On 1/27/07, Bingyao Du <[EMAIL PROTECTED]> wrote: > Hi Amit > > My problem is there are too many fields in only one protocol. So, I want to > split the packet into two independent dissectors. I attached it:)
Trust me they are not that many... take a look at packet-alcap.c (just one example and see it yourself) > > Steve, > > I do it as you said. But the problem is there are too many fields. I think > it's better split it into two protocols. Attached the C file. The problem > troubles me for many days. Wow... > > Best regards > > -Bingyao > > > 2007/1/27, Stephen Fisher <[EMAIL PROTECTED]>: > > On Sat, Jan 27, 2007 at 01:06:19AM +0800, Bingyao Du wrote: > > > > > The protocol I'm dissecting has a "header" portion, that contains a > > > "type field", and then a payload with different format for each type. > > > The Header protion contains several fields. > > > > > > I thinks it's better to display the packet with two dissectors, just > > > looks like IP dissector and TCP dissector. What should I do? Or could > > > you send me an example or demo? Thanks very much. > > > > The best/easiest way to do it is within the same dissector. A dissector > > you can use as an example is packet-wlccp.c. The only difference is > > that the version (akin to your type) field is at the beginning of the > > packet, but that doesn't make a difference in how it's implemented. > > Line 205 gets the version (type in your case) and line 208 checks if the > > type is 0x0 and displays fields based on that version. Line 231 checks > > if the version is instead 0xC1 and displays fields based on that > > version. > > > > > > Steve > > > > > > > _______________________________________________ > Wireshark-dev mailing list > [email protected] > http://www.wireshark.org/mailman/listinfo/wireshark-dev > > > -- This information is top security. When you have read it, destroy yourself. -- Marshall McLuhan _______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev
