Wireshark-dev: Re: [Wireshark-dev] question regarding my wireshark dissector code.
From: Brian Oleksa <oleksab@xxxxxxxxxxxxxxxxxxxxxx>
Date: Wed, 15 Jul 2009 15:03:50 -0400
Jaap

Thanks for the help. I see what you did in the code. It works...!!

I started using this website help when I first started creating my own dissector.

http://www.codeproject.com/KB/IP/custom_dissector.aspx

You will see (about half way down this page) the following code:

void proto_reg_handoff_amin(void)
{
   static gboolean initialized=FALSE;

   if (!initialized) {
       data_handle = find_dissector("data");
       amin_handle = create_dissector_handle(dissect_amin, proto_amin);
       dissector_add("tcp.port", global_amin_port, amin_handle);
   }
}
//This function is called to register our protocol. Notice how the port and dissector handle are passed

I just used this basic template and built my dissector from there.

Thanks,
Brian





Jaap Keuter wrote:
Hi,

See change inline.
Also, what's netalivedata_handle and netalive_handle when isnetalivefilehere==NULL?

Thanx,
Jaap

Brian Oleksa wrote:
Olivier

Looking at the code below.....I was wondering why wireshark exits if the netalive port file is not available...??

Basically....if the netalive ports file is there...then I want to dissect netalive packets. But if the netalive ports file is NOT there...then I want to continue to dissect other packets.

But .....what I am finding out is that if the net alive ports file is NOT there....wireshark automatically shuts down. It doesn't even start up correctly.

What am I missing here.....??

I am basically registering 2-3 protocols in 1 file. One protocol is my companies basic protocol that is open to the public. But the other "netalive" protocol is not open to the public
so those that have netalive access will be able to dissect them.


void proto_reg_handoff_netalive(void) {
    static gboolean isinitialized = FALSE;
    gboolean isnetalivefilehere = TRUE;
    int netaliveportnumber;

    FILE *fpnetalive;

#if defined(_WIN32)
    fpnetalive = fopen("netaliveport.txt", "r");
#else
    fpnetalive = fopen("netaliveport", "r");
#endif

    if (fpnetalive == NULL) {
        isnetalivefilehere = FALSE;
    }

//if netalive ports file is there....then go into this loop.
//if it is not there then just continue using wireshark
   if(isnetalivefilehere)
   {
    while (fscanf(fpnetalive, "%d\n", &netaliveportnumber) != EOF) {

        printf("Net Alive Port number = %d\n", netaliveportnumber);

        if (!isinitialized) {
            netalivedata_handle = find_dissector("data");
netalive_handle = create_dissector_handle(dissect_netalive, proto_netalive);
 >+	  }
        printf("I am here 1\n");
            //This line read the port number from the file.
            dissector_add("udp.port", netaliveportnumber, netalive_handle);
-        }

    }
 >+    fclose(fpnetalive);
   }

-    fclose(fpnetalive);
+ isinitialized = TRUE; }

Thanks,
Brian



wsgd wrote:
netalive_sub_item is not initialized

Olivier

Brian Oleksa a écrit :
@Wiresharkers

I have created this helen dissector. It has been running great ever since then.

I have some NON-helen packets that I want to dissect. Instead of writing another dissector, I added it to the packet-helen.c code.

As you can see at the top of this file I call a new procedure called:
void proto_reg_handoff_netalive(void)

Which works great and reads in the port # from the file correctly.

I even get into the void dissect_netalive(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) procedure with no problems:

But I am not dissecting anything. The only thing that I get in the wireshark GUI is the word "NETALIVE".

Why I am not seeing the dissection tree under the NETALIVE protocol....??

Basically.......all I did was I mirrored the helen protocol....it compiles fine but I do not see my packets being dissected.

Any thoughts or suggestions...? The latest code is attached.

Thank you very much for your help.

It is greatly appreciated.

Brian


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe