-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Hi
So I wrote a small dissector and got it to work. It's based on
WTAP_ENCAP3, so it shows the packet right from the start. For now I have
two fields which are specified in proto_register_mycode() and added in
dissect_mycode():
proto_tree_add_item(wrl_tree, hf_wrl_type, tvb, 0, 4, FALSE);
proto_tree_add_item(wrl_tree, hf_wrl_data, tvb, 4, -1, FALSE);
What I want next is a second dissector(end goal: many more) which I can
use to dissect the data field, based on the value of type. Do I need to
specify a subtree somehow so a different dissector can use it? Or can I
just write a second dissector and register it for hf_wrl_data(tested.
compiled, but ended in dumped core).
I do realize ethernet/IP/TCP and other have the same probleme. Digging
through heaps of code though, not knowing what to look for, I couldn't
determine how to do it.
So, do I need to add something to the main dissector so a second
dissector can be used to analyze one field of the main dissector(of the
packet)?
What is it called, do I add it in the proto_register_X() or the
dissect_X() code(or both), and is there an easy example(I couldnt find
one while checking out a bunch of files in the dissectors/ directory).
Cheers,
wrl
- --
dreaming in digital - living in realtime - thinking in binary - talking
in IP - welcome to our world
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHmRlv9A36oltxjVQRA/pMAJ4/+hxuC1BS4zUggaj+JRb9WB5wGACfWX+H
khE4EXlx+6B0AN08DZ+WHXw=
=H2/F
-----END PGP SIGNATURE-----