This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Calling a dissector from another dissector.

0

Hi, im having trouble calling a dissector from another dissector. As a test, im trying to call the foo dissector, from my test dissector. The foo dissector has the following registration

proto_foo = proto_register_protocol (
    "FOO Protocol", /* name       */
    "FOO",      /* short name */
    "foo"       /* abbrev     */
    );

Meaning its abbreviation is "foo". So, in the dissector im programing, im doing the following.

I have the following global variable

static gint hf_foo_pdu_type=-1;

This is my handoff

void proto_reg_handoff_test(void)
{
    static dissector_handle_t test_handle;
    foo_handle = find_dissector("foo");
    test_handle = create_dissector_handle(dissect_test, proto_test);
    dissector_add_uint("udp.port", TEST_PORT, test_handle);
}

 The trouble im having is that foo_handle is NULL. My dissector compiles OK, but when I run wireshark, it just doesnt work, and the program shuts down.

This is how im trying to call the dissector

static void
dissect_test(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
    col_set_str(pinfo->cinfo, COL_PROTOCOL, "Test protocol");
    /* Clear out stuff in the info column */
    col_clear(pinfo->cinfo,COL_INFO);

    if (tree)
        { /* we are being asked for details */
            proto_item *ti = NULL;
            proto_tree *test_tree = NULL;
            ti = proto_tree_add_item(tree, proto_test, tvb, 0, -1, ENC_NA);
            test_tree = proto_item_add_subtree(ti, ett_test);
            proto_tree_add_item(test_tree, hf_test_uselessbyte, tvb, 0, 1, ENC_BIG_ENDIAN);
            call_dissector(foo_handle, tvb_new_subset_remaining(tvb, 1), pinfo, test_tree);
        }
}

My test protocol, has only 1 byte at the beggining (uselessbyte), and then, the rest follows my foo template. Im doing this to experiment, and to learn how to use this tools, to later apply them in a real dissector.

I havent found any help on the internet (theres nothing on README.dissector), so could you please tell me what im doing wrong?

Thanks in advance

asked 29 Aug '14, 05:40

ingcpt's gravatar image

ingcpt
1335
accept rate: 0%

edited 29 Aug '14, 09:24

grahamb's gravatar image

grahamb ♦
19.8k330206

If foo_handle is NULL it mean that the dissector does not exist. You can check if your dissector exist by trying to find him in filter. Open Wireshark and write your dissector's name in filter bar, green mean that Wireshark knows your dissector and red mean that he does not.

(29 Aug '14, 06:51) Afrim

foo exists. If i run wireshark, and type foo in the filter, it turns green, yet foo_handle is still null

(29 Aug '14, 07:03) ingcpt

foo exists, and works perfectly. I made it using the guide provided by wireshark

(29 Aug '14, 07:05) ingcpt
One Answer:
active answersoldest answersnewest answerspopular answers
1

In the foo dissector you need to do register_dissector("foo", dissect_foo, proto_foo);

permanent link

answered 29 Aug '14, 07:05

Anders's gravatar image

Anders ♦
4.6k952
accept rate: 17%

Thanks! That worked like a charm!

(29 Aug '14, 08:08) ingcpt

Finally, i had to add, into foo (the dissector that gets called from another dissector) the line

register_dissector("foo", dissect_foo, proto_foo);

(29 Aug '14, 08:15) ingcpt

@ingcpt,

If an answer has solved your issue, don't change the title, simply click the checkmark next to the answer as that's how this site works. Please see the FAQ for more info.

(29 Aug '14, 09:24) grahamb ♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Question tags:

×637
×63
×10
×10
×1

question asked: 29 Aug '14, 05:40

question was seen: 2,447 times

last updated: 29 Aug '14, 09:24

Related questions

Wireshark Documentation

Wireshark dissector development - Reassembly tcp frames

'--disable-glibtest' not working

Find Specific Packet

Wireshark built in dissector needs to be changed to a plugin??

enhancing dissector

Accessing the column data

How best to customize wireshark?

Linking Error with str_to_str

assert_not_reached:

about | faq | privacy | support | contact

p​o​w​e​r​e​d by O​S​Q​A