Ethereal-dev: Re: [Ethereal-dev] Parsing a Non-Network packet

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Gilbert Ramirez <gilbertr@xxxxxxxxx>
Date: Tue, 3 May 2005 16:27:29 -0500
(Sending again, since the first time I sent it only to Senthil)

That's right... you're looking at writing 2 new files, one for wiretap
and one for the epan/dissectors directory (or as a plugin, if you
want). Think of wiretap as a totally separate entity, since it really
is. Wiretap's job is to parse a file into individual packets, and send
the packet data, plus metadata, to Ethereal.

There isn't a hook from wiretap to individual dissectors. Wiretap
simply provides data to Ethereal. Ethereal requests the data, then
starts dissecting it. That's why your dissector has to register
itself; it registers itself with the Ethereal routines that direct the
dissection.

Ethereal will get a packet from wiretap and will start dissecting it.
The first dissector that is called is the one in packet-frame.c; it
displays packet metadata. It then uses the "wtap_encap" "hook" to call
the next dissector. Your new dissector will have registered itself,
via dissector_add, so that it is called when the "wtap_encap" "hook"
has the value of your new WTAP_ENCAP_* macro.

--gilbert