Wireshark-dev: Re: [Wireshark-dev] How can I register a link layer protocol?

From: Armando Vázquez <avr989@xxxxxxxxx>
Date: Mon, 5 Mar 2012 11:28:13 -0600
I did so by using this function:

void proto_register_myprotocol(void)
{
...
register_dissector("MY_PROTOCOL", dissect_myprotocol, proto_my_protocol);

}

Armando Vázquez Ramírez


On Mon, Mar 5, 2012 at 11:07 AM, Jeff Morriss <jeff.morriss.ws@xxxxxxxxx> wrote:
For this to work your dissector needs to be registered by name.  To get that it needs to call register_dissector().

Armando Vázquez wrote:
Thanks ashis!

When I tried this my protocol does not show up as a valid protocol, why is that? I tried using my dissector for the header protocol, but it should also disscet 2 trailer bytes, does that represent a problem ? What should I put in the header size field?

Besides, I've read that using the GUI and editing the DLT_User is the same as using the function dissector_add_uint(), am I right? If so, why isn't working? should I change something else in pcap-common.c or wtap.c or wtap.h?


Armando Vázquez Ramírez


On Sat, Mar 3, 2012 at 6:27 AM, ashish goel <ashish.kumar.goel1@xxxxxxxxx <mailto:ashish.kumar.goel1@gmail.com>> wrote:

   Hi Armando,

   The is a way you can do it through wireshark GUI. Go to preferences
   -> protocols -> DLT_User. Here click on edit and add your protocol
   on any of the User DLTs(147 - 162). But make sure that that the pcap
   file you are using must have defined the same DLT value in its
   global header.

   Hope this helps.

   Thanks,
   Ashish
   2012/3/2 Armando Vázquez <avr989@xxxxxxxxx <mailto:avr989@xxxxxxxxx>>


       Hi guys,

       I've read the developers guide, README.developer, wiretap plugin
       wiki and found no answer. Here is my problem. I'm trying to use
       Wireshark for dissecting a pcap capture of a protocol that it's
       not currently defined in wireshark. So I started writing a
       plugin, but I haven't been able to declare or register this
       dissector so it is enabled as a link layer dissector. I need to
       achieve this because this is not a internet protocol, so I need
       to identify it in this layer.

       I've already read this dev-topic
       (http://www.mail-archive.com/wireshark-dev@xxxxxxxxxxxxx/msg05931.html)
       but I didn't understand it well.

       The dissection part works fine, I've tested it using a pcap and
       nesting it on top of TCP. I would really appreciate your help.
       Also I've added in wtap.h

       #define WTAP_ENCAP_MYPROTOCOL 147

       and in wtap.c

       static struct encap_type_info encap_table_base[] = {
       ...
       { "RESERVED 138", "res0" },
       { "RESERVED 139", "res1" },
       { "RESERVED 140", "res2" },
       { "RESERVED 141", "res3" },
       { "RESERVED 142", "res4" },
       { "RESERVED 143", "res5" },
       { "RESERVED 144", "res6" },
       { "RESERVED 145", "res7" },
       { "RESERVED 146", "res8" },

       /* WTAP_ENCAP_MYPROTOCOL*/
       { "MY PROTOCOL, "myprotocol" }
       };

       Here are the register and handoff sections of my code

       ----------------------------------------------------------------------------------
       void proto_register_myprotocol (void)
       {
       ...

       myprotocol_dissector_table =
       register_dissector_table("myprotocol.proto","ACN protocol
       number", FT_UINT8, BASE_HEX);
       proto_register_field_array (proto_myprotocol, hf, array_length
       (hf));
       proto_register_subtree_array (ett, array_length (ett));
       register_dissector("myprotocol", dissect_myprotocol,
       proto_myprotocol);
       }

       void proto_reg_handoff_myprotocol(void)
       {

       data_handle = find_dissector("data");
       myprotocol_handle = create_dissector_handle(dissect_myprotocol,
       proto_myprotocol);
       dissector_add_uint("wtap_encap", WTAP_ENCAP_MYPROTOCOL, myprotocol_handle);
       dissector_add_uint("tcp.port",
       global_myprotocol_port, myprotocol_handle); // Registering this
       on top of TCP was only to develop the dissection part, this
       won't be present in the release version


       }
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
           mailto:wireshark-dev-request@wireshark.org?subject=unsubscribe