Ask Your Question
0

Adding a protocol between ethernet and IP

asked 2019-09-19 17:32:11 +0000

I followed the wireshark documentation : https://www.wireshark.org/docs/wsdg_h... to create my own dissector for my own protocol which is placed as follows: ethernet --- own proto ---- IP. The dissector works fine and I get what was expected in wireshark, however and as expected wireshark does not know how to parse the IP layer.

My own protocol has a next-layer field so we can know what the next protocol is. I assumed that to let wireshark know how to parse my packets I had to add a dissector_add_unit in the packet-ip.c. So i added:

dissector_add_uint("<own_header>.next", ETHERTYPE_IP, ipv4_handle);

However, wireshark does not know how to parse it, and i get the following error message when it starts:

OOPS: dissector table "dpfd.next" doesn't exist

Any idea of what do I need to do ?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2019-09-19 20:37:03 +0000

Guy Harris gravatar image

Any idea of what do I need to do ?

Add, in your dissector (I presume your protocol is the "dpfd" in "dpfd.next"), a call to register a uint dissector table:

next_proto_table = register_dissector_table("dpfd.next", "DPFD next protocol", proto_dpfd, FT_UINT16, BASE_HEX);

I'm assuming here that the next-layer field is a 16-bit field containing an Ethernet type.

Then, when your dissector is calling the next protocol, use, for example, dissector_try_uint() with next_proto_table as the table in which to look up the next-layer field value.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2019-09-19 17:32:11 +0000

Seen: 341 times

Last updated: Sep 19 '19