ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] Dissecting multiple protocol headers in a single plugin

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Bob Doolittle <Robert.Doolittle@xxxxxxx>
Date: Tue, 03 Apr 2007 19:53:51 -0400
Guy Harris wrote:

Bob Doolittle wrote:


Looking at packet.c, it appears that the type of the HF name
I'm passing as the first arg doesn't map to an acceptable type,
but in fact I've declared that field with type FT_UINT8,
which should be fine.  Another possibility is that the
fields haven't been registered yet so aren't recognized (it
would be nice if this were a separate, distinguishable
assertion error :(), but I only call the proto_register_*
routine for the sub-layer after the proto_register_*
for the higher layer has returned successfully, so I'd expect
the fields to be registered at that point.
Another possibility is that the first argument to dissector_add() is the name of a dissector table, not the name of a field, even though dissector tables are often - but *NOT* always! - given the same name as a field whose value is used as the key for looking up entries in that dissector table.
That's the correct possibility. Dissector tables are not automatically created for fields; you need to create the dissector table explicitly with a call to register_dissector_table().
Thanks. My subdissector is now being called, and is updating the List window 
properly.  But for some odd reason the sub-protocol isn't appearing in the
Details window tree, and I'm handling it identically to how I handled the parent 
protocol, which is drawing properly.  I've verified that the proto has been
registered properly.  I've verified that the same tree is being
passed into the subdissector, and that it's making the proto_tree_add_item call 
for the proto in the parent tree, but it's not appearing.

Is there something special that has to occur for a single plugin to add two
separate protos to the tree?

Are there any good examples of dissectors in the wireshark source that add
multiple protocol layers to the tree?  Is this bad practice - should I be
using multiple plugins for multiple layers, and if so, how do I force them
to be initialized in the necessary order (e.g. so that the parent proto can
create the dissector table before the child proto adds itself :)?

Thanks, as always,
   Bob
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube