Hello!

I am writing a tshark plug-in for a proprietary protocol with ethernet type 0x8787. The plug-in is supposed to dissect frames coming onto an ethernet interface with the below format:

Dst Mac | Src Mac | type | Custom Hdr <12 bytes> | Dst Mac | Src Mac | type | < ethernet body > |

I am able to dissect frames until the end of the custom header. However, to decode the ethernet frame & its payload that follows the custom header (like an ARP packet / IP packet etc), I tried calling the ethernet dissector (call_dissector), but for some reason I see only raw hex data. can someone please help me find where I am going wrong & how to get the real ethernet frame dissected? BTW - The wireshark library that I use is 1.4.3

Here is my code: / packet-test.c /

include <stdio.h>

include <stdlib.h>

include <ctype.h>

include <time.h>

include <string.h>

include <glib.h>

include <epan packet.h="">

include <epan prefs.h="">

include <epan emem.h="">

void proto_reg_handoff_test_131_data(void);

/ Handles for the test protocols /

static int proto_131_data = -1;

static int hf_131_data_ftag = -1; static int hf_131_data_flags = -1; static int hf_131_data_client = -1; static int hf_131_data_type = -1;

static int hf_131_comm_len = -1; static int ett_131_data = -1; static int ett_131_comm = -1;

static dissector_handle_t ip_handle; static dissector_handle_t data_handle; static dissector_handle_t eth_handle; static dissector_handle_t test_comm_handle; static dissector_handle_t wlan_handle;

static void dissect_test_131_data(tvbuff_t tvb, packet_info pinfo, proto_tree tree) { proto_tree ti,test_tree; char clientmac[8]; tvbuff_t next_tvb = 0;

tvb_memcpy(tvb, clientmac, 4, 6);
if (check_col(pinfo->cinfo, COL_PROTOCOL))
{
col_set_str(pinfo->cinfo, COL_PROTOCOL, "T EP-CP Data");
}
/* Set the info column */
if (check_col(pinfo->cinfo, COL_INFO))
{
col_add_str(pinfo->cinfo, COL_INFO, "Test EP-CP L2 Tunneled Data");
}
if (tree)
{
ti = proto_tree_add_item(tree, proto_131_data, tvb, 0, 12, FALSE);
test_tree = proto_item_add_subtree(ti, ett_131_data);
proto_tree_add_item(test_tree, hf_131_data_ftag, tvb, 0, 2, FALSE);
proto_tree_add_item(test_tree, hf_131_data_flags, tvb, 2, 2, FALSE);
proto_tree_add_ether(test_tree, hf_131_data_client, tvb, 4, 6, clientmac);
proto_tree_add_item(test_tree, hf_131_data_type, tvb, 10, 2, FALSE);
}
call_dissector(eth_handle, tvb, pinfo, tree);

}

void proto_register_test_131_data(void) { / Register header fields / static hf_register_info hf[] = { { &hf_131_data_ftag, { “Ftag”, “test.131.ftag”, FT_UINT16, BASE_DEC, NULL, 0x0, “The protocol version being used”, HFILL }}, { &hf_131_data_flags, { “Flags”, “test.131.flags”, FT_UINT16, BASE_HEX, NULL, 0x0, “Miscellaneous flags”, HFILL }}, { &hf_131_data_client, { “C#”, “test.131.clientmac”, FT_ETHER, BASE_NONE, NULL, 0x0, “C# Address”, HFILL }}, { &hf_131_data_type, { “Type”, “test.131.type”, FT_UINT16, BASE_HEX, NULL, 0x0, “Tunneled Ethernet Type”, HFILL }},

};

static gint *ett[] =
{
&ett_131_data,
};
proto_131_data = proto_register_protocol("Test EP-CP L2 Tunnel","T EP-CP Data","test_131_data");
proto_register_field_array(proto_131_data, hf, array_length(hf));
proto_register_subtree_array(ett, array_length(ett));
register_dissector("test_131_data", dissect_test_131_data, proto_131_data);
ip_handle   = find_dissector("ip");
data_handle = find_dissector("data");
eth_handle  = find_dissector("eth");
wlan_handle = find_dissector("wlan");

}

void proto_reg_handoff_test_131_data(void) { static int test_initialized = FALSE; static dissector_handle_t test_handle;

if (!test_initialized)
{
test_handle = create_dissector_handle(dissect_test_131_data, proto_131_data);

dissector_add("ethertype", 0x8787, test_handle);
test_handle = find_dissector("test_131_data");
test_initialized = TRUE;
}

}

– Thanks /R