Ah! That's what I was looking for. It shows up now. Thanks Bill!
Scott
On Thu, May 20, 2010 at 1:21 PM, Bill Meier <wme...@newsguy.com> wrote:
> Scott wrote:
> > Devs,
> >
> > How does Wireshark know which dissector(s) to call while dissecting a
> > packet? I've written a dissector for a protocol in development which
> > consists of a shim inserted into every packet on the network. Our code
> > correctly updates checksums and sets IP's "Protocol" field to an
> identifier
> > for our protocol. I am compiling the dissector directly into source
> instead
> > of as a plugin. After compilation the dissector correctly shows up in
> the
> > list of dissectors from within Wireshark, but it has yet to correctly
> > dissect anything in the packet view.
> >
> > I put printf's into the register and dissect functions to see if they
> were
> > really being called, but I don't see the results from that and only half
> > expected to anyway.
> > I also thought that maybe Wireshark knows which dissector to call by the
> > identifier IP lists in the "Protocol" field, but if it does, I don't know
> > where in my dissector code that ID should go.
> > I believe I correctly add items to the protocol tree.
> >
>
>
> So: your protocol rides over IP ?
>
> If so, you need code in your dissector like that in packet-tcp.c
> proto_reg_handoff_tcp..
>
> {
> dissector_handle_t tcp_handle;
>
> tcp_handle = create_dissector_handle(dissect_tcp, proto_tcp);
> dissector_add("ip.proto", IP_PROTO_TCP, tcp_handle);
>
> ...
> }
>
> Do you have a reg_handoff function ???
>
>
> ___________________________________________________________________________
> Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
> Archives: http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
>
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
