Wireshark-dev: Re: [Wireshark-dev] register own protocol whith dissector tables ???
Hi Anders!!
thank you for you advice ; I moved this line , but always no effect on Wireshark.
regards
Houssem
--- En date de : Mar 17.6.08, Anders Broman <anders.broman@xxxxxxxxxxxx> a écrit :
De: Anders Broman <anders.broman@xxxxxxxxxxxx>
Objet: Re: [Wireshark-dev] register own protocol whith dissector tables ???
À: "Developer support list for Wireshark" <wireshark-dev@xxxxxxxxxxxxx>
Date: Mardi 17 Juin 2008, 13h24
Hi,How about moving this linefoo_handle = create_dissector_handle(dissect_foo, proto_foo);Before:dissector_add("q931.ie",0xFE,foo_handle);
/*0xFE is identifier of my protocol*/
Regards
Anders
From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of H F
Sent: den 17 juni 2008 15:15
To: wireshark-dev@xxxxxxxxxxxxx
Subject: [Wireshark-dev] register own protocol whith dissector tables ???
Hi!!!
I'm writing a plugin for our program's own protocol, which encapsulates a whole 'q931' package in user-user information element (look at the end of massage in red ).
In the first time ; I would just write a small program to check the right place to register my Protocol, and display :
Q.931
………………………………
……………………………..
…………………………….
User-user
Information element: User-user
Length: 15
Protocol discriminator: User-specific protocol
User information:
mytype protocol ( 0xFE)
Texte: B30C07498131323533357F0182
I register my protocol with the table (q931.ie ) like this :
dissector_add(dissector table name, value in that table, mytype_handle)
====>dissector_add("q931.ie",0xFE,foo_handle)
when Wireshark build !! I' don't get error, but It has no effect on Wireshark.
This function is called to register my protocol:
proto_reg_handoff_ipnet(void)
{
static gboolean initialized = FALSE;
if (!initialized) {
q931_ie_handle = find_dissector("q931.ie");
dissector_add("q931.ie",0xFE,foo_handle);
/*0xFE is identifier of my protocol*/
foo_handle = create_dissector_handle(dissect_foo, proto_foo);
initialized = TRUE;
}
};
My question :* you think that it's the good table ?!!!
* How can I register my Protocol correctly?
No. Time Source Destination Protocol Info
203 15.094231 10.24.30.13 10.24.30.15 Q.931 CS: setup SETUP
Frame 203 (210 bytes on wire, 210 bytes captured)
Arrival Time: Jun 2, 2008 17:57:50.481268000
[Time delta from previous captured frame: 0.016456000 seconds]
[Time delta from previous displayed frame: 15.094231000 seconds]
[Time since reference or first frame: 15.094231000 seconds]
Frame Number: 203
Frame Length: 210 bytes
Capture Length: 210 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp:q931:q931:h225:q931]
[Coloring Rule Name: TCP]
[Coloring Rule String: tcp]
Ethernet II, Src: Ericsson_fb:c0:9c (00:01:ec:fb:c0:9c), Dst: Ericsson_52:f2:14 (00:80:37:52:f2:14)
Destination: Ericsson_52:f2:14 (00:80:37:52:f2:14)
Address: Ericsson_52:f2:14 (00:80:37:52:f2:14)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Ericsson_fb:c0:9c (00:01:ec:fb:c0:9c)
Address: Ericsson_fb:c0:9c (00:01:ec:fb:c0:9c)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 10.24.30.13 (10.24.30.13), Dst: 10.24.30.15 (10.24.30.15)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0xb8 (DSCP 0x2e: Expedited Forwarding; ECN: 0x00)
1011 10.. = Differentiated Services Codepoint: Expedited Forwarding (0x2e)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 196
Identification: 0xf0fa (61690)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0x3836 [correct]
[Good: True]
[Bad : False]
Source: 10.24.30.13 (10.24.30.13)
Destination: 10.24.30.15 (10.24.30.15)
Transmission Control Protocol, Src Port : mxomss (1141), Dst Port : h323hostcall (1720), Seq: 1, Ack: 1, Len: 156
Source port: mxomss (1141)
Destination port: h323hostcall (1720)
Sequence number: 1 (relative sequence number)
[Next sequence number: 157 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 5840
Checksum: 0xc1ad [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
TPKT, Version: 3, Length: 156
Version: 3
Reserved: 0
Length: 156
Q.931
Protocol discriminator: Q.931
Call reference value length: 2
Call reference flag: Message sent from originating side
Call reference value: 012A
Message type: SETUP (0x05)
Bearer capability
Information element: Bearer capability
Length: 3
1... .... = Extension indicator: last octet
.00. .... = Coding standard: ITU-T standardized coding (0x00)
...0 1000 = Information transfer capability: Unrestricted digital information (0x08)
1... .... = Extension indicator: last octet
.00. .... = Transfer mode: Circuit mode (0x00)
...1 0000 = Information transfer rate: 64 kbit/s (0x10)
1... .... = Extension indicator: last octet
...0 0101 = User information layer 1 protocol: Recommendation H.221 and H.242 (0x05)
Called party number: '129'
Information element: Called party number
Length: 4
.... 1001 = Numbering plan: Private numbering (0x09)
.100 .... = Number type: Subscriber number (0x04)
1... .... = Extension indicator: last octet
Called party number digits: 129
User-user
Information element: User-user
Length: 133
Protocol discriminator: X.208 and X.209 coded user information
H.225.0 CS
H323-UserInformation
h323-uu-pdu
h323-message-body: setup (0)
setup
protocolIdentifier: 0.0.8.2250.0.2 (Version 2)
h245Address: ipAddress (0)
ipAddress
ip: 10.24.30.13 (10.24.30.13)
port: 2002
sourceInfo
.... ...0 mc: False
0... .... undefinedNode: False
destinationAddress: 1 item
Item 0
Item: dialedDigits (0)
dialedDigits: 129
.... 0... activeMC: False
conferenceID: 00000018-3e17-fb70-0008-467f00b63678
conferenceGoal: create (0)
create: NULL
callType: pointToPoint (0)
pointToPoint: NULL
sourceCallSignalAddress: ipAddress (0)
ipAddress
ip: 10.24.30.13 (10.24.30.13)
port: 1720
callIdentifier
guid: 00000018-3e17-fb70-0008-467f00b63678
0... .... mediaWaitForConnect: False
1... .... canOverlapSend: True
0... .... h245Tunneling: False
tunnelledSignallingMessage
tunnelledProtocolID
id: tunnelledProtocolObjectID (0)
tunnelledProtocolObjectID: 1.3.12.9 (SNMPv2-SMI::org.12.9)
messageContent: 1 item
Item 0
Item: 46 octets
Q.931
Protocol discriminator: Q.931
Call reference value length: 2
Call reference flag: Message sent from originating side
Call reference value: 0053
Message type: SETUP (0x05)
Bearer capability
Information element: Bearer capability
Length: 3
1... .... = Extension indicator: last octet
.00. .... = Coding standard: ITU-T standardized coding (0x00)
...0 0000 = Information transfer capability: Speech (0x00)
1... .... = Extension indicator: last octet
.00. .... = Transfer mode: Circuit mode (0x00)
...1 0000 = Information transfer rate: 64 kbit/s (0x10)
1... .... = Extension indicator: last octet
...0 0011 = User information layer 1 protocol: Recommendation G.711 A-law (0x03)
Channel identification
Information element: Channel identification
Length: 3
1... .... = Extension indicator: last octet
.0.. .... = Interface identifier present: False
..1. .... = Interface type: Primary rate interface
.... 1... = Indicated channel is exclusive: Exclusive; only the indicated channel is acceptable
.... .0.. = D-channel indicator: False
.... ..01 = Information channel selection: Channel indicated in following octets (0x01)
1... .... = Extension indicator: last octet
.00. .... = Coding standard: ITU-T standardized coding (0x00)
...0 .... = Number/map: Channel indicated by number
.... 0011 = Element type: B-channel units (0x03)
1... .... = Extension indicator: last octet
.000 0010 = Channel number: 2
Non-locking shift to codeset 5: Information elements for national use
Unknown information element (0x31)
Information element: Unknown (0x31)
Length: 1
Data: 80
Called party number: '129'
Information element: Called party number
Length: 4
.... 1001 = Numbering plan: Private numbering (0x09)
.100 .... = Number type: Subscriber number (0x04)
1... .... = Extension indicator: last octet
Called party number digits: 129
High-layer compatibility
Information element: High-layer compatibility
Length: 2
.00. .... = Coding standard: ITU-T standardized coding (0x00)
High layer characteristics identification: Telephony
User-user
Information element: User-user
Length: 15
Protocol discriminator: User-specific protocol
User information: FEB30C07498131323533357F0182
(0xFE is identifier of own protocol)
0000 00 80 37 52 f2 14 00 01 ec fb c0 9c 08 00 45 b8 ..7R..........E.
0010 00 c4 f0 fa 00 00 40 06 38 36 0a 18 1e 0d 0a 18 [email protected]......
0020 1e 0f 04 75 06 b8 22 40 11 02 00 48 c1 02 50 18 ...u.."@...H..P.
0030 16 d0 c1 ad 00 00 03 00 00 9c 08 02 01 2a 05 04 .............*..
0040 03 88 90 a5 70 04 c9 31 32 39 7e 00 85 05 20 d0 ....p..129~... .
0050 06 00 08 91 4a 00 02 00 0a 18 1e 0d 07 d2 00 00 ....J...........
0060 01 01 00 45 c0 00 00 00 18 3e 17 fb 70 00 08 46 ...E.....>..p..F
0070 7f 00 b6 36 78 00 cd 0c 00 00 07 00 0a 18 1e 0d ...6x...........
0080 06 b8 11 00 00 00 00 18 3e 17 fb 70 00 08 46 7f ........>..p..F.
0090 00 b6 36 78 01 00 01 80 10 88 01 00 35 00 03 2b ..6x........5..+
00a0 0c 09 01 2e 08 02 00 53 05 04 03 80 90 a3 18 03 .......S........
00b0 a9 83 82 9d 31 01 80 70 04 c9 31 32 39 7d 02 91 ....1..p..129}..
00c0 81 7e 0f 00 fe b3 0c 07 49 81 31 32 35 33 35 7f .~......I.12535.
00d0 01 82
.
Best Regards
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-dev
- References:
- Prev by Date: [Wireshark-dev] buildbot failure in Wireshark (development) on Windows-XP-x86
- Next by Date: Re: [Wireshark-dev] Failure to dissect long SASL wrapped LDAP response
- Previous by thread: Re: [Wireshark-dev] register own protocol whith dissector tables ???
- Next by thread: [Wireshark-dev] Wireshark build error
- Index(es):