thank you very much for your reply. Consider "foo1" packets always include "foo2" packets. I'll be happy if u explain me both the cases. 

Thanks & Regards,
Siva.S
------------------------------------------------------------------------

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe



--
Wireshark Generic Dissector http://wsgd.free.fr
  • Prev by Date: [Wireshark-dev] buildbot failure in Wireshark (development) on Ubuntu-7.10-x86-64
  • Next by Date: [Wireshark-dev] buildbot failure in Wireshark (development) on Windows-XP-x86
  • Previous by thread: [Wireshark-dev] buildbot failure in Wireshark (development) on Ubuntu-7.10-x86-64
  • Next by thread: [Wireshark-dev] buildbot failure in Wireshark (development) on Windows-XP-x86
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation