Adding a protocol between ethernet and IP

asked 2019-09-19

I followed the wireshark documentation : to create my own dissector for my own protocol which is placed as follows: ethernet --- own proto ---- IP. The dissector works fine and I get what was expected in wireshark, however and as expected wireshark does not know how to parse the IP layer.

My own protocol has a next-layer field so we can know what the next protocol is. I assumed that to let wireshark know how to parse my packets I had to add a dissector_add_unit in the packet-ip.c. So i added:

dissector_add_uint("<own_header>.next", ETHERTYPE_IP, ipv4_handle);

However, wireshark does not know how to parse it, and i get the following error message when it starts:

OOPS: dissector table "" doesn't exist

Any idea of what do I need to do ?

answered 2019-09-19

Guy Harris

Any idea of what do I need to do ?

Add, in your dissector (I presume your protocol is the "dpfd" in ""), a call to register a uint dissector table:

next_proto_table = register_dissector_table("", "DPFD next protocol", proto_dpfd, FT_UINT16, BASE_HEX);

I'm assuming here that the next-layer field is a 16-bit field containing an Ethernet type.

Then, when your dissector is calling the next protocol, use, for example, dissector_try_uint() with next_proto_table as the table in which to look up the next-layer field value.

Asked: 2019-09-19 17:32:11 +0000

Seen: 239 times

Last updated: Sep 19 '19