On Sun, Jun 19, 2011 at 01:59:21AM +0100, Tyson Key wrote:
> I'm currently in the process of writing a dissector for Apple's USBMUX
> protocol (which encapsulates TCP frames with a non-IP-based 8 byte
> header), as used by their seemingly ubiquitous iProduct family.
> Having looked at the IPv4 and TCP dissectors for inspiration, I
> decided to add "*dissector_add_uint("usbmux.data", IP_PROTO_TCP,
> tcp_handle);*"
That function is for adding an entry to a "uint dissector table" (see
epan/packet.h) by the name of the first parameter. So the usbmux.data
dissector table would first have to exist. That isn't quite what you
need to do.
> Any thoughts from others who are more experienced with that portion of
> the codebase?
You have TCP segments preceded by an 8 byte non-IP header, so you need
to pass that portion of the tvbuff (starting at byte 9 until the end) to
the TCP dissector. The TCP dissector registers itself by name with the
register_dissector("tcp"... call in epan/dissectors/packet-tcp.c, so all
you need to do is look up that handle in your proto_reg_handoff_XXX
function like so (even the tcp dissector looks itself up):
Make a global variable (not inside a function):
dissector_handle_t tcp_handle;
Then in proto_reg_handoff_XXX():
tcp_handle = find_dissector("tcp");
Then at the right point in your code - after you dissect those first 8
bytes if possible, create a new tvbuff with the rest of the packet
and pass it to the TCP dissector with something like this (untested but
should be right):
tvbuff_t *payload;
payload_tvb = tvbuff_new_subset_remaining(tvb, 8);
call_dissector(tcp_handle, payload_tvb, pinfo, tree);
Hope this helps.
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
