Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Registering protocol details

From: Anders Broman <a.broman58@xxxxxxxxx>
Date: Sun, 7 Aug 2016 12:02:18 +0200

Den 7 aug. 2016 11:25 fm skrev "Paul Offord" <Paul.Offord@xxxxxxxxxxxx>:
>
> Hi,
>
>  
>
> I’ve written a small program that converts web logs into pcap-ng files with a dummy Ethernet header

You could use the exported pdu format
See exported_pdu.h in epan directory. Should you need new tags for meta information those could be added.
Regards
Anders

I’m now writing a dissector for the resulting pcap-ng file.  The problem is that the number and meaning of the “columns” in the log is not predictable – it depends on the web log format settings.  Therefore the first entry in the pcap-ng file contains the name of the field, a definition of the data type and the column position.  In the dissector, I read this first record and then set up an hf_register_info array.  That’s the background, now my question.
>
>  
>
> Can I make calls to proto_register_xxx functions in my dissector, or must they be made from proto_register_xxxx?
>
>  
>
> Thanks and regards…Paul
>
>
> ______________________________________________________________________
>
> This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.
>
> Any views or opinions expressed are solely those of the author and do not necessarily represent those of Advance Seven Ltd. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission.
>
> Advance Seven Ltd. Registered in England & Wales numbered 2373877 at Endeavour House, Coopers End Lane, Stansted, Essex CM24 1SJ
>
> ______________________________________________________________________
> This email has been scanned by the Symantec Email Security.cloud service.
> For more information please visit http://www.symanteccloud.com
> ______________________________________________________________________
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives:    https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe