This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

calling another dissector

0
1

hey,

I am writing a dissector for netscaler core to core messages. Now this protocol works on top of the Net Scaler Trace layer(nstrace), which is introduced by the netscaler for debugging purposes.

So when I am writing the dissector for core to core, I want to be able to call (nstrace) after that. So how should I code for that??

PLEASE HELP, ANYONE??

Thanks,

Sid

asked 14 Feb '11, 20:26

sid's gravatar image

sid
45192021
accept rate: 0%


One Answer:

1

Simple enough:

To call dissector "foo":

  1. Define a global variable

static dissector_handle_t foo_handle;

  1. In your proto_reg_handoff() fcn:

    foo_handle = find_dissector("foo");

  2. To actually call the dissector:

    foo_tvb = tvb_new_subset(tvb, offset, length, reported_length);

    call_dissector(foo_handle, foo_tvb, pinfo, subtree);

Look at any one of the many dissectors which use call_dissector() for examples.

In fact, if you look at packet-nstrace.c you'll see that it calls the "eth_withoutfcs" dissector.


Oops:

Actually: the above won't work. - nstrace isn't a "public" (registered dissector) (so it's not available to be found by find_dissector).

  • From the code, it looks like nstrace is expected to be and is processed as a thin outer layer which encapsulates ethernet.

So: I'm puzzled when you say the core-to-core protocol runs "on top of" nstrace.

What is the actual sequence of protocols in a frame ?

answered 14 Feb '11, 22:06

Bill%20Meier's gravatar image

Bill Meier ♦♦
3.2k1850
accept rate: 17%

edited 14 Feb '11, 22:26

Yes, I was mistaken. I am just told that core to core does not work on top of the nstrace.

So core to core too is expected to be processed as a thin layer outer layer i guess. I am waiting for a sound word about core to core. Meanwhile tell me one thing. core to core definitely does not work on top of nstrace. But it can not work independently right? It has to work on top of some protocol. Ethernet or anyone??

Is that right?? Can a dissector be written which does not work on top of any protocol?? Can core to core be something like that??

(15 Feb '11, 00:37) sid

Please see my comment in your other question.

(15 Feb '11, 07:42) Bill Meier ♦♦

I am trying to do the same thing, however can you elaborate on how a dissector gets to become public. I have two dissectors I have written both work individually but when I try to call one from the other the find_dissector call returns NULL.

(24 May '11, 08:14) spotthemaniac

For the record (much after the fact):

Use:

register_dissector(...)   /* (see doc/README.developer for details) */
(28 Nov '12, 05:58) Bill Meier ♦♦