How are you registering your "iwarp_ddp" dissector? You should have
something like:
proto_register_iwarp_ddp(...)
{
...
proto_iwarp_ddp = proto_register_protocol("IWARP DDP
FULL NAME", "IWARP_DDP", "iwarp_ddp");
...
}
Do you have this?
Other than that:
The dissector handle is used to pass to dissector_add(),
dissector_delete(), dissector_change(), ... [see epan/packet.h]. You
don't need it in your iwarp_ddp dissector handoff function if you're not
making any of those calls.
- Chris
-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Yves
Geissbuehler
Sent: Wednesday, September 19, 2007 8:14 AM
To: wireshark-dev@xxxxxxxxxxxxx
Subject: [Wireshark-dev] Questing: Calling a Subdissector
Hi all
Setting and problem
I have a student project to implement protocol support for iWarp in
Wireshark. Basically iWarp consists of the three protocols MPA (on
top of TCP, no specific port), DDP on top of MPA and RDMA on top of
DDP. I managed to write a basic MPA dissector which works (by reading
the available docs and looking at the source). I am stuck at the task
to call my DDP dissector once I have dissected MPA traffic. In the
GUI I only see MPA traffic, but no DDP. It looks like that my DDP
dissector is not used to dissect the MPA payload.
relevant code in packet-iwarp-mpa.c:
<other code of dissect_mpa omitted>
/* CASE: MPA FPDU */
if (tvb_length(tvb) >= SMALLEST_FPDU_LEN) /* minimal MPA FPDU */
{
if (!is_dissected && check_for_mpa_fpdu(tvb, pinfo))
{
tcp_dissect_pdus(tvb, pinfo, tree, TRUE, 2,
get_mpa_fpdu_message_len, dissect_mpa_fpdu);
next_tvb=tvb_new_subset(tvb, MPA_FPDU_HEADER_LEN, -1,
-1);
if(ddp_handle)
call_dissector(ddp_handle, next_tvb, pinfo,
tree);
is_dissected = TRUE;
}
return is_dissected;
}
} /* end of dissect_mpa */
proto_reg_handoff_mpa(void)
{
static gboolean initialized = FALSE;
if (!initialized) {
ddp_handle = find_dissector("iwarp_ddp");
heur_dissector_add("tcp", dissect_mpa, proto_mpa);
initialized = TRUE;
}
}
relevant code in dissect-iwarp-ddp.c:
proto_reg_handoff_iwarp_ddp(void)
{
static gboolean inited = FALSE;
if (!inited) {
dissector_handle_t iwarp_ddp_handle;
iwarp_ddp_handle = new_create_dissector_handle
(dissect_iwarp_ddp,
proto_iwarp_ddp);
//dissector_add("PARENT_SUBFIELD", ID_VALUE,
iwarp_ddp_handle);
inited = TRUE;
}
}
My questions:
- Is there any other protocol which is similar to the iWarp at which
I could look at (did not find any so far, or did not recognize it)
- What is really necessary to do further dissection for my scenario?
- What is the meaning/concept behind these dissector_handle_t types?
- How do I use dissector_add()? I understand that this is the way to
tell Wireshark that it should use this dissector_X if traffic_X comes
around.
In the above code, I uncommented the dissector_add in the DDP
handoff, since I simply do not understand how I could use it. And I
am also not really sure if I still need it since I explicitly call
the DDP dissector from the MPA dissector. If I should use it I guess
it should be something like this:
dissect_add("mpa", NO_VALUE, iwarp_ddp_handle);
But so far I did not figure out where I have to define
"PARENT_SUBFIELD" or "ID_VALUE"?
I would be happy to get any comments/explanations or pointers to doc
and/or source code.
Thank you.
Yves
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev
-----------------------------------------
This email may contain confidential and privileged material for the
sole use of the intended recipient(s). Any review, use, retention,
distribution or disclosure by others is strictly prohibited. If you
are not the intended recipient (or authorized to receive for the
recipient), please contact the sender by reply email and delete all
copies of this message. Also, email is susceptible to data
corruption, interception, tampering, unauthorized amendment and
viruses. We only send and receive emails on the basis that we are
not liable for any such corruption, interception, tampering,
amendment or viruses or any consequence thereof.
