On Mar 11, 2009, at 10:52 PM, Rayne wrote: > I would like to know if adding a new dissector would require > modifying/adding this dissector to the code of the dissector that > may later call it.
In most cases, no. That's why we do all that dissector-table and heuristic-dissector-list stuff we mentioned to you earlier. > For example, I was looking at packet-gtp.c, and in > proto_re_handoff_gtp(), dissector_add() was used to add UDP and if > neccessary, TCP. Looking at dissector_add(), it appears that it > would call dissector_add_handle() to add GTP as a sub-dissector to > UDP and/or TCP. All of this is done only in packet-gtp.c and not in > packet-udp.c or packet-tcp.c. > > If my reasoning is correct, am I right to say when I add a > dissector, I need not modify the codes of the protocol layers below > it? In most cases, yes. > For example in this case, if I were to add the GTP dissector, I only > need to specify and add the layers below it (UDP and/or TCP) in its > own code. Yes. > As for protocol layers above it, I would just use call_dissector > whenever appropriate? You would use whatever's appropriate for the dissector. If the protocol layer has a field that you can use to select the next protocol layer, you'd use the routines that look up an unsigned integer or a string in a dissector table, rather than call_dissector(). If more complicated rules to determine what dissector to call are required, you might have to look up the dissectors in question by name and use call_dissector() - which might require that those dissectors be changed to register themselves by name. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
