Hello,
foo2 register :
dissector_add("foo1.<specific_field_for_subdissector>",
<value of foo1.<specific_field_for_subdissector> for
which foo2 must be called>,
dissector_handle);
foo1 register (before register_dissector) :
dissector_table =
register_dissector_table("foo1.<specific_field_for_subdissector>",
"FOO1
<specific_field_for_subdissector>",
FT_UINT8 or FT_UINT16 or
..., BASE_DEC);
register_heur_dissector_list("foo1",
&heur_subdissector_list);
foo1 handoff (necessary for decode_udp_ports) :
data_handle = find_dissector("data");
foo1 dissect :
Call something "like" (you must make some modifications to match you
needs) :
decode_udp_ports(tvb,
<offset of data for subdissector>,
pinfo,
tree,
<1st value of <specific_field_for_subdissector>>,
<2nd value of <specific_field_for_subdissector>>,
<size of data for subdissector>);
Olivier
Siva.S a écrit :
Hi,
I have added one dissector (foo1) that comes after UDP. Now, I want
to add another dissector(foo2) that comes after "foo1".
Do "foo1" packets always include "foo2" packets (if they include any
packet at all)? Or could they have "foo3" or "foo4" or... packets
instead?
Thank you very much for your reply. Consider "foo1" packets always
include "foo2" packets. I'll be happy if u explain me both the cases.
Thanks & Regards,
Siva.S
------------------------------------------------------------------------
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
--
Wireshark Generic Dissector http://wsgd.free.fr
