Wireshark · Ethereal-dev: Re: [Ethereal-dev] dissector for FrameRelay

Ethereal-dev: Re: [Ethereal-dev] dissector for FrameRelay

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <guy@xxxxxxxxxx>

Date: Tue, 9 Jan 2001 14:14:36 -0800 (PST)

> I have a (maybe silly) question.
> When should I use register_dissector() along with find_dissector() and
> call_dissector(), and when should I use the traditional way of
> dissector_add() along with dissect_PROTO() ?

"dissector_add()" isn't used with direct calls to "dissect_PROTO()",
it's used with calls to "dissector_try_port()" - "dissector_add()" adds
a dissector to a table that "dissector_try_port()" searches.

Similarly, you use "heur_dissector_add()" with calls to
"dissector_try_heuristic()".

"register_dissector()", "find_dissector()", and "call_dissector()" are
intended to replace direct calls to "dissect_PROTO()"; the intent is
ultimately to let "call_dissector()" handle the
"CHECK_DISPLAY_AS_DATA()" and 'pinfo->current_proto = "PROTO"' stuff,
rather than requiring the dissector to do that.

In general, it's a bit easier to do

	if (dissector_try_port(...))
		return;

than to do

	switch (port_value) {

	case XXX_PROTO:
		call_dissector(xxx_dissector_handle, ...);
		break;

	case YYY_PROTO:
		call_dissector(yyy_dissector_handle, ...);
		break;

	default:
		dissect_data(...);
		break;
	}

and using a subdissector table and "dissector_try_port()" also allows a
new dissector to register itself with a parent dissector without having
to change the parent dissector - and allows it to have the port number
as a changeable preference.

One annoyance here is that if the parent dissector displays the
port/protocol number/... field symbolically as well as numerically, e.g.
showing the IP protocol field as "TCP" as well as or instead of "6",
there's no way for a subdissector to specify not only that, say, IP
protocol 6 should cause "dissect_tcp()" to be called, as is done now by
the TCP dissector, but also to specify that a protocol number of 6
should be shown as "TCP".

A scheme in which, instead of a "value_string" array, a hash table is
associated with a field, might work here; a "dissector_table_t" could
include both a hash table for dissectors and for protocol names, or the
hash table could supply both dissector and protocol name, and
"add_dissector()" could use the name associated with the protocol to
which its protocol ID argument refers.

References:
- Re: [Ethereal-dev] dissector for FrameRelay
  - From: Paul Ionescu

Prev by Date: Re: [Ethereal-dev] dissector for FrameRelay
Next by Date: [Ethereal-dev] Plan for next release
Previous by thread: Re: [Ethereal-dev] dissector for FrameRelay
Next by thread: Re: [Ethereal-dev] dissector for FrameRelay
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$