Ethereal-dev: Re: [Ethereal-dev] question about developing a transparent dissector
Javier V.V. wrote:
im developing a basic dissector. I have coded the basic skeleton
(based on the dissector foo from the documentation).
I would like to be called for any packet ip or arp being analyzed but
i have a problem with this. I add this conditions for my dissector was
called:
foo_handle = create_dissector_handle(dissect_foo, proto_foo);
dissector_add("ethertype", 0x0800, foo_handle);
dissector_add("ethertype", 0x0806, foo_handle);
So my dissect_foo function is called for any ip or arp. Then i analyze
the packed with the given info and modify things if i want etc... but
when i finish the job i would like the packet continued being analyzed
by other dissectors and protocol analyzers.
What other dissectors would analyze an ARP packet other than the ARP
dissector?
And if you want the packet to be analyzed by the ARP dissector, what is
*your* dissector doing?
In the manner that i work
the packet doesnt continue being analyzed and it appears as "ethern"
protocolo only, in the UI.
Could you help me please? I was seeing the documentation and i have no
solution.
Ethereal doesn't expect two dissectors to analyze the same packet. Is
that what you're trying to do? If so, what are your dissectors doing?
In the other hand i observe that my dissect_foo function is not called
with a tree != NULL i dont know why.
Because, in some cases, all Ethereal needs is the summary information
for the columns, not the protocol tree; it passes NULL as the tree
argument in that case, so that less work is done. (This is done when
initially reading in a capture file, and is done on every packet, so you
want that efficient.)
