On Wed, Sep 29, 1999 at 12:17:37PM -0500, brol wrote:
>
>
> Hello,
>
> Is there any FAQ to add new parser ? I've already written a parser for
> Shomiti (with its PDK) for L2TP. I should be able to do the same for
> ethereal...
>
> Please give me some info about that: which files have to be modified ?...
>
> L2TP: UDP port 1701
>
> Thomas
Unfortunately, there is not yet a document explaining how to
add a new parser/decoder/dissector. We tend to call them 'dissectors'
because our functions start with 'dissect_'.
Take a look at some of the simple protocols. packet-rip.c is straight-forward,
as is packet-atalk.c. Some other dissectors have some very convulated
cases to handle.
Also look at doc/proto_tree.
You'll have to modify packet-udp.c to put connect port 1701 with
your dissector; some time in the future this method of 'hard-coding'
chains of dissectors will change.
packet.h contains the dissector prototype functions.
Basically, your dissector is called twice, once for putting data
into the table of packet summary lines, and once for putting information
into the protocol tree.
--gilbert
