Re: Dissector Recognition

[Bill Meier <wmeier () newsguy com>]

Scott wrote:
> Devs,
>
> How does Wireshark know which dissector(s) to call while dissecting a
> packet?  I've written a dissector for a protocol in development which
> consists of a shim inserted into every packet on the network.  Our code
> correctly updates checksums and sets IP's "Protocol" field to an identifier
> for our protocol.  I am compiling the dissector directly into source instead
> of as a plugin.  After compilation the dissector correctly shows up in the
> list of dissectors from within Wireshark, but it has yet to correctly
> dissect anything in the packet view.
>
> I put printf's into the register and dissect functions to see if they were
> really being called, but I don't see the results from that and only half
> expected to anyway.
> I also thought that maybe Wireshark knows which dissector to call by the
> identifier IP lists in the "Protocol" field, but if it does, I don't know
> where in my dissector code that ID should go.
> I believe I correctly add items to the protocol tree.


So: your protocol rides over IP ?

If so, you need code in your dissector like that in packet-tcp.c 
proto_reg_handoff_tcp..

{
     dissector_handle_t tcp_handle;

     tcp_handle = create_dissector_handle(dissect_tcp, proto_tcp);
     dissector_add("ip.proto", IP_PROTO_TCP, tcp_handle);

     ...
}

Do you have a reg_handoff function ???


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe