I would like to know if adding a new dissector would require
modifying/adding this dissector to the code of the dissector that
may later call it.
In most cases, no. That's why we do all that dissector-table and
heuristic-dissector-list stuff we mentioned to you earlier.
For example, I was looking at packet-gtp.c, and in
proto_re_handoff_gtp(), dissector_add() was used to add UDP and if
neccessary, TCP. Looking at dissector_add(), it appears that it
would call dissector_add_handle() to add GTP as a sub-dissector to
UDP and/or TCP. All of this is done only in packet-gtp.c and not in
packet-udp.c or packet-tcp.c.
If my reasoning is correct, am I right to say when I add a
dissector, I need not modify the codes of the protocol layers below
In most cases, yes.
For example in this case, if I were to add the GTP dissector, I only
need to specify and add the layers below it (UDP and/or TCP) in its
As for protocol layers above it, I would just use call_dissector
You would use whatever's appropriate for the dissector. If the
protocol layer has a field that you can use to select the next
protocol layer, you'd use the routines that look up an unsigned
integer or a string in a dissector table, rather than
call_dissector(). If more complicated rules to determine what
dissector to call are required, you might have to look up the
dissectors in question by name and use call_dissector() - which might
require that those dissectors be changed to register themselves by