On Jul 16, 2007, at 7:02 AM, [EMAIL PROTECTED] wrote: > The normal approach is to have (for a frame level dissector): > > dissector_add("wtap_encap", WTAP_ENCAP_MYTYPE, mytype_handle); > > OR something like this for a nested dissector (where its based > on data in the super-frame (I think)): > > dissector_add("ip.proto", SOME_INDICATOR, mytype_handle);
The normal approach, if you have a value of *any* sort (whether it's the link-layer encapsulation type, a field in a protocol, a field in a pseudo-header, a user preference, the current phase of the moon, ...) is to have dissector_add(dissector table name, value in that table, mytype_handle); The distinction between the two cases you give is not a distinction that the Wiretap code makes, nor is it a distinction that we want to make in the documentation. > But I in my case, my (sub)dissector protocol isn't a WTAP type, > nor is it (really) sub-protocol of a super-frame type (in my > first scenario). As indicated, that doesn't mean you shouldn't have a dissector table and have sub-dissectors register in it. You could, for example, create a dissector table named "acn.proto" (or "acn_proto", or "roland.the.headless.thomson.gunner" - the name is not tied to anything else in Wireshark other than the calls that add to it) by calling "register_dissector_table()": acn_dissector_table = register_dissector_table("acn.proto", "ACN protocol number", FT_UINT32, BASE_HEX); have the dissector for your private WTAP type do if (!dissector_try_port(acn_dissector_table, pinfo->pseudo_header- >acn.proto, tvb, pinfo, tree)) call dissect_data to dissect the data, or something such as that rather than checking for different values of pinfo->pseudo_header- >acn.proto, and, for example, have the "ipars" dissector do dissector_add("acn.proto", 0x5, ipars_handle); > What I think I want to is something like: > > dissector_add("", NULL, mytype_handle); > > just to make it aribitrarily available for that explicit call. As you've discovered, if you want to have a dissector callable via call_dissector(), you have to register that dissector by name with register_dissector() - and you find the handle for the dissector by calling find_dissector() with that name. However, that's not necessarily what you want to do. _______________________________________________ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev