Hi there,
I have an obscure protocol I am writing a dissector for. It relies on
the ip.id value set to a certain value (253) so I want to add my
dissector to that value:
void proto_reg_handoff_lusc(void) {
/* registriert das Protokoll samt CallBack fï¿œr den Dissector mit
Hinweisen auf die automatische Dekodierung */
static gboolean initialized = FALSE;
if (!initialized) {
lusc_handle = create_dissector_handle(dissect_lusc,
proto_lusc);
global_lusc_ipid_mark = 253;
dissector_add("ip.id", global_lusc_ipid_mark, lusc_handle);
}
}
I get an error while wireshark is initializing:
00:43:08 Err file packet.c: line 697 (dissector_add):
assertion failed: (sub_dissectors)
Aborted (core dumped)
If I read and understand the sources correct it seems that ip.id is not
a known dissector_table but how can I change that? Using "tcp.port"
gives the expected result so I am sure it has to do with "ip.id" being
used with dissector_add.
Can anyone solve my problem?
Thanks,
Lars
