Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] Sub_dissectors assertion failed

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Scott <theerickson@xxxxxxxxx>
Date: Fri, 21 May 2010 19:42:30 -0600
On Fri, May 21, 2010 at 3:18 PM, Guy Harris <guy@xxxxxxxxxxxx> wrote:
So what protocols does your custom protocol run on top of?
 
For now the custom protocol is a dummy protocol that only contains a 32-bit int and rides on top of the IP protocol rider (*it*).  I got the custom protocol to show up in the packet detail window ok, although not how I expected..
 
> And what does dissector_try_port() do?  All I could tell is that it returns a gboolean.

It takes, as arguments:

       1) a handle for a dissector table that uses integral values as keys (it should really be dissector_try_uint(); the "port" is historical);

       2) an integral value to use to select a dissector from that dissector table;

       3) a tvbuff_t * that refers to a tvbuff with the data to be dissected by the selected dissector;

       4) a packet_info *, which should be the one the dissector calling dissector_try_port() was handed;

       5) a proto_tree *, which should be the one the dissector calling dissector_try_port() was handed.

When I called dissector_try_port() from the *it* IP rider protocol like this:
dissector_try_port(subdissector_table, hf_[type switch], next_tvb, pinfo, tree)

the dummy protocol didn't match correctly.  However, when I called it like this:
dissector_try_port(subdissector_table, pinfo->destport, next_tvb, pinfo, tree)

it matched fine.  This doesn't make a lot of sense to me (is it REALLY matching on the port?) because the dummy custom protocol does:
dissector_add("[*it*].[type]", [macro], test_handle), which doesn't seem to have anything to do with the port.
 
> I mean *any protocol that runs atop IP* can follow it.

Then you want to do what I suggested to find the right dissector for the following protocol - just get the "ip.proto" dissector table and use that.

Because the dummy protocol doesn't have a subdissectors table, the original IP rider protocol needs to call dissector_try_port() again to grab the dissectors for any protocols that may follow the dummy protocol (TCP, ICMP, etc.).  Here's the code I have:
/* dissector_try_port() call for the dummy protocol */

ip_dissector_table = find_dissector_table("ip.proto");
next_tvb = tvb_new_subset(next_tvb, [macro for dummy proto length], -1, -1);
dissector_try_port(ip_dissector_table, hf_[*it* field that is a copy of ip.proto's], next_tvb, pinfo, tree);

But I assume nothing is matching because no protocols show up after the dummy protocol in the packet details window.

-Scott
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube