This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I have defined a foo protocol dissector in Wireshark and compiled it successfully, but when I try adding this dissector in Preferences->Protocols->DLT_USER->Encapsulations Table, it shows this error:

error in column 'Payload protocol': dissector not found

Please advise.

EDIT: SOURCE ADDED BELOW

void
proto_register_foo(void)
{
    static hf_register_info hf[] = {
        { &hf_foo_pdu_type,
            { "FOO PDU Type", "foo.type",
            FT_UINT8, BASE_DEC,
            NULL, 0x0,
            NULL, HFILL }
        }
    };

    /* Setup protocol subtree array */
    static gint *ett[] = {
        &ett_foo
    };

    proto_foo = proto_register_protocol (
        "FOO Protocol", /* name       */
        "FOO",      /* short name */
        "foo"       /* abbrev     */
        );

    proto_register_field_array(proto_foo, hf, array_length(hf));
    proto_register_subtree_array(ett, array_length(ett));
    register_dissector("foo",dissect_foo,proto_foo);
}

asked 04 Feb '12, 07:33

ashish_goel's gravatar image

ashish_goel
15121216
accept rate: 0%

edited 06 Feb '12, 22:41

helloworld's gravatar image

helloworld
3.1k42041


You need to register your dissector with name, register_dissector("rtp", dissect_rtp, proto_rtp);

permanent link

answered 04 Feb '12, 08:33

Anders's gravatar image

Anders ♦
4.6k952
accept rate: 17%

Hi I added the following statement in the function proto_register_foo() function but no use.. Still getting the same error :(

(04 Feb '12, 11:02) ashish_goel

There is no "following statement" in your comment. Presumably you didn't literally add the statement

register_dissector("rtp", dissect_rtp, proto_rtp);

as that would only work for an RTP dissector, but you instead registered with a name such as "foo" and with names such as dissect_foo and proto_foo as arguments.

You also need to put it in your dissector's "register" routine (not the "register_handoff" routine).

(04 Feb '12, 16:14) Guy Harris ♦♦

@ guy harris. I added : register_dissector("foo",dissect_foo,proto_foo); function call at the last line of proto_register_foo() routine. I guess I have done it right as per your suggestion. but its not working.

(05 Feb '12, 00:45) ashish_goel

I.e., if you open up the preferences for DLT_USER, click the "Edit..." button for "Encapsulations Table", click "New" or select an existing item and click "Edit...", and put "foo" into the "Payload protocol" field, and click "OK", you get that error?

(05 Feb '12, 11:14) Guy Harris ♦♦

@guy harris. yes, I followed the same steps. And the foo protocol which I have defined is the same one which is there is developer's guide.

(05 Feb '12, 18:55) ashish_goel

It might help if you edited your question to include your code for proto_register_foo().

(05 Feb '12, 19:26) helloworld

not having that right now.. will edit it in few hours.. BTW Is there anything not clear?

(05 Feb '12, 22:50) ashish_goel

No. Adding register_dissector (or new_register_dissector) is supposed to work (and I've confirmed it does for me using the code template from README.developer with the latest source). Maybe there's something in your code that you don't see.

(05 Feb '12, 23:45) helloworld

And to be complete, my proto_register_foo() looks like this:

void
proto_register_foo(void)
{
    proto_foo = proto_register_protocol("foo","foo", "foo");
    new_register_dissector("foo", dissect_foo, proto_foo);
}
(05 Feb '12, 23:51) helloworld

I have called register_dissector() function not new_register_dissector().

BTW I have edited the ques to include the source of my proto_register_foo function.

(06 Feb '12, 01:34) ashish_goel

any suggestions plz??

(06 Feb '12, 08:27) ashish_goel

You can use either new_register_dissector or register_dissector, but the latter requires a type-cast on dissect_foo (depending on which source list you added your dissector to).

Your code works for me (I can add "foo" to the DLT table from prefs). If you type foo into Wireshark's Display Filter textbox, the textbox's background should turn green. Otherwise, your dissector isn't even registered. Is your source actually being compiled?

(06 Feb '12, 14:53) helloworld

My source file is located in:

${wireshark_src}/epan/dissectors/packet-foo.c

I added packet-foo.c to the DISSECTOR_SRC list in:

${wireshark_src}/epan/CMakeLists.txt

If you're not using CMake (i.e., you're using the autotools build), the file to modify is:

${wireshark_src}/epan/dissectors/Makefile.common
(06 Feb '12, 15:03) helloworld

the dissector is registered for sure. I can use it in the decode as option. Even the filter text box turns green.

the new_register_dissector function not working for me. throws an error while compiling.

(06 Feb '12, 18:44) ashish_goel

I don't have any other suggestions other than for you to step through the code with a debugger (put a breakpoint at uat_fld_chk_proto).

(06 Feb '12, 22:36) helloworld

thanks, for all the help. I had to create a new workspace and it worked. I guess some file was corrupted

(07 Feb '12, 22:39) ashish_goel
showing 5 of 16 show 11 more comments

I've seen this when the user_dlts file is malformed or contains a reference to a nonexistent dissector. Try deleting your user_dlts file, or at least check to make sure that each entry looks valid.

permanent link

answered 06 Feb '12, 13:30

multipleinterfaces's gravatar image

multipleinte...
1.3k152340
accept rate: 12%

thanks, it worked.. I had to create a new workspace and it worked. I guess some file was corrupted

(07 Feb '12, 22:38) ashish_goel
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×193
×158

question asked: 04 Feb '12, 07:33

question was seen: 7,084 times

last updated: 07 Feb '12, 22:39

p​o​w​e​r​e​d by O​S​Q​A