On Fri, May 21, 2010 at 3:18 PM, Guy Harris <[email protected]> wrote:
>
> So what protocols does your custom protocol run on top of?
For now the custom protocol is a dummy protocol that only contains a 32-bit
int and rides on top of the IP protocol rider (*it*). I got the custom
protocol to show up in the packet detail window ok, although not how I
expected..
> > And what does dissector_try_port() do? All I could tell is that it
> returns a gboolean.
>
> It takes, as arguments:
>
> 1) a handle for a dissector table that uses integral values as keys
> (it should really be dissector_try_uint(); the "port" is historical);
>
> 2) an integral value to use to select a dissector from that
> dissector table;
>
> 3) a tvbuff_t * that refers to a tvbuff with the data to be
> dissected by the selected dissector;
>
> 4) a packet_info *, which should be the one the dissector calling
> dissector_try_port() was handed;
>
> 5) a proto_tree *, which should be the one the dissector calling
> dissector_try_port() was handed.
>
When I called dissector_try_port() from the *it* IP rider protocol like
this:
dissector_try_port(subdissector_table, hf_[type switch], next_tvb, pinfo,
tree)
the dummy protocol didn't match correctly. However, when I called it like
this:
dissector_try_port(subdissector_table, pinfo->destport, next_tvb, pinfo,
tree)
it matched fine. This doesn't make a lot of sense to me (is it REALLY
matching on the port?) because the dummy custom protocol does:
dissector_add("[*it*].[type]", [macro], test_handle), which doesn't seem to
have anything to do with the port.
> > I mean *any protocol that runs atop IP* can follow it.
>
> Then you want to do what I suggested to find the right dissector for the
> following protocol - just get the "ip.proto" dissector table and use that.
Because the dummy protocol doesn't have a subdissectors table, the original
IP rider protocol needs to call dissector_try_port() again to grab the
dissectors for any protocols that may follow the dummy protocol (TCP, ICMP,
etc.). Here's the code I have:
/* dissector_try_port() call for the dummy protocol */
ip_dissector_table = find_dissector_table("ip.proto");
next_tvb = tvb_new_subset(next_tvb, [macro for dummy proto length], -1,
-1);
dissector_try_port(ip_dissector_table, hf_[*it* field that is a copy of
ip.proto's], next_tvb, pinfo, tree);
But I assume nothing is matching because no protocols show up after the
dummy protocol in the packet details window.
-Scott
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <[email protected]>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
