Manualshelf

User guide

ManualsBrandsWireshark Manualsaudio & home theatre- 0.99.7
111112113114115116117118119120
9.2. Adding a basic dissector
Let's step through adding a basic dissector. We'll start with the made up "foo" protocol. It consists of
the following basic items.
A packet type - 8 bits, possible values: 1 - initialisation, 2 - terminate, 3 - data.
A set of flags stored in 8 bits, 0x01 - start packet, 0x02 - end packet, 0x04 - priority packet.
A sequence number - 16 bits.
An IP address.
9.2.1. Setting up the dissector
The first decision you need to make is if this dissector will be a built-in dissector, included in the
main program, or a plugin.
Plugins are the easiest to write initially, so let's start with that. With a little care, the plugin can be
made to run as a built-in easily too - so we haven't lost anything.
Example 9.1. Dissector Initialisation.
#ifdef HAVE_CONFIG_H
# include "config.h"
#endif
#include <epan/packet.h>
#include <epan/prefs.h>
/* forward reference */
void proto_register_foo();
void proto_reg_handoff_foo();
void dissect_foo(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree);
static int proto_foo = -1;
static int global_foo_port = 1234;
static dissector_handle_t foo_handle;
void
proto_register_foo(void)
{
if (proto_foo == -1) {
proto_foo = proto_register_protocol (
"FOO Protocol", /* name */
"FOO", /* short name */
"foo" /* abbrev */
);
}
}
Let's go through this a bit at a time. First we have some boiler plate include files. These will be
pretty constant to start with. Here we also pre-declare some functions that we'll be writing shortly.
Next we have an int that is initialised to -1 that records our protocol. This will get updated when we
register this dissector with the main program. We can use this as a handy way to detect if we've been
initialised yet. It's good practice to make all variables and functions that aren't exported static to
keep name space pollution down. Normally this isn't a problem unless your dissector gets so big it
has to span multiple files.
Then a module variable which contains the UDP port that we'll assume we are dissecting traffic for.
Packet dissection
101