Wireshark-dev: [Wireshark-dev] adding subdissector for my dissector?
From: warlord <[email protected]>
Date: Fri, 25 Jan 2008 00:04:16 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Hi

So I wrote a small dissector and got it to work. It's based on
WTAP_ENCAP3, so it shows the packet right from the start. For now I have
two fields which are specified in proto_register_mycode() and added in
dissect_mycode():

proto_tree_add_item(wrl_tree, hf_wrl_type, tvb, 0, 4, FALSE);
proto_tree_add_item(wrl_tree, hf_wrl_data, tvb, 4, -1, FALSE);

What I want next is a second dissector(end goal: many more) which I can
use to dissect the data field, based on the value of type. Do I need to
specify a subtree somehow so a different dissector can use it? Or can I
just write a second dissector and register it for hf_wrl_data(tested.
compiled, but ended in dumped core).

I do realize ethernet/IP/TCP and other have the same probleme. Digging
through heaps of code though, not knowing what to look for, I couldn't
determine how to do it.

So, do I need to add something to the main dissector so a second
dissector can be used to analyze one field of the main dissector(of the
packet)?

What is it called, do I add it in the proto_register_X() or the
dissect_X() code(or both), and is there an easy example(I couldnt find
one while checking out a bunch of files in the dissectors/ directory).

Cheers,

wrl





- --
dreaming in digital - living in realtime - thinking in binary - talking
in IP - welcome to our world

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHmRlv9A36oltxjVQRA/pMAJ4/+hxuC1BS4zUggaj+JRb9WB5wGACfWX+H
khE4EXlx+6B0AN08DZ+WHXw=
=H2/F
-----END PGP SIGNATURE-----