This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Use sub-dissector in dissector

0

Hi,

I work on a dissector which decode a UDP based protocol. For each UDP packets I have a moludp64 packet which can contain one or more message blocks. Each message block is encode in another protocol, and I will implement these others protocols. What is the best way to make this happen? Is it my moludp64 dissector which must be calling the others dissectors?

Thanks for you help

asked 22 Mar '11, 03:23

chronidev's gravatar image

chronidev
11557
accept rate: 0%

edited 22 Mar '11, 07:05

Jaap's gravatar image

Jaap ♦
11.7k16101


One Answer:

0

The best way is to create a subdissector table. This table can be indexed by a number or string, and can be used by you moludp64 dissector to call subdissectors. These subdissectors have to register themselves with this table, for a particular number or string in order to get called.

This is a basic de-multiplexing schema used at all (transport) protocol layers. For instance the same happens from the IP dissector to the UDP, TCP, SCTP dissector, based on protocol ID. And from TCP dissector to the HTTP, TELNET, FTP dissector, based on port number. Have a look at packet-udp.c for example.

answered 22 Mar '11, 07:12

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

Thank you Jaap, it's very interresting.

(22 Mar '11, 16:33) chronidev