Wireshark mailing list archives
Re: How can I register a link layer protocol?
From: ashish goel <ashish.kumar.goel1 () gmail com>
Date: Tue, 6 Mar 2012 08:45:42 +0530
Hi Armando, By creating a new workspace I meant deleting the first one completely and taking the new one and implementing the changes again. In the mean time can you post the code. 2012/3/5 Armando Vázquez <avr989 () gmail com>
I did so by using this function: void proto_register_myprotocol(void) { ... register_dissector("MY_PROTOCOL", dissect_myprotocol, proto_my_protocol); } Armando Vázquez Ramírez On Mon, Mar 5, 2012 at 11:07 AM, Jeff Morriss <jeff.morriss.ws () gmail com>wrote:For this to work your dissector needs to be registered by name. To get that it needs to call register_dissector(). Armando Vázquez wrote:Thanks ashis! When I tried this my protocol does not show up as a valid protocol, why is that? I tried using my dissector for the header protocol, but it should also disscet 2 trailer bytes, does that represent a problem ? What should I put in the header size field? Besides, I've read that using the GUI and editing the DLT_User is the same as using the function dissector_add_uint(), am I right? If so, why isn't working? should I change something else in pcap-common.c or wtap.c or wtap.h? Armando Vázquez Ramírez On Sat, Mar 3, 2012 at 6:27 AM, ashish goel < ashish.kumar.goel1 () gmail com <mailto:ashish.kumar.goel1@**gmail.com<ashish.kumar.goel1 () gmail com>>> wrote: Hi Armando, The is a way you can do it through wireshark GUI. Go to preferences -> protocols -> DLT_User. Here click on edit and add your protocol on any of the User DLTs(147 - 162). But make sure that that the pcap file you are using must have defined the same DLT value in its global header. Hope this helps. Thanks, Ashish 2012/3/2 Armando Vázquez <avr989 () gmail com <mailto:avr989 () gmail com>> Hi guys, I've read the developers guide, README.developer, wiretap plugin wiki and found no answer. Here is my problem. I'm trying to use Wireshark for dissecting a pcap capture of a protocol that it's not currently defined in wireshark. So I started writing a plugin, but I haven't been able to declare or register this dissector so it is enabled as a link layer dissector. I need to achieve this because this is not a internet protocol, so I need to identify it in this layer. I've already read this dev-topic (http://www.mail-archive.com/**wireshark-dev () wireshark org/** msg05931.html<http://www.mail-archive.com/wireshark-dev () wireshark org/msg05931.html> ) but I didn't understand it well. The dissection part works fine, I've tested it using a pcap and nesting it on top of TCP. I would really appreciate your help. Also I've added in wtap.h #define WTAP_ENCAP_MYPROTOCOL 147 and in wtap.c static struct encap_type_info encap_table_base[] = { ... { "RESERVED 138", "res0" }, { "RESERVED 139", "res1" }, { "RESERVED 140", "res2" }, { "RESERVED 141", "res3" }, { "RESERVED 142", "res4" }, { "RESERVED 143", "res5" }, { "RESERVED 144", "res6" }, { "RESERVED 145", "res7" }, { "RESERVED 146", "res8" }, /* WTAP_ENCAP_MYPROTOCOL*/ { "MY PROTOCOL, "myprotocol" } }; Here are the register and handoff sections of my code ------------------------------**------------------------------** ---------------------- void proto_register_myprotocol (void) { ... myprotocol_dissector_table = register_dissector_table("**myprotocol.proto","ACN protocol number", FT_UINT8, BASE_HEX); proto_register_field_array (proto_myprotocol, hf, array_length (hf)); proto_register_subtree_array (ett, array_length (ett)); register_dissector("**myprotocol", dissect_myprotocol, proto_myprotocol); } void proto_reg_handoff_myprotocol(**void) { data_handle = find_dissector("data"); myprotocol_handle = create_dissector_handle(**dissect_myprotocol, proto_myprotocol); dissector_add_uint("wtap_**encap", WTAP_ENCAP_MYPROTOCOL, myprotocol_handle); dissector_add_uint("tcp.port", global_myprotocol_port, myprotocol_handle); // Registering this on top of TCP was only to develop the dissection part, this won't be present in the release version }______________________________**______________________________** _______________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/**lists/wireshark-dev<http://www.wireshark.org/lists/wireshark-dev> Unsubscribe: https://wireshark.org/mailman/**options/wireshark-dev<https://wireshark.org/mailman/options/wireshark-dev> mailto:wireshark-dev-request@**wireshark.org<wireshark-dev-request () wireshark org> ?subject=**unsubscribe___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
-- Thanks, Ashish
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- How can I register a link layer protocol? Armando Vázquez (Mar 02)
- Re: How can I register a link layer protocol? ashish goel (Mar 03)
- Re: How can I register a link layer protocol? Armando Vázquez (Mar 03)
- Re: How can I register a link layer protocol? ashish goel (Mar 03)
- Re: How can I register a link layer protocol? Alex Lindberg (Mar 05)
- Re: How can I register a link layer protocol? Armando Vázquez (Mar 05)
- Re: How can I register a link layer protocol? Armando Vázquez (Mar 05)
- Re: How can I register a link layer protocol? Armando Vázquez (Mar 03)
- Re: How can I register a link layer protocol? Jeff Morriss (Mar 05)
- Re: How can I register a link layer protocol? Armando Vázquez (Mar 05)
- Re: How can I register a link layer protocol? ashish goel (Mar 05)
- Re: How can I register a link layer protocol? ashish goel (Mar 03)