On Jul 14, 2009, at 10:56 AM, Frederic Turmel wrote:
Hi, I'm trying to build a plugin to dissect the payload of an mpeg
transport packet. I'm using the following to add my plugin:
dissector_add("mp2t.pid", 0x00001f76, pluginHandle);
However when I build the code, wireshark crash at startup.
That won't work. Wireshark does not (and probably will not ever)
arrange that every single field in a protocol can be used in that
fashion.
The first argument to dissector_add() is the name of a "dissector
table", used by the dissector that created the table to hand off
packet data to another dissector. By *convention*, if a particular
field's value is used to choose the dissector to which to hand off the
packet data, the dissector table's name is the same as the name of the
field; however, that does not mean that any field in a dissector can
be used for this.
Is there another way to add a dissector based on the PID number?
No. You would have to modify the MPEG-2 transport stream dissector to
support handing off the payload to another dissector; it currently has
no code to do so. You'd have to modify dissect_tsp() to use the PID
number to determine the dissector to handle the payload.