Wireshark-dev: [Wireshark-dev] How can I register a link layer protocol?

From: Armando Vázquez <avr989@xxxxxxxxx>
Date: Thu, 1 Mar 2012 17:09:44 -0600
Hi guys,

I've read the developers guide, README.developer, wiretap plugin wiki and found no answer. Here is my problem. I'm trying to use Wireshark for dissecting a pcap capture of a protocol that it's not currently defined in wireshark. So I started writing a plugin, but I haven't been able to declare or register this dissector so it is enabled as a link layer dissector. I need to achieve this because this is not a internet protocol, so I need to identify it in this layer.

I've already read this dev-topic (http://www.mail-archive.com/wireshark-dev@xxxxxxxxxxxxx/msg05931.html) but I didn't understand it well.

The dissection part works fine, I've tested it using a pcap and nesting it on top of TCP. I would really appreciate your help. 

Also I've added in wtap.h

#define WTAP_ENCAP_MYPROTOCOL 147

and in wtap.c

static struct encap_type_info encap_table_base[] = {
...
{ "RESERVED 138", "res0" },
{ "RESERVED 139", "res1" },
{ "RESERVED 140", "res2" },
{ "RESERVED 141", "res3" },
{ "RESERVED 142", "res4" },
{ "RESERVED 143", "res5" },
{ "RESERVED 144", "res6" },
{ "RESERVED 145", "res7" },
{ "RESERVED 146", "res8" },

/* WTAP_ENCAP_MYPROTOCOL*/
{ "MY PROTOCOL, "myprotocol" }
};

Here are the register and handoff sections of my code

----------------------------------------------------------------------------------
void proto_register_myprotocol (void)
{
...

myprotocol_dissector_table = register_dissector_table("myprotocol.proto","ACN protocol number", FT_UINT8, BASE_HEX);
proto_register_field_array (proto_myprotocol, hf, array_length (hf));
proto_register_subtree_array (ett, array_length (ett));
register_dissector("myprotocol", dissect_myprotocol, proto_myprotocol);
}

void proto_reg_handoff_myprotocol(void)
{

data_handle = find_dissector("data");
myprotocol_handle = create_dissector_handle(dissect_myprotocol, proto_myprotocol);
dissector_add_uint("wtap_encap", WTAP_ENCAP_MYPROTOCOL, myprotocol_handle);
dissector_add_uint("tcp.port", global_myprotocol_port, myprotocol_handle); // Registering this on top of TCP was only to develop the dissection part, this won't be present in the release version


}

----------------------------------------------------------------------------------


This document is strictly confidential and intended only for use by the 
addressee unless otherwise stated.  If you are not the intended recipient,  
please notify the sender immediately and delete it from your system.