On Jun 25, 2013, at 9:23 PM, suraj mukade <surajmukade@xxxxxxxxx> wrote:
> Thanks for the precise answer. I understood thing dissector_add_uint();
> But I am not clear with dissector table concept.
> Let me explain, My Ethernet frame will have some Ethernet type value (for example "ABCD")which wireshark doesn’t understand.
> So if the frame with Ethernet type value="ABCD" comes how wireshark will know that it has to call my dissector? What is the way to register that value.
Somebody once told you
> you would have your dissector do
>
> dissector_add_uint("ethertype", {your ethertype value}, {a handle for your dissector});
>
> where {your ethertype value} is the Ethernet type value registered for your protocol and {a handle for your dissector} is, well, a handle for your dissector, created with, for example, register_dissector() or new_register_dissector() or create_dissector_handle() or new_create_dissector_handle().
I would suggest that you listen to him.
> Sorry if I am wrong I am trying to analog it with the call dissector_add("udp.port", global_foo_port, foo_handle);
> where we are requesting Wireshark to call foo_handle on receiving packet on UDP port global_foo_port.
>
> In short is it not sufficient to do similar call as in case of UDP?
No, because we renamed dissector_add() to dissector_add_uint(). It *would* be analogous if you did
dissector_add_uint("udp.port", global_foo_port, foo_handle);
because what you'd be doing would be
dissector_add_uint("ethertype", {your ethertype value}, foo_handle);
(the rename was done because some other routines had "port" in their name, but the value isn't necessarily a TCP or UDP port number, it's an arbitrary integral value, and we had some _string routines for registering *string* values in dissector tables, so we renamed the old routines to all have _uint to indicate that the value was an arbitrary unsigned integer value).