Hello, > > What is the return value of the main dissector function (the one that gets > > registered with register_dissector) supposed to be?
Basically, the length of the decoded PDUs. In many (most?) cases, this is also the length of the packet that was injected into the dissector but there are sometimes specific cases to handle properly: - Multiple PDUs in one packet - Single PDU spanning several packets (need to reassemble) - Malformed data - … > > What is supposed to be in its void* data parameter? (I checked the doc but > > didn't find an answer) > > I believe that this is supposed to be an agreement between the caller > and the dissectors behind the dissector table, if that is what you are > referring to. Yes it is indeed an agreement between the 2 parties. You might find it easier to look at the Thrift dissector which is allowing definition of sub-dissectors. For some reason, it needs to keep track of some protocol information and to achieve that, it passes a structure through this void pointer. Hope it will help. Triton. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
