Revision history [back]

I've created the minimal packet-foo dissector verbatim from code in the documentation. It compiles (VS 2017) and I can see in Wireshark that it's registered and enabled.

In debug mode I hit break points in methods proto_register_foo and proto_reg_handoff_foo. When I send a message to FOO_PORT I hit a breakpoint in dissect_udp. I never hit a breakpoint in dissect_foo.

Is there something needed to explicitly make a dissector override (is that the right term) an underlying type, in this case udp? The only thing I see in code id this:

dissector_add_uint("udp.port", FOO_PORT, foo_handle);

Getting ahead of things, would adding this line also override the tcp dissector?

dissector_add_uint("tcp.port", FOO_PORT, foo_handle);

Thx

I've created the minimal packet-foo dissector verbatim from code in the documentation. documentation. It compiles (VS 2017) and I can see in Wireshark that it's registered and enabled.

In debug mode I hit break points in methods proto_register_foo and proto_reg_handoff_foo. When I send a message to FOO_PORT I hit a breakpoint in dissect_udp. I never hit a breakpoint in dissect_foo.

Is there something needed to explicitly make a dissector override (is that the right term) an underlying type, in this case udp? The only thing I see in code id this:

dissector_add_uint("udp.port", FOO_PORT, foo_handle);

Getting ahead of things, would adding this line also override the tcp dissector?

dissector_add_uint("tcp.port", FOO_PORT, foo_handle);

Thx