Re: [Wireshark-dev] what parameters for dissector_add() for a non-nested protocol

Mon, 16 Jul 2007 15:12:00 -0700 

On Jul 16, 2007, at 7:02 AM, [EMAIL PROTECTED] wrote:

> The normal approach is to have (for a frame level dissector):
>
>  dissector_add("wtap_encap", WTAP_ENCAP_MYTYPE, mytype_handle);
>
> OR something like this for a nested dissector (where its based
> on data in the super-frame (I think)):
>
>  dissector_add("ip.proto", SOME_INDICATOR, mytype_handle);

The normal approach, if you have a value of *any* sort (whether it's  
the link-layer encapsulation type, a field in a protocol, a field in a  
pseudo-header, a user preference, the current phase of the moon, ...)  
is to have

        dissector_add(dissector table name, value in that table,  
mytype_handle);

The distinction between the two cases you give is not a distinction  
that the Wiretap code makes, nor is it a distinction that we want to  
make in the documentation.

> But I in my case, my (sub)dissector protocol isn't a WTAP type,
> nor is it (really) sub-protocol of a super-frame type (in my
> first scenario).

As indicated, that doesn't mean you shouldn't have a dissector table  
and have sub-dissectors register in it.  You could, for example,  
create a dissector table named "acn.proto" (or "acn_proto", or  
"roland.the.headless.thomson.gunner" - the name is not tied to  
anything else in Wireshark other than the calls that add to it) by  
calling "register_dissector_table()":

        acn_dissector_table = register_dissector_table("acn.proto", "ACN  
protocol number", FT_UINT32, BASE_HEX);

have the dissector for your private WTAP type do

        if (!dissector_try_port(acn_dissector_table, pinfo->pseudo_header- 
 >acn.proto, tvb, pinfo, tree))
                call dissect_data to dissect the data, or something such as that

rather than checking for different values of pinfo->pseudo_header- 
 >acn.proto, and, for example, have the "ipars" dissector do

        dissector_add("acn.proto", 0x5, ipars_handle);

> What I think I want to is something like:
>
>  dissector_add("", NULL, mytype_handle);
>
> just to make it aribitrarily available for that explicit call.

As you've discovered, if you want to have a dissector callable via  
call_dissector(), you have to register that dissector by name with  
register_dissector() - and you find the handle for the dissector by  
calling find_dissector() with that name.

However, that's not necessarily what you want to do.
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Reply via email to