Wireshark-dev: Re: [Wireshark-dev] Questing: Calling a Subdissector
From: "Maynard, Chris" <Christopher.Maynard@xxxxxxxxx>
Date: Wed, 19 Sep 2007 10:51:37 -0400
How are you registering your "iwarp_ddp" dissector?  You should have
something like:

	proto_register_iwarp_ddp(...)
	{
		...
		proto_iwarp_ddp = proto_register_protocol("IWARP DDP
FULL NAME", "IWARP_DDP", "iwarp_ddp");
		...
	}

Do you have this?

Other than that:
The dissector handle is used to pass to dissector_add(),
dissector_delete(), dissector_change(), ... [see epan/packet.h].  You
don't need it in your iwarp_ddp dissector handoff function if you're not
making any of those calls.

- Chris

-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Yves
Geissbuehler
Sent: Wednesday, September 19, 2007 8:14 AM
To: wireshark-dev@xxxxxxxxxxxxx
Subject: [Wireshark-dev] Questing: Calling a Subdissector

Hi all

Setting and problem
I have a student project to implement protocol support for iWarp in  
Wireshark. Basically iWarp consists of the three protocols MPA (on  
top of TCP, no specific port), DDP on top of MPA and RDMA on top of  
DDP. I managed to write a basic MPA dissector which works (by reading  
the available docs and looking at the source). I am stuck at the task  
to call my DDP dissector once I have dissected MPA traffic. In the  
GUI I only see MPA traffic, but no DDP. It looks like that my DDP  
dissector is not used to dissect the MPA payload.

relevant code in packet-iwarp-mpa.c:

<other code of dissect_mpa omitted>
	
/* CASE: MPA FPDU */
if (tvb_length(tvb) >= SMALLEST_FPDU_LEN) /* minimal MPA FPDU */
{
	if (!is_dissected && check_for_mpa_fpdu(tvb, pinfo))
	{
		tcp_dissect_pdus(tvb, pinfo, tree, TRUE, 2,  
get_mpa_fpdu_message_len, dissect_mpa_fpdu);
		
		next_tvb=tvb_new_subset(tvb, MPA_FPDU_HEADER_LEN, -1,
-1);
			
		if(ddp_handle)
			call_dissector(ddp_handle, next_tvb, pinfo,
tree);
		
		is_dissected = TRUE;	
	}
	return is_dissected;
}
} /* end of dissect_mpa */

proto_reg_handoff_mpa(void)
{
	static gboolean initialized = FALSE;

	if (!initialized) {		
		ddp_handle = find_dissector("iwarp_ddp");
		heur_dissector_add("tcp", dissect_mpa, proto_mpa);
	   initialized = TRUE;
	}
}

relevant code in dissect-iwarp-ddp.c:

proto_reg_handoff_iwarp_ddp(void)
{
	static gboolean inited = FALSE;
	if (!inited) {
		dissector_handle_t iwarp_ddp_handle;
		iwarp_ddp_handle = new_create_dissector_handle
(dissect_iwarp_ddp,  
proto_iwarp_ddp);

		//dissector_add("PARENT_SUBFIELD", ID_VALUE,
iwarp_ddp_handle);
		inited = TRUE;
	}
}

My questions:
- Is there any other protocol which is similar to the iWarp at which  
I could look at (did not find any so far, or did not recognize it)
- What is really necessary to do further dissection for my scenario?
- What is the meaning/concept behind these dissector_handle_t types?
- How do I use dissector_add()? I understand that this is the way to  
tell Wireshark that it should use this dissector_X if traffic_X comes  
around.

In the above code, I uncommented the dissector_add in the DDP  
handoff, since I simply do not understand how I could use it. And I  
am also not really sure if I still need it since I explicitly call  
the DDP dissector from the MPA dissector. If I should use it I guess  
it should be something like this:
dissect_add("mpa", NO_VALUE, iwarp_ddp_handle);

But so far I did not figure out where I have to define  
"PARENT_SUBFIELD" or "ID_VALUE"?

I would be happy to get any comments/explanations or pointers to doc  
and/or source code.

Thank you.
Yves

_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev

-----------------------------------------
This email may contain confidential and privileged material for the
sole use of the intended recipient(s). Any review, use, retention,
distribution or disclosure by others is strictly prohibited. If you
are not the intended recipient (or authorized to receive for the
recipient), please contact the sender by reply email and delete all
copies of this message. Also, email is susceptible to data
corruption, interception, tampering, unauthorized amendment and
viruses. We only send and receive emails on the basis that we are
not liable for any such corruption, interception, tampering,
amendment or viruses or any consequence thereof.