I have just gone through the packet-foo.c dissector example in the documentation and was able to
compile and dissect the example data correctly. Now I would like to try to re-write it so that
it handled pcap files with a data link type of 147 (USER0). My code compiles but it doesn't
seem to have any effect on wireshark. I know there should be more code here, but I would
think this would be enough to get wireshark to recognize the data as FOO. Any ideas?
Here is what I have so far in packet-foo.c:
#ifdef HAVE_CONFIG_H
# include "config.h"
#endif
#include
#include
void proto_register_foo();
void proto_reg_handoff_foo();
void dissect_foo(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree);
static int proto_foo = -1;
static dissector_handle_t foo_handle;
void proto_register_foo(void) {
if (proto_foo == -1) {
proto_foo = proto_register_protocol (
"FOO Protocol", /* name */
"FOO", /* short name */
"foo" /* abbrev */
);
}
}
void proto_reg_handoff_foo(void) {
static gboolean initialized = FALSE;
if (!initialized) {
foo_handle = create_dissector_handle(dissect_foo, proto_foo);
dissector_add("wtap_encap", WTAP_ENCAP_USER0, foo_handle);
initialized = TRUE;
}
}
void dissect_foo(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) {
if (check_col(pinfo->cinfo, COL_PROTOCOL)) {
col_set_str(pinfo->cinfo, COL_PROTOCOL, "FOO");
}
if (check_col(pinfo->cinfo, COL_INFO)) {
col_clear(pinfo->cinfo, COL_INFO);
}
}
_________________________________________________________________
Instantly invite friends from Facebook and other social networks to join you on Windows Live™ Messenger.
https://www.invite2messenger.net/im/?source=TXT_EML_WLH_InviteFriends
