This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

how to create sub dissectors

0

Hey, I'm building a dissector which is the main dissector. After I read some variable, according to it, I want to continue dissecting with a suitable sub dissector. I didn't find any simple example about "sub dissectors".

Alternatively, I thought about continue dissecting with the same dissector (because it is the same protocol, just different versions), with somehow writing inside the main dissector all of the dissecting options for each version. This solution doesn't seems right...

Can someone please help me with that?

asked 17 Dec '12, 09:04

hudac's gravatar image

hudac
61111317
accept rate: 50%

One Answer:

2

My inclination would be to suggest that dissecting variants of a protocol (e.g., different protocol versions) be done in one dissector.

A number of Wireshark dissectors do just that.

answered 17 Dec '12, 18:51

Bill%20Meier's gravatar image

Bill Meier ♦♦
3.2k1850
accept rate: 17%

thanks,

"A number of Wireshark dissectors do just that."

What do you mean by that line?

(18 Dec '12, 01:31) hudac

The dissector has separate code which is executed depending upon the protocol version determined by the dissector.

(18 Dec '12, 05:31) Bill Meier ♦♦

That's a really interesting approach, would you be so kind to point out some of the dissectors doing that? I'm also reading the developer's readme, but I often get lost..

(04 Feb '13, 09:03) cico
1

A very simple case is packet-bt-utp.c

It can be as simple as something like

version = tvb_get...();
if (version == ... {
    ... /* dissect version 1 fields */
}

and so on.

(04 Feb '13, 10:27) Bill Meier ♦♦

That's brilliant, exactly what I was asking for! Thank you so much, I would have never found it :)

(04 Feb '13, 11:13) cico