Ah! That's what I was looking for. It shows up now. Thanks Bill!
Scott
On Thu, May 20, 2010 at 1:21 PM, Bill Meier
<wmeier@xxxxxxxxxxx> wrote:
Scott wrote:
> Devs,
>
> How does Wireshark know which dissector(s) to call while dissecting a
> packet? I've written a dissector for a protocol in development which
> consists of a shim inserted into every packet on the network. Our code
> correctly updates checksums and sets IP's "Protocol" field to an identifier
> for our protocol. I am compiling the dissector directly into source instead
> of as a plugin. After compilation the dissector correctly shows up in the
> list of dissectors from within Wireshark, but it has yet to correctly
> dissect anything in the packet view.
>
> I put printf's into the register and dissect functions to see if they were
> really being called, but I don't see the results from that and only half
> expected to anyway.
> I also thought that maybe Wireshark knows which dissector to call by the
> identifier IP lists in the "Protocol" field, but if it does, I don't know
> where in my dissector code that ID should go.
> I believe I correctly add items to the protocol tree.
>
So: your protocol rides over IP ?
If so, you need code in your dissector like that in packet-tcp.c
proto_reg_handoff_tcp..
{
dissector_handle_t tcp_handle;
tcp_handle = create_dissector_handle(dissect_tcp, proto_tcp);
dissector_add("ip.proto", IP_PROTO_TCP, tcp_handle);
...
}
Do you have a reg_handoff function ???