Group,
I apologize in advance if this is a user and not a developer problem and
I am in the wrong group.
I am new here but not to ethereal. Last Sunday, I was having an
experimental protocol hang at school on a project. This was the third
time this protocol had failed so I decided it was time for a better
tool. To look at the problem, I developed a windows plugin dissector
for the protocol. It went much easier than I expected.
It went so well that I mentioned it to my employer. They are now
interested in converting two static dissertors that I developed about
three years ago for Solaris and Linux to windows plugins so they can use
some windows laptops for network monitoring in the lab. They are also I
think interested in not having me periodically rebuild and distribute
new ethereal versions. They like the idea of a binary windows
distribution to which a couple of files are copied to the plugins directory.
In looking at the code there were two problems. The first dissector
uses the proto_registrar_get_name() function. This is because the
meaning of some fields depends on the values of other fields. I used
this function to get the field name and then use a value string array to
display the alternate meaning. The code looks like this:
proto_tree_add_uint_format(XX_opcode_tree, hf_XX_subtype, tvb, 9, 1,
subtype, format,
proto_registrar_get_name(hf_XX_subtype),
val_to_str(subtype,
XX_subtypes,
unknown),
subtype);
The difficulty is that the semantics of subtype varies with the value of
type. Since it looks like I have to recode this anyway, is there a
right or recommended or suggested way to do it?
My second problem is that the second dissector calls the first. This is
because the first protocol is sometime encapsulated in the second. How
can this work if both are plugins? I did not see this covered in the
readmes.
Thanks,
Don
