Hi all,
I am newbie in ethereal anylyzing code. I read
README.developer and found some info regarding
dissector_add that its prototype must be of form
dissector_add("PARENT_SUBFIELD", ID_VALUE,
PROTOABBREV_handle);
Then i check packet-ip.c for understanding
that and found alot of that calls
dissector_add("ethertype", ETHERTYPE_IP, ip_handle);
dissector_add("ppp.protocol", PPP_IP, ip_handle);
dissector_add("ppp.protocol", ETHERTYPE_IP,
ip_handle);
dissector_add("gre.proto", ETHERTYPE_IP, ip_handle);
dissector_add("gre.proto", GRE_WCCP, ip_handle);
dissector_add("llc.dsap", SAP_IP, ip_handle);
dissector_add("ip.proto", IP_PROTO_IPIP, ip_handle);
dissector_add("null.type", BSD_AF_INET, ip_handle);
dissector_add("chdlctype", ETHERTYPE_IP, ip_handle);
dissector_add("osinl.excl", NLPID_IP, ip_handle);
dissector_add("fr.ietf", NLPID_IP, ip_handle);
dissector_add("x.25.spi", NLPID_IP, ip_handle);
dissector_add("arcnet.protocol_id",
ARCNET_PROTO_IP_1051, ip_handle);
dissector_add("arcnet.protocol_id",
ARCNET_PROTO_IP_1201, ip_handle);
Why does each dissector functions required in
packet-ip.c? Does that mean no. of protocols that can
give packet data handle to IP protocol? If that is the
case then why ICMP handoff has
dissector_add("ip.proto", IP_PROTO_ICMP,
icmp_handle);
dissector_add("wtap_encap", WTAP_ENCAP_RAW_ICMP,
icmp_handle);
First one is ok that ICMP packet processed
IP header and then giving data part to ICMP but what
is other thing wtap_encap?
Also why proto_reg_handoff_ip has
dissector_add_handle("udp.port", ip_handle);
How a parent SUBFIELD be udp?
regards,
linux_lover.
__________________________________
Yahoo! Messenger
Show us what our next emoticon should look like. Join the fun.
http://www.advision.webevents.yahoo.com/emoticontest