Wireshark mailing list archives
Re: Passing information to a sub dissector
From: Triton Circonflexe <triton+enuiqr () kumal info>
Date: Thu, 17 Feb 2022 21:12:18 +0000
Hello,
What is the return value of the main dissector function (the one that gets registered with register_dissector) supposed to be?
Basically, the length of the decoded PDUs. In many (most?) cases, this is also the length of the packet that was injected into the dissector but there are sometimes specific cases to handle properly: - Multiple PDUs in one packet - Single PDU spanning several packets (need to reassemble) - Malformed data - …
What is supposed to be in its void* data parameter? (I checked the doc but didn't find an answer)I believe that this is supposed to be an agreement between the caller and the dissectors behind the dissector table, if that is what you are referring to.
Yes it is indeed an agreement between the 2 parties. You might find it easier to look at the Thrift dissector which is allowing definition of sub-dissectors. For some reason, it needs to keep track of some protocol information and to achieve that, it passes a structure through this void pointer. Hope it will help. Triton. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Passing information to a sub dissector Jérôme HAMM (Feb 17)
- Re: Passing information to a sub dissector Richard Sharpe (Feb 17)
- Re: Passing information to a sub dissector Triton Circonflexe (Feb 17)
- Re: Passing information to a sub dissector Richard Sharpe (Feb 17)