I want to integrate two new dissectors to Wireshark. First dissector is packet-foo.c and second is packet-poo.c. in these dissectors we want, if poo existence field value is 0x01 in foo, then poo dissects packet. FOO Protocol FOO DATA Type (1 Byte) FOO FLAG (1 Byte) FOO DATA (5 Byte) POO EXSISTANCE (1 Byte) I write in packet-poo.c (proto_reg_handoff_poo function) : proto_reg_handoff_poo(void) { static dissector_handle_t poo_handle; poo_handle = create_dissector_handle(dissect_poo, proto_poo); dissector_add_uint("poo.existance", 0x01, poo_handle); register_dissector("poo", dissect_poo, proto_poo); } But it doesn’t work,what is the problem? This question is marked "community wiki". asked 17 May '17, 06:42  ghader edited 17 May '17, 06:46 |
One Answer:
If you want to use a dissector table named "poo.existence", you must create it in packet-foo.c with register_table_dissector() and once you get the poo.existence field, call the table with dissector_try_uint_new(). I recommend you to have a look at the various dissectors using a dissector table, like proto-ip.c. That said, if you have a single value to be filled in this dissector table, it might be easier to call the poo dissector directly when poo.existence = 1. Simply find the corresponding handle by using find_dissector() in proto_reg_handoff_foo() and call the dissector with call_dissector() or call_dissector_with_data(). Again you will find plenty of exemples in the source code. Note also that the call to register_dissector("poo", dissect_poo, proto_poo) must be done in proto_register_poo(), not in proto_reg_handoff_poo(). This function returns a handle that can be used as input for dissector_add_uint(). answered 17 May '17, 07:14  Pascal Quantin edited 17 May '17, 07:18 showing 5 of 6 show 1 more comments |
thank you very much, I look at the packet-ip.c but i dont understand correctly.
first in packet-foo.c define :
static dissector_table_t foo_dissector_table;
then in proto_register_foo() function :
foo_dissector_table = register_dissector_table("foo.existance", "FOO EXISTANCE",proto_foo, FT_UINT8, BASE_DEC);
but I don’t understand how to use dissector_try_uint_new.
dissector_try_uint_new(foo_dissector_table,…….)
You need to create a new tvb containing the payload you want to send to your poo dissector, and call it via dissector_try_uint(foo_dissector_table, 1, tvb_payload, pinfo, tree);
You can find plenty of examples in the code.
excuse me, how can i create a new tvb containing the payload i want to send to my poo dissector?
if i want to use find_dissector and call_dissector ,In packet-foo.c I define:
In proto_reg_handoff_foo():
find_dissector(poo);
guint8 poo_e= tvb_get_guint8(tvb,7)
if (poo_e==01)
call_dissector(poo_handler,tvb,pinfo,tree)
In packet-poo.c I define:
In proto_register_poo():
register_dissector("poo", dissect_poo, proto_poo)
but,these chnges not work correctly,what is the problem?
I guess in proto_reg_handoff_foo() you wrote:
poo_handler = find_dissector("poo");
right?
How does it fail? Is poo_handler == NULL? of is call_dissector() not called?
With a debugger you should easily find where your error is.
i use this format and work correctly.
if (poo_e==01)
tvbuff_t tvb_new_subset_remaining(tvb,offset);
call_dissector(poo_handler,tvb,pinfo,tree);