Hello,
> > What is the return value of the main dissector function (the one that gets registered with register_dissector) supposed to be?
Basically, the length of the decoded PDUs.
In many (most?) cases, this is also the length of the packet that was
injected into the dissector but there are sometimes specific cases to
handle properly:
- Multiple PDUs in one packet
- Single PDU spanning several packets (need to reassemble)
- Malformed data
- …
> > What is supposed to be in its void* data parameter? (I checked the doc but didn't find an answer)
>
> I believe that this is supposed to be an agreement between the caller
> and the dissectors behind the dissector table, if that is what you are
> referring to.
Yes it is indeed an agreement between the 2 parties.
You might find it easier to look at the Thrift dissector which is
allowing definition of sub-dissectors.
For some reason, it needs to keep track of some protocol information
and to achieve that, it passes a structure through this void pointer.
Hope it will help.
Triton.
