-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hi
So I wrote a small dissector and got it to work. It's based on WTAP_ENCAP3, so it shows the packet right from the start. For now I have two fields which are specified in proto_register_mycode() and added in dissect_mycode(): proto_tree_add_item(wrl_tree, hf_wrl_type, tvb, 0, 4, FALSE); proto_tree_add_item(wrl_tree, hf_wrl_data, tvb, 4, -1, FALSE); What I want next is a second dissector(end goal: many more) which I can use to dissect the data field, based on the value of type. Do I need to specify a subtree somehow so a different dissector can use it? Or can I just write a second dissector and register it for hf_wrl_data(tested. compiled, but ended in dumped core). I do realize ethernet/IP/TCP and other have the same probleme. Digging through heaps of code though, not knowing what to look for, I couldn't determine how to do it. So, do I need to add something to the main dissector so a second dissector can be used to analyze one field of the main dissector(of the packet)? What is it called, do I add it in the proto_register_X() or the dissect_X() code(or both), and is there an easy example(I couldnt find one while checking out a bunch of files in the dissectors/ directory). Cheers, wrl - -- dreaming in digital - living in realtime - thinking in binary - talking in IP - welcome to our world -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHmRlv9A36oltxjVQRA/pMAJ4/+hxuC1BS4zUggaj+JRb9WB5wGACfWX+H khE4EXlx+6B0AN08DZ+WHXw= =H2/F -----END PGP SIGNATURE----- _______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev
