I want to integrate two new dissectors to Wireshark. First dissector is packet-foo.c and second is packet-poo.c. in these dissectors we want, if poo existence field value is 0x01 in foo, then poo dissects packet.
FOO DATA Type (1 Byte)
FOO FLAG (1 Byte)
FOO DATA (5 Byte)
POO EXSISTANCE (1 Byte)
I write in packet-poo.c (proto_reg_handoff_poo function) :
static dissector_handle_t poo_handle;
poo_handle = create_dissector_handle(dissect_poo, proto_poo);
dissector_add_uint("poo.existance", 0x01, poo_handle);
register_dissector("poo", dissect_poo, proto_poo);
} But it doesn’t work,what is the problem?
This question is marked "community wiki".
asked 17 May '17, 06:42
edited 17 May '17, 06:46
If you want to use a dissector table named "poo.existence", you must create it in packet-foo.c with register_table_dissector() and once you get the poo.existence field, call the table with dissector_try_uint_new(). I recommend you to have a look at the various dissectors using a dissector table, like proto-ip.c.
That said, if you have a single value to be filled in this dissector table, it might be easier to call the poo dissector directly when poo.existence = 1. Simply find the corresponding handle by using find_dissector() in proto_reg_handoff_foo() and call the dissector with call_dissector() or call_dissector_with_data(). Again you will find plenty of exemples in the source code.
Note also that the call to register_dissector("poo", dissect_poo, proto_poo) must be done in proto_register_poo(), not in proto_reg_handoff_poo(). This function returns a handle that can be used as input for dissector_add_uint().
answered 17 May '17, 07:14
edited 17 May '17, 07:18