Wireshark-dev: [Wireshark-dev] wireshark 's plug-in framework
From: Selçuk Cevher <cevhers@xxxxxxxxx>
Date: Fri, 12 Jun 2009 16:57:47 +0300
Hi All,

I am pretty new in wireshark development.

Hence, I need some guidance from the experts ...

I am especially interested in wireshark 's plug-in framework for protocol dissectors, and so am trying to have a good understanding of its inner workings.

As far as I know, wireshark uses protocol dissectors in both plug-in and static library forms.

For static libraries stored in epan/dissectors, make-reg-dotc.py script is run to generate register.c file which "registers" all protocol dissectors along with the information instructing wireshark on when to call this particular dissector (parent protocol, etc).

When we add a new dissector as a static library form, we need to recompile all wireshark source.

At this point, I have the following questions:

1. What data structures does wireshark maintain to carry out the above mentioned "registration" ?
or What process does wireshark go through to register a specific protocol dissector ?

2.  In case of a new protocol dissector added as a plug-in, what type of actions does wireshark carry out to replace the above mentioned registration procedure ?
(This time, we won't recompile wireshark 's source, and hence, make-reg-dotc.py will not run)

Of course, I am already reading wireshark 's documentation.

Since it is large, I need guidance from you -- I don't want to directly jump into the source code to figure out things.

Thanks in advance.

Selcuk