Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] function of dissector_try_uint()

From: Pascal Quantin <pascal.quantin@xxxxxxxxx>
Date: Mon, 16 Feb 2015 15:06:07 +0100
Hi Vishnu,

2015-02-16 14:55 GMT+01:00 Vishnu Bhatt <vishnu.bhatt@xxxxxxxxxxx>:

Hi,

 

I have a dissector code (atmii) and I am having problem in understanding the following two lines of code:

 

In proto_register_atmii()

 

aal_dissector_table = register_dissector_table("atmii.aal2_payload", "AAL payload type", FT_UINT8, BASE_DEC);


This create a dissector table (with a guint8 as identifier) that can be used by other dissectors so as to register themselves as the dissector to be called for a given payload type value, using something like:
dissector_add_uint("atmii.aal2_payload", my_payload_type_value, my_dissector_handle);

 

and then in dissect_atmii()

 

if (!dissector_try_port(aal_dissector_table, payload_type, next_tvb, pinfo, tree)) {


I guess this is a typo and you meant dissector_try_uint, right?

proto_tree_add_item(atmii_tree,hf_atmii_aal2_payload, tvb, ATM_HEADER_LENGTH, -1, FALSE);

}

 

 

What does these two lines of code do in general as I’ve seen them in other protocols as well?


As indicated in proto.h:
/* Look for a given value in a given uint dissector table and, if found,
   call the dissector with the arguments supplied, and return the number
   of bytes consumed, otherwise return 0. */
WS_DLL_PUBLIC int dissector_try_uint(dissector_table_t sub_dissectors,
    const guint32 uint_val, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree);

So with those 2 lines of code, your dissector tries to find a matching sub dissector for the payload using the payload type as parameter. If no matching dissector is found (reutnr value is 0), then it displays the payload as a byte field probably (hf_atmii_aal2_payload).

Regards,
Pascal.