I am total newbie in wireshark plugin development and i was curious about precise use case of this function , some "packet-xx.c" don't use it and some use it but still i am not able to make out difference. I am under impression that even if we don't use it , dissectors get called by default from epan/dissectors for all basic protocols.Please point some source file for more understanding of this function. asked 04 Jun '12, 02:57  yogeshg |
One Answer:
In general, the "call_dissector()" function is called whenever a dissector knows that it's payload is of a certain type for which wireshark has a dissector. For instance, in the http-dissector, many different types of payload might be encountered. Depending on the type of data, the http-dissestor will call the appropriate (sub-)dissector. An example is when the http dissector encounters a base64-encoded kerberos object. It will then decode the object first and then hand it over to the kerberos dissector for further dissection: answered 04 Jun '12, 03:08  SYN-bit ♦♦ |
ok , and what if we don't call it ? won't wireshark call the relevant dissector on its own ?
those are different things.
You can call another dissector yourself WITHIN your own dissector with call_dissector (as described by @SYN-bit).
YOUR dissector will be called after you told wireshark it exists. See skeleton code in README.developer.
@SYN-bit , in your example we know for sure that we have only kerberos object ,but what if suppose there is something else also appended to kerberos object and that something else happens to be your protocol relevant data (for which you are writing dissector)? Same is the case with me. I can call kerberos dissector which wireshark knows but after this call , will the tvb point to that extra appended data ? .. How to approach this problem