Ethereal-dev: Re: [Ethereal-dev] question about developing a transparent dissector
On Tue, 20 Dec 2005, Javier V.V. wrote:
> hi all,
>
> im developing a basic dissector. I have coded the basic skeleton
> (based on the dissector foo from the documentation).
>
> I would like to be called for any packet ip or arp being analyzed but
> i have a problem with this. I add this conditions for my dissector was
> called:
>
> foo_handle = create_dissector_handle(dissect_foo, proto_foo);
> dissector_add("ethertype", 0x0800, foo_handle);
> dissector_add("ethertype", 0x0806, foo_handle);
>
> So my dissect_foo function is called for any ip or arp. Then i analyze
> the packed with the given info and modify things if i want etc... but
> when i finish the job i would like the packet continued being analyzed
> by other dissectors and protocol analyzers. In the manner that i work
> the packet doesnt continue being analyzed and it appears as "ethern"
> protocolo only, in the UI.
>
> Could you help me please? I was seeing the documentation and i have no
> solution.
Example snippet to call IP dissector with same packet as you got:
dissector_handle_t IP_handle = find_dissector( "ip" );
....
if ( IP_handle )
{
call_dissector( IP_handle, tvb, pinfo, tree );
}
> In the other hand i observe that my dissect_foo function is not called
> with a tree != NULL i dont know why. I need to do anything for being
> called with the tree?
If you click on the packet in the summary window (usually the upper one) a
detailed dissection is started, giving you a tree pointer.
> Thanks in advance.
> Regards.
>
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
>
>