This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

enhancing dissector

0

Hello,

I need to enhance wireshark for some proprietary information. I need to use this function dissector_try_uint_new present in packet.c. It checks the value in a given uint dissector table and, if found, call the dissector with the arguments supplied.

Is there any example of adding a function pointer in table passed to this function? I know that this is very specific question and i am sorry for asking this. If there is an example of definition, it will help me.

Thanks, Dhanashree

asked 06 Apr '11, 13:48

dsprabhu4's gravatar image

dsprabhu4
117710
accept rate: 0%

2 Answers:

1

You need to add a call to dissector_add in your proto_reg_handoff_ function as so:

void proto_reg_handoff_PROTOABBREV(void)
{
//...
dissector_add("tablename",         //the dissector table you are registering to
              1000,                //your uint
              PROTOABBREV_handle); //your dissector handle
//...
}

Usually, dissector tables are named like "protocol.field" (e.g. "tcp.port"). Your comment to Jaap indicates you want to do this for the bacapp dissector, but I do not see the bacapp dissector registering a dissector table for you to register against. Unless you have already done so, you will need to add that functionality to the bacapp dissector yourself in epan/packet-bacapp.c. Note also that if you add a dissector table to a dissector, you will also need to add (at least) a call to dissector_try_uint_new (or similar) within that dissector as well.

answered 07 Apr '11, 10:52

multipleinterfaces's gravatar image

multipleinte...
1.3k152340
accept rate: 12%

Thanks a lot. I got one example from cip packet and your mail has verified this information. I was able to add a function and debug code.

(07 Apr '11, 12:37) dsprabhu4

I get following fatal errors for some tool when i compile using VS 2008 EE.

12>'C:Program' is not recognized as an internal or external command, 12>operable program or batch file. 12>NMAKE : fatal error U1077: '"C:Program FilesNSISmakensis.exe' : return code '0x1' 12>Stop. 12>NMAKE : fatal error U1077: '"C:Program FilesMicrosoft Visual Studio 9.0VCbinnmake.exe"' : return code '0x2' 12>Stop. 12>Project : error PRJ0019: A tool returned an error code from "Performing Makefile project actions" 12>Build log was saved at "file://c:wiresharkPortableAppsBuildLog.htm"

Any idea??

(07 Apr '11, 12:38) dsprabhu4

It looks like NSIS failed to build your installer package. You should check the build log that the error mentions.

(07 Apr '11, 13:28) multipleinte...

0

Does GPOINTER_TO_UINT help here?

answered 07 Apr '11, 01:44

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

I need an example of how to define dissector_try_uint_new function pointer and how to add it in bacapp_dissector_table table. This is vendor specific code used in one of the protocol.

(07 Apr '11, 07:53) dsprabhu4

Need some more help on this dissector question again

I have added a dissector for some proprietary message decoding in exising protocol. That dissector function (actual implmentation) needs to be in a different c file for maintenance. This is an enhancement for a standard protocol. but i need to add this dissector in proto_reg_handoff_PROTOABBREV of exising standard protocol. Is there any way to do this? I am facing problem with compilation.

(12 Apr '11, 07:33) dsprabhu4