Wireshark-dev: Re: [Wireshark-dev] Adding new dissectors
From: Guy Harris <[email protected]>
Date: Fri, 13 Mar 2009 20:16:16 -0700
On Mar 11, 2009, at 10:52 PM, Rayne wrote:

I would like to know if adding a new dissector would require modifying/adding this dissector to the code of the dissector that may later call it.
In most cases, no.  That's why we do all that dissector-table and  
heuristic-dissector-list stuff we mentioned to you earlier.
For example, I was looking at packet-gtp.c, and in proto_re_handoff_gtp(), dissector_add() was used to add UDP and if neccessary, TCP. Looking at dissector_add(), it appears that it would call dissector_add_handle() to add GTP as a sub-dissector to UDP and/or TCP. All of this is done only in packet-gtp.c and not in packet-udp.c or packet-tcp.c.
If my reasoning is correct, am I right to say when I add a  
dissector, I need not modify the codes of the protocol layers below  
In most cases, yes.

For example in this case, if I were to add the GTP dissector, I only need to specify and add the layers below it (UDP and/or TCP) in its own code.

As for protocol layers above it, I would just use call_dissector whenever appropriate?
You would use whatever's appropriate for the dissector.  If the  
protocol layer has a field that you can use to select the next  
protocol layer, you'd use the routines that look up an unsigned  
integer or a string in a dissector table, rather than  
call_dissector().  If more complicated rules to determine what  
dissector to call are required, you might have to look up the  
dissectors in question by name and use call_dissector() - which might  
require that those dissectors be changed to register themselves by