On Sat, Jan 27, 2007 at 01:06:19AM +0800, Bingyao Du wrote:
> The protocol I'm dissecting has a "header" portion, that contains a
> "type field", and then a payload with different format for each type.
> The Header protion contains several fields.
>
> I thinks it's better to display the packet with two dissectors, just
> looks like IP dissector and TCP dissector. What should I do? Or could
> you send me an example or demo? Thanks very much.
The best/easiest way to do it is within the same dissector. A dissector
you can use as an example is packet-wlccp.c. The only difference is
that the version (akin to your type) field is at the beginning of the
packet, but that doesn't make a difference in how it's implemented.
Line 205 gets the version (type in your case) and line 208 checks if the
type is 0x0 and displays fields based on that version. Line 231 checks
if the version is instead 0xC1 and displays fields based on that
version.
Steve