ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] Need help with dissector

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Anders Broman <anders.broman@xxxxxxxxxxxx>
Date: Mon, 19 May 2014 15:07:18 +0000

-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Yan Burman
Sent: den 19 maj 2014 15:51
To: wireshark-dev@xxxxxxxxxxxxx
Subject: [Wireshark-dev] Need help with dissector

Hi,

I am trying to write a dissector for iSER (iSCSI extenstions for RDMA).
I need to be able to at least do "decode as" iser for data in a certain connection.
I started by writing a simple skeleton based on wireshark documentation, and I see the plugin I compiled in the info page when starting wireshark.
The problem is that I do not see it in the "decode as" list. (I don't see iSCSI as well).
Please tell me what am I doing wrong (or at least point me at the relevant documentation for that?

My code is extremely simple at this point:

#include "config.h"

#include <epan/packet.h>

static int proto_iser = -1;

static void
dissect_iser(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) {
    col_set_str(pinfo->cinfo, COL_PROTOCOL, "iSER");
    /* Clear out stuff in the info column */
    col_clear(pinfo->cinfo, COL_INFO);
}

void
proto_reg_handoff_iser(void)
{
    static dissector_handle_t iser_handle;

    iser_handle = create_dissector_handle(dissect_iser, proto_iser); }

void
proto_register_iser(void)
{
    proto_iser = proto_register_protocol (
        "iSCSI Extensions for RDMA", /* name       */
        "iSER",      /* short name */
        "iser"       /* abbrev     */
        );
}


Thanks a lot,
Yan

You need to arrange that your dissector gets called somehow. The iscsi dissector does:
void
proto_reg_handoff_iscsi(void)
{
    heur_dissector_add("tcp", dissect_iscsi_heur, proto_iscsi);

    iscsi_handle = new_create_dissector_handle(dissect_iscsi_handle, proto_iscsi);
    dissector_add_handle("tcp.port", iscsi_handle);
}

If your dissector is replacing the iscsi dissector you should probably add
dissector_add_handle("tcp.port", iscsi_handle);

to be able to do "decode as" otherwise you have to modify the iscsi dissector to call your dissector for the extensions.

Regards
Anders 
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube