Lange Jan-Erik <Jan-Erik.Lange@...> writes:
> Dependent on the value of a type field I want to dissect a packet with
protocol A or protocol B.
>
> Is this a typical application for the use of a heuristic dissector? Or how can
I realize the switch between the to protocolls?
A heuristic dissector is basically one that is handed a tvb and it must try to
guess whether the data contained within the tvb is relevant to that particular
dissector or not.
In this case, it doesn't sound to me like a heuristic dissector would apply.
Rather, if you have protocol X that contains a type field, such that when that
type field is a specific value, 'A' for instance, you always know that the
payload is protocol A, then you probably just want to directly call the
dissector for protocol A.
OK, so how?
1) In proto_reg_handoff_protoX(): protoA_handle = find_dissector("protoA");
2) In dissect_protoX(), when you evaluate your type field and find it to be 'A':
next_tvb = tvb_new_subset_remaining(tvb, offset); /* or tvb_new_subset() */
call_dissector(protoA_handle, next_tvb, pinfo, tree);
There are many examples of this in the Wireshark sources: packet-udp.c,
packet-tcp.c, ...
