Ask Your Question
0

OOPS: dissector table "terel2" doesn't exist

asked 2022-12-05 07:39:46 +0000

Asfastasucan gravatar image

updated 2022-12-05 09:01:29 +0000

grahamb gravatar image

I have tried to add a new dissector named "terel2". Below is the piece of code I have used for the proto_reg_handoff_xxx

void
proto_reg_handoff_TEREL2(void)
{

    g_print("LLY-DEBUG: proto_reg_handoff_TEREL2\n");
    dissector_add_uint("terel2", TEREL2_TCP_PORTS, TEREL2_handle);
}

It kept telling me the below error message: OOPS: dissector table "terel2" doesn't exist Protocol being registered is "TEREL2 PROTOCOL"

And it seemed the debug message I have put in the dissector_terel2() never got hit.

Could anyone please help?

edit retag flag offensive close merge delete
add a comment

2 Answers

Sort by ยป oldest newest most voted
0

answered 2022-12-05 21:02:16 +0000

Guy Harris gravatar image

updated 2022-12-05 21:02:43 +0000

dissector_add_uint("terel2", TEREL2_TCP_PORTS, TEREL2_handle);

If the Terel2 protocol runs on top of TCP, you want to register each of those ports in the "tcp.port" dissector table.

edit flag offensive delete link more
add a comment
0

answered 2022-12-05 09:09:54 +0000

Jaap gravatar image

You probably misunderstood the meaning of the proto_reg_handoff function. It is called after the individual dissectors have registered themselves, so that the relations between the dissectors can be established. So what you do here is say, he other dissector, if you find your packet refers to this identifier I can handle that. For example the UDP dissector has a table called "udp.port" where you can register to if your dissector handles UDP payloads on a certain UDP port. So the call in your handoff function would be for instance dissector_add_uint("udp.port", 6789, my_dissector_handle). Now, can you predict what the first parameter in your dissector_add_uint() should be?

edit flag offensive delete link more

Comments

Hi Jaap, Thanks for you comment.

Below is the code for register my new dissector

void
proto_register_TEREL2(void)
{

    g_print("LLY-DEBUG: proto_register_TEREL2\n");
    /* Setup list of header fields  See Section 1.5 of README.dissector for
     * details. */
    static hf_register_info hf[] = {
        { &hf_FIELDTEREL2,
          { "FIELDTEREL2", "TEREL2",
            FT_BYTES, BASE_NONE, NULL, 0x0,
            "FIELDTEREL2 is for TERADYNE EL2 Raw data packet", HFILL }
        }
    };

    /* Setup protocol subtree array */
    static gint* ett[] = {
        &ett_TEREL2
    };

    /* Register the protocol name and description */
    proto_TEREL2 = proto_register_protocol("TEREL2 PROTOCOL",
        "TEREL2", "terel2");

    /* Required function calls to register the header fields and subtrees */
    proto_register_field_array(proto_TEREL2, hf, array_length(hf));
    proto_register_subtree_array(ett, array_length(ett));

    /* Use register_dissector() here so that the dissector can be
     * found by name by other protocols, by Lua, by Export PDU,
     * by custom User DLT dissection, etc. Some protocols may require
     * multiple uniquely named dissectors that behave differently
     * depending on the caller, e.g. over TCP directly vs over TLS.
     */
    g_print("LLY-DEBUG: register_dissector\n");
    TEREL2_handle = register_dissector("TEREL2 ...
(more)
Asfastasucan gravatar imageAsfastasucan ( 2022-12-05 11:44:57 +0000 )edit

What do you mean by raw packet data? Is the data carried over Ethernet? Then is should have its own ethertype. Is it carried over IP? Then it should have its own IP protocol number.

Jaap gravatar imageJaap ( 2022-12-05 12:04:08 +0000 )edit

this dissector isn't using any UDP port or TCP port.

They why were you doing dissector_add_uint("terel2", TEREL2_TCP_PORTS, TEREL2_handle);?

It is meant to decode the raw data packet.

So, as Jaap asked, does this protocol run arp some other protocol (UDP, TCP, Ethernet, IP, etc.) or does it have its own link layer?

Guy Harris gravatar imageGuy Harris ( 2022-12-05 22:12:42 +0000 )edit

No TCP or UDP protocols. The piece of code I wrote is a modification from the packet-PROTOABBREV.c. I am really new to develop dissector, so I don't really understand the purpose of dissector_add_uint. I thought it just add the new dissector to the dissector table but apparently that is not the case. Actually the only indication of the data packet is the byte 16, all I want is to extract that byte 16 and it will tell me the type of packets. The usual ethertype byte is actually the length of data, so that is not accurate.

Asfastasucan gravatar imageAsfastasucan ( 2022-12-06 12:09:08 +0000 )edit

Then let me rephrase the question: on what data link are your packets put in the PCAP file?

Jaap gravatar imageJaap ( 2022-12-06 14:50:11 +0000 )edit
see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2022-12-05 07:36:26 +0000

Seen: 222 times

Last updated: Dec 05 '22