Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-dev: [Ethereal-dev] calling a new dissector from another new dissector

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Jonathan Margulies <jonmargulies@xxxxxxxxx>
Date: Fri, 30 Apr 2004 20:10:53 -0400
Hi,
I wrote a couple of new dissectors (FakeIP and FakeUDP) as part of a
separate project to simulate UDP packets. FakeUDP runs on FakeIP
(obviously), which in turn runs over real UDP. I got the FakeIP
dissector working fine and it gets called based on a UDP port. The
problem I'm having is in trying to register FakeUDP with FakeIP. I
basically copied the way I call subdissectors from the real UDP
dissector, and it compiles fine, but when I capture packets FakeIP
never hands anything off to FakeUDP (I can't even "Decode as" FakeUDP,
although FakeUDP does show up in the enabled protocols list). If I try
to register FakeUDP with another protocol, e.g. real UDP, it gets
called just fine, so I'll assume the problem is in the way I handle
calling subdissectors in FakeIP. I'd really love to know what I'm
doing wrong. Below are some code snippets I hope will help. Also, I'd
just like to make clear that I structured my files similarly to the
structure of the protocols I'm simulating, so the meat of FakeIP is in
packet-fip.c and the FIP header struct is in packet-fip.h (though
that's the only thing in packet-fip.h).

In packet-fip.c:
static void
dissect_fip(...
...
	/* call the next dissector */
	next_tvb = tvb_new_subset(tvb, hlen, MIN(fiph->ip_len - hlen,
tvb_length(tvb) - hlen),
		fiph->ip_len - hlen);

	call_dissector(data_handle, next_tvb, pinfo, tree);
}

void
proto_register_fip(void)
{
...
  proto_fip = proto_register_protocol("Fake Internet Protocol", "FIP", "fip");
  proto_register_field_array(proto_fip, hf, array_length(hf));
  proto_register_subtree_array(ett, array_length(ett));
  fip_dissector_table = register_dissector_table("fip.proto",
	    "FIP Protocol", FT_UINT8, BASE_DEC);
}

void
proto_reg_handoff_fip(void)
{
  dissector_handle_t fip_handle;

  fip_handle = create_dissector_handle(dissect_fip, proto_fip);
  data_handle = find_dissector("data");
  dissector_add("udp.port", UDP_PORT1_FIP, fip_handle);
  dissector_add("udp.port", UDP_PORT2_FIP, fip_handle);
}

AND at the bottom of fudp.c:
void
proto_reg_handoff_fudp(void)
{
  dissector_handle_t fudp_handle;

  fip_handle = find_dissector("fijshdf");

  fudp_handle = create_dissector_handle(dissect_fudp, proto_fudp);
  dissector_add("fip.proto", FIP_PROTO_FUDP, fudp_handle);
}

Thank you for your help,
Jonathan Margulies
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube