[Wireshark-dev] Re : dissector_add(tcp.proto... / where to find parameter for dissector_add()

[Yvan Madec]

Sorry for my wrong answer.  Considering Guy's answer, this time I hope I'm 
right:
There is an ip.proto, as you can see in this extract of packet-ip.c

   /* subdissector code */
    ip_dissector_table = register_dissector_table("ip.proto",
        "IP protocol", FT_UINT8, BASE_DEC);

But I don't know how you can use it to determine if it is TCP or UDP in your 
code, and I'm also interested by this answer. Maybe using pinfo structure and 
extract the [protocols in frame: eth:ip:udp] to check if there is "udp" or 
"tcp" inside, but I haven't found yet.

And for your last question, I don't know how to have directly the UDP length 
without header.

Yvan




________________________________
De : Armin Zimmermann <eddi...@gmx.de>
À : Developer support list for Wireshark <wireshark-dev@wireshark.org>
Envoyé le : Vendredi, 24 Avril 2009, 15h53mn 34s
Objet : Re: [Wireshark-dev] dissector_add(tcp.proto... / where to find 
parameter for dissector_add()


> What you should do is have a *heuristic* dissector, which you would  
> register with
> 
>     heur_dissector_add("udp", dissect_red, proto_red);
> 
> dissect_red() would return a gboolean - FALSE if the packet isn't a  
> packet for your protocol, TRUE if it is.  It would probably look like
> 
>     static gboolean
>     dissect_red(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
>     {
>         if (tvb_reported_length(tvb) != CORRECT_DATA_LENGTH)
>             return FALSE;
> 
>         dissect the packet;
> 
>         return TRUE;
>     }

Thank you for your answer. The heuristic dissector is exactly what I needed.

But there is another question: How can I check whether it is a UDP-package or a 
TCP-package? Is there something like ip.proto==0x06 ?
-- 
Neu: GMX FreeDSL Komplettanschluss mit DSL 6.000 Flatrate + Telefonanschluss 
für nur 17,95 Euro/mtl.!* 
http://dslspecial.gmx.de/freedsl-surfflat/?ac=OM.AD.PD003K11308T4569a
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe



      
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe