Wireshark-dev: Re: [Wireshark-dev] Handing off payloads to the TCP dissector?
From: Stephen Fisher <[email protected]>
Date: Mon, 11 Jul 2011 15:16:36 -0600
On Sun, Jun 19, 2011 at 01:59:21AM +0100, Tyson Key wrote:

> I'm currently in the process of writing a dissector for Apple's USBMUX 
> protocol (which encapsulates TCP frames with a non-IP-based 8 byte 
> header), as used by their seemingly ubiquitous iProduct family.

> Having looked at the IPv4 and TCP dissectors for inspiration, I 
> decided to add "*dissector_add_uint("usbmux.data", IP_PROTO_TCP, 
> tcp_handle);*"

That function is for adding an entry to a "uint dissector table" (see 
epan/packet.h) by the name of the first parameter.  So the usbmux.data 
dissector table would first have to exist.  That isn't quite what you 
need to do.

> Any thoughts from others who are more experienced with that portion of 
> the codebase?

You have TCP segments preceded by an 8 byte non-IP header, so you need 
to pass that portion of the tvbuff (starting at byte 9 until the end) to 
the TCP dissector.  The TCP dissector registers itself by name with the 
register_dissector("tcp"... call in epan/dissectors/packet-tcp.c, so all 
you need to do is look up that handle in your proto_reg_handoff_XXX 
function like so (even the tcp dissector looks itself up):

Make a global variable (not inside a function):

    dissector_handle_t tcp_handle;

Then in proto_reg_handoff_XXX():

    tcp_handle = find_dissector("tcp");

Then at the right point in your code - after you dissect those first 8 
bytes if possible, create a new tvbuff with the rest of the packet 
and pass it to the TCP dissector with something like this (untested but 
should be right):

  tvbuff_t *payload;
  payload_tvb = tvbuff_new_subset_remaining(tvb, 8);
  call_dissector(tcp_handle, payload_tvb, pinfo, tree);

Hope this helps.