Wireshark-dev: Re: [Wireshark-dev] what parameters for dissector_add() for a non-nested protoco
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Mon, 16 Jul 2007 15:12:02 -0700

On Jul 16, 2007, at 7:02 AM, Fulko.Hew@xxxxxxxxx wrote:


The normal approach is to have (for a frame level dissector):

 dissector_add("wtap_encap", WTAP_ENCAP_MYTYPE, mytype_handle);

OR something like this for a nested dissector (where its based
on data in the super-frame (I think)):

 dissector_add("ip.proto", SOME_INDICATOR, mytype_handle);
The normal approach, if you have a value of *any* sort (whether it's the link-layer encapsulation type, a field in a protocol, a field in a pseudo-header, a user preference, the current phase of the moon, ...) is to have
dissector_add(dissector table name, value in that table, mytype_handle);
The distinction between the two cases you give is not a distinction that the Wiretap code makes, nor is it a distinction that we want to make in the documentation. 


But I in my case, my (sub)dissector protocol isn't a WTAP type,
nor is it (really) sub-protocol of a super-frame type (in my
first scenario).
As indicated, that doesn't mean you shouldn't have a dissector table and have sub-dissectors register in it. You could, for example, create a dissector table named "acn.proto" (or "acn_proto", or "roland.the.headless.thomson.gunner" - the name is not tied to anything else in Wireshark other than the calls that add to it) by calling "register_dissector_table()":
acn_dissector_table = register_dissector_table("acn.proto", "ACN protocol number", FT_UINT32, BASE_HEX); 

have the dissector for your private WTAP type do
if (!dissector_try_port(acn_dissector_table, pinfo->pseudo_header- >acn.proto, tvb, pinfo, tree)) 
		call dissect_data to dissect the data, or something such as that
rather than checking for different values of pinfo->pseudo_header- >acn.proto, and, for example, have the "ipars" dissector do 

	dissector_add("acn.proto", 0x5, ipars_handle);


What I think I want to is something like:

 dissector_add("", NULL, mytype_handle);

just to make it aribitrarily available for that explicit call.
As you've discovered, if you want to have a dissector callable via call_dissector(), you have to register that dissector by name with register_dissector() - and you find the handle for the dissector by calling find_dissector() with that name. 

However, that's not necessarily what you want to do.